- Linux-stable-mirror - lists.linaro.org

[PATCH] sched/core: Fix potential deadlock on rq lock

by Wang Tao

When CPU 1 enters the nohz_full state, and the kworker on CPU 0 executes the function sched_tick_remote, holding the lock on CPU1's rq and triggering the warning WARN_ON_ONCE(delta > (u64)NSEC_PER_SEC * 3). This leads to the process of printing the warning message, where the console_sem semaphore is held. At this point, the print task on the CPU1's rq cannot acquire the console_sem and joins the wait queue, entering the UNINTERRUPTIBLE state. It waits for the console_sem to be released and then wakes up. After the task on CPU 0 releases the console_sem, it wakes up the waiting console_sem task. In try_to_wake_up, it attempts to acquire the lock on CPU1's rq again, resulting in a deadlock. The triggering scenario is as follows: CPU0 CPU1 sched_tick_remote WARN_ON_ONCE(delta > (u64)NSEC_PER_SEC * 3) report_bug con_write printk console_unlock do_con_write console_lock down(&console_sem) list_add_tail(&waiter.list, &sem->wait_list); up(&console_sem) wake_up_q(&wake_q) try_to_wake_up __task_rq_lock _raw_spin_lock This patch fixes the issue by deffering all printk console printing during the lock holding period. Fixes: d84b31313ef8 ("sched/isolation: Offload residual 1Hz scheduler tick") Signed-off-by: Wang Tao <wangtao554(a)huawei.com> --- kernel/sched/core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index be00629f0ba4..8b2d5b5bfb93 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -5723,8 +5723,10 @@ static void sched_tick_remote(struct work_struct *work) * Make sure the next tick runs within a * reasonable amount of time. */ + printk_deferred_enter(); u64 delta = rq_clock_task(rq) - curr->se.exec_start; WARN_ON_ONCE(delta > (u64)NSEC_PER_SEC * 3); + printk_deferred_exit(); } curr->sched_class->task_tick(rq, curr, 0); -- 2.34.1

3 days, 14 hours

4
4
0 0

[PATCH v2] mtd: core: always verify OOB offset in mtd_check_oob_ops()

by Gabor Juhos

Using an OOB offset past end of the available OOB data is invalid, irregardless of whether the 'ooblen' is set in the ops or not. Move the relevant check out from the if statement to always verify that. The 'oobtest' module executes four tests to verify how reading/writing OOB data past end of the devices is handled. It expects errors in case of these tests, but this expectation fails in the last two tests on MTD devices, which have no OOB bytes available. This is indicated in the test output like the following: [ 212.059416] mtd_oobtest: attempting to write past end of device [ 212.060379] mtd_oobtest: an error is expected... [ 212.066353] mtd_oobtest: error: wrote past end of device [ 212.071142] mtd_oobtest: attempting to read past end of device [ 212.076507] mtd_oobtest: an error is expected... [ 212.082080] mtd_oobtest: error: read past end of device ... [ 212.330508] mtd_oobtest: finished with 2 errors For reference, here is the corresponding code from the oobtest module: /* Attempt to write off end of device */ ops.mode = MTD_OPS_AUTO_OOB; ops.len = 0; ops.retlen = 0; ops.ooblen = mtd->oobavail; ops.oobretlen = 0; ops.ooboffs = 1; ops.datbuf = NULL; ops.oobbuf = writebuf; pr_info("attempting to write past end of device\n"); pr_info("an error is expected...\n"); err = mtd_write_oob(mtd, mtd->size - mtd->writesize, &ops); if (err) { pr_info("error occurred as expected\n"); } else { pr_err("error: wrote past end of device\n"); errcnt += 1; } As it can be seen, the code sets 'ooboffs' to 1, and 'ooblen' to mtd->oobavail which is zero in our case. Since the mtd_check_oob_ops() function only verifies 'ooboffs' if 'ooblen' is not zero, the 'ooboffs' value does not gets validated and the function returns success whereas it should fail. After the change, the oobtest module will bail out early with an error if there are no OOB bytes available on the MDT device under test: # cat /sys/class/mtd/mtd0/oobavail 0 # insmod mtd_test; insmod mtd_oobtest dev=0 [ 943.606228] [ 943.606259] ================================================= [ 943.606784] mtd_oobtest: MTD device: 0 [ 943.612660] mtd_oobtest: MTD device size 524288, eraseblock size 131072, page size 2048, count of eraseblocks 4, pages per eraseblock 64, OOB size 128 [ 943.616091] mtd_test: scanning for bad eraseblocks [ 943.629571] mtd_test: scanned 4 eraseblocks, 0 are bad [ 943.634313] mtd_oobtest: test 1 of 5 [ 943.653402] mtd_oobtest: writing OOBs of whole device [ 943.653424] mtd_oobtest: error: writeoob failed at 0x0 [ 943.657419] mtd_oobtest: error: use_len 0, use_offset 0 [ 943.662493] mtd_oobtest: error -22 occurred [ 943.667574] ================================================= This behaviour is more accurate than the current one where most tests are indicating successful writing of OOB data even that in fact nothing gets written into the device, which is quite misleading. Cc: stable(a)vger.kernel.org Fixes: 5cdd929da53d ("mtd: Add sanity checks in mtd_write/read_oob()") Reviewed-by: Daniel Golle <daniel(a)makrotopia.org> Signed-off-by: Gabor Juhos <j4g8y7(a)gmail.com> --- Changes in v2: - add Reviewed-by tag from Daniel - add stable and Fixes tags - Link to v1: https://lore.kernel.org/r/20250831-mtd-validate-ooboffs-v1-1-d3fdce7a8698@g… --- drivers/mtd/mtdcore.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5ba9a741f5ac3c297ae21329c2827baf5dc471f0..9a3c9f163219bcb9fde66839f228fd8d38310f2d 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -1590,12 +1590,12 @@ static int mtd_check_oob_ops(struct mtd_info *mtd, loff_t offs, if (offs < 0 || offs + ops->len > mtd->size) return -EINVAL; + if (ops->ooboffs >= mtd_oobavail(mtd, ops)) + return -EINVAL; + if (ops->ooblen) { size_t maxooblen; - if (ops->ooboffs >= mtd_oobavail(mtd, ops)) - return -EINVAL; - maxooblen = ((size_t)(mtd_div_by_ws(mtd->size, mtd) - mtd_div_by_ws(offs, mtd)) * mtd_oobavail(mtd, ops)) - ops->ooboffs; --- base-commit: 1b237f190eb3d36f52dffe07a40b5eb210280e00 change-id: 20250831-mtd-validate-ooboffs-e35c796540fe Best regards, -- Gabor Juhos <j4g8y7(a)gmail.com>

3 days, 14 hours

4
8
0 0

[PATCH 6.1 000/198] 6.1.132-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.132 release. There are 198 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 27 Mar 2025 12:21:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.132-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.132-rc1 Acs, Jakub <acsjakub(a)amazon.de> block, bfq: fix re-introduced UAF in bic_set_bfqq() Zi Yan <ziy(a)nvidia.com> mm/migrate: fix shmem xarray update during migration Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: ensure offloading TID queue exists Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Change new sparse cluster processing Vitaly Prosyak <vitaly.prosyak(a)amd.com> drm/amdgpu: fix use-after-free bug Justin Klaassen <justin(a)tidylabs.net> arm64: dts: rockchip: fix u2phy1_host status for NanoPi R4S Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning Jason-JH.Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Fix coverity issue with unintentional integer overflow Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> netfilter: nft_counter: Use u64_stats_t for statistic. Arthur Mongodin <amongodin(a)randorisec.fr> mptcp: Fix data stream corruption in the address announcement Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Use HW lock mgr for PSR1 when only one eDP Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix incorrect validation for num_aces field of smb_acl David Rosca <david.rosca(a)amd.com> drm/amdgpu: Fix JPEG video caps max size for navi1x and raven Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() Saranya R <quic_sarar(a)quicinc.com> soc: qcom: pdr: Fix the potential deadlock Sven Eckelmann <sven(a)narfation.org> batman-adv: Ignore own maximum aggregation size during RX Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> xsk: fix an integer overflow in xp_create_and_assign_umem() Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Avoid physical address 0x0 when doing random allocation Geert Uytterhoeven <geert+renesas(a)glider.be> ARM: shmobile: smp: Enforce shmobile_smp_* alignment Shakeel Butt <shakeel.butt(a)linux.dev> memcg: drain obj stock on cpu hotplug teardown Ye Bin <yebin10(a)huawei.com> proc: fix UAF in proc_get_inode() Gu Bowen <gubowen5(a)huawei.com> mmc: atmel-mci: Add missing clk_disable_unprepare() Kamal Dasu <kamal.dasu(a)broadcom.com> mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board dtsi Stefan Eichenberger <stefan.eichenberger(a)toradex.com> arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to sound card Christian Eggers <ceggers(a)arri.de> regulator: check that dummy regulator has been probed before using it Maíra Canal <mcanal(a)igalia.com> drm/v3d: Don't run jobs that have errors flagged in its fence Haibo Chen <haibo.chen(a)nxp.com> can: flexcan: disable transceiver during system PM Haibo Chen <haibo.chen(a)nxp.com> can: flexcan: only change CAN state when link up in system PM Biju Das <biju.das.jz(a)bp.renesas.com> can: rcar_canfd: Fix page entries in the AFL list Andreas Kemnade <andreas(a)kemnade.info> i2c: omap: fix IRQ storms Guillaume Nault <gnault(a)redhat.com> Revert "gre: Fix IPv6 link-local address generation." Lin Ma <linma(a)zju.edu.cn> net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES Justin Iurman <justin.iurman(a)uliege.be> net: lwtunnel: fix recursion loops Dan Carpenter <dan.carpenter(a)linaro.org> net: atm: fix use after free in lec_send() Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: Fix error code in chan_alloc_skb_cb() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix wrong value of max_sge_rd Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix soft lockup during bt pages loop Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path Phil Elwell <phil(a)raspberrypi.com> ARM: dts: bcm2711: Don't mark timer regs unconfigured Arnd Bergmann <arnd(a)arndb.de> ARM: OMAP1: select CONFIG_GENERIC_IRQ_CHIP Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx Phil Elwell <phil(a)raspberrypi.com> ARM: dts: bcm2711: PL011 UARTs are actually r1p5 Peng Fan <peng.fan(a)nxp.com> soc: imx8m: Unregister cpufreq and soc dev in cleanup path Marek Vasut <marex(a)denx.de> soc: imx8m: Use devm_* to simplify probe failure handling Marek Vasut <marex(a)denx.de> soc: imx8m: Remove global soc_uid Cosmin Ratiu <cratiu(a)nvidia.com> xfrm_output: Force software GSO only in tunnel mode Alexander Stein <alexander.stein(a)ew.tq-group.com> arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> firmware: imx-scu: fix OF node leak in .probe() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_dump_full_key() Maurizio Lombardi <mlombard(a)redhat.com> nvme-tcp: Fix a C2HTermReq error message Alex Henrie <alexhenrie24(a)gmail.com> HID: apple: disable Fn key handling on the Omoton KB066 Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: Fix match_session bug preventing session reuse Steve French <stfrench(a)microsoft.com> smb3: add support for IAKerb Zhenhua Huang <quic_zhenhuah(a)quicinc.com> arm64: mm: Populate vmemmap at the page level if not section aligned Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: sis630: Fix an error handling path in sis630_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: ali15x3: Fix an error handling path in ali15x3_probe() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: ali1535: Fix an error handling path in ali1535_probe() Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing closetimeo mount option Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing actimeo mount option Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing acdirmax mount option Murad Masimov <m.masimov(a)mt-integration.ru> cifs: Fix integer overflow while processing acregmax mount option Tamir Duberstein <tamird(a)gmail.com> scripts: generate_rust_analyzer: add missing macros deps Martin Rodriguez Reboredo <yakoyoku(a)gmail.com> scripts: generate_rust_analyzer: provide `cfg`s for `core` and `alloc` Vinay Varma <varmavinaym(a)gmail.com> scripts: `make rust-analyzer` for out-of-tree modules Asahi Lina <lina(a)asahilina.net> scripts: generate_rust_analyzer: Handle sub-modules with no Makefile Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() Ivan Abramov <i.abramov(a)mt-integration.ru> drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: ops: Consistently treat platform_max as control value George Stark <gnstark(a)salutedevices.com> leds: mlxreg: Use devm_mutex_init() for mutex initialization Xueming Feng <kuro(a)kuroa.me> tcp: fix forever orphan socket caused by tcp_abort Eric Dumazet <edumazet(a)google.com> tcp: fix races in tcp_abort() Andrii Nakryiko <andrii(a)kernel.org> lib/buildid: Handle memfd_secret() files in build_id_parse() Matthew Maurer <mmaurer(a)google.com> rust: Disallow BTF generation with Rust + LTO Haoxiang Li <haoxiang_li2024(a)163.com> qlcnic: fix memory leak issues in qlcnic_sriov_common.c Thomas Mizrahi <thomasmizra(a)gmail.com> ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model Varada Pavani <v.pavani(a)samsung.com> clk: samsung: update PLL locktime for PLL142XX used on FSD platform Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Fix slab-use-after-free on hdcp_work Alex Hung <alex.hung(a)amd.com> drm/amd/display: Assign normalized_pix_clk when color depth = 14 Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Restore correct backlight brightness after a GPU reset Imre Deak <imre.deak(a)intel.com> drm/dp_mst: Fix locking when skipping CSN before topology probing Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/atomic: Filter out redundant DPMS calls Florent Revest <revest(a)chromium.org> x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Johan Hovold <johan(a)kernel.org> USB: serial: option: match on interface class for Telit FN990B Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: fix Telit Cinterion FE990A name Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FE990B compositions Boon Khai Ng <boon.khai.ng(a)intel.com> USB: serial: ftdi_sio: add support for Altera USB Blaster 3 Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - swap old quirk combination with new quirk for more devices Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - swap old quirk combination with new quirk for several devices Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add required quirks for missing old boardnames Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ Darrick J. Wong <djwong(a)kernel.org> xfs: remove conditional building of rt geometry validator functions Andrey Albershteyn <aalbersh(a)redhat.com> xfs: reset XFS_ATTR_INCOMPLETE filter on node removal Zhang Tianci <zhangtianci.1997(a)bytedance.com> xfs: update dir3 leaf block metadata after swap Jiachen Zhang <zhangjiachen.jaycee(a)bytedance.com> xfs: ensure logflagsp is initialized in xfs_bmap_del_extent_real Long Li <leo.lilong(a)huawei.com> xfs: fix perag leak when growfs fails Long Li <leo.lilong(a)huawei.com> xfs: add lock protection when remove perag from radix tree Dave Chinner <dchinner(a)redhat.com> xfs: initialise di_crc in xfs_log_dinode Darrick J. Wong <djwong(a)kernel.org> xfs: force all buffers to be written during btree bulk load Darrick J. Wong <djwong(a)kernel.org> xfs: recompute growfsrtfree transaction reservation while growing rt volume Darrick J. Wong <djwong(a)kernel.org> xfs: remove unused fields from struct xbtree_ifakeroot Darrick J. Wong <djwong(a)kernel.org> xfs: don't allow overly small or large realtime volumes Darrick J. Wong <djwong(a)kernel.org> xfs: fix 32-bit truncation in xfs_compute_rextslog Darrick J. Wong <djwong(a)kernel.org> xfs: make rextslog computation consistent with mkfs Darrick J. Wong <djwong(a)kernel.org> xfs: don't leak recovered attri intent items Christoph Hellwig <hch(a)lst.de> xfs: consider minlen sized extents in xfs_rtallocate_extent_block Darrick J. Wong <djwong(a)kernel.org> xfs: convert rt bitmap extent lengths to xfs_rtbxlen_t Darrick J. Wong <djwong(a)kernel.org> xfs: move the xfs_rtbitmap.c declarations to xfs_rtbitmap.h Darrick J. Wong <djwong(a)kernel.org> xfs: reserve less log space when recovering log intent items Dave Chinner <dchinner(a)redhat.com> xfs: use deferred frees for btree block freeing Dave Chinner <dchinner(a)redhat.com> xfs: fix bounds check in xfs_defer_agfl_block() Dave Chinner <dchinner(a)redhat.com> xfs: validate block number being freed before adding to xefi Darrick J. Wong <djwong(a)kernel.org> xfs: pass per-ag references to xfs_free_extent Darrick J. Wong <djwong(a)kernel.org> xfs: pass the xfs_bmbt_irec directly through the log intent code Darrick J. Wong <djwong(a)kernel.org> xfs: fix confusing xfs_extent_item variable names Darrick J. Wong <djwong(a)kernel.org> xfs: pass xfs_extent_free_item directly through the log intent code Darrick J. Wong <djwong(a)kernel.org> xfs: pass refcount intent directly through the log intent code Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix corner case forgetting to vunmap Jens Axboe <axboe(a)kernel.dk> io_uring: don't attempt to mmap larger than what the user asks for Jens Axboe <axboe(a)kernel.dk> io_uring: get rid of remap_pfn_range() for mapping rings/sqes Jens Axboe <axboe(a)kernel.dk> mm: add nommu variant of vm_insert_pages() Jens Axboe <axboe(a)kernel.dk> io_uring: add ring freeing helper Jens Axboe <axboe(a)kernel.dk> io_uring: return error pointer from io_mem_alloc() Ming Lei <ming.lei(a)redhat.com> block: fix 'kmem_cache of name 'bio-108' already exists' Thomas Zimmermann <tzimmermann(a)suse.de> drm/nouveau: Do not override forced connector status Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: safety check before fallback Arnd Bergmann <arnd(a)arndb.de> x86/irq: Define trace events conditionally Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Use better start period for frequency mode Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't truncate cached, mutated symlink Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Set the SDOUT polarity correctly Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Fix power control mask Hector Martin <marcan(a)marcan.st> ASoC: tas2770: Fix volume scale Daniel Wagner <wagi(a)kernel.org> nvme: only allow entering LIVE from CONNECTING state Yu-Chun Lin <eleanor15x(a)gmail.com> sctp: Fix undefined behavior in left shift operation Ruozhu Li <david.li(a)jaguarmicro.com> nvmet-rdma: recheck queue state is LIVE in state lock in recv done Maurizio Lombardi <mlombard(a)redhat.com> nvme-tcp: add basic support for the C2HTermReq PDU Christopher Lentocha <christopherericlentocha(a)gmail.com> nvme-pci: quirk Acer FA100 for non-uniqueue identifiers Stephan Gerhold <stephan.gerhold(a)linaro.org> net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors Terry Cheong <htcheong(a)chromium.org> ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module Vitaly Rodionov <vitalyr(a)opensource.cirrus.com> ASoC: arizona/madera: use fsleep() in up/down DAPM event delays. Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: adjust convert rate limitation Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Limit mic boost on Positivo ARN50 Jan Beulich <jbeulich(a)suse.com> Xen/swiotlb: mark xen_swiotlb_fixup() __init Daniel Lezcano <daniel.lezcano(a)linaro.org> thermal/cpufreq_cooling: Remove structure member documentation Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: Fix CHPID "configure" attribute caching Mark Pearson <mpearson-lenovo(a)squebb.ca> platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles Sybil Isabel Dorsett <sybdorsett(a)proton.me> platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e Jann Horn <jannh(a)google.com> sched: Clarify wake_up_q()'s write to task->wake_q.next Alex Henrie <alexhenrie24(a)gmail.com> HID: apple: fix up the F6 key on the Omoton KB066 keyboard Ievgen Vovk <YevgenVovk(a)ukr.net> HID: hid-apple: Apple Magic Keyboard a3203 USB-C support Chia-Lin Kao (AceLan) <acelan.kao(a)canonical.com> HID: ignore non-functional sensor in HP 5MP Camera Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: Send clock sync message immediately after reset Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell Brahmajit Das <brahmajit.xyz(a)gmail.com> vboxsf: fix building with GCC 15 Eric W. Biederman <ebiederm(a)xmission.com> alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support Paulo Alcantara <pc(a)manguebit.com> smb: client: fix noisy when tree connecting to DFS interlink targets Gannon Kolding <gannon.kolding(a)gmail.com> ACPI: resource: IRQ override for Eluktronics MECH-17 Magnus Lindholm <linmag7(a)gmail.com> scsi: qla1280: Fix kernel oops when debug level > 2 Rik van Riel <riel(a)surriel.com> scsi: core: Use GFP_NOIO to avoid circular locking dependency Chengen Du <chengen.du(a)canonical.com> iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> powercap: call put_device() on an error path in powercap_register_control_type() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> hrtimers: Mark is_migration_base() with __always_inline Daniel Wagner <wagi(a)kernel.org> nvme-fc: go straight to connecting state when initializing Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices Jianbo Liu <jianbol(a)nvidia.com> net/mlx5: Bridge, fix the crash caused by LAG state check Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: remove misbehaving actions length check Guillaume Nault <gnault(a)redhat.com> gre: Fix IPv6 link-local address generation. Alexey Kashavkin <akashavkin(a)gmail.com> netfilter: nft_exthdr: fix offset with ipv4_find_option() Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: Prevent creation of classes with TC_H_ROOT Dan Carpenter <dan.carpenter(a)linaro.org> ipvs: prevent integer overflow in do_ip_vs_get_ctl() Kohei Enju <enjuk(a)amazon.com> netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() Hangbin Liu <liuhangbin(a)gmail.com> bonding: fix incorrect MAC address setting to receive NS messages Amit Cohen <amcohen(a)nvidia.com> net: switchdev: Convert blocking notification chain to a raw one Taehee Yoo <ap420073(a)gmail.com> eth: bnxt: do not update checksum in bnxt_xdp_build_skb() Wentao Liang <vulab(a)iscas.ac.cn> net/mlx5: handle errors in mlx5_chains_create_table() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() Michael Kelley <mhklinux(a)outlook.com> drm/hyperv: Fix address space leak when Hyper-V DRM device is removed Breno Leitao <leitao(a)debian.org> netpoll: hold rcu read lock in __netpoll_send_skb() Matt Johnston <matt(a)codeconstruct.com.au> net: mctp i2c: Copy headers if cloned Joseph Huang <Joseph.Huang(a)garmin.com> net: dsa: mv88e6xxx: Verify after ATU Load ops Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Revert "Bluetooth: hci_core: Fix sleeping function called from invalid context" Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix enabling passive scanning Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: cfg80211: cancel wiphy_work before freeing wiphy Jun Yang <juny24602(a)gmail.com> sched: address a potential NULL pointer dereference in the GRED scheduler. Nicklas Bo Jensen <njensen(a)akamai.com> netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around Grzegorz Nitka <grzegorz.nitka(a)intel.com> ice: fix memory leak in aRFS after reset Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template. Artur Weber <aweber.kernel(a)gmail.com> pinctrl: bcm281xx: Fix incorrect regmap max_registers value Michael Kelley <mhklinux(a)outlook.com> fbdev: hyperv_fb: iounmap() the correct memory when removing a device Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix shift-out-of-bounds in ntfs_fill_super Felix Moessbauer <felix.moessbauer(a)siemens.com> hrtimer: Use and report correct timerslack values for realtime tasks Oleg Nesterov <oleg(a)redhat.com> sched/isolation: Prevent boot crash when the boot CPU is nohz_full David Woodhouse <dwmw(a)amazon.co.uk> clockevents/drivers/i8253: Fix stop sequence for timer 0 ------------- Diffstat: Documentation/timers/no_hz.rst | 7 +- Makefile | 15 +- arch/alpha/include/asm/elf.h | 6 +- arch/alpha/include/asm/pgtable.h | 2 +- arch/alpha/include/asm/processor.h | 8 +- arch/alpha/kernel/osf_sys.c | 11 +- arch/arm/boot/dts/bcm2711.dtsi | 11 +- arch/arm/mach-omap1/Kconfig | 1 + arch/arm/mach-shmobile/headsmp.S | 1 + .../boot/dts/freescale/imx8mm-verdin-dahlia.dtsi | 6 +- .../arm64/boot/dts/freescale/imx8mp-tqma8mpql.dtsi | 16 +- arch/arm64/boot/dts/rockchip/rk3399-nanopi-r4s.dts | 2 +- arch/arm64/boot/dts/rockchip/rk3399-rockpro64.dtsi | 2 + arch/arm64/mm/mmu.c | 5 +- arch/x86/events/intel/core.c | 85 ++++++++++ arch/x86/kernel/cpu/microcode/amd.c | 2 +- arch/x86/kernel/cpu/mshyperv.c | 11 -- arch/x86/kernel/irq.c | 2 + block/bfq-cgroup.c | 2 +- block/bio.c | 2 +- drivers/acpi/resource.c | 6 + drivers/clk/samsung/clk-pll.c | 7 +- drivers/clocksource/i8253.c | 36 +++-- drivers/firmware/efi/libstub/randomalloc.c | 4 + drivers/firmware/imx/imx-scu.c | 1 + drivers/firmware/iscsi_ibft.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_mn.c | 20 ++- drivers/gpu/drm/amd/amdgpu/nv.c | 2 +- drivers/gpu/drm/amd/amdgpu/soc15.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 ++ .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c | 1 + drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 7 +- .../gpu/drm/amd/display/dc/dce/dmub_hw_lock_mgr.c | 12 ++ drivers/gpu/drm/display/drm_dp_mst_topology.c | 40 +++-- drivers/gpu/drm/drm_atomic_uapi.c | 4 + drivers/gpu/drm/drm_connector.c | 4 + drivers/gpu/drm/gma500/mid_bios.c | 5 + drivers/gpu/drm/hyperv/hyperv_drm_drv.c | 2 + drivers/gpu/drm/mediatek/mtk_drm_gem.c | 9 +- drivers/gpu/drm/mediatek/mtk_drm_plane.c | 13 +- drivers/gpu/drm/nouveau/nouveau_connector.c | 1 - drivers/gpu/drm/radeon/radeon_vce.c | 2 +- drivers/gpu/drm/v3d/v3d_sched.c | 9 +- drivers/hid/hid-apple.c | 13 +- drivers/hid/hid-ids.h | 2 + drivers/hid/hid-quirks.c | 1 + drivers/hid/intel-ish-hid/ipc/ipc.c | 15 +- drivers/hid/intel-ish-hid/ishtp/ishtp-dev.h | 2 + drivers/hv/vmbus_drv.c | 13 ++ drivers/i2c/busses/i2c-ali1535.c | 12 +- drivers/i2c/busses/i2c-ali15x3.c | 12 +- drivers/i2c/busses/i2c-omap.c | 26 +-- drivers/i2c/busses/i2c-sis630.c | 12 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 2 - drivers/infiniband/hw/bnxt_re/qplib_rcfw.h | 3 +- drivers/infiniband/hw/hns/hns_roce_hem.c | 16 +- drivers/infiniband/hw/hns/hns_roce_main.c | 2 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 10 +- drivers/input/serio/i8042-acpipnpio.h | 111 +++++++------ drivers/leds/leds-mlxreg.c | 16 +- .../mediatek/vcodec/vdec/vdec_vp8_req_if.c | 10 +- drivers/mmc/host/atmel-mci.c | 4 +- drivers/mmc/host/sdhci-brcmstb.c | 10 ++ drivers/net/bonding/bond_options.c | 55 ++++++- drivers/net/can/flexcan/flexcan-core.c | 18 ++- drivers/net/can/rcar/rcar_canfd.c | 28 ++-- drivers/net/dsa/mv88e6xxx/chip.c | 59 +++++-- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 3 +- drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c | 11 +- drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.h | 3 +- drivers/net/ethernet/intel/ice/ice_arfs.c | 2 +- .../ethernet/mellanox/mlx5/core/en/rep/bridge.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 6 +- .../ethernet/mellanox/mlx5/core/lib/fs_chains.c | 5 + .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 8 +- drivers/net/mctp/mctp-i2c.c | 5 + drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 9 +- drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 28 ++++ drivers/net/wireless/intel/iwlwifi/mvm/sta.h | 3 +- drivers/net/wwan/mhi_wwan_mbim.c | 2 +- drivers/nvme/host/core.c | 2 - drivers/nvme/host/fc.c | 3 +- drivers/nvme/host/pci.c | 2 + drivers/nvme/host/tcp.c | 43 +++++ drivers/nvme/target/rdma.c | 33 ++-- drivers/pinctrl/bcm/pinctrl-bcm281xx.c | 2 +- drivers/platform/x86/thinkpad_acpi.c | 50 ++++-- drivers/powercap/powercap_sys.c | 3 +- drivers/regulator/core.c | 12 +- drivers/s390/cio/chp.c | 3 +- drivers/scsi/qla1280.c | 2 +- drivers/scsi/scsi_scan.c | 2 +- drivers/soc/imx/soc-imx8m.c | 151 ++++++++---------- drivers/soc/qcom/pdr_interface.c | 8 +- drivers/thermal/cpufreq_cooling.c | 2 - drivers/usb/serial/ftdi_sio.c | 14 ++ drivers/usb/serial/ftdi_sio_ids.h | 13 ++ drivers/usb/serial/option.c | 48 ++++-- drivers/video/fbdev/hyperv_fb.c | 2 +- drivers/xen/swiotlb-xen.c | 2 +- fs/fuse/dir.c | 2 +- fs/namei.c | 24 ++- fs/ntfs3/attrib.c | 176 ++++++++++++++------- fs/ntfs3/file.c | 151 ++++-------------- fs/ntfs3/frecord.c | 2 +- fs/ntfs3/index.c | 4 +- fs/ntfs3/inode.c | 12 +- fs/ntfs3/ntfs_fs.h | 9 +- fs/ntfs3/super.c | 68 +++++--- fs/proc/base.c | 9 +- fs/proc/generic.c | 10 +- fs/proc/inode.c | 6 +- fs/proc/internal.h | 14 ++ fs/select.c | 11 +- fs/smb/client/asn1.c | 2 + fs/smb/client/cifs_spnego.c | 4 +- fs/smb/client/cifsglob.h | 4 + fs/smb/client/connect.c | 16 +- fs/smb/client/fs_context.c | 14 +- fs/smb/client/ioctl.c | 6 +- fs/smb/client/sess.c | 3 +- fs/smb/client/smb2pdu.c | 4 +- fs/smb/server/smbacl.c | 5 +- fs/vboxsf/super.c | 3 +- fs/xfs/libxfs/xfs_ag.c | 45 ++++-- fs/xfs/libxfs/xfs_ag.h | 3 + fs/xfs/libxfs/xfs_alloc.c | 70 ++++---- fs/xfs/libxfs/xfs_alloc.h | 20 ++- fs/xfs/libxfs/xfs_attr.c | 6 +- fs/xfs/libxfs/xfs_bmap.c | 121 +++++++------- fs/xfs/libxfs/xfs_bmap.h | 5 +- fs/xfs/libxfs/xfs_bmap_btree.c | 8 +- fs/xfs/libxfs/xfs_btree_staging.c | 4 +- fs/xfs/libxfs/xfs_btree_staging.h | 6 - fs/xfs/libxfs/xfs_da_btree.c | 7 + fs/xfs/libxfs/xfs_format.h | 2 +- fs/xfs/libxfs/xfs_ialloc.c | 24 ++- fs/xfs/libxfs/xfs_ialloc_btree.c | 6 +- fs/xfs/libxfs/xfs_log_recover.h | 22 +++ fs/xfs/libxfs/xfs_refcount.c | 116 +++++++------- fs/xfs/libxfs/xfs_refcount.h | 4 +- fs/xfs/libxfs/xfs_refcount_btree.c | 9 +- fs/xfs/libxfs/xfs_rtbitmap.c | 2 + fs/xfs/libxfs/xfs_rtbitmap.h | 83 ++++++++++ fs/xfs/libxfs/xfs_sb.c | 20 ++- fs/xfs/libxfs/xfs_sb.h | 2 + fs/xfs/libxfs/xfs_types.h | 13 ++ fs/xfs/scrub/repair.c | 3 +- fs/xfs/scrub/rtbitmap.c | 3 +- fs/xfs/xfs_attr_item.c | 16 +- fs/xfs/xfs_bmap_item.c | 85 ++++------ fs/xfs/xfs_buf.c | 44 +++++- fs/xfs/xfs_buf.h | 1 + fs/xfs/xfs_extfree_item.c | 108 +++++++------ fs/xfs/xfs_fsmap.c | 2 +- fs/xfs/xfs_fsops.c | 5 +- fs/xfs/xfs_inode_item.c | 3 + fs/xfs/xfs_refcount_item.c | 68 ++++---- fs/xfs/xfs_reflink.c | 7 +- fs/xfs/xfs_rmap_item.c | 6 +- fs/xfs/xfs_rtalloc.c | 14 +- fs/xfs/xfs_rtalloc.h | 73 --------- fs/xfs/xfs_trace.h | 15 +- include/linux/fs.h | 2 + include/linux/i8253.h | 1 - include/linux/io_uring_types.h | 5 + include/linux/nvme-tcp.h | 2 + include/linux/proc_fs.h | 7 +- include/net/bluetooth/hci_core.h | 108 +++++-------- include/sound/soc.h | 5 +- include/uapi/linux/io_uring.h | 1 + init/Kconfig | 2 +- io_uring/io_uring.c | 163 ++++++++++++++++--- io_uring/io_uring.h | 2 + kernel/sched/core.c | 13 +- kernel/sys.c | 2 + kernel/time/hrtimer.c | 40 ++--- lib/buildid.c | 5 + mm/memcontrol.c | 9 ++ mm/migrate.c | 16 +- mm/nommu.c | 7 + net/atm/lec.c | 3 +- net/batman-adv/bat_iv_ogm.c | 3 +- net/batman-adv/bat_v_ogm.c | 3 +- net/bluetooth/6lowpan.c | 7 +- net/bluetooth/hci_core.c | 10 +- net/bluetooth/hci_event.c | 37 +++-- net/bluetooth/iso.c | 6 - net/bluetooth/l2cap_core.c | 12 +- net/bluetooth/rfcomm/core.c | 6 - net/bluetooth/sco.c | 12 +- net/core/lwtunnel.c | 65 ++++++-- net/core/neighbour.c | 1 + net/core/netpoll.c | 9 +- net/ipv4/tcp.c | 19 ++- net/ipv6/route.c | 5 +- net/mptcp/options.c | 6 +- net/mptcp/protocol.h | 2 + net/netfilter/ipvs/ip_vs_ctl.c | 8 +- net/netfilter/nf_conncount.c | 6 +- net/netfilter/nft_counter.c | 90 +++++------ net/netfilter/nft_ct.c | 6 +- net/netfilter/nft_exthdr.c | 10 +- net/openvswitch/flow_netlink.c | 15 +- net/sched/sch_api.c | 6 + net/sched/sch_gred.c | 3 +- net/sctp/stream.c | 2 +- net/switchdev/switchdev.c | 25 ++- net/wireless/core.c | 7 + net/xdp/xsk_buff_pool.c | 2 +- net/xfrm/xfrm_output.c | 2 +- rust/Makefile | 7 +- scripts/generate_rust_analyzer.py | 64 ++++++-- sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/arizona.c | 14 +- sound/soc/codecs/madera.c | 10 +- sound/soc/codecs/tas2764.c | 10 +- sound/soc/codecs/tas2764.h | 8 +- sound/soc/codecs/tas2770.c | 2 +- sound/soc/codecs/wm0010.c | 13 +- sound/soc/codecs/wm5110.c | 8 +- sound/soc/sh/rcar/core.c | 14 -- sound/soc/sh/rcar/rsnd.h | 1 - sound/soc/sh/rcar/src.c | 116 +++++++++++--- sound/soc/soc-ops.c | 15 +- sound/soc/sof/intel/hda-codec.c | 1 + 227 files changed, 2513 insertions(+), 1511 deletions(-)

3 days, 15 hours

12
212
0 0

[PATCH] pinctrl: renesas: rzg2l: Fix ISEL restore on resume

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Commit 1d2da79708cb ("pinctrl: renesas: rzg2l: Avoid configuring ISEL in gpio_irq_{en,dis}able*()") dropped the configuration of ISEL from rzg2l_gpio_irq_enable()/rzg2l_gpio_irq_disable() and moved it to rzg2l_gpio_child_to_parent_hwirq()/rzg2l_gpio_irq_domain_free() to fix spurious IRQs. The resume code used rzg2l_gpio_irq_enable() (called from rzg2l_gpio_irq_restore()) to reconfigure the wakeup interrupts. Some drivers (e.g. Ethernet) may also reconfigure interrupts in their own code, eventually calling rzg2l_gpio_irq_enable(), when these are not wakeup interrupts. After commit 1d2da79708cb ("pinctrl: renesas: rzg2l: Avoid configuring ISEL in gpio_irq_{en,dis}able*()"), ISEL was no longer configured properly after resume. Fix this by adding rzg2l_gpio_irq_endisable() back into rzg2l_gpio_irq_enable(), and by using its unlocked variant in rzg2l_gpio_irq_restore(). Having IRQs enable in rzg2l_gpio_irq_enable() should be safe with respect to spurious IRQs, as in the probe case IRQs are enabled anyway in rzg2l_gpio_child_to_parent_hwirq(). No spurious IRQs were detected on suspend/resume tests (executed on RZ/G3S). Fixes: 1d2da79708cb ("pinctrl: renesas: rzg2l: Avoid configuring ISEL in gpio_irq_{en,dis}able*(") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- drivers/pinctrl/renesas/pinctrl-rzg2l.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/drivers/pinctrl/renesas/pinctrl-rzg2l.c b/drivers/pinctrl/renesas/pinctrl-rzg2l.c index b182b3b8a542..6ae1ee3ffc81 100644 --- a/drivers/pinctrl/renesas/pinctrl-rzg2l.c +++ b/drivers/pinctrl/renesas/pinctrl-rzg2l.c @@ -2428,7 +2428,7 @@ static int rzg2l_gpio_get_gpioint(unsigned int virq, struct rzg2l_pinctrl *pctrl } static void rzg2l_gpio_irq_endisable(struct rzg2l_pinctrl *pctrl, - unsigned int hwirq, bool enable) + unsigned int hwirq, bool enable, bool lock) { const struct pinctrl_pin_desc *pin_desc = &pctrl->desc.pins[hwirq]; u64 *pin_data = pin_desc->drv_data; @@ -2443,12 +2443,16 @@ static void rzg2l_gpio_irq_endisable(struct rzg2l_pinctrl *pctrl, addr += 4; } - spin_lock_irqsave(&pctrl->lock, flags); + if (lock) + spin_lock_irqsave(&pctrl->lock, flags); + if (enable) writel(readl(addr) | BIT(bit * 8), addr); else writel(readl(addr) & ~BIT(bit * 8), addr); - spin_unlock_irqrestore(&pctrl->lock, flags); + + if (lock) + spin_unlock_irqrestore(&pctrl->lock, flags); } static void rzg2l_gpio_irq_disable(struct irq_data *d) @@ -2460,15 +2464,22 @@ static void rzg2l_gpio_irq_disable(struct irq_data *d) gpiochip_disable_irq(gc, hwirq); } -static void rzg2l_gpio_irq_enable(struct irq_data *d) +static void rzg2l_gpio_irq_enable_helper(struct irq_data *d, bool lock) { struct gpio_chip *gc = irq_data_get_irq_chip_data(d); + struct rzg2l_pinctrl *pctrl = container_of(gc, struct rzg2l_pinctrl, gpio_chip); unsigned int hwirq = irqd_to_hwirq(d); gpiochip_enable_irq(gc, hwirq); + rzg2l_gpio_irq_endisable(pctrl, hwirq, true, lock); irq_chip_enable_parent(d); } +static void rzg2l_gpio_irq_enable(struct irq_data *d) +{ + rzg2l_gpio_irq_enable_helper(d, true); +} + static int rzg2l_gpio_irq_set_type(struct irq_data *d, unsigned int type) { return irq_chip_set_type_parent(d, type); @@ -2570,7 +2581,7 @@ static int rzg2l_gpio_child_to_parent_hwirq(struct gpio_chip *gc, goto err; } - rzg2l_gpio_irq_endisable(pctrl, child, true); + rzg2l_gpio_irq_endisable(pctrl, child, true, true); pctrl->hwirq[irq] = child; irq += pctrl->data->hwcfg->tint_start_index; @@ -2617,7 +2628,7 @@ static void rzg2l_gpio_irq_restore(struct rzg2l_pinctrl *pctrl) spin_lock_irqsave(&pctrl->lock, flags); ret = rzg2l_gpio_irq_set_type(data, irqd_get_trigger_type(data)); if (!ret && !irqd_irq_disabled(data)) - rzg2l_gpio_irq_enable(data); + rzg2l_gpio_irq_enable_helper(data, false); spin_unlock_irqrestore(&pctrl->lock, flags); if (ret) @@ -2640,7 +2651,7 @@ static void rzg2l_gpio_irq_domain_free(struct irq_domain *domain, unsigned int v for (i = 0; i < RZG2L_TINT_MAX_INTERRUPT; i++) { if (pctrl->hwirq[i] == hwirq) { - rzg2l_gpio_irq_endisable(pctrl, hwirq, false); + rzg2l_gpio_irq_endisable(pctrl, hwirq, false, true); rzg2l_gpio_free(gc, hwirq); spin_lock_irqsave(&pctrl->bitmap_lock, flags); bitmap_release_region(pctrl->tint_slot, i, get_order(1)); -- 2.43.0

3 days, 16 hours

4
6
0 0

[PATCH net v4] rds: ib: Increment i_fastreg_wrs before bailing out

by Håkon Bugge

We need to increment i_fastreg_wrs before we bail out from rds_ib_post_reg_frmr(). We have a fixed budget of how many FRWR operations that can be outstanding using the dedicated QP used for memory registrations and de-registrations. This budget is enforced by the atomic_t i_fastreg_wrs. If we bail out early in rds_ib_post_reg_frmr(), we will "leak" the possibility of posting an FRWR operation, and if that accumulates, no FRWR operation can be carried out. Fixes: 1659185fb4d0 ("RDS: IB: Support Fastreg MR (FRMR) memory registration mode") Fixes: 3a2886cca703 ("net/rds: Keep track of and wait for FRWR segments in use upon shutdown") Cc: stable(a)vger.kernel.org Signed-off-by: Håkon Bugge <haakon.bugge(a)oracle.com> Reviewed-by: Allison Henderson <allison.henderson(a)oracle.com> --- v3 -> v4: * Removed unused "out:" label * Added Allison's r-b v2 -> v3: * Amended commit message * Removed indentation of this section * Fixing error path from ib_post_send() v1 -> v2: Added Cc: stable(a)vger.kernel.org --- net/rds/ib_frmr.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/net/rds/ib_frmr.c b/net/rds/ib_frmr.c index 28c1b00221780..bd861191157b5 100644 --- a/net/rds/ib_frmr.c +++ b/net/rds/ib_frmr.c @@ -133,12 +133,15 @@ static int rds_ib_post_reg_frmr(struct rds_ib_mr *ibmr) ret = ib_map_mr_sg_zbva(frmr->mr, ibmr->sg, ibmr->sg_dma_len, &off, PAGE_SIZE); - if (unlikely(ret != ibmr->sg_dma_len)) - return ret < 0 ? ret : -EINVAL; + if (unlikely(ret != ibmr->sg_dma_len)) { + ret = ret < 0 ? ret : -EINVAL; + goto out_inc; + } - if (cmpxchg(&frmr->fr_state, - FRMR_IS_FREE, FRMR_IS_INUSE) != FRMR_IS_FREE) - return -EBUSY; + if (cmpxchg(&frmr->fr_state, FRMR_IS_FREE, FRMR_IS_INUSE) != FRMR_IS_FREE) { + ret = -EBUSY; + goto out_inc; + } atomic_inc(&ibmr->ic->i_fastreg_inuse_count); @@ -166,11 +169,10 @@ static int rds_ib_post_reg_frmr(struct rds_ib_mr *ibmr) /* Failure here can be because of -ENOMEM as well */ rds_transition_frwr_state(ibmr, FRMR_IS_INUSE, FRMR_IS_STALE); - atomic_inc(&ibmr->ic->i_fastreg_wrs); if (printk_ratelimit()) pr_warn("RDS/IB: %s returned error(%d)\n", __func__, ret); - goto out; + goto out_inc; } /* Wait for the registration to complete in order to prevent an invalid @@ -179,8 +181,10 @@ static int rds_ib_post_reg_frmr(struct rds_ib_mr *ibmr) */ wait_event(frmr->fr_reg_done, !frmr->fr_reg); -out: + return ret; +out_inc: + atomic_inc(&ibmr->ic->i_fastreg_wrs); return ret; } -- 2.43.5

3 days, 16 hours

1
0
0 0

Vendor / Contractor Registration Request 2025/2026

by Etihad Aviation Group PJSC

-- Attn: Sir/Madam, We are interested in your services and invite your company to register for Vendor/Contractor Partnership with Etihad Aviation Group for our 2025/2026 projects. If you wish to participate, please confirm your interest, and we will send the Vendor Questionnaire and EOI. Thank you. Kind Regards, Engr, Tami Hassan, Vendor Procurement & Contracts Shared Services Center Etihad Aviation Group PJSC

3 days, 16 hours

1
0
0 0

[PATCH net v3] rds: ib: Increment i_fastreg_wrs before bailing out

by Håkon Bugge

We need to increment i_fastreg_wrs before we bail out from rds_ib_post_reg_frmr(). We have a fixed budget of how many FRWR operations that can be outstanding using the dedicated QP used for memory registrations and de-registrations. This budget is enforced by the atomic_t i_fastreg_wrs. If we bail out early in rds_ib_post_reg_frmr(), we will "leak" the possibility of posting an FRWR operation, and if that accumulates, no FRWR operation can be carried out. Fixes: 1659185fb4d0 ("RDS: IB: Support Fastreg MR (FRMR) memory registration mode") Fixes: 3a2886cca703 ("net/rds: Keep track of and wait for FRWR segments in use upon shutdown") Cc: stable(a)vger.kernel.org Signed-off-by: Håkon Bugge <haakon.bugge(a)oracle.com> --- v2 -> v3: * Amended commit message * Removed indentation of this section * Fixing error path from ib_post_send() v1 -> v2: Added Cc: stable(a)vger.kernel.org --- net/rds/ib_frmr.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/net/rds/ib_frmr.c b/net/rds/ib_frmr.c index 28c1b00221780..395a99b5a65ca 100644 --- a/net/rds/ib_frmr.c +++ b/net/rds/ib_frmr.c @@ -133,12 +133,15 @@ static int rds_ib_post_reg_frmr(struct rds_ib_mr *ibmr) ret = ib_map_mr_sg_zbva(frmr->mr, ibmr->sg, ibmr->sg_dma_len, &off, PAGE_SIZE); - if (unlikely(ret != ibmr->sg_dma_len)) - return ret < 0 ? ret : -EINVAL; + if (unlikely(ret != ibmr->sg_dma_len)) { + ret = ret < 0 ? ret : -EINVAL; + goto out_inc; + } - if (cmpxchg(&frmr->fr_state, - FRMR_IS_FREE, FRMR_IS_INUSE) != FRMR_IS_FREE) - return -EBUSY; + if (cmpxchg(&frmr->fr_state, FRMR_IS_FREE, FRMR_IS_INUSE) != FRMR_IS_FREE) { + ret = -EBUSY; + goto out_inc; + } atomic_inc(&ibmr->ic->i_fastreg_inuse_count); @@ -166,11 +169,10 @@ static int rds_ib_post_reg_frmr(struct rds_ib_mr *ibmr) /* Failure here can be because of -ENOMEM as well */ rds_transition_frwr_state(ibmr, FRMR_IS_INUSE, FRMR_IS_STALE); - atomic_inc(&ibmr->ic->i_fastreg_wrs); if (printk_ratelimit()) pr_warn("RDS/IB: %s returned error(%d)\n", __func__, ret); - goto out; + goto out_inc; } /* Wait for the registration to complete in order to prevent an invalid @@ -178,9 +180,11 @@ static int rds_ib_post_reg_frmr(struct rds_ib_mr *ibmr) * being accessed while registration is still pending. */ wait_event(frmr->fr_reg_done, !frmr->fr_reg); - out: + return ret; +out_inc: + atomic_inc(&ibmr->ic->i_fastreg_wrs); return ret; } -- 2.43.5

3 days, 16 hours

4
3
0 0

[PATCH stable/linux-5.10.y] sched/core: Fix potential deadlock on rq lock

by Wang Tao

When CPU 1 enters the nohz_full state, and the kworker on CPU 0 executes the function sched_tick_remote, holding the lock on CPU1's rq and triggering the warning WARN_ON_ONCE(delta > (u64)NSEC_PER_SEC * 3). This leads to the process of printing the warning message, where the console_sem semaphore is held. At this point, the print task on the CPU1's rq cannot acquire the console_sem and joins the wait queue, entering the UNINTERRUPTIBLE state. It waits for the console_sem to be released and then wakes up. After the task on CPU 0 releases the console_sem, it wakes up the waiting console_sem task. In try_to_wake_up, it attempts to acquire the lock on CPU1's rq again, resulting in a deadlock. The triggering scenario is as follows: CPU 0 CPU1 sched_tick_remote WARN_ON_ONCE(delta > (u64)NSEC_PER_SEC * 3) report_bug con_write printk console_unlock do_con_write console_lock down(&console_sem) list_add_tail(&waiter.list, &sem->wait_list); up(&console_sem) wake_up_q(&wake_q) try_to_wake_up __task_rq_lock _raw_spin_lock This patch fixes the issue by deffering all printk console printing during the lock holding period. Fixes: d84b31313ef8 ("sched/isolation: Offload residual 1Hz scheduler tick") Signed-off-by: Wang Tao <wangtao554(a)huawei.com> --- kernel/sched/core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 40f40f359c5d..fd2c83058ec2 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -4091,6 +4091,7 @@ static void sched_tick_remote(struct work_struct *work) goto out_requeue; rq_lock_irq(rq, &rf); + printk_deferred_enter(); curr = rq->curr; if (cpu_is_offline(cpu)) goto out_unlock; @@ -4109,6 +4110,7 @@ static void sched_tick_remote(struct work_struct *work) calc_load_nohz_remote(rq); out_unlock: + printk_deferred_exit(); rq_unlock_irq(rq, &rf); out_requeue: -- 2.34.1

3 days, 17 hours

3
4
0 0

[PATCH v5] Bluetooth: btintel: Correctly declare all module firmware files

by DaanDeMeyer

From: Dimitri John Ledkov <dimitri.ledkov(a)canonical.com> Strictly encode patterns of supported hw_variants of firmware files the kernel driver supports requesting. This now includes many missing and previously undeclared module firmware files for 0x07, 0x08, 0x11-0x14, 0x17-0x1b hw_variants. This especially affects environments that only install firmware files declared and referenced by the kernel modules. In such environments, only the declared firmware files are copied resulting in most Intel Bluetooth devices not working. I.e. host-only dracut-install initrds, or Ubuntu Core kernel snaps. BugLink: https://bugs.launchpad.net/bugs/1970819 Cc: stable(a)vger.kernel.org # 4.15+ Signed-off-by: Dimitri John Ledkov <dimitri.ledkov(a)canonical.com> --- Notes: Changes since v4: - Add missing "intel/" prefix for 0x17+ firmware - Add Cc stable for v4.15+ kernels Changes since v3: - Hopefully pacify trailing whitespace from GitLint in this optional portion of the commit. Changes since v2: - encode patterns for 0x17 0x18 0x19 0x1b hw_variants - rebase on top of latest rc tag Changes since v1: - encode strict patterns of supported firmware files for each of the supported hw_variant generations. drivers/bluetooth/btintel.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/drivers/bluetooth/btintel.c b/drivers/bluetooth/btintel.c index a657e9a3e96a..d0e22fe09567 100644 --- a/drivers/bluetooth/btintel.c +++ b/drivers/bluetooth/btintel.c @@ -2656,7 +2656,25 @@ MODULE_AUTHOR("Marcel Holtmann <marcel(a)holtmann.org>"); MODULE_DESCRIPTION("Bluetooth support for Intel devices ver " VERSION); MODULE_VERSION(VERSION); MODULE_LICENSE("GPL"); -MODULE_FIRMWARE("intel/ibt-11-5.sfi"); -MODULE_FIRMWARE("intel/ibt-11-5.ddc"); -MODULE_FIRMWARE("intel/ibt-12-16.sfi"); -MODULE_FIRMWARE("intel/ibt-12-16.ddc"); +/* hw_variant 0x07 0x08 */ +MODULE_FIRMWARE("intel/ibt-hw-37.7.*-fw-*.*.*.*.*.bseq"); +MODULE_FIRMWARE("intel/ibt-hw-37.7.bseq"); +MODULE_FIRMWARE("intel/ibt-hw-37.8.*-fw-*.*.*.*.*.bseq"); +MODULE_FIRMWARE("intel/ibt-hw-37.8.bseq"); +/* hw_variant 0x0b 0x0c */ +MODULE_FIRMWARE("intel/ibt-11-*.sfi"); +MODULE_FIRMWARE("intel/ibt-12-*.sfi"); +MODULE_FIRMWARE("intel/ibt-11-*.ddc"); +MODULE_FIRMWARE("intel/ibt-12-*.ddc"); +/* hw_variant 0x11 0x12 0x13 0x14 */ +MODULE_FIRMWARE("intel/ibt-17-*-*.sfi"); +MODULE_FIRMWARE("intel/ibt-18-*-*.sfi"); +MODULE_FIRMWARE("intel/ibt-19-*-*.sfi"); +MODULE_FIRMWARE("intel/ibt-20-*-*.sfi"); +MODULE_FIRMWARE("intel/ibt-17-*-*.ddc"); +MODULE_FIRMWARE("intel/ibt-18-*-*.ddc"); +MODULE_FIRMWARE("intel/ibt-19-*-*.ddc"); +MODULE_FIRMWARE("intel/ibt-20-*-*.ddc"); +/* hw_variant 0x17 0x18 0x19 0x1b, read and use cnvi/cnvr */ +MODULE_FIRMWARE("intel/ibt-[0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9].sfi"); +MODULE_FIRMWARE("intel/ibt-[0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9].ddc"); -- 2.34.1

3 days, 19 hours

3
4
0 0

[PATCH v2] firmware: exynos-acpm: fix PMIC returned errno

by Tudor Ambarus

ACPM PMIC command handlers returned a u8 value when they should have returned either zero or negative error codes. Translate the APM PMIC errno to linux errno. Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Closes: https://lore.kernel.org/linux-input/aElHlTApXj-W_o1r@stanley.mountain/ Fixes: a88927b534ba ("firmware: add Exynos ACPM protocol driver") Cc: stable(a)vger.kernel.org Signed-off-by: Tudor Ambarus <tudor.ambarus(a)linaro.org> --- Changes in v2: - remove `enum acpm_pmic_error_codes`. use designated initializers in the array instead. - constify acpm_pmic_linux_errmap - drop inline from acpm_pmic_to_linux_errno - s/errno/err - Link to v1: https://lore.kernel.org/r/20250821-acpm-pmix-fix-errno-v1-1-771a5969324c@li… --- drivers/firmware/samsung/exynos-acpm-pmic.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/drivers/firmware/samsung/exynos-acpm-pmic.c b/drivers/firmware/samsung/exynos-acpm-pmic.c index 39b33a356ebd240506b6390163229a70a2d1fe68..961d7599e4224ef6ebe64dfa2fcb441a4dbd78a3 100644 --- a/drivers/firmware/samsung/exynos-acpm-pmic.c +++ b/drivers/firmware/samsung/exynos-acpm-pmic.c @@ -4,7 +4,9 @@ * Copyright 2020 Google LLC. * Copyright 2024 Linaro Ltd. */ +#include <linux/array_size.h> #include <linux/bitfield.h> +#include <linux/errno.h> #include <linux/firmware/samsung/exynos-acpm-protocol.h> #include <linux/ktime.h> #include <linux/types.h> @@ -33,6 +35,19 @@ enum exynos_acpm_pmic_func { ACPM_PMIC_BULK_WRITE, }; +static const int acpm_pmic_linux_errmap[] = { + [0] = 0, /* ACPM_PMIC_SUCCESS */ + [1] = -EACCES, /* Read register can't be accessed or issues to access it. */ + [2] = -EACCES, /* Write register can't be accessed or issues to access it. */ +}; + +static int acpm_pmic_to_linux_err(int err) +{ + if (err >= 0 && err < ARRAY_SIZE(acpm_pmic_linux_errmap)) + return acpm_pmic_linux_errmap[err]; + return -EIO; +} + static inline u32 acpm_pmic_set_bulk(u32 data, unsigned int i) { return (data & ACPM_PMIC_BULK_MASK) << (ACPM_PMIC_BULK_SHIFT * i); @@ -79,7 +94,7 @@ int acpm_pmic_read_reg(const struct acpm_handle *handle, *buf = FIELD_GET(ACPM_PMIC_VALUE, xfer.rxd[1]); - return FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]); + return acpm_pmic_to_linux_err(FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1])); } static void acpm_pmic_init_bulk_read_cmd(u32 cmd[4], u8 type, u8 reg, u8 chan, @@ -110,7 +125,7 @@ int acpm_pmic_bulk_read(const struct acpm_handle *handle, if (ret) return ret; - ret = FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]); + ret = acpm_pmic_to_linux_err(FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1])); if (ret) return ret; @@ -150,7 +165,7 @@ int acpm_pmic_write_reg(const struct acpm_handle *handle, if (ret) return ret; - return FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]); + return acpm_pmic_to_linux_err(FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1])); } static void acpm_pmic_init_bulk_write_cmd(u32 cmd[4], u8 type, u8 reg, u8 chan, @@ -190,7 +205,7 @@ int acpm_pmic_bulk_write(const struct acpm_handle *handle, if (ret) return ret; - return FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]); + return acpm_pmic_to_linux_err(FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1])); } static void acpm_pmic_init_update_cmd(u32 cmd[4], u8 type, u8 reg, u8 chan, @@ -220,5 +235,5 @@ int acpm_pmic_update_reg(const struct acpm_handle *handle, if (ret) return ret; - return FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]); + return acpm_pmic_to_linux_err(FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1])); } --- base-commit: c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9 change-id: 20250820-acpm-pmix-fix-errno-92b3e6e17d1b Best regards, -- Tudor Ambarus <tudor.ambarus(a)linaro.org>

3 days, 20 hours

2
1
0 0

[PATCH 6.12] drm/xe/hw_engine_group: Avoid call kfree() for drmm_kzalloc()

by Mikhail Dmitrichenko

From: Shuicheng Lin <shuicheng.lin(a)intel.com> commit 4846856c3a4afa882b6d1b842ed2fad6f3781f4d upstream. Memory allocated with drmm_kzalloc() should not be freed using kfree(), as it is managed by the DRM subsystem. The memory will be automatically freed when the associated drm_device is released. These 3 group pointers are allocated using drmm_kzalloc() in hw_engine_group_alloc(), so they don't require manual deallocation. Fixes: 67979060740f ("drm/xe/hw_engine_group: Fix potential leak") Signed-off-by: Shuicheng Lin <shuicheng.lin(a)intel.com> Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> Signed-off-by: Michal Wajdeczko <michal.wajdeczko(a)intel.com> Link: https://lore.kernel.org/r/20250724193854.1124510-2-shuicheng.lin@intel.com (cherry picked from commit f98de826b418885a21ece67f0f5b921ae759b7bf) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Signed-off-by: Mikhail Dmitrichenko <mdmitrichenko(a)astralinux.ru> --- drivers/gpu/drm/xe/xe_hw_engine_group.c | 28 ++++++------------------- 1 file changed, 6 insertions(+), 22 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_hw_engine_group.c b/drivers/gpu/drm/xe/xe_hw_engine_group.c index 82750520a90a..d0f1bf32cdd5 100644 --- a/drivers/gpu/drm/xe/xe_hw_engine_group.c +++ b/drivers/gpu/drm/xe/xe_hw_engine_group.c @@ -84,25 +84,18 @@ int xe_hw_engine_setup_groups(struct xe_gt *gt) enum xe_hw_engine_id id; struct xe_hw_engine_group *group_rcs_ccs, *group_bcs, *group_vcs_vecs; struct xe_device *xe = gt_to_xe(gt); - int err; group_rcs_ccs = hw_engine_group_alloc(xe); - if (IS_ERR(group_rcs_ccs)) { - err = PTR_ERR(group_rcs_ccs); - goto err_group_rcs_ccs; - } + if (IS_ERR(group_rcs_ccs)) + return PTR_ERR(group_rcs_ccs); group_bcs = hw_engine_group_alloc(xe); - if (IS_ERR(group_bcs)) { - err = PTR_ERR(group_bcs); - goto err_group_bcs; - } + if (IS_ERR(group_bcs)) + return PTR_ERR(group_bcs); group_vcs_vecs = hw_engine_group_alloc(xe); - if (IS_ERR(group_vcs_vecs)) { - err = PTR_ERR(group_vcs_vecs); - goto err_group_vcs_vecs; - } + if (IS_ERR(group_vcs_vecs)) + return PTR_ERR(group_vcs_vecs); for_each_hw_engine(hwe, gt, id) { switch (hwe->class) { @@ -125,15 +118,6 @@ int xe_hw_engine_setup_groups(struct xe_gt *gt) } return 0; - -err_group_vcs_vecs: - kfree(group_vcs_vecs); -err_group_bcs: - kfree(group_bcs); -err_group_rcs_ccs: - kfree(group_rcs_ccs); - - return err; } /** -- 2.39.2

3 days, 21 hours

1
0
0 0

[PATCH V2] LoongArch: Align ACPI structures if ARCH_STRICT_ALIGN enabled

by Huacai Chen

ARCH_STRICT_ALIGN is used for hardware without UAL, now it only control the -mstrict-align flag. However, ACPI structures are packed by default so will cause unaligned accesses. To avoid this, define ACPI_MISALIGNMENT_NOT_SUPPORTED in asm/acenv.h to align ACPI structures if ARCH_STRICT_ALIGN enabled. Cc: stable(a)vger.kernel.org Reported-by: Binbin Zhou <zhoubinbin(a)loongson.cn> Suggested-by: Xi Ruoyao <xry111(a)xry111.site> Suggested-by: Jiaxun Yang <jiaxun.yang(a)flygoat.com> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- V2: Modify asm/acenv.h instead of Makefile. arch/loongarch/include/asm/acenv.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/arch/loongarch/include/asm/acenv.h b/arch/loongarch/include/asm/acenv.h index 52f298f7293b..483c955f2ae5 100644 --- a/arch/loongarch/include/asm/acenv.h +++ b/arch/loongarch/include/asm/acenv.h @@ -10,9 +10,8 @@ #ifndef _ASM_LOONGARCH_ACENV_H #define _ASM_LOONGARCH_ACENV_H -/* - * This header is required by ACPI core, but we have nothing to fill in - * right now. Will be updated later when needed. - */ +#ifdef CONFIG_ARCH_STRICT_ALIGN +#define ACPI_MISALIGNMENT_NOT_SUPPORTED +#endif /* CONFIG_ARCH_STRICT_ALIGN */ #endif /* _ASM_LOONGARCH_ACENV_H */ -- 2.47.3

3 days, 21 hours

3
2
0 0

[PATCH v2 1/5] net: cadence: macb: Set upper 32bits of DMA ring buffer

by Stanimir Varbanov

In case of rx queue reset and 64bit capable hardware, set the upper 32bits of DMA ring buffer address. Cc: stable(a)vger.kernel.org # v4.6+ Fixes: 9ba723b081a2 ("net: macb: remove BUG_ON() and reset the queue to handle RX errors") Credits-to: Phil Elwell <phil(a)raspberrypi.com> Credits-to: Jonathan Bell <jonathan(a)raspberrypi.com> Signed-off-by: Stanimir Varbanov <svarbanov(a)suse.de> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> --- v1 -> v2: - Added credits. - Use lower_32_bits() for RBQP register writes for consistency (Nicolas). - Added Fixes tag. drivers/net/ethernet/cadence/macb_main.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c index ce95fad8cedd..36717e7e5811 100644 --- a/drivers/net/ethernet/cadence/macb_main.c +++ b/drivers/net/ethernet/cadence/macb_main.c @@ -1634,7 +1634,11 @@ static int macb_rx(struct macb_queue *queue, struct napi_struct *napi, macb_writel(bp, NCR, ctrl & ~MACB_BIT(RE)); macb_init_rx_ring(queue); - queue_writel(queue, RBQP, queue->rx_ring_dma); + queue_writel(queue, RBQP, lower_32_bits(queue->rx_ring_dma)); +#ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT + if (bp->hw_dma_cap & HW_DMA_CAP_64B) + macb_writel(bp, RBQPH, upper_32_bits(queue->rx_ring_dma)); +#endif macb_writel(bp, NCR, ctrl | MACB_BIT(RE)); -- 2.47.0

3 days, 22 hours

5
10
0 0

[RESEND PATCH v4 2/3] ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S

by Mohammad Rafi Shaik

The q6i2s_set_fmt() function was defined but never linked into the I2S DAI operations, resulting DAI format settings is being ignored during stream setup. This change fixes the issue by properly linking the .set_fmt handler within the DAI ops. Fixes: 30ad723b93ade ("ASoC: qdsp6: audioreach: add q6apm lpass dai support") Cc: stable(a)vger.kernel.org Reviewed-by: Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> Signed-off-by: Mohammad Rafi Shaik <mohammad.rafi.shaik(a)oss.qualcomm.com> --- sound/soc/qcom/qdsp6/q6apm-lpass-dais.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/qcom/qdsp6/q6apm-lpass-dais.c b/sound/soc/qcom/qdsp6/q6apm-lpass-dais.c index 20974f10406b..528756f1332b 100644 --- a/sound/soc/qcom/qdsp6/q6apm-lpass-dais.c +++ b/sound/soc/qcom/qdsp6/q6apm-lpass-dais.c @@ -262,6 +262,7 @@ static const struct snd_soc_dai_ops q6i2s_ops = { .shutdown = q6apm_lpass_dai_shutdown, .set_channel_map = q6dma_set_channel_map, .hw_params = q6dma_hw_params, + .set_fmt = q6i2s_set_fmt, }; static const struct snd_soc_dai_ops q6hdmi_ops = { -- 2.34.1

3 days, 23 hours

1
0
0 0

[RESEND PATCH v4 1/3] ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface

by Mohammad Rafi Shaik

Fix missing lpaif_type configuration for the I2S interface. The proper lpaif interface type required to allow DSP to vote appropriate clock setting for I2S interface. Fixes: 25ab80db6b133 ("ASoC: qdsp6: audioreach: add module configuration command helpers") Cc: stable(a)vger.kernel.org Reviewed-by: Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> Signed-off-by: Mohammad Rafi Shaik <mohammad.rafi.shaik(a)oss.qualcomm.com> --- sound/soc/qcom/qdsp6/audioreach.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/qcom/qdsp6/audioreach.c b/sound/soc/qcom/qdsp6/audioreach.c index bbfd51db8797..be21d5f6af8a 100644 --- a/sound/soc/qcom/qdsp6/audioreach.c +++ b/sound/soc/qcom/qdsp6/audioreach.c @@ -995,6 +995,7 @@ static int audioreach_i2s_set_media_format(struct q6apm_graph *graph, param_data->param_id = PARAM_ID_I2S_INTF_CFG; param_data->param_size = ic_sz - APM_MODULE_PARAM_DATA_SIZE; + intf_cfg->cfg.lpaif_type = module->hw_interface_type; intf_cfg->cfg.intf_idx = module->hw_interface_idx; intf_cfg->cfg.sd_line_idx = module->sd_line_idx; -- 2.34.1

3 days, 23 hours

1
0
0 0

[PATCH] mfd: rz-mtu3: fix MTU5 NFCR register offset

by Cosmin Tanislav

The NFCR register for MTU5 is at 0x1a95 offset according to Datasheet Page 725, Table 16.4. The address of all registers is offset by 0x1200, making the proper address of MTU5 NFCR register be 0x895. Cc: stable(a)vger.kernel.org Fixes: 654c293e1687 ("mfd: Add Renesas RZ/G2L MTU3a core driver") Signed-off-by: Cosmin Tanislav <cosmin-gabriel.tanislav.xa(a)renesas.com> --- drivers/mfd/rz-mtu3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mfd/rz-mtu3.c b/drivers/mfd/rz-mtu3.c index f3dac4a29a83..9cdfef610398 100644 --- a/drivers/mfd/rz-mtu3.c +++ b/drivers/mfd/rz-mtu3.c @@ -32,7 +32,7 @@ static const unsigned long rz_mtu3_8bit_ch_reg_offs[][13] = { [RZ_MTU3_CHAN_2] = MTU_8BIT_CH_1_2(0x204, 0x092, 0x205, 0x200, 0x20c, 0x201, 0x202), [RZ_MTU3_CHAN_3] = MTU_8BIT_CH_3_4_6_7(0x008, 0x093, 0x02c, 0x000, 0x04c, 0x002, 0x004, 0x005, 0x038), [RZ_MTU3_CHAN_4] = MTU_8BIT_CH_3_4_6_7(0x009, 0x094, 0x02d, 0x001, 0x04d, 0x003, 0x006, 0x007, 0x039), - [RZ_MTU3_CHAN_5] = MTU_8BIT_CH_5(0xab2, 0x1eb, 0xab4, 0xab6, 0xa84, 0xa85, 0xa86, 0xa94, 0xa95, 0xa96, 0xaa4, 0xaa5, 0xaa6), + [RZ_MTU3_CHAN_5] = MTU_8BIT_CH_5(0xab2, 0x895, 0xab4, 0xab6, 0xa84, 0xa85, 0xa86, 0xa94, 0xa95, 0xa96, 0xaa4, 0xaa5, 0xaa6), [RZ_MTU3_CHAN_6] = MTU_8BIT_CH_3_4_6_7(0x808, 0x893, 0x82c, 0x800, 0x84c, 0x802, 0x804, 0x805, 0x838), [RZ_MTU3_CHAN_7] = MTU_8BIT_CH_3_4_6_7(0x809, 0x894, 0x82d, 0x801, 0x84d, 0x803, 0x806, 0x807, 0x839), [RZ_MTU3_CHAN_8] = MTU_8BIT_CH_8(0x404, 0x098, 0x400, 0x406, 0x401, 0x402, 0x403) -- 2.51.0

3 days, 23 hours

2
1
0 0

[PATCH v5 1/4] x86/cpu/topology: Always try cpu_parse_topology_ext() on AMD/Hygon

by K Prateek Nayak

Support for parsing the topology on AMD/Hygon processors using CPUID leaf 0xb was added in commit 3986a0a805e6 ("x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available"). In an effort to keep all the topology parsing bits in one place, this commit also introduced a pseudo dependency on the TOPOEXT feature to parse the CPUID leaf 0xb. TOPOEXT feature (CPUID 0x80000001 ECX[22]) advertises the support for Cache Properties leaf 0x8000001d and the CPUID leaf 0x8000001e EAX for "Extended APIC ID" however support for 0xb was introduced alongside the x2APIC support not only on AMD [1], but also historically on x86 [2]. Similar to 0xb, the support for extended CPU topology leaf 0x80000026 too does not depend on the TOPOEXT feature. The support for these leaves is expected to be confirmed by ensuring "leaf <= {extended_}cpuid_level" and then parsing the level 0 of the respective leaf to confirm EBX[15:0] (LogProcAtThisLevel) is non-zero as stated in the definition of "CPUID_Fn0000000B_EAX_x00 [Extended Topology Enumeration] (Core::X86::Cpuid::ExtTopEnumEax0)" in Processor Programming Reference (PPR) for AMD Family 19h Model 01h Rev B1 Vol1 [3] Sec. 2.1.15.1 "CPUID Instruction Functions". This has not been a problem on baremetal platforms since support for TOPOEXT (Fam 0x15 and later) predates the support for CPUID leaf 0xb (Fam 0x17[Zen2] and later), however, for AMD guests on QEMU, "x2apic" feature can be enabled independent of the "topoext" feature where QEMU expects topology and the initial APICID to be parsed using the CPUID leaf 0xb (especially when number of cores > 255) which is populated independent of the "topoext" feature flag. Unconditionally call cpu_parse_topology_ext() on AMD and Hygon processors to first parse the topology using the XTOPOLOGY leaves (0x80000026 / 0xb) before using the TOPOEXT leaf (0x8000001e). While at it, break down the single large comment in parse_topology_amd() to better highlight the purpose of each CPUID leaf. Cc: stable(a)vger.kernel.org # Only v6.9 and above; Depends on x86 topology rewrite Link: https://lore.kernel.org/lkml/1529686927-7665-1-git-send-email-suravee.suthi… [1] Link: https://lore.kernel.org/lkml/20080818181435.523309000@linux-os.sc.intel.com/ [2] Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 [3] Suggested-by: Naveen N Rao (AMD) <naveen(a)kernel.org> Fixes: 3986a0a805e6 ("x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available") Signed-off-by: K Prateek Nayak <kprateek.nayak(a)amd.com> --- Changelog v4..v5: o Made a note on only targeting versions >= v6.9 for stable backports since the fix depends on the x86 topology rewrite. (Boris) o Renamed "has_topoext" to "has_xtopology". (Boris) o Broke down the large comment in parse_topology_amd() to better highlight the purpose of each leaf and the overall parsing flow. (Boris) --- arch/x86/kernel/cpu/topology_amd.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/arch/x86/kernel/cpu/topology_amd.c b/arch/x86/kernel/cpu/topology_amd.c index 827dd0dbb6e9..c79ebbb639cb 100644 --- a/arch/x86/kernel/cpu/topology_amd.c +++ b/arch/x86/kernel/cpu/topology_amd.c @@ -175,27 +175,30 @@ static void topoext_fixup(struct topo_scan *tscan) static void parse_topology_amd(struct topo_scan *tscan) { - bool has_topoext = false; - /* - * If the extended topology leaf 0x8000_001e is available - * try to get SMT, CORE, TILE, and DIE shifts from extended + * Try to get SMT, CORE, TILE, and DIE shifts from extended * CPUID leaf 0x8000_0026 on supported processors first. If * extended CPUID leaf 0x8000_0026 is not supported, try to - * get SMT and CORE shift from leaf 0xb first, then try to - * get the CORE shift from leaf 0x8000_0008. + * get SMT and CORE shift from leaf 0xb. If either leaf is + * available, cpu_parse_topology_ext() will return true. */ - if (cpu_feature_enabled(X86_FEATURE_TOPOEXT)) - has_topoext = cpu_parse_topology_ext(tscan); + bool has_xtopology = cpu_parse_topology_ext(tscan); if (cpu_feature_enabled(X86_FEATURE_AMD_HTR_CORES)) tscan->c->topo.cpu_type = cpuid_ebx(0x80000026); - if (!has_topoext && !parse_8000_0008(tscan)) + /* + * If XTOPOLOGY leaves (0x26/0xb) are not available, try to + * get the CORE shift from leaf 0x8000_0008 first. + */ + if (!has_xtopology && !parse_8000_0008(tscan)) return; - /* Prefer leaf 0x8000001e if available */ - if (parse_8000_001e(tscan, has_topoext)) + /* + * Prefer leaf 0x8000001e if available to get the SMT shift and + * the initial APIC ID if XTOPOLOGY leaves are not available. + */ + if (parse_8000_001e(tscan, has_xtopology)) return; /* Try the NODEID MSR */ -- 2.34.1

4 days

2
3
0 0

[PATCH v5 01/13] ASoC: codecs: wcd937x: set the comp soundwire port correctly

by Srinivas Kandagatla

For some reason we endup with setting soundwire port for HPHL_COMP and HPHR_COMP as zero, this can potentially result in a memory corruption due to accessing and setting -1 th element of port_map array. Fixes: 82be8c62a38c ("ASoC: codecs: wcd937x: add basic controls") Cc: <Stable(a)vger.kernel.org> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> --- sound/soc/codecs/wcd937x.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sound/soc/codecs/wcd937x.c b/sound/soc/codecs/wcd937x.c index 3b0a8cc314e0..de2dff3c56d3 100644 --- a/sound/soc/codecs/wcd937x.c +++ b/sound/soc/codecs/wcd937x.c @@ -2046,9 +2046,9 @@ static const struct snd_kcontrol_new wcd937x_snd_controls[] = { SOC_ENUM_EXT("RX HPH Mode", rx_hph_mode_mux_enum, wcd937x_rx_hph_mode_get, wcd937x_rx_hph_mode_put), - SOC_SINGLE_EXT("HPHL_COMP Switch", SND_SOC_NOPM, 0, 1, 0, + SOC_SINGLE_EXT("HPHL_COMP Switch", WCD937X_COMP_L, 0, 1, 0, wcd937x_get_compander, wcd937x_set_compander), - SOC_SINGLE_EXT("HPHR_COMP Switch", SND_SOC_NOPM, 1, 1, 0, + SOC_SINGLE_EXT("HPHR_COMP Switch", WCD937X_COMP_R, 1, 1, 0, wcd937x_get_compander, wcd937x_set_compander), SOC_SINGLE_TLV("HPHL Volume", WCD937X_HPH_L_EN, 0, 20, 1, line_gain), -- 2.50.0

4 days, 4 hours

2
1
0 0

[PATCH v2 1/3] mmc: sdhci: Move the code related to setting the clock from sdhci_set_ios_common() into sdhci_set_ios()

by Ben Chuang

From: Ben Chuang <ben.chuang(a)genesyslogic.com.tw> The sdhci_set_clock() is called in sdhci_set_ios_common() and __sdhci_uhs2_set_ios(). According to Section 3.13.2 "Card Interface Detection Sequence" of the SD Host Controller Standard Specification Version 7.00, the SD clock is supplied after power is supplied, so we only need one in __sdhci_uhs2_set_ios(). Let's move the code related to setting the clock from sdhci_set_ios_common() into sdhci_set_ios(). Fixes: 10c8298a052b ("mmc: sdhci-uhs2: add set_ios()") Cc: stable(a)vger.kernel.org # v6.13+ Signed-off-by: Ben Chuang <ben.chuang(a)genesyslogic.com.tw> --- v2: add this patch v1: None --- drivers/mmc/host/sdhci.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/drivers/mmc/host/sdhci.c b/drivers/mmc/host/sdhci.c index 3a17821efa5c..ac7e11f37af7 100644 --- a/drivers/mmc/host/sdhci.c +++ b/drivers/mmc/host/sdhci.c @@ -2367,23 +2367,6 @@ void sdhci_set_ios_common(struct mmc_host *mmc, struct mmc_ios *ios) (ios->power_mode == MMC_POWER_UP) && !(host->quirks2 & SDHCI_QUIRK2_PRESET_VALUE_BROKEN)) sdhci_enable_preset_value(host, false); - - if (!ios->clock || ios->clock != host->clock) { - host->ops->set_clock(host, ios->clock); - host->clock = ios->clock; - - if (host->quirks & SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK && - host->clock) { - host->timeout_clk = mmc->actual_clock ? - mmc->actual_clock / 1000 : - host->clock / 1000; - mmc->max_busy_timeout = - host->ops->get_max_timeout_count ? - host->ops->get_max_timeout_count(host) : - 1 << 27; - mmc->max_busy_timeout /= host->timeout_clk; - } - } } EXPORT_SYMBOL_GPL(sdhci_set_ios_common); @@ -2410,6 +2393,23 @@ void sdhci_set_ios(struct mmc_host *mmc, struct mmc_ios *ios) sdhci_set_ios_common(mmc, ios); + if (!ios->clock || ios->clock != host->clock) { + host->ops->set_clock(host, ios->clock); + host->clock = ios->clock; + + if (host->quirks & SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK && + host->clock) { + host->timeout_clk = mmc->actual_clock ? + mmc->actual_clock / 1000 : + host->clock / 1000; + mmc->max_busy_timeout = + host->ops->get_max_timeout_count ? + host->ops->get_max_timeout_count(host) : + 1 << 27; + mmc->max_busy_timeout /= host->timeout_clk; + } + } + if (host->ops->set_power) host->ops->set_power(host, ios->power_mode, ios->vdd); else -- 2.51.0

4 days, 5 hours

2
5
0 0

Past Due Invoice #07182025

by Mike Waldner

4 days, 7 hours

1
0
0 0

[PATCH] cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode

by Srinivas Pandruvada

When turbo mode is unavailable on a Skylake-X system, executing the command: "echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo" results in an unchecked MSR access error: WRMSR to 0x199 (attempted to write 0x0000000100001300). This issue was reproduced on an OEM (Original Equipment Manufacturer) system and is not a common problem across all Skylake-X systems. This error occurs because the MSR 0x199 Turbo Engage Bit (bit 32) is set when turbo mode is disabled. The issue arises when intel_pstate fails to detect that turbo mode is disabled. Here intel_pstate relies on MSR_IA32_MISC_ENABLE bit 38 to determine the status of turbo mode. However, on this system, bit 38 is not set even when turbo mode is disabled. According to the Intel Software Developer's Manual (SDM), the BIOS sets this bit during platform initialization to enable or disable opportunistic processor performance operations. Logically, this bit should be set in such cases. However, the SDM also specifies that "OS and applications must use CPUID leaf 06H to detect processors with opportunistic processor performance operations enabled." Therefore, in addition to checking MSR_IA32_MISC_ENABLE bit 38, verify that CPUID.06H:EAX[1] is 0 to accurately determine if turbo mode is disabled. Fixes: 4521e1a0ce17 ("cpufreq: intel_pstate: Reflect current no_turbo state correctly") Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- drivers/cpufreq/intel_pstate.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c index f41ed0b9e610..ba9bf06f1c77 100644 --- a/drivers/cpufreq/intel_pstate.c +++ b/drivers/cpufreq/intel_pstate.c @@ -598,6 +598,9 @@ static bool turbo_is_disabled(void) { u64 misc_en; + if (!cpu_feature_enabled(X86_FEATURE_IDA)) + return true; + rdmsrl(MSR_IA32_MISC_ENABLE, misc_en); return !!(misc_en & MSR_IA32_MISC_ENABLE_TURBO_DISABLE); -- 2.48.1

4 days, 9 hours

4
4
0 0

[PATCH net v3 0/3] net: netpoll: fix a memleak and create a selftest

by Breno Leitao

Fix a memory leak issue on netpoll and create a netconsole test that exposes the problem, when run with kmemleak enabled. This is a merge of two patches I've sent individually and are merged on the same patchset[1][2]. Link: https://lore.kernel.org/all/20250904-netconsole_torture-v2-0-5775ed5dc366@d… [1] Link: https://lore.kernel.org/all/20250902165426.6d6cd172@kernel.org/ [2] Signed-off-by: Breno Leitao <leitao(a)debian.org> --- Changes in v3: - this patchset is a merge of the fix and the selftest together as recommended by Jakub. Changes in v2: - Reuse the netconsole creation from lib_netcons.sh. Thus, refactoring the create_dynamic_target() (Jakub) - Move the "wait" to after all the messages has been sent. - Link to v1: https://lore.kernel.org/r/20250902-netconsole_torture-v1-1-03c6066598e9@deb… --- Breno Leitao (3): netpoll: fix incorrect refcount handling causing incorrect cleanup selftest: netcons: refactor target creation selftest: netcons: create a torture test net/core/netpoll.c | 7 +- tools/testing/selftests/drivers/net/Makefile | 1 + .../selftests/drivers/net/lib/sh/lib_netcons.sh | 30 +++-- .../selftests/drivers/net/netcons_torture.sh | 127 +++++++++++++++++++++ 4 files changed, 152 insertions(+), 13 deletions(-) --- base-commit: d69eb204c255c35abd9e8cb621484e8074c75eaa change-id: 20250902-netconsole_torture-8fc23f0aca99 Best regards, -- Breno Leitao <leitao(a)debian.org>

4 days, 11 hours

6
18
0 0

[PATCH] PCI/sysfs: Ensure devices are powered for config reads

by Brian Norris

From: Brian Norris <briannorris(a)google.com> max_link_speed, max_link_width, current_link_speed, current_link_width, secondary_bus_number, and subordinate_bus_number all access config registers, but they don't check the runtime PM state. If the device is in D3cold, we may see -EINVAL or even bogus values. Wrap these access in pci_config_pm_runtime_{get,put}() like most of the rest of the similar sysfs attributes. Fixes: 56c1af4606f0 ("PCI: Add sysfs max_link_speed/width, current_link_speed/width, etc") Cc: stable(a)vger.kernel.org Signed-off-by: Brian Norris <briannorris(a)google.com> Signed-off-by: Brian Norris <briannorris(a)chromium.org> --- drivers/pci/pci-sysfs.c | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c index 5eea14c1f7f5..160df897dc5e 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -191,9 +191,16 @@ static ssize_t max_link_speed_show(struct device *dev, struct device_attribute *attr, char *buf) { struct pci_dev *pdev = to_pci_dev(dev); + ssize_t ret; + + pci_config_pm_runtime_get(pdev); - return sysfs_emit(buf, "%s\n", - pci_speed_string(pcie_get_speed_cap(pdev))); + ret = sysfs_emit(buf, "%s\n", + pci_speed_string(pcie_get_speed_cap(pdev))); + + pci_config_pm_runtime_put(pdev); + + return ret; } static DEVICE_ATTR_RO(max_link_speed); @@ -201,8 +208,15 @@ static ssize_t max_link_width_show(struct device *dev, struct device_attribute *attr, char *buf) { struct pci_dev *pdev = to_pci_dev(dev); + ssize_t ret; + + pci_config_pm_runtime_get(pdev); + + ret = sysfs_emit(buf, "%u\n", pcie_get_width_cap(pdev)); - return sysfs_emit(buf, "%u\n", pcie_get_width_cap(pdev)); + pci_config_pm_runtime_put(pdev); + + return ret; } static DEVICE_ATTR_RO(max_link_width); @@ -214,7 +228,10 @@ static ssize_t current_link_speed_show(struct device *dev, int err; enum pci_bus_speed speed; + pci_config_pm_runtime_get(pci_dev); err = pcie_capability_read_word(pci_dev, PCI_EXP_LNKSTA, &linkstat); + pci_config_pm_runtime_put(pci_dev); + if (err) return -EINVAL; @@ -231,7 +248,10 @@ static ssize_t current_link_width_show(struct device *dev, u16 linkstat; int err; + pci_config_pm_runtime_get(pci_dev); err = pcie_capability_read_word(pci_dev, PCI_EXP_LNKSTA, &linkstat); + pci_config_pm_runtime_put(pci_dev); + if (err) return -EINVAL; @@ -247,7 +267,10 @@ static ssize_t secondary_bus_number_show(struct device *dev, u8 sec_bus; int err; + pci_config_pm_runtime_get(pci_dev); err = pci_read_config_byte(pci_dev, PCI_SECONDARY_BUS, &sec_bus); + pci_config_pm_runtime_put(pci_dev); + if (err) return -EINVAL; @@ -263,7 +286,10 @@ static ssize_t subordinate_bus_number_show(struct device *dev, u8 sub_bus; int err; + pci_config_pm_runtime_get(pci_dev); err = pci_read_config_byte(pci_dev, PCI_SUBORDINATE_BUS, &sub_bus); + pci_config_pm_runtime_put(pci_dev); + if (err) return -EINVAL; -- 2.51.0.rc1.193.gad69d77794-goog

4 days, 11 hours

2
6
0 0

Service update notification

by Email Administrator

4 days, 14 hours

1
0
0 0

[PATCH v2] fbdev/simplefb: Fix use after free in simplefb_detach_genpds()

by Janne Grunau

The pm_domain cleanup can not be devres managed as it uses struct simplefb_par which is allocated within struct fb_info by framebuffer_alloc(). This allocation is explicitly freed by unregister_framebuffer() in simplefb_remove(). Devres managed cleanup runs after the device remove call and thus can no longer access struct simplefb_par. Call simplefb_detach_genpds() explicitly from simplefb_destroy() like the cleanup functions for clocks and regulators. Fixes an use after free on M2 Mac mini during aperture_remove_conflicting_devices() using the downstream asahi kernel with Debian's kernel config. For unknown reasons this started to consistently dereference an invalid pointer in v6.16.3 based kernels. [ 6.736134] BUG: KASAN: slab-use-after-free in simplefb_detach_genpds+0x58/0x220 [ 6.743545] Read of size 4 at addr ffff8000304743f0 by task (udev-worker)/227 [ 6.750697] [ 6.752182] CPU: 6 UID: 0 PID: 227 Comm: (udev-worker) Tainted: G S 6.16.3-asahi+ #16 PREEMPTLAZY [ 6.752186] Tainted: [S]=CPU_OUT_OF_SPEC [ 6.752187] Hardware name: Apple Mac mini (M2, 2023) (DT) [ 6.752189] Call trace: [ 6.752190] show_stack+0x34/0x98 (C) [ 6.752194] dump_stack_lvl+0x60/0x80 [ 6.752197] print_report+0x17c/0x4d8 [ 6.752201] kasan_report+0xb4/0x100 [ 6.752206] __asan_report_load4_noabort+0x20/0x30 [ 6.752209] simplefb_detach_genpds+0x58/0x220 [ 6.752213] devm_action_release+0x50/0x98 [ 6.752216] release_nodes+0xd0/0x2c8 [ 6.752219] devres_release_all+0xfc/0x178 [ 6.752221] device_unbind_cleanup+0x28/0x168 [ 6.752224] device_release_driver_internal+0x34c/0x470 [ 6.752228] device_release_driver+0x20/0x38 [ 6.752231] bus_remove_device+0x1b0/0x380 [ 6.752234] device_del+0x314/0x820 [ 6.752238] platform_device_del+0x3c/0x1e8 [ 6.752242] platform_device_unregister+0x20/0x50 [ 6.752246] aperture_detach_platform_device+0x1c/0x30 [ 6.752250] aperture_detach_devices+0x16c/0x290 [ 6.752253] aperture_remove_conflicting_devices+0x34/0x50 ... [ 6.752343] [ 6.967409] Allocated by task 62: [ 6.970724] kasan_save_stack+0x3c/0x70 [ 6.974560] kasan_save_track+0x20/0x40 [ 6.978397] kasan_save_alloc_info+0x40/0x58 [ 6.982670] __kasan_kmalloc+0xd4/0xd8 [ 6.986420] __kmalloc_noprof+0x194/0x540 [ 6.990432] framebuffer_alloc+0xc8/0x130 [ 6.994444] simplefb_probe+0x258/0x2378 ... [ 7.054356] [ 7.055838] Freed by task 227: [ 7.058891] kasan_save_stack+0x3c/0x70 [ 7.062727] kasan_save_track+0x20/0x40 [ 7.066565] kasan_save_free_info+0x4c/0x80 [ 7.070751] __kasan_slab_free+0x6c/0xa0 [ 7.074675] kfree+0x10c/0x380 [ 7.077727] framebuffer_release+0x5c/0x90 [ 7.081826] simplefb_destroy+0x1b4/0x2c0 [ 7.085837] put_fb_info+0x98/0x100 [ 7.089326] unregister_framebuffer+0x178/0x320 [ 7.093861] simplefb_remove+0x3c/0x60 [ 7.097611] platform_remove+0x60/0x98 [ 7.101361] device_remove+0xb8/0x160 [ 7.105024] device_release_driver_internal+0x2fc/0x470 [ 7.110256] device_release_driver+0x20/0x38 [ 7.114529] bus_remove_device+0x1b0/0x380 [ 7.118628] device_del+0x314/0x820 [ 7.122116] platform_device_del+0x3c/0x1e8 [ 7.126302] platform_device_unregister+0x20/0x50 [ 7.131012] aperture_detach_platform_device+0x1c/0x30 [ 7.136157] aperture_detach_devices+0x16c/0x290 [ 7.140779] aperture_remove_conflicting_devices+0x34/0x50 ... Reported-by: Daniel Huhardeaux <tech(a)tootai.net> Cc: stable(a)vger.kernel.org Fixes: 92a511a568e44 ("fbdev/simplefb: Add support for generic power-domains") Signed-off-by: Janne Grunau <j(a)jannau.net> --- Changes in v2: - reworked change due to missed use of `par->num_genpds` before setting it. Missed in testing due to FB_SIMPLE vs. SYSFB_SIMPLEFB. - Link to v1: https://lore.kernel.org/r/20250901-simplefb-genpd-uaf-v1-1-0d9f3a34c4dc@jan… --- drivers/video/fbdev/simplefb.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/drivers/video/fbdev/simplefb.c b/drivers/video/fbdev/simplefb.c index 1893815dc67f4c1403eea42c0e10a7ead4d96ba9..2f3e5449509d1824a3d26f73e103af82d56d558a 100644 --- a/drivers/video/fbdev/simplefb.c +++ b/drivers/video/fbdev/simplefb.c @@ -93,6 +93,7 @@ struct simplefb_par { static void simplefb_clocks_destroy(struct simplefb_par *par); static void simplefb_regulators_destroy(struct simplefb_par *par); +static void simplefb_detach_genpds(void *res); /* * fb_ops.fb_destroy is called by the last put_fb_info() call at the end @@ -105,6 +106,7 @@ static void simplefb_destroy(struct fb_info *info) simplefb_regulators_destroy(info->par); simplefb_clocks_destroy(info->par); + simplefb_detach_genpds(info->par); if (info->screen_base) iounmap(info->screen_base); @@ -451,7 +453,7 @@ static int simplefb_attach_genpds(struct simplefb_par *par, struct platform_device *pdev) { struct device *dev = &pdev->dev; - unsigned int i; + unsigned int i, num_genpds; int err; err = of_count_phandle_with_args(dev->of_node, "power-domains", @@ -465,26 +467,33 @@ static int simplefb_attach_genpds(struct simplefb_par *par, return err; } - par->num_genpds = err; + num_genpds = err; /* * Single power-domain devices are handled by the driver core, so * nothing to do here. */ - if (par->num_genpds <= 1) + if (num_genpds <= 1) return 0; - par->genpds = devm_kcalloc(dev, par->num_genpds, sizeof(*par->genpds), + par->genpds = devm_kcalloc(dev, num_genpds, sizeof(*par->genpds), GFP_KERNEL); if (!par->genpds) return -ENOMEM; - par->genpd_links = devm_kcalloc(dev, par->num_genpds, + par->genpd_links = devm_kcalloc(dev, num_genpds, sizeof(*par->genpd_links), GFP_KERNEL); if (!par->genpd_links) return -ENOMEM; + /* + * Set par->num_genpds only after genpds and genpd_links are allocated + * to exit early from simplefb_detach_genpds() without full + * initialisation. + */ + par->num_genpds = num_genpds; + for (i = 0; i < par->num_genpds; i++) { par->genpds[i] = dev_pm_domain_attach_by_id(dev, i); if (IS_ERR(par->genpds[i])) { @@ -506,9 +515,10 @@ static int simplefb_attach_genpds(struct simplefb_par *par, dev_warn(dev, "failed to link power-domain %u\n", i); } - return devm_add_action_or_reset(dev, simplefb_detach_genpds, par); + return 0; } #else +static void simplefb_detach_genpds(void *res) { } static int simplefb_attach_genpds(struct simplefb_par *par, struct platform_device *pdev) { --- base-commit: 8f5ae30d69d7543eee0d70083daf4de8fe15d585 change-id: 20250901-simplefb-genpd-uaf-352704761a29 Best regards, -- Janne Grunau <j(a)jannau.net>

4 days, 15 hours

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror