- Linux-stable-mirror - lists.linaro.org

[PATCH v2] ASoC: mediatek: mt8365: Add check for devm_kcalloc() in mt8365_afe_suspend()

by Guangshuo Li

devm_kcalloc() may fail. mt8365_afe_suspend() uses afe->reg_back_up unconditionally after allocation and writes afe->reg_back_up[i], which can lead to a NULL pointer dereference under low-memory conditions. Add a NULL check and bail out with -ENOMEM, making sure to disable the main clock via the existing error path to keep clock state balanced. Fixes: e1991d102bc2 ("ASoC: mediatek: mt8365: Add the AFE driver support") Cc: stable(a)vger.kernel.org --- changelog: v2: - Return -ENOMEM directly on allocation failure without goto/label. - Disable the main clock before returning to keep clock state balanced. Signed-off-by: Guangshuo Li <lgs201920130244(a)gmail.com> --- sound/soc/mediatek/mt8365/mt8365-afe-pcm.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/sound/soc/mediatek/mt8365/mt8365-afe-pcm.c b/sound/soc/mediatek/mt8365/mt8365-afe-pcm.c index 10793bbe9275..55d832e05072 100644 --- a/sound/soc/mediatek/mt8365/mt8365-afe-pcm.c +++ b/sound/soc/mediatek/mt8365/mt8365-afe-pcm.c @@ -1975,11 +1975,15 @@ static int mt8365_afe_suspend(struct device *dev) mt8365_afe_enable_main_clk(afe); - if (!afe->reg_back_up) + if (!afe->reg_back_up) { afe->reg_back_up = devm_kcalloc(dev, afe->reg_back_up_list_num, - sizeof(unsigned int), GFP_KERNEL); - + sizeof(unsigned int), GFP_KERNEL); + if (!afe->reg_back_up) { + mt8365_afe_disable_main_clk(afe); + return -ENOMEM; + } + } for (i = 0; i < afe->reg_back_up_list_num; i++) regmap_read(regmap, afe->reg_back_up_list[i], &afe->reg_back_up[i]); -- 2.43.0

1 month

2
1
0 0

[tip: x86/urgent] x86/Kconfig: Reenable PTDUMP on i386

by tip-bot2 for Alexander Popov

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 4f115596133fa168bac06bb34c6efd8f4d84c22e Gitweb: https://git.kernel.org/tip/4f115596133fa168bac06bb34c6efd8f4d84c22e Author: Alexander Popov <alex.popov(a)linux.com> AuthorDate: Sun, 21 Sep 2025 23:58:15 +03:00 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Mon, 22 Sep 2025 14:40:17 +02:00 x86/Kconfig: Reenable PTDUMP on i386 The commit f9aad622006bd64c ("mm: rename GENERIC_PTDUMP and PTDUMP_CORE") has broken PTDUMP and the Kconfig options that use it on ARCH=i386, including CONFIG_DEBUG_WX. CONFIG_GENERIC_PTDUMP was renamed into CONFIG_ARCH_HAS_PTDUMP, but it was mistakenly moved from "config X86" to "config X86_64". That made PTDUMP unavailable for i386. Move CONFIG_ARCH_HAS_PTDUMP back to "config X86" to fix it. [ bp: Massage commit message. ] Fixes: f9aad622006bd64c ("mm: rename GENERIC_PTDUMP and PTDUMP_CORE") Signed-off-by: Alexander Popov <alex.popov(a)linux.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)vger.kernel.org --- arch/x86/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 52c8910..0588030 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -26,7 +26,6 @@ config X86_64 depends on 64BIT # Options that are inherently 64-bit kernel only: select ARCH_HAS_GIGANTIC_PAGE - select ARCH_HAS_PTDUMP select ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 select ARCH_SUPPORTS_PER_VMA_LOCK @@ -99,6 +98,7 @@ config X86 select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE select ARCH_HAS_PMEM_API if X86_64 select ARCH_HAS_PREEMPT_LAZY + select ARCH_HAS_PTDUMP select ARCH_HAS_PTE_SPECIAL select ARCH_HAS_HW_PTE_YOUNG select ARCH_HAS_NONLEAF_PMD_YOUNG if PGTABLE_LEVELS > 2

1 month

1
0
0 0

[PATCH] powerpc/smp: Add check for kcalloc() in parse_thread_groups()

by Guangshuo Li

As kcalloc() may fail, check its return value to avoid a NULL pointer dereference when passing it to of_property_read_u32_array(). Fixes: 790a1662d3a26 ("powerpc/smp: Parse ibm,thread-groups with multiple properties") Cc: stable(a)vger.kernel.org Signed-off-by: Guangshuo Li <lgs201920130244(a)gmail.com> --- arch/powerpc/kernel/smp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/powerpc/kernel/smp.c b/arch/powerpc/kernel/smp.c index 5ac7084eebc0..2da064e00d0d 100644 --- a/arch/powerpc/kernel/smp.c +++ b/arch/powerpc/kernel/smp.c @@ -822,6 +822,9 @@ static int parse_thread_groups(struct device_node *dn, count = of_property_count_u32_elems(dn, "ibm,thread-groups"); thread_group_array = kcalloc(count, sizeof(u32), GFP_KERNEL); + if (!thread_group_array) + return -ENOMEM; + ret = of_property_read_u32_array(dn, "ibm,thread-groups", thread_group_array, count); if (ret) -- 2.43.0

1 month

1
0
0 0

[PATCH] scsi: dc395x: correctly discard the return value in certain reads

by Xinhui Yang

There are certain read operations performed in this code which doesn't really don't need its return value. Those read operations either clears the FIFO buffer, or clears the interruption status. However, unused read triggers compiler warnings. With CONFIG_WERROR on, these warnings get converted into errors: drivers/scsi/dc395x.c: In function ‘__dc395x_eh_bus_reset’: drivers/scsi/dc395x.c:97:49: error: value computed is not used [-Werror=unused-value] 97 | #define DC395x_read8(acb,address) (u8)(inb(acb->io_port_base + (address))) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/scsi/dc395x.c:1003:9: note: in expansion of macro ‘DC395x_read8’ 1003 | DC395x_read8(acb, TRM_S1040_SCSI_INTSTATUS); | ^~~~~~~~~~~~ drivers/scsi/dc395x.c: In function ‘data_io_transfer’: drivers/scsi/dc395x.c:97:49: error: value computed is not used [-Werror=unused-value] 97 | #define DC395x_read8(acb,address) (u8)(inb(acb->io_port_base + (address))) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/scsi/dc395x.c:2032:33: note: in expansion of macro ‘DC395x_read8’ 2032 | DC395x_read8(acb, TRM_S1040_SCSI_FIFO); Create a new macro DC395x_peek8() to deliberately cast the return value to void, which tells the compiler we really don't need the return value of such read operations. Signed-off-by: Xinhui Yang <cyan(a)cyano.uk> --- drivers/scsi/dc395x.c | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/drivers/scsi/dc395x.c b/drivers/scsi/dc395x.c index 386c8359e1cc..013d0d5277d6 100644 --- a/drivers/scsi/dc395x.c +++ b/drivers/scsi/dc395x.c @@ -91,15 +91,21 @@ #endif -#define DC395x_LOCK_IO(dev,flags) spin_lock_irqsave(((struct Scsi_Host *)dev)->host_lock, flags) -#define DC395x_UNLOCK_IO(dev,flags) spin_unlock_irqrestore(((struct Scsi_Host *)dev)->host_lock, flags) +#define DC395x_LOCK_IO(dev, flags) spin_lock_irqsave(((struct Scsi_Host *)dev)->host_lock, flags) +#define DC395x_UNLOCK_IO(dev, flags) spin_unlock_irqrestore(((struct Scsi_Host *)dev)->host_lock, flags) -#define DC395x_read8(acb,address) (u8)(inb(acb->io_port_base + (address))) -#define DC395x_read16(acb,address) (u16)(inw(acb->io_port_base + (address))) -#define DC395x_read32(acb,address) (u32)(inl(acb->io_port_base + (address))) -#define DC395x_write8(acb,address,value) outb((value), acb->io_port_base + (address)) -#define DC395x_write16(acb,address,value) outw((value), acb->io_port_base + (address)) -#define DC395x_write32(acb,address,value) outl((value), acb->io_port_base + (address)) +/* + * read operations that may trigger side effects in the hardware, + * but the value can or should be discarded. + */ +#define DC395x_peek8(acb, address) ((void)(inb(acb->io_port_base + (address)))) +/* Normal read write operations goes here. */ +#define DC395x_read8(acb, address) ((u8) (inb(acb->io_port_base + (address)))) +#define DC395x_read16(acb, address) ((u16) (inw(acb->io_port_base + (address)))) +#define DC395x_read32(acb, address) ((u32) (inl(acb->io_port_base + (address)))) +#define DC395x_write8(acb, address, value) (outb((value), acb->io_port_base + (address))) +#define DC395x_write16(acb, address, value) (outw((value), acb->io_port_base + (address))) +#define DC395x_write32(acb, address, value) (outl((value), acb->io_port_base + (address))) #define TAG_NONE 255 @@ -1000,7 +1006,7 @@ static int __dc395x_eh_bus_reset(struct scsi_cmnd *cmd) DC395x_write8(acb, TRM_S1040_DMA_CONTROL, CLRXFIFO); clear_fifo(acb, "eh_bus_reset"); /* Delete pending IRQ */ - DC395x_read8(acb, TRM_S1040_SCSI_INTSTATUS); + DC395x_peek8(acb, TRM_S1040_SCSI_INTSTATUS); set_basic_config(acb); reset_dev_param(acb); @@ -2029,8 +2035,8 @@ static void data_io_transfer(struct AdapterCtlBlk *acb, DC395x_write8(acb, TRM_S1040_SCSI_CONFIG2, CFG2_WIDEFIFO); if (io_dir & DMACMD_DIR) { - DC395x_read8(acb, TRM_S1040_SCSI_FIFO); - DC395x_read8(acb, TRM_S1040_SCSI_FIFO); + DC395x_peek8(acb, TRM_S1040_SCSI_FIFO); + DC395x_peek8(acb, TRM_S1040_SCSI_FIFO); } else { /* Danger, Robinson: If you find KGs * scattered over the wide disk, the driver @@ -2044,7 +2050,7 @@ static void data_io_transfer(struct AdapterCtlBlk *acb, /* Danger, Robinson: If you find a collection of Ks on your disk * something broke :-( */ if (io_dir & DMACMD_DIR) - DC395x_read8(acb, TRM_S1040_SCSI_FIFO); + DC395x_peek8(acb, TRM_S1040_SCSI_FIFO); else DC395x_write8(acb, TRM_S1040_SCSI_FIFO, 'K'); } @@ -2892,7 +2898,7 @@ static void set_basic_config(struct AdapterCtlBlk *acb) DMA_FIFO_HALF_HALF | DMA_ENHANCE /*| DMA_MEM_MULTI_READ */ ; DC395x_write16(acb, TRM_S1040_DMA_CONFIG, wval); /* Clear pending interrupt status */ - DC395x_read8(acb, TRM_S1040_SCSI_INTSTATUS); + DC395x_peek8(acb, TRM_S1040_SCSI_INTSTATUS); /* Enable SCSI interrupt */ DC395x_write8(acb, TRM_S1040_SCSI_INTEN, 0x7F); DC395x_write8(acb, TRM_S1040_DMA_INTEN, EN_SCSIINTR | EN_DMAXFERERROR @@ -3799,7 +3805,7 @@ static void adapter_uninit_chip(struct AdapterCtlBlk *acb) reset_scsi_bus(acb); /* clear any pending interrupt state */ - DC395x_read8(acb, TRM_S1040_SCSI_INTSTATUS); + DC395x_peek8(acb, TRM_S1040_SCSI_INTSTATUS); } -- 2.51.0

1 month

2
1
0 0

[PATCH v2] gpiolib: Extend software-node support to support secondary software-nodes

by Hans de Goede

When a software-node gets added to a device which already has another fwnode as primary node it will become the secondary fwnode for that device. Currently if a software-node with GPIO properties ends up as the secondary fwnode then gpiod_find_by_fwnode() will fail to find the GPIOs. Add a new gpiod_fwnode_lookup() helper which falls back to calling gpiod_find_by_fwnode() with the secondary fwnode if the GPIO was not found in the primary fwnode. Fixes: e7f9ff5dc90c ("gpiolib: add support for software nodes") Cc: stable(a)vger.kernel.org Cc: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Hans de Goede <hansg(a)kernel.org> --- Changes in v2: - Add a new gpiod_fwnode_lookup() helper instead of putting the secondary fwnode check inside gpiod_find_by_fwnode() --- drivers/gpio/gpiolib.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index 0d2b470a252e..74d54513730a 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -4604,6 +4604,23 @@ static struct gpio_desc *gpiod_find_by_fwnode(struct fwnode_handle *fwnode, return desc; } +static struct gpio_desc *gpiod_fwnode_lookup(struct fwnode_handle *fwnode, + struct device *consumer, + const char *con_id, + unsigned int idx, + enum gpiod_flags *flags, + unsigned long *lookupflags) +{ + struct gpio_desc *desc; + + desc = gpiod_find_by_fwnode(fwnode, consumer, con_id, idx, flags, lookupflags); + if (gpiod_not_found(desc) && !IS_ERR_OR_NULL(fwnode)) + desc = gpiod_find_by_fwnode(fwnode->secondary, consumer, con_id, + idx, flags, lookupflags); + + return desc; +} + struct gpio_desc *gpiod_find_and_request(struct device *consumer, struct fwnode_handle *fwnode, const char *con_id, @@ -4622,8 +4639,8 @@ struct gpio_desc *gpiod_find_and_request(struct device *consumer, int ret = 0; scoped_guard(srcu, &gpio_devices_srcu) { - desc = gpiod_find_by_fwnode(fwnode, consumer, con_id, idx, - &flags, &lookupflags); + desc = gpiod_fwnode_lookup(fwnode, consumer, con_id, idx, + &flags, &lookupflags); if (gpiod_not_found(desc) && platform_lookup_allowed) { /* * Either we are not using DT or ACPI, or their lookup -- 2.51.0

1 month

4
4
0 0

Re: "loop: Avoid updating block size under exclusive owner" breaks on 6.6.103

by Jan Kara

On Wed 17-09-25 11:18:50, Eric Hagberg wrote: > I stumbled across a problem where the 6.6.103 kernel will fail when > running the ioctl_loop06 test from the LTP test suite... and worse > than failing the test, it leaves the system in a state where you can't > run "losetup -a" again because the /dev/loopN device that the test > created and failed the test on... hangs in a LOOP_GET_STATUS64 ioctl. > > It also leaves the system in a state where you can't re-kexec into a > copy of the kernel as it gets completely hung at the point where it > says "starting Reboot via kexec"... Thanks for the report! Please report issues with stable kernels to stable(a)vger.kernel.org (CCed now) because they can act on them. > If I revert just that patch from 6.6.103 (or newer) kernels, then the > test succeeds and doesn't leave the host in a bad state. The patch > applied to 6.12 doesn't cause this problem, but I also see that there > are quite a few other changes to the loop subsystem in 6.12 that never > made it to 6.6. > > For now, I'll probably just revert your patch in my 6.6 kernel builds, > but I wouldn't be surprised if others stumble across this issue as > well, so maybe it should be reverted or fixed some other way. Yes, I think revert from 6.6 stable kernel is warranted (unless somebody has time to figure out what else is missing to make the patch work with that stable branch). Honza -- Jan Kara <jack(a)suse.com> SUSE Labs, CR

1 month

3
3
0 0

Check this out at Amazon

by Info Marketing

THE HOUSEMAID UNDER CONTRACT https://rb.gy/2xfnv3

1 month

1
0
0 0

Re: Patch "x86/sev: Guard sev_evict_cache() with CONFIG_AMD_MEM_ENCRYPT" has been added to the 6.12-stable tree

by Tom Lendacky

On 9/22/25 00:52, gregkh(a)linuxfoundation.org wrote: > > This is a note to let you know that I've just added the patch titled > > x86/sev: Guard sev_evict_cache() with CONFIG_AMD_MEM_ENCRYPT > > to the 6.12-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > x86-sev-guard-sev_evict_cache-with-config_amd_mem_encrypt.patch > and it can be found in the queue-6.12 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Maybe I didn't use the tag correctly, but I put 6.16.x on the stable tag to indicate that the patch only applied to 6.16 and above. Before 6.16, there isn't a stub version of the function, so all off those releases are fine. So this patch doesn't need to be part of the 6.12 stable tree. Thanks, Tom > > > From stable+bounces-180849-greg=kroah.com(a)vger.kernel.org Mon Sep 22 01:18:07 2025 > From: Sasha Levin <sashal(a)kernel.org> > Date: Sun, 21 Sep 2025 19:17:59 -0400 > Subject: x86/sev: Guard sev_evict_cache() with CONFIG_AMD_MEM_ENCRYPT > To: stable(a)vger.kernel.org > Cc: Tom Lendacky <thomas.lendacky(a)amd.com>, "Borislav Petkov (AMD)" <bp(a)alien8.de>, stable(a)kernel.org, Sasha Levin <sashal(a)kernel.org> > Message-ID: <20250921231759.3033314-1-sashal(a)kernel.org> > > From: Tom Lendacky <thomas.lendacky(a)amd.com> > > [ Upstream commit 7f830e126dc357fc086905ce9730140fd4528d66 ] > > The sev_evict_cache() is guest-related code and should be guarded by > CONFIG_AMD_MEM_ENCRYPT, not CONFIG_KVM_AMD_SEV. > > CONFIG_AMD_MEM_ENCRYPT=y is required for a guest to run properly as an SEV-SNP > guest, but a guest kernel built with CONFIG_KVM_AMD_SEV=n would get the stub > function of sev_evict_cache() instead of the version that performs the actual > eviction. Move the function declarations under the appropriate #ifdef. > > Fixes: 7b306dfa326f ("x86/sev: Evict cache lines during SNP memory validation") > Signed-off-by: Tom Lendacky <thomas.lendacky(a)amd.com> > Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> > Cc: stable(a)kernel.org # 6.16.x > Link: https://lore.kernel.org/r/70e38f2c4a549063de54052c9f64929705313526.17577089… > [ Move sev_evict_cache() out of shared.c ] > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > arch/x86/coco/sev/shared.c | 18 ------------------ > arch/x86/include/asm/sev.h | 19 +++++++++++++++++++ > 2 files changed, 19 insertions(+), 18 deletions(-) > > --- a/arch/x86/coco/sev/shared.c > +++ b/arch/x86/coco/sev/shared.c > @@ -1243,24 +1243,6 @@ static void svsm_pval_terminate(struct s > __pval_terminate(pfn, action, page_size, ret, svsm_ret); > } > > -static inline void sev_evict_cache(void *va, int npages) > -{ > - volatile u8 val __always_unused; > - u8 *bytes = va; > - int page_idx; > - > - /* > - * For SEV guests, a read from the first/last cache-lines of a 4K page > - * using the guest key is sufficient to cause a flush of all cache-lines > - * associated with that 4K page without incurring all the overhead of a > - * full CLFLUSH sequence. > - */ > - for (page_idx = 0; page_idx < npages; page_idx++) { > - val = bytes[page_idx * PAGE_SIZE]; > - val = bytes[page_idx * PAGE_SIZE + PAGE_SIZE - 1]; > - } > -} > - > static void svsm_pval_4k_page(unsigned long paddr, bool validate) > { > struct svsm_pvalidate_call *pc; > --- a/arch/x86/include/asm/sev.h > +++ b/arch/x86/include/asm/sev.h > @@ -400,6 +400,24 @@ u64 sev_get_status(void); > void sev_show_status(void); > void snp_update_svsm_ca(void); > > +static inline void sev_evict_cache(void *va, int npages) > +{ > + volatile u8 val __always_unused; > + u8 *bytes = va; > + int page_idx; > + > + /* > + * For SEV guests, a read from the first/last cache-lines of a 4K page > + * using the guest key is sufficient to cause a flush of all cache-lines > + * associated with that 4K page without incurring all the overhead of a > + * full CLFLUSH sequence. > + */ > + for (page_idx = 0; page_idx < npages; page_idx++) { > + val = bytes[page_idx * PAGE_SIZE]; > + val = bytes[page_idx * PAGE_SIZE + PAGE_SIZE - 1]; > + } > +} > + > #else /* !CONFIG_AMD_MEM_ENCRYPT */ > > #define snp_vmpl 0 > @@ -435,6 +453,7 @@ static inline u64 snp_get_unsupported_fe > static inline u64 sev_get_status(void) { return 0; } > static inline void sev_show_status(void) { } > static inline void snp_update_svsm_ca(void) { } > +static inline void sev_evict_cache(void *va, int npages) {} > > #endif /* CONFIG_AMD_MEM_ENCRYPT */ > > > > Patches currently in stable-queue which might be from sashal(a)kernel.org are > > queue-6.12/mptcp-tfo-record-deny-join-id0-info.patch > queue-6.12/crypto-af_alg-set-merge-to-zero-early-in-af_alg_send.patch > queue-6.12/asoc-wm8940-correct-pll-rate-rounding.patch > queue-6.12/um-virtio_uml-fix-use-after-free-after-put_device-in.patch > queue-6.12/x86-sev-guard-sev_evict_cache-with-config_amd_mem_encrypt.patch > queue-6.12/mptcp-pm-nl-announce-deny-join-id0-flag.patch > queue-6.12/drm-bridge-anx7625-fix-null-pointer-dereference-with.patch > queue-6.12/asoc-sof-intel-hda-stream-fix-incorrect-variable-use.patch > queue-6.12/qed-don-t-collect-too-many-protection-override-grc-e.patch > queue-6.12/dpaa2-switch-fix-buffer-pool-seeding-for-control-tra.patch > queue-6.12/nvme-fix-pi-insert-on-write.patch > queue-6.12/xhci-dbc-fix-full-dbc-transfer-ring-after-several-reconnects.patch > queue-6.12/pcmcia-omap_cf-mark-driver-struct-with-__refdata-to-.patch > queue-6.12/tcp-clear-tcp_sk-sk-fastopen_rsk-in-tcp_disconnect.patch > queue-6.12/wifi-mac80211-increase-scan_ies_len-for-s1g.patch > queue-6.12/i40e-remove-redundant-memory-barrier-when-cleaning-t.patch > queue-6.12/usb-xhci-remove-option-to-change-a-default-ring-s-trb-cycle-bit.patch > queue-6.12/btrfs-fix-invalid-extref-key-setup-when-replaying-de.patch > queue-6.12/io_uring-fix-incorrect-io_kiocb-reference-in-io_link.patch > queue-6.12/ice-fix-rx-page-leak-on-multi-buffer-frames.patch > queue-6.12/net-natsemi-fix-rx_dropped-double-accounting-on-neti.patch > queue-6.12/drm-xe-tile-release-kobject-for-the-failure-path.patch > queue-6.12/wifi-mac80211-fix-incorrect-type-for-ret.patch > queue-6.12/smb-client-fix-smbdirect_recv_io-leak-in-smbd_negoti.patch > queue-6.12/net-mlx5e-harden-uplink-netdev-access-against-device.patch > queue-6.12/usb-xhci-introduce-macro-for-ring-segment-list-iteration.patch > queue-6.12/revert-net-mlx5e-update-and-set-xon-xoff-upon-port-s.patch > queue-6.12/net-liquidio-fix-overflow-in-octeon_init_instr_queue.patch > queue-6.12/net-tcp-fix-a-null-pointer-dereference-when-using-tc.patch > queue-6.12/drm-bridge-cdns-mhdp8546-fix-missing-mutex-unlock-on.patch > queue-6.12/ice-store-max_frame-and-rx_buf_len-only-in-ice_rx_ri.patch > queue-6.12/selftests-mptcp-userspace-pm-validate-deny-join-id0-.patch > queue-6.12/bonding-set-random-address-only-when-slaves-already-.patch > queue-6.12/drm-xe-fix-a-null-vs-is_err-in-xe_vm_add_compute_exe.patch > queue-6.12/cnic-fix-use-after-free-bugs-in-cnic_delete_task.patch > queue-6.12/mm-gup-check-ref_count-instead-of-lru-before-migration.patch > queue-6.12/tls-make-sure-to-abort-the-stream-if-headers-are-bog.patch > queue-6.12/um-fix-fd-copy-size-in-os_rcv_fd_msg.patch > queue-6.12/smb-client-let-smbd_destroy-call-disable_work_sync-i.patch > queue-6.12/bonding-don-t-set-oif-to-bond-dev-when-getting-ns-ta.patch > queue-6.12/xhci-dbc-decouple-endpoint-allocation-from-initialization.patch > queue-6.12/mptcp-set-remote_deny_join_id0-on-syn-recv.patch > queue-6.12/octeontx2-pf-fix-use-after-free-bugs-in-otx2_sync_ts.patch > queue-6.12/smb-client-fix-filename-matching-of-deferred-files.patch > queue-6.12/igc-don-t-fail-igc_probe-on-led-setup-error.patch > queue-6.12/octeon_ep-fix-vf-mac-address-lifecycle-handling.patch > queue-6.12/selftests-mptcp-sockopt-fix-error-messages.patch > queue-6.12/cgroup-split-cgroup_destroy_wq-into-3-workqueues.patch > queue-6.12/alsa-firewire-motu-drop-epollout-from-poll-return-va.patch > queue-6.12/asoc-wm8974-correct-pll-rate-rounding.patch > queue-6.12/mm-add-folio_expected_ref_count-for-reference-count-calculation.patch > queue-6.12/wifi-wilc1000-avoid-buffer-overflow-in-wid-string-co.patch > queue-6.12/asoc-intel-catpt-expose-correct-bit-depth-to-userspa.patch > queue-6.12/asoc-wm8940-correct-typo-in-control-name.patch > queue-6.12/perf-x86-intel-fix-crash-in-icl_update_topdown_event.patch

1 month

2
1
0 0

[PATCH v2 3/3] PCI: tegra194: Handle errors in BPMP response

by Niklas Cassel

From: Vidya Sagar <vidyas(a)nvidia.com> The return value from tegra_bpmp_transfer() indicates the success or failure of the IPC transaction with BPMP. If the transaction succeeded, we also need to check the actual command's result code. If we don't have error handling for tegra_bpmp_transfer(), we will set the pcie->ep_state to EP_STATE_ENABLED (even though the tegra_bpmp_transfer() command failed). Thus, the pcie->ep_state will get out of sync with reality, and any further PERST# assert + deassert will be a no-op (will not trigger the hardware initialization sequence). This is because pex_ep_event_pex_rst_deassert() checks the current pcie->ep_state, and does nothing if the current state is already EP_STATE_ENABLED. Thus, it is important to have error handling for tegra_bpmp_transfer(), such that the pcie->ep_state can not get out of sync with reality, so that we will try to initialize the hardware not only during the first PERST# assert + deassert, but also during any succeeding PERST# assert + deassert. One example where this fix is needed is when using a rock5b as host. During the initial PERST# assert + deassert (triggered by the bootloader on the rock5b) pex_ep_event_pex_rst_deassert() will get called, but for some unknown reason, the tegra_bpmp_transfer() call to initialize the PHY fails. Once Linux has been loaded on the rock5b, the PCIe driver will once again assert + deassert PERST#. However, without tegra_bpmp_transfer() error handling, this second PERST# assert + deassert will not trigger the hardware initialization sequence. With tegra_bpmp_transfer() error handling, the second PERST# assert + deassert will once again trigger the hardware to be initialized and this time the tegra_bpmp_transfer() succeeds. Cc: stable(a)vger.kernel.org Fixes: c57247f940e8 ("PCI: tegra: Add support for PCIe endpoint mode in Tegra194") Signed-off-by: Vidya Sagar <vidyas(a)nvidia.com> [cassel: improve commit log] Reviewed-by: Jon Hunter <jonathanh(a)nvidia.com> Acked-by: Thierry Reding <treding(a)nvidia.com> Signed-off-by: Niklas Cassel <cassel(a)kernel.org> --- drivers/pci/controller/dwc/pcie-tegra194.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/drivers/pci/controller/dwc/pcie-tegra194.c b/drivers/pci/controller/dwc/pcie-tegra194.c index 7eb48cc13648e..c4265b3f72048 100644 --- a/drivers/pci/controller/dwc/pcie-tegra194.c +++ b/drivers/pci/controller/dwc/pcie-tegra194.c @@ -1223,6 +1223,7 @@ static int tegra_pcie_bpmp_set_ctrl_state(struct tegra_pcie_dw *pcie, struct mrq_uphy_response resp; struct tegra_bpmp_message msg; struct mrq_uphy_request req; + int err; /* * Controller-5 doesn't need to have its state set by BPMP-FW in @@ -1245,7 +1246,13 @@ static int tegra_pcie_bpmp_set_ctrl_state(struct tegra_pcie_dw *pcie, msg.rx.data = &resp; msg.rx.size = sizeof(resp); - return tegra_bpmp_transfer(pcie->bpmp, &msg); + err = tegra_bpmp_transfer(pcie->bpmp, &msg); + if (err) + return err; + if (msg.rx.ret) + return -EINVAL; + + return 0; } static int tegra_pcie_bpmp_set_pll_state(struct tegra_pcie_dw *pcie, @@ -1254,6 +1261,7 @@ static int tegra_pcie_bpmp_set_pll_state(struct tegra_pcie_dw *pcie, struct mrq_uphy_response resp; struct tegra_bpmp_message msg; struct mrq_uphy_request req; + int err; memset(&req, 0, sizeof(req)); memset(&resp, 0, sizeof(resp)); @@ -1273,7 +1281,13 @@ static int tegra_pcie_bpmp_set_pll_state(struct tegra_pcie_dw *pcie, msg.rx.data = &resp; msg.rx.size = sizeof(resp); - return tegra_bpmp_transfer(pcie->bpmp, &msg); + err = tegra_bpmp_transfer(pcie->bpmp, &msg); + if (err) + return err; + if (msg.rx.ret) + return -EINVAL; + + return 0; } static void tegra_pcie_downstream_dev_to_D0(struct tegra_pcie_dw *pcie) -- 2.51.0

1 month

1
0
0 0

[PATCH v2 2/3] PCI: tegra194: Reset BARs when running in PCIe endpoint mode

by Niklas Cassel

Tegra already defines all BARs expect for BAR0 as BAR_RESERVED. This is sufficient for pci-epf-test to not allocate backing memory and to not call set_bar() for those BARs. However, marking a BAR as BAR_RESERVED does not mean that the BAR get disabled. The host side driver, pci_endpoint_test, simply does an ioremap for all enabled BARs, and will run tests against all enabled BARs. (I.e. it will run tests also against the BARs marked as BAR_RESERVED.) After running the BARs tests (which will write to all enabled BARs), the inbound address translation is broken. This is because the tegra controller exposes the ATU Port Logic Structure in BAR4. So when BAR4 is written, the inbound address translation settings get overwritten. To avoid this, implement the dw_pcie_ep_ops .init() callback and start off by disabling all BARs (pci-epf-test will later enable/configure BARs that are not defined as BAR_RESERVED). This matches the behavior of other PCIe endpoint drivers: dra7xx, imx6, layerscape-ep, artpec6, dw-rockchip, qcom-ep, rcar-gen4, and uniphier-ep. With this, the PCI endpoint kselftest test case CONSECUTIVE_BAR_TEST (which was specifically made to detect address translation issues) passes. Cc: stable(a)vger.kernel.org Fixes: c57247f940e8 ("PCI: tegra: Add support for PCIe endpoint mode in Tegra194") Signed-off-by: Niklas Cassel <cassel(a)kernel.org> --- drivers/pci/controller/dwc/pcie-tegra194.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/pci/controller/dwc/pcie-tegra194.c b/drivers/pci/controller/dwc/pcie-tegra194.c index 63d310e5335f4..7eb48cc13648e 100644 --- a/drivers/pci/controller/dwc/pcie-tegra194.c +++ b/drivers/pci/controller/dwc/pcie-tegra194.c @@ -1955,6 +1955,15 @@ static irqreturn_t tegra_pcie_ep_pex_rst_irq(int irq, void *arg) return IRQ_HANDLED; } +static void tegra_pcie_ep_init(struct dw_pcie_ep *ep) +{ + struct dw_pcie *pci = to_dw_pcie_from_ep(ep); + enum pci_barno bar; + + for (bar = 0; bar < PCI_STD_NUM_BARS; bar++) + dw_pcie_ep_reset_bar(pci, bar); +}; + static int tegra_pcie_ep_raise_intx_irq(struct tegra_pcie_dw *pcie, u16 irq) { /* Tegra194 supports only INTA */ @@ -2030,6 +2039,7 @@ tegra_pcie_ep_get_features(struct dw_pcie_ep *ep) } static const struct dw_pcie_ep_ops pcie_ep_ops = { + .init = tegra_pcie_ep_init, .raise_irq = tegra_pcie_ep_raise_irq, .get_features = tegra_pcie_ep_get_features, }; -- 2.51.0

1 month

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror