6.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Haotian Zhang <vulab(a)iscas.ac.cn>
[ Upstream commit d1220e47e4bd2be8b84bc158f4dea44f2f88b226 ]
The function ioremap() in gamecube_rtc_read_offset_from_sram() can fail
and return NULL, which is dereferenced without checking, leading to a
NULL pointer dereference.
Add a check for the return value of ioremap() and return -ENOMEM on
failure.
Fixes: 86559400b3ef ("rtc: gamecube: Add a RTC driver for the GameCube, Wii and Wii U")
Signed-off-by: Haotian Zhang <vulab(a)iscas.ac.cn>
Reviewed-by: Link Mauve <kernel(a)linkmauve.fr>
Link: https://patch.msgid.link/20251126080625.1752-1-vulab@iscas.ac.cn
Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
drivers/rtc/rtc-gamecube.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/rtc/rtc-gamecube.c b/drivers/rtc/rtc-gamecube.c
index c828bc8e05b9c..045d5d45ab4b0 100644
--- a/drivers/rtc/rtc-gamecube.c
+++ b/drivers/rtc/rtc-gamecube.c
@@ -242,6 +242,10 @@ static int gamecube_rtc_read_offset_from_sram(struct priv *d)
}
hw_srnprot = ioremap(res.start, resource_size(&res));
+ if (!hw_srnprot) {
+ pr_err("failed to ioremap hw_srnprot\n");
+ return -ENOMEM;
+ }
old = ioread32be(hw_srnprot);
/* TODO: figure out why we use this magic constant. I obtained it by
--
2.51.0
6.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Kleikamp <dave.kleikamp(a)oracle.com>
[ Upstream commit 463d439becb81383f3a5a5d840800131f265a09c ]
atomic_pool_expand iteratively tries the allocation while decrementing
the page order. There is no need to issue a warning if an attempted
allocation fails.
Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com>
Reviewed-by: Robin Murphy <robin.murphy(a)arm.com>
Fixes: d7e673ec2c8e ("dma-pool: Only allocate from CMA when in same memory zone")
[mszyprow: fixed typo]
Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com>
Link: https://lore.kernel.org/r/20251202152810.142370-1-dave.kleikamp@oracle.com
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
kernel/dma/pool.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/dma/pool.c b/kernel/dma/pool.c
index ee45dee33d491..26392badc36b0 100644
--- a/kernel/dma/pool.c
+++ b/kernel/dma/pool.c
@@ -93,7 +93,7 @@ static int atomic_pool_expand(struct gen_pool *pool, size_t pool_size,
page = dma_alloc_from_contiguous(NULL, 1 << order,
order, false);
if (!page)
- page = alloc_pages(gfp, order);
+ page = alloc_pages(gfp | __GFP_NOWARN, order);
} while (!page && order-- > 0);
if (!page)
goto out;
--
2.51.0
6.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Troy Mitchell <troy.mitchell(a)linux.spacemit.com>
[ Upstream commit 25faa5364638b86ec0d0edb4486daa9d40a0be8f ]
This commit addresses two issues causing i2c detect to fail.
The identified issues are:
1. Incorrect error handling for BED (Bus Error No ACK/NAK):
Before this commit, Both ALD (Arbitration Loss Detected) and
BED returned -EAGAIN.
2. Missing interrupt status clear after initialization in xfer():
On the K1 SoC, simply fixing the first issue changed the error
from -EAGAIN to -ETIMEOUT. Through tracing, it was determined that
this is likely due to MSD (Master Stop Detected) latency issues.
That means the MSD bit in the ISR may still be set on the next transfer.
As a result, the controller won't work — we can see from the scope that
it doesn't issue any signal.
(This only occurs during rapid consecutive I2C transfers.
That explains why the issue only shows up with i2cdetect.)
With these two fixes, i2c device detection now functions correctly on the K1 SoC.
Fixes: 5ea558473fa31 ("i2c: spacemit: add support for SpacemiT K1 SoC")
Tested-by: Aurelien Jarno <aurelien(a)aurel32.net>
Signed-off-by: Troy Mitchell <troy.mitchell(a)linux.spacemit.com>
Reviewed-by: Aurelien Jarno <aurelien(a)aurel32.net>
Tested-by: Michael Opdenacker <michael.opdenacker(a)rootcommit.com>
Signed-off-by: Andi Shyti <andi.shyti(a)kernel.org>
Link: https://lore.kernel.org/r/20251113-fix-k1-detect-failure-v2-1-b02a9a74f65a@…
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
drivers/i2c/busses/i2c-k1.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/drivers/i2c/busses/i2c-k1.c b/drivers/i2c/busses/i2c-k1.c
index 6b918770e612e..d42c03ef5db59 100644
--- a/drivers/i2c/busses/i2c-k1.c
+++ b/drivers/i2c/busses/i2c-k1.c
@@ -158,11 +158,16 @@ static int spacemit_i2c_handle_err(struct spacemit_i2c_dev *i2c)
{
dev_dbg(i2c->dev, "i2c error status: 0x%08x\n", i2c->status);
- if (i2c->status & (SPACEMIT_SR_BED | SPACEMIT_SR_ALD)) {
+ /* Arbitration Loss Detected */
+ if (i2c->status & SPACEMIT_SR_ALD) {
spacemit_i2c_reset(i2c);
return -EAGAIN;
}
+ /* Bus Error No ACK/NAK */
+ if (i2c->status & SPACEMIT_SR_BED)
+ spacemit_i2c_reset(i2c);
+
return i2c->status & SPACEMIT_SR_ACKNAK ? -ENXIO : -EIO;
}
@@ -224,6 +229,12 @@ static void spacemit_i2c_check_bus_release(struct spacemit_i2c_dev *i2c)
}
}
+static inline void
+spacemit_i2c_clear_int_status(struct spacemit_i2c_dev *i2c, u32 mask)
+{
+ writel(mask & SPACEMIT_I2C_INT_STATUS_MASK, i2c->base + SPACEMIT_ISR);
+}
+
static void spacemit_i2c_init(struct spacemit_i2c_dev *i2c)
{
u32 val;
@@ -267,12 +278,8 @@ static void spacemit_i2c_init(struct spacemit_i2c_dev *i2c)
val = readl(i2c->base + SPACEMIT_IRCR);
val |= SPACEMIT_RCR_SDA_GLITCH_NOFIX;
writel(val, i2c->base + SPACEMIT_IRCR);
-}
-static inline void
-spacemit_i2c_clear_int_status(struct spacemit_i2c_dev *i2c, u32 mask)
-{
- writel(mask & SPACEMIT_I2C_INT_STATUS_MASK, i2c->base + SPACEMIT_ISR);
+ spacemit_i2c_clear_int_status(i2c, SPACEMIT_I2C_INT_STATUS_MASK);
}
static void spacemit_i2c_start(struct spacemit_i2c_dev *i2c)
--
2.51.0
6.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kathara Sasikumar <katharasasikumar007(a)gmail.com>
[ Upstream commit 08bfcf4ff9d39228150a757803fc02dffce84ab0 ]
The devicetree binding for g762 was converted to YAML to match vendor
prefix conventions. Update the reference accordingly.
Signed-off-by: Kathara Sasikumar <katharasasikumar007(a)gmail.com>
Link: https://lore.kernel.org/r/20251205215835.783273-1-katharasasikumar007@gmail…
Fixes: 3d8e25372417 ("dt-bindings: hwmon: g762: Convert to yaml schema")
Signed-off-by: Guenter Roeck <linux(a)roeck-us.net>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
Documentation/hwmon/g762.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/hwmon/g762.rst b/Documentation/hwmon/g762.rst
index 0371b3365c48c..f224552a2d3cc 100644
--- a/Documentation/hwmon/g762.rst
+++ b/Documentation/hwmon/g762.rst
@@ -17,7 +17,7 @@ done via a userland daemon like fancontrol.
Note that those entries do not provide ways to setup the specific
hardware characteristics of the system (reference clock, pulses per
fan revolution, ...); Those can be modified via devicetree bindings
-documented in Documentation/devicetree/bindings/hwmon/g762.txt or
+documented in Documentation/devicetree/bindings/hwmon/gmt,g762.yaml or
using a specific platform_data structure in board initialization
file (see include/linux/platform_data/g762.h).
--
2.51.0
6.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd(a)arndb.de>
[ Upstream commit dd44d4d0c55a4ecf5eabf7856f96ed47e0684780 ]
Selecting OF_GPIO is generally not allowed, it always gets enabled
when both GPIOLIB and OF are turned on.
The tb10x driver now warns about this after it was enabled for
compile-testing:
WARNING: unmet direct dependencies detected for OF_GPIO
Depends on [n]: GPIOLIB [=y] && OF [=n] && HAS_IOMEM [=y]
Selected by [y]:
- GPIO_TB10X [=y] && GPIOLIB [=y] && HAS_IOMEM [=y] && (ARC_PLAT_TB10X || COMPILE_TEST [=y])
OF_GPIO is not required for compile-testing and is already enabled
when the driver is usable, so just drop the 'select' line.
Fixes: 682fbb18e14c ("gpio: tb10x: allow building the module with COMPILE_TEST=y")
Signed-off-by: Arnd Bergmann <arnd(a)arndb.de>
Link: https://lore.kernel.org/r/20251205095429.1291866-1-arnd@kernel.org
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)oss.qualcomm.com>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
drivers/gpio/Kconfig | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/gpio/Kconfig b/drivers/gpio/Kconfig
index 7ee3afbc2b05d..e053524c5e35f 100644
--- a/drivers/gpio/Kconfig
+++ b/drivers/gpio/Kconfig
@@ -738,7 +738,6 @@ config GPIO_TB10X
depends on ARC_PLAT_TB10X || COMPILE_TEST
select GPIO_GENERIC
select GENERIC_IRQ_CHIP
- select OF_GPIO
config GPIO_TEGRA
tristate "NVIDIA Tegra GPIO support"
--
2.51.0
6.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mike Snitzer <snitzer(a)kernel.org>
[ Upstream commit 0b873de2c02f9cc655bef6bee0eb9e404126ed6c ]
struct nfs_local_kiocb used ____cacheline_aligned on its iters[] array
and as the structure evolved it caused a 61 byte hole to form. Fix
this by removing ____cacheline_aligned and reordering iters[] before
iter_is_dio_aligned[].
Fixes: 6a218b9c3183 ("nfs/localio: do not issue misaligned DIO out-of-order")
Signed-off-by: Mike Snitzer <snitzer(a)kernel.org>
Signed-off-by: Trond Myklebust <trond.myklebust(a)hammerspace.com>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
fs/nfs/localio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c
index 512d9c5ff608a..b98bb292fef0c 100644
--- a/fs/nfs/localio.c
+++ b/fs/nfs/localio.c
@@ -43,8 +43,8 @@ struct nfs_local_kiocb {
size_t end_len;
short int end_iter_index;
atomic_t n_iters;
+ struct iov_iter iters[NFSLOCAL_MAX_IOS];
bool iter_is_dio_aligned[NFSLOCAL_MAX_IOS];
- struct iov_iter iters[NFSLOCAL_MAX_IOS] ____cacheline_aligned;
/* End mostly DIO-specific members */
};
--
2.51.0
6.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mike Snitzer <snitzer(a)hammerspace.com>
[ Upstream commit f50d0328d02fe38ba196a73c143e5d87e341d4f7 ]
This check to ensure dio_offset_align isn't larger than PAGE_SIZE is
no longer relevant (older iterations of NFS Direct was allocating
misaligned head and tail pages but no longer does, so this check isn't
needed).
Fixes: c817248fc831 ("nfs/localio: add proper O_DIRECT support for READ and WRITE")
Signed-off-by: Mike Snitzer <snitzer(a)kernel.org>
Signed-off-by: Trond Myklebust <trond.myklebust(a)hammerspace.com>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
fs/nfs/localio.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c
index 656976b4f42ce..512d9c5ff608a 100644
--- a/fs/nfs/localio.c
+++ b/fs/nfs/localio.c
@@ -339,8 +339,6 @@ nfs_is_local_dio_possible(struct nfs_local_kiocb *iocb, int rw,
if (unlikely(!nf_dio_mem_align || !nf_dio_offset_align))
return false;
- if (unlikely(nf_dio_offset_align > PAGE_SIZE))
- return false;
if (unlikely(len < nf_dio_offset_align))
return false;
--
2.51.0
6.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells <dhowells(a)redhat.com>
[ Upstream commit 4ae4dde6f34a4124c65468ae4fa1f915fb40f900 ]
If a DIO read or an unbuffered read request extends beyond the EOF, the
server will return a short read and a status code indicating that EOF was
hit, which gets translated to -ENODATA. Note that the client does not cap
the request at i_size, but asks for the amount requested in case there's a
race on the server with a third party.
Now, on the client side, the request will get split into multiple
subrequests if rsize is smaller than the full request size. A subrequest
that starts before or at the EOF and returns short data up to the EOF will
be correctly handled, with the NETFS_SREQ_HIT_EOF flag being set,
indicating to netfslib that we can't read more.
If a subrequest, however, starts after the EOF and not at it, HIT_EOF will
not be flagged, its error will be set to -ENODATA and it will be abandoned.
This will cause the request as a whole to fail with -ENODATA.
Fix this by setting NETFS_SREQ_HIT_EOF on any subrequest that lies beyond
the EOF marker.
Fixes: 1da29f2c39b6 ("netfs, cifs: Fix handling of short DIO read")
Signed-off-by: David Howells <dhowells(a)redhat.com>
Reviewed-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.org>
cc: Shyam Prasad N <sprasad(a)microsoft.com>
cc: linux-cifs(a)vger.kernel.org
cc: netfs(a)lists.linux.dev
cc: linux-fsdevel(a)vger.kernel.org
Signed-off-by: Steve French <stfrench(a)microsoft.com>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
fs/smb/client/smb2pdu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c
index 8b4a4573e9c37..e661d40213eab 100644
--- a/fs/smb/client/smb2pdu.c
+++ b/fs/smb/client/smb2pdu.c
@@ -4629,7 +4629,7 @@ smb2_readv_callback(struct mid_q_entry *mid)
} else {
size_t trans = rdata->subreq.transferred + rdata->got_bytes;
if (trans < rdata->subreq.len &&
- rdata->subreq.start + trans == ictx->remote_i_size) {
+ rdata->subreq.start + trans >= ictx->remote_i_size) {
__set_bit(NETFS_SREQ_HIT_EOF, &rdata->subreq.flags);
rdata->result = 0;
}
--
2.51.0