- Linux-stable-mirror - lists.linaro.org

[PATCH 5.15 000/123] 5.15.196-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.196 release. There are 123 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 29 Oct 2025 18:34:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.196-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.196-rc1 Anup Patel <apatel(a)ventanamicro.com> RISC-V: Don't fail in riscv_of_parent_hartid() for disabled HARTs Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Zhengchao Shao <shaozhengchao(a)huawei.com> net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_acm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: f_ncm: Refactor bind path to use __free() Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Introduce free_usb_request helper Kuen-Han Tsai <khtsai(a)google.com> usb: gadget: Store endpoint pointer in usb_request Kaushlendra Kumar <kaushlendra.kumar(a)intel.com> arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Darrick J. Wong <djwong(a)kernel.org> xfs: always warn about deprecated mount options Maarten Lankhorst <dev(a)lankhorst.se> devcoredump: Fix circular locking dependency with devcd->mutex. Niklas Cassel <cassel(a)kernel.org> PCI: tegra194: Reset BARs when running in PCIe endpoint mode Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-host: Drop PMSR spinlock Marek Vasut <marek.vasut+renesas(a)gmail.com> PCI: rcar: Finish transition to L1 state in rcar_pcie_config_access() Vidya Sagar <vidyas(a)nvidia.com> PCI: tegra194: Handle errors in BPMP response Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix wrong block mapping for multi-devices Chuck Lever <chuck.lever(a)oracle.com> NFSD: Define a proc_layoutcommit for the FlexFiles layout type Jan Kara <jack(a)suse.cz> vfs: Don't leak disconnected dentries on umount Gui-Dong Han <hanguidong02(a)gmail.com> drm/amdgpu: use atomic functions with memory barriers for vm fault info Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock Muhammad Usama Anjum <usama.anjum(a)collabora.com> wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Fix programming sequence of "strap" settings Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists Darrick J. Wong <djwong(a)kernel.org> fuse: fix livelock in synchronous file put from fuseblk workers Amir Goldstein <amir73il(a)gmail.com> fuse: allocate ff->release_args only if release is needed Xiao Liang <shaw.leon(a)gmail.com> padata: Reset next CPU when reorder sequence wraps around Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Simplify pm_runtime setup Bence Csókás <csokas.bence(a)prolan.hu> PM: runtime: Add new devm functions Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended David Lechner <dlechner(a)baylibre.com> iio: imu: inv_icm42600: use = { } instead of memset() Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Fix last write offset handling in layoutcommit Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Minor cleanup in layoutcommit processing Sergey Bashirov <sergeybashirov(a)gmail.com> NFSD: Rework encoding and decoding of nfsd4_deviceid Christoph Hellwig <hch(a)lst.de> xfs: fix log CRC mismatches between i386 and other architectures Christoph Hellwig <hch(a)lst.de> xfs: rename the old_crc variable in xlog_recover_process Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: Update purge function to unregister the unused subchannels Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Apply workarounds for Neoverse-V3AE Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-V3AE definitions Florian Eckert <fe(a)dev.tdt.de> serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: hdm_probe: Fix calling put_device() before device initialization Victoria Votokina <Victoria.Votokina(a)kaspersky.com> most: usb: Fix use-after-free in hdm_disconnect Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add wildcat lake P DID Deepanshu Kartikey <kartikey406(a)gmail.com> comedi: fix divide-by-zero in comedi_buf_munge() Alice Ryhl <aliceryhl(a)google.com> binder: remove "invalid inc weak" check Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: enable back DbC in resume if it was enabled before suspend Andrey Konovalov <andreyknvl(a)gmail.com> usb: raw-gadget: do not limit transfer length Tim Guttzeit <t.guttzeit(a)tuxedocomputers.com> usb/core/quirks: Add Huawei ME906S to wakeup quirk LI Qingwu <Qing-wu.Li(a)leica-geosystems.com.cn> USB: serial: option: add Telit FN920C04 ECM compositions Reinhard Speyerer <rspmn(a)arcor.de> USB: serial: option: add Quectel RG255C Renjun Wang <renjunw0(a)foxmail.com> USB: serial: option: add UNISOC UIS7720 Anup Patel <apatel(a)ventanamicro.com> RISC-V: Don't print details of CPUs disabled in DT Sunil V L <sunilvl(a)ventanamicro.com> riscv: cpu: Add 64bit hartid support on RV64 Tsukasa OI <research_trasio(a)irq.a4lg.com> RISC-V: Minimal parser for "riscv, isa" strings Tsukasa OI <research_trasio(a)irq.a4lg.com> RISC-V: Correctly print supported extensions Rob Herring <robh(a)kernel.org> riscv: Use of_get_cpu_hwid() Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> net: ravb: Ensure memory write completes before ringing TX doorbell Michal Pecio <michal.pecio(a)gmail.com> net: usb: rtl8150: Fix frame padding Stefano Garzarella <sgarzare(a)redhat.com> vsock: fix lock inversion in vsock_assign_transport() Deepanshu Kartikey <kartikey406(a)gmail.com> ocfs2: clear extent cache after moving/defragmenting extents Maciej W. Rozycki <macro(a)orcam.me.uk> MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "cpuidle: menu: Avoid discarding useful information" Tonghao Zhang <tonghao(a)bamaicloud.com> net: bonding: fix possible peer notify event loss or dup issue Alexey Simakov <bigalex934(a)gmail.com> sctp: avoid NULL dereference when chunk data buffer is missing Huang Ying <ying.huang(a)linux.alibaba.com> arm64, mm: avoid always making PTE dirty in pte_mkwrite() Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Wei Fang <wei.fang(a)nxp.com> net: enetc: correct the value of ENETC_RXB_TRUESIZE Johannes Wiesböck <johannes.wiesboeck(a)aisec.fraunhofer.de> rtnetlink: Allow deleting FDB entries in user namespace Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del Nikolay Aleksandrov <razor(a)blackwall.org> net: add ndo_fdb_del_bulk Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add bulk delete support flag Nikolay Aleksandrov <razor(a)blackwall.org> net: netlink: add NLM_F_BULK delete request modifier Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: use BIT for flag values Nikolay Aleksandrov <razor(a)blackwall.org> net: rtnetlink: add helper to extract msg type's kind Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: bitops: Fix find_*_bit() signatures Yangtao Li <frank.li(a)vivo.com> hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Alexander Aring <aahringo(a)redhat.com> dlm: check for defined force value in dlm_lockspace_release Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() Yang Chenzhi <yang.chenzhi(a)vivo.com> hfs: validate record offset in hfsplus_bmap_alloc Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: make proper initalization of struct hfs_find_data Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: clear offset and space out of valid records in b-tree node Simon Schuster <schuster.simon(a)siemens-energy.com> nios2: ensure that memblock.current_limit is set when setting pfn limits Xichao Zhao <zhao.xichao(a)vivo.com> exec: Fix incorrect type for ret Niko Mauno <niko.mauno(a)vaisala.com> Revert "perf test: Don't leak workload gopipe in PERF_RECORD_*" Brian Norris <briannorris(a)google.com> PCI/sysfs: Ensure devices are powered for config reads (part 2) Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Jiaming Zhang <r772577952(a)gmail.com> ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Randy Dunlap <rdunlap(a)infradead.org> ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Fix pelt lost idle time detection Ingo Molnar <mingo(a)kernel.org> sched/balancing: Rename newidle_balance() => sched_balance_newidle() Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/powerplay: Fix CIK shutdown temperature Fabian Vogt <fvogt(a)suse.de> riscv: kprobes: Fix probe address validation I Viswanath <viswanathiyyappan(a)gmail.com> net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Oleksij Rempel <linux(a)rempel-privat.de> net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Jakub Kicinski <kuba(a)kernel.org> net: usb: use eth_hw_addr_set() instead of ether_addr_copy() Sabrina Dubroca <sd(a)queasysnail.net> tls: don't rely on tx_work during send() Sabrina Dubroca <sd(a)queasysnail.net> tls: always set record_type in tls_process_cmsg Sabrina Dubroca <sd(a)queasysnail.net> tls: wait for async encrypt in case of error during latter iterations of sendmsg Sascha Hauer <s.hauer(a)pengutronix.de> net: tls: wait for async completion on last message David Howells <dhowells(a)redhat.com> splice, net: Add a splice_eof op to file-ops and socket-ops Alexey Simakov <bigalex934(a)gmail.com> tg3: prevent use of uninitialized remote_adv and local_adv variables Eric Dumazet <edumazet(a)google.com> tcp: fix tcp_tso_should_defer() vs large RTT Raju Rangoju <Raju.Rangoju(a)amd.com> amd-xgbe: Avoid spurious link down messages during interface toggle Dmitry Safonov <0x7f454c46(a)gmail.com> net/ip6_tunnel: Prevent perpetual tunnel growth Linmao Li <lilinmao(a)kylinos.cn> r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Nicolas Dichtel <nicolas.dichtel(a)6wind.com> doc: fix seg6_flowlabel path Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: handle dma_map_single() failure properly Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Yuezhang Mo <Yuezhang.Mo(a)sony.com> dax: skip read lock assertion for read-only filesystems Benjamin Tissoires <bentiss(a)kernel.org> HID: multitouch: fix sticky fingers Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Thomas Fourier <fourier.thomas(a)gmail.com> crypto: rockchip - Fix dma_unmap_sg() nents value Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: remove ctx->suspended Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: properly clear channels during bind Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions Yu Kuai <yukuai3(a)huawei.com> blk-crypto: fix missing blktrace bio split events Ma Ke <make24(a)iscas.ac.cn> media: lirc: Fix error handling in lirc_register() keliu <liuke94(a)huawei.com> media: rc: Directly use ida_free() Arnd Bergmann <arnd(a)arndb.de> media: s5p-mfc: remove an unused/uninitialized variable Filipe Manana <fdmanana(a)suse.com> btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: detect invalid INLINE_DATA + EXTENTS flag combination Zhang Yi <yi.zhang(a)huawei.com> jbd2: ensure that all ongoing I/O complete before freeing blocks Yi Cong <yicong(a)kylinos.cn> r8152: add error handling in rtl8152_driver_init ------------- Diffstat: Documentation/arm64/silicon-errata.rst | 2 + Documentation/networking/seg6-sysctl.rst | 3 + Makefile | 4 +- arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/pgtable.h | 3 +- arch/arm64/kernel/cpu_errata.c | 1 + arch/m68k/include/asm/bitops.h | 25 ++-- arch/mips/mti-malta/malta-setup.c | 2 +- arch/nios2/kernel/setup.c | 15 +++ arch/riscv/include/asm/processor.h | 4 +- arch/riscv/kernel/cpu.c | 28 +++-- arch/riscv/kernel/cpufeature.c | 84 ++++++++++--- arch/riscv/kernel/probes/kprobes.c | 13 +- arch/riscv/kernel/smpboot.c | 9 +- block/blk-crypto-fallback.c | 3 + drivers/android/binder.c | 11 +- drivers/base/arch_topology.c | 2 +- drivers/base/devcoredump.c | 138 +++++++++++++-------- drivers/base/power/runtime.c | 44 +++++++ drivers/clocksource/timer-riscv.c | 15 +-- drivers/comedi/comedi_buf.c | 2 +- drivers/cpufreq/cppc_cpufreq.c | 14 ++- drivers/cpuidle/governors/menu.c | 21 ++-- drivers/crypto/rockchip/rk3288_crypto_ahash.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 5 +- drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 +- drivers/gpu/drm/exynos/exynos7_drm_decon.c | 98 +++++---------- drivers/hid/hid-multitouch.c | 27 ++-- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 5 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 35 ++---- drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 5 +- drivers/irqchip/irq-riscv-intc.c | 7 +- drivers/irqchip/irq-sifive-plic.c | 7 +- drivers/media/platform/s5p-mfc/s5p_mfc_cmd_v6.c | 35 ++---- drivers/media/rc/lirc_dev.c | 15 +-- drivers/media/rc/rc-main.c | 6 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/most/most_usb.c | 13 +- drivers/net/bonding/bond_main.c | 40 +++--- drivers/net/can/m_can/m_can_platform.c | 2 +- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 - drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 + drivers/net/ethernet/broadcom/tg3.c | 5 +- drivers/net/ethernet/dlink/dl2k.c | 23 ++-- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 3 +- drivers/net/ethernet/freescale/enetc/enetc.h | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 5 +- drivers/net/ethernet/renesas/ravb_main.c | 8 ++ drivers/net/usb/aqc111.c | 2 +- drivers/net/usb/lan78xx.c | 42 +++++-- drivers/net/usb/r8152.c | 9 +- drivers/net/usb/rndis_host.c | 2 +- drivers/net/usb/rtl8150.c | 13 +- drivers/net/wireless/ath/ath11k/core.c | 6 +- drivers/net/wireless/ath/ath11k/hal.c | 16 +++ drivers/net/wireless/ath/ath11k/hal.h | 1 + drivers/pci/controller/cadence/pci-j721e.c | 64 +++++++++- drivers/pci/controller/dwc/pcie-designware-ep.c | 1 + drivers/pci/controller/dwc/pcie-tegra194.c | 28 ++++- drivers/pci/controller/pcie-rcar-host.c | 83 +++++++------ drivers/pci/pci-sysfs.c | 10 +- drivers/s390/cio/device.c | 37 ++++-- drivers/tty/serial/8250/8250_exar.c | 11 ++ drivers/usb/core/quirks.c | 2 + drivers/usb/gadget/function/f_acm.c | 42 +++---- drivers/usb/gadget/function/f_ncm.c | 78 +++++------- drivers/usb/gadget/legacy/raw_gadget.c | 2 - drivers/usb/gadget/udc/core.c | 3 + drivers/usb/host/xhci-dbgcap.c | 9 +- drivers/usb/serial/option.c | 10 ++ fs/btrfs/relocation.c | 13 +- fs/dax.c | 2 +- fs/dcache.c | 2 + fs/dlm/lockspace.c | 2 +- fs/exec.c | 2 +- fs/ext4/inode.c | 8 ++ fs/f2fs/data.c | 2 +- fs/fuse/dir.c | 2 +- fs/fuse/file.c | 75 ++++++----- fs/fuse/fuse_i.h | 2 +- fs/hfs/bfind.c | 8 +- fs/hfs/brec.c | 27 +++- fs/hfs/mdb.c | 2 +- fs/hfsplus/bfind.c | 8 +- fs/hfsplus/bnode.c | 41 ------ fs/hfsplus/btree.c | 6 + fs/hfsplus/hfsplus_fs.h | 42 +++++++ fs/hfsplus/super.c | 25 +++- fs/hfsplus/unicode.c | 24 ++++ fs/jbd2/transaction.c | 13 +- fs/nfsd/blocklayout.c | 5 +- fs/nfsd/blocklayoutxdr.c | 7 +- fs/nfsd/flexfilelayout.c | 8 ++ fs/nfsd/flexfilelayoutxdr.c | 3 +- fs/nfsd/nfs4layouts.c | 1 - fs/nfsd/nfs4proc.c | 34 +++-- fs/nfsd/nfs4xdr.c | 14 +-- fs/nfsd/xdr4.h | 36 +++++- fs/ocfs2/move_extents.c | 5 + fs/splice.c | 31 ++++- fs/xfs/libxfs/xfs_log_format.h | 30 ++++- fs/xfs/xfs_log.c | 8 +- fs/xfs/xfs_log_priv.h | 4 +- fs/xfs/xfs_log_recover.c | 34 +++-- fs/xfs/xfs_ondisk.h | 2 + fs/xfs/xfs_super.c | 33 +++-- include/linux/cpufreq.h | 3 + include/linux/fs.h | 1 + include/linux/net.h | 1 + include/linux/netdevice.h | 9 ++ include/linux/pm_runtime.h | 4 + include/linux/splice.h | 1 + include/linux/usb/gadget.h | 25 ++++ include/net/ip_tunnels.h | 15 +++ include/net/rtnetlink.h | 9 +- include/net/sock.h | 1 + include/uapi/linux/netlink.h | 1 + kernel/padata.c | 6 +- kernel/sched/fair.c | 38 +++--- net/core/rtnetlink.c | 81 ++++++++---- net/ipv4/ip_tunnel.c | 14 --- net/ipv4/tcp_output.c | 19 ++- net/ipv6/ip6_tunnel.c | 3 +- net/sctp/inqueue.c | 13 +- net/socket.c | 10 ++ net/tls/tls_main.c | 7 +- net/tls/tls_sw.c | 22 +++- net/vmw_vsock/af_vsock.c | 38 +++--- sound/firewire/amdtp-stream.h | 2 +- sound/usb/card.c | 10 +- tools/perf/tests/perf-record.c | 4 - 135 files changed, 1413 insertions(+), 774 deletions(-)

1 month, 1 week

8
133
0 0

[PATCH] bna: prevent bad user input in bnad_debugfs_write_regrd()

by Miaoqian Lin

A malicious user could pass an arbitrarily bad value to memdup_user_nul(), potentially causing kernel crash. This follows the same pattern as commit ee76746387f6 ("netdevsim: prevent bad user input in nsim_dev_health_break_write()") and commit 7ef4c19d245f ("smackfs: restrict bytes count in smackfs write functions") Found via static analysis and code review. Fixes: d0e6a8064c42 ("bna: use memdup_user to copy userspace buffers") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/ethernet/brocade/bna/bnad_debugfs.c b/drivers/net/ethernet/brocade/bna/bnad_debugfs.c index 8f0972e6737c..ad33ab1d266d 100644 --- a/drivers/net/ethernet/brocade/bna/bnad_debugfs.c +++ b/drivers/net/ethernet/brocade/bna/bnad_debugfs.c @@ -311,6 +311,9 @@ bnad_debugfs_write_regrd(struct file *file, const char __user *buf, unsigned long flags; void *kern_buf; + if (nbytes == 0 || nbytes > PAGE_SIZE) + return -EINVAL; + /* Copy the user space buf */ kern_buf = memdup_user_nul(buf, nbytes); if (IS_ERR(kern_buf)) -- 2.39.5 (Apple Git-154)

1 month, 1 week

2
1
0 0

[PATCH] drm/imx/tve: fix probe device leak

by Johan Hovold

Make sure to drop the reference taken to the DDC device during probe on probe failure (e.g. probe deferral) and on driver unbind. Fixes: fcbc51e54d2a ("staging: drm/imx: Add support for Television Encoder (TVEv2)") Cc: stable(a)vger.kernel.org # 3.10 Cc: Philipp Zabel <p.zabel(a)pengutronix.de> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/imx/ipuv3/imx-tve.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/gpu/drm/imx/ipuv3/imx-tve.c b/drivers/gpu/drm/imx/ipuv3/imx-tve.c index c5629e155d25..895413d26113 100644 --- a/drivers/gpu/drm/imx/ipuv3/imx-tve.c +++ b/drivers/gpu/drm/imx/ipuv3/imx-tve.c @@ -525,6 +525,13 @@ static const struct component_ops imx_tve_ops = { .bind = imx_tve_bind, }; +static void imx_tve_put_device(void *_dev) +{ + struct device *dev = _dev; + + put_device(dev); +} + static int imx_tve_probe(struct platform_device *pdev) { struct device *dev = &pdev->dev; @@ -546,6 +553,11 @@ static int imx_tve_probe(struct platform_device *pdev) if (ddc_node) { tve->ddc = of_find_i2c_adapter_by_node(ddc_node); of_node_put(ddc_node); + + ret = devm_add_action_or_reset(dev, imx_tve_put_device, + &tve->ddc->dev); + if (ret) + return ret; } tve->mode = of_get_tve_mode(np); -- 2.49.1

1 month, 1 week

3
4
0 0

[PATCH 0/4] Backport CVE fixes to 6.12.y

by Amelia Crate

These patches backport the following upstream commits fixing CVEs to the Linux 6.12.y stable tree. CVE-2025-21833 -> 60f030f7418d ("iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE") CVE-2025-37803 -> 021ba7f1babd ("udmabuf: fix a buf size overflow issue during udmabuf creation") CVE-2024-57995 -> 5a10971c7645 ("wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()") CVE-2025-37860 -> 8241ecec1cdc6 ("sfc: fix NULL dereferences in ef100_process_design_param()") The following upstream commit applies cleanly to v6.12.y, please pick it up. CVE-2024-58097 -> 16c6c35c03ea ("wifi: ath11k: fix RCU stall while reaping monitor destination ring")

1 month, 1 week

2
10
0 0

[PATCH] powerpc/fsl_uli1575: fix device_node reference leak in uli_init()

by Miaoqian Lin

The of_get_parent() function increments the reference count of the returned parent node, and of_node_put() is required to release the reference when it is no longer needed. The uli_init() function has a device_node reference leak. The issue occurs in two scenarios: 1. When the function finds a matching device, it breaks out of the loop, the reference held by 'node' is not released. 2. When the loop terminates normally (of_get_parent returns NULL), the final parent node reference is not released. Fix this by adding of_node_put(node). Fixes: 91a6f347921e ("powerpc/mpc85xx_ds: convert to unified PCI init") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- arch/powerpc/platforms/fsl_uli1575.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/powerpc/platforms/fsl_uli1575.c b/arch/powerpc/platforms/fsl_uli1575.c index b8d37a9932f1..36624c88d5f3 100644 --- a/arch/powerpc/platforms/fsl_uli1575.c +++ b/arch/powerpc/platforms/fsl_uli1575.c @@ -376,4 +376,5 @@ void __init uli_init(void) break; } } + of_node_put(node); } -- 2.39.5 (Apple Git-154)

1 month, 1 week

1
0
0 0

[PATCH v2 01/11] powerpc/64s/slb: Fix SLB multihit issue during SLB preload

by Ritesh Harjani (IBM)

From: Donet Tom <donettom(a)linux.ibm.com> On systems using the hash MMU, there is a software SLB preload cache that mirrors the entries loaded into the hardware SLB buffer. This preload cache is subject to periodic eviction — typically after every 256 context switches — to remove old entry. To optimize performance, the kernel skips switch_mmu_context() in switch_mm_irqs_off() when the prev and next mm_struct are the same. However, on hash MMU systems, this can lead to inconsistencies between the hardware SLB and the software preload cache. If an SLB entry for a process is evicted from the software cache on one CPU, and the same process later runs on another CPU without executing switch_mmu_context(), the hardware SLB may retain stale entries. If the kernel then attempts to reload that entry, it can trigger an SLB multi-hit error. The following timeline shows how stale SLB entries are created and can cause a multi-hit error when a process moves between CPUs without a MMU context switch. CPU 0 CPU 1 ----- ----- Process P exec swapper/1 load_elf_binary begin_new_exc activate_mm switch_mm_irqs_off switch_mmu_context switch_slb /* * This invalidates all * the entries in the HW * and setup the new HW * SLB entries as per the * preload cache. */ context_switch sched_migrate_task migrates process P to cpu-1 Process swapper/0 context switch (to process P) (uses mm_struct of Process P) switch_mm_irqs_off() switch_slb load_slb++ /* * load_slb becomes 0 here * and we evict an entry from * the preload cache with * preload_age(). We still * keep HW SLB and preload * cache in sync, that is * because all HW SLB entries * anyways gets evicted in * switch_slb during SLBIA. * We then only add those * entries back in HW SLB, * which are currently * present in preload_cache * (after eviction). */ load_elf_binary continues... setup_new_exec() slb_setup_new_exec() sched_switch event sched_migrate_task migrates process P to cpu-0 context_switch from swapper/0 to Process P switch_mm_irqs_off() /* * Since both prev and next mm struct are same we don't call * switch_mmu_context(). This will cause the HW SLB and SW preload * cache to go out of sync in preload_new_slb_context. Because there * was an SLB entry which was evicted from both HW and preload cache * on cpu-1. Now later in preload_new_slb_context(), when we will try * to add the same preload entry again, we will add this to the SW * preload cache and then will add it to the HW SLB. Since on cpu-0 * this entry was never invalidated, hence adding this entry to the HW * SLB will cause a SLB multi-hit error. */ load_elf_binary continues... START_THREAD start_thread preload_new_slb_context /* * This tries to add a new EA to preload cache which was earlier * evicted from both cpu-1 HW SLB and preload cache. This caused the * HW SLB of cpu-0 to go out of sync with the SW preload cache. The * reason for this was, that when we context switched back on CPU-0, * we should have ideally called switch_mmu_context() which will * bring the HW SLB entries on CPU-0 in sync with SW preload cache * entries by setting up the mmu context properly. But we didn't do * that since the prev mm_struct running on cpu-0 was same as the * next mm_struct (which is true for swapper / kernel threads). So * now when we try to add this new entry into the HW SLB of cpu-0, * we hit a SLB multi-hit error. */ WARNING: CPU: 0 PID: 1810970 at arch/powerpc/mm/book3s64/slb.c:62 assert_slb_presence+0x2c/0x50(48 results) 02:47:29 [20157/42149] Modules linked in: CPU: 0 UID: 0 PID: 1810970 Comm: dd Not tainted 6.16.0-rc3-dirty #12 VOLUNTARY Hardware name: IBM pSeries (emulated by qemu) POWER8 (architected) 0x4d0200 0xf000004 of:SLOF,HEAD hv:linux,kvm pSeries NIP: c00000000015426c LR: c0000000001543b4 CTR: 0000000000000000 REGS: c0000000497c77e0 TRAP: 0700 Not tainted (6.16.0-rc3-dirty) MSR: 8000000002823033 <SF,VEC,VSX,FP,ME,IR,DR,RI,LE> CR: 28888482 XER: 00000000 CFAR: c0000000001543b0 IRQMASK: 3 <...> NIP [c00000000015426c] assert_slb_presence+0x2c/0x50 LR [c0000000001543b4] slb_insert_entry+0x124/0x390 Call Trace: 0x7fffceb5ffff (unreliable) preload_new_slb_context+0x100/0x1a0 start_thread+0x26c/0x420 load_elf_binary+0x1b04/0x1c40 bprm_execve+0x358/0x680 do_execveat_common+0x1f8/0x240 sys_execve+0x58/0x70 system_call_exception+0x114/0x300 system_call_common+0x160/0x2c4 >From the above analysis, during early exec the hardware SLB is cleared, and entries from the software preload cache are reloaded into hardware by switch_slb. However, preload_new_slb_context and slb_setup_new_exec also attempt to load some of the same entries, which can trigger a multi-hit. In most cases, these additional preloads simply hit existing entries and add nothing new. Removing these functions avoids redundant preloads and eliminates the multi-hit issue. This patch removes these two functions. We tested process switching performance using the context_switch benchmark on POWER9/hash, and observed no regression. Without this patch: 129041 ops/sec With this patch: 129341 ops/sec We also measured SLB faults during boot, and the counts are essentially the same with and without this patch. SLB faults without this patch: 19727 SLB faults with this patch: 19786 Cc: Madhavan Srinivasan <maddy(a)linux.ibm.com> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu> Cc: Paul Mackerras <paulus(a)ozlabs.org> Cc: Aneesh Kumar K.V <aneesh.kumar(a)kernel.org> Cc: Donet Tom <donettom(a)linux.ibm.com> Cc: <linuxppc-dev(a)lists.ozlabs.org> Fixes: 5434ae74629a ("powerpc/64s/hash: Add a SLB preload cache") cc: <stable(a)vger.kernel.org> Suggested-by: Nicholas Piggin <npiggin(a)gmail.com> Signed-off-by: Donet Tom <donettom(a)linux.ibm.com> Signed-off-by: Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> --- arch/powerpc/include/asm/book3s/64/mmu-hash.h | 1 - arch/powerpc/kernel/process.c | 5 -- arch/powerpc/mm/book3s64/internal.h | 2 - arch/powerpc/mm/book3s64/mmu_context.c | 2 - arch/powerpc/mm/book3s64/slb.c | 88 ------------------- 5 files changed, 98 deletions(-) diff --git a/arch/powerpc/include/asm/book3s/64/mmu-hash.h b/arch/powerpc/include/asm/book3s/64/mmu-hash.h index 346351423207..af12e2ba8eb8 100644 --- a/arch/powerpc/include/asm/book3s/64/mmu-hash.h +++ b/arch/powerpc/include/asm/book3s/64/mmu-hash.h @@ -524,7 +524,6 @@ void slb_save_contents(struct slb_entry *slb_ptr); void slb_dump_contents(struct slb_entry *slb_ptr); extern void slb_vmalloc_update(void); -void preload_new_slb_context(unsigned long start, unsigned long sp); #ifdef CONFIG_PPC_64S_HASH_MMU void slb_set_size(u16 size); diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c index eb23966ac0a9..a45fe147868b 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c @@ -1897,8 +1897,6 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) return 0; } -void preload_new_slb_context(unsigned long start, unsigned long sp); - /* * Set up a thread for executing a new program */ @@ -1906,9 +1904,6 @@ void start_thread(struct pt_regs *regs, unsigned long start, unsigned long sp) { #ifdef CONFIG_PPC64 unsigned long load_addr = regs->gpr[2]; /* saved by ELF_PLAT_INIT */ - - if (IS_ENABLED(CONFIG_PPC_BOOK3S_64) && !radix_enabled()) - preload_new_slb_context(start, sp); #endif #ifdef CONFIG_PPC_TRANSACTIONAL_MEM diff --git a/arch/powerpc/mm/book3s64/internal.h b/arch/powerpc/mm/book3s64/internal.h index a57a25f06a21..c26a6f0c90fc 100644 --- a/arch/powerpc/mm/book3s64/internal.h +++ b/arch/powerpc/mm/book3s64/internal.h @@ -24,8 +24,6 @@ static inline bool stress_hpt(void) void hpt_do_stress(unsigned long ea, unsigned long hpte_group); -void slb_setup_new_exec(void); - void exit_lazy_flush_tlb(struct mm_struct *mm, bool always_flush); #endif /* ARCH_POWERPC_MM_BOOK3S64_INTERNAL_H */ diff --git a/arch/powerpc/mm/book3s64/mmu_context.c b/arch/powerpc/mm/book3s64/mmu_context.c index 4e1e45420bd4..fb9dcf9ca599 100644 --- a/arch/powerpc/mm/book3s64/mmu_context.c +++ b/arch/powerpc/mm/book3s64/mmu_context.c @@ -150,8 +150,6 @@ static int hash__init_new_context(struct mm_struct *mm) void hash__setup_new_exec(void) { slice_setup_new_exec(); - - slb_setup_new_exec(); } #else static inline int hash__init_new_context(struct mm_struct *mm) diff --git a/arch/powerpc/mm/book3s64/slb.c b/arch/powerpc/mm/book3s64/slb.c index 6b783552403c..7e053c561a09 100644 --- a/arch/powerpc/mm/book3s64/slb.c +++ b/arch/powerpc/mm/book3s64/slb.c @@ -328,94 +328,6 @@ static void preload_age(struct thread_info *ti) ti->slb_preload_tail = (ti->slb_preload_tail + 1) % SLB_PRELOAD_NR; } -void slb_setup_new_exec(void) -{ - struct thread_info *ti = current_thread_info(); - struct mm_struct *mm = current->mm; - unsigned long exec = 0x10000000; - - WARN_ON(irqs_disabled()); - - /* - * preload cache can only be used to determine whether a SLB - * entry exists if it does not start to overflow. - */ - if (ti->slb_preload_nr + 2 > SLB_PRELOAD_NR) - return; - - hard_irq_disable(); - - /* - * We have no good place to clear the slb preload cache on exec, - * flush_thread is about the earliest arch hook but that happens - * after we switch to the mm and have already preloaded the SLBEs. - * - * For the most part that's probably okay to use entries from the - * previous exec, they will age out if unused. It may turn out to - * be an advantage to clear the cache before switching to it, - * however. - */ - - /* - * preload some userspace segments into the SLB. - * Almost all 32 and 64bit PowerPC executables are linked at - * 0x10000000 so it makes sense to preload this segment. - */ - if (!is_kernel_addr(exec)) { - if (preload_add(ti, exec)) - slb_allocate_user(mm, exec); - } - - /* Libraries and mmaps. */ - if (!is_kernel_addr(mm->mmap_base)) { - if (preload_add(ti, mm->mmap_base)) - slb_allocate_user(mm, mm->mmap_base); - } - - /* see switch_slb */ - asm volatile("isync" : : : "memory"); - - local_irq_enable(); -} - -void preload_new_slb_context(unsigned long start, unsigned long sp) -{ - struct thread_info *ti = current_thread_info(); - struct mm_struct *mm = current->mm; - unsigned long heap = mm->start_brk; - - WARN_ON(irqs_disabled()); - - /* see above */ - if (ti->slb_preload_nr + 3 > SLB_PRELOAD_NR) - return; - - hard_irq_disable(); - - /* Userspace entry address. */ - if (!is_kernel_addr(start)) { - if (preload_add(ti, start)) - slb_allocate_user(mm, start); - } - - /* Top of stack, grows down. */ - if (!is_kernel_addr(sp)) { - if (preload_add(ti, sp)) - slb_allocate_user(mm, sp); - } - - /* Bottom of heap, grows up. */ - if (heap && !is_kernel_addr(heap)) { - if (preload_add(ti, heap)) - slb_allocate_user(mm, heap); - } - - /* see switch_slb */ - asm volatile("isync" : : : "memory"); - - local_irq_enable(); -} - static void slb_cache_slbie_kernel(unsigned int index) { unsigned long slbie_data = get_paca()->slb_cache[index]; -- 2.51.0

1 month, 1 week

1
0
0 0

[PATCH v5 0/3] phy: qcom: edp: Add missing ref clock to x1e80100

by Abel Vesa

According to documentation, the DP PHY on x1e80100 has another clock called ref. The current X Elite devices supported upstream work fine without this clock, because the boot firmware leaves this clock enabled. But we should not rely on that. Also, when it comes to power management, this clock needs to be also disabled on suspend. So even though this change breaks the ABI, it is needed in order to make we disable this clock on runtime PM, when that is going to be enabled in the driver. So rework the driver to allow different number of clocks, fix the dt-bindings schema and add the clock to the DT node as well. Signed-off-by: Abel Vesa <abel.vesa(a)linaro.org> --- Changes in v5: - Picked-up Bjorn's R-b tags. - Replaced "parse" with "get" on clocks acquiring failure. - Link to v4: https://lore.kernel.org/r/20251029-phy-qcom-edp-add-missing-refclk-v4-0-adb… Changes in v4: - Picked Dmitry's R-b tag for the driver patch - Added x1e80100 substring to subject of dts patch - Link to v3 (resend): https://lore.kernel.org/r/20251014-phy-qcom-edp-add-missing-refclk-v3-0-078… Changes in v3 (resend) - picked-up Krzysztof's R-b tag for bindings patch - Link to v3: https://lore.kernel.org/r/20250909-phy-qcom-edp-add-missing-refclk-v3-0-4ec… Changes in v3: - Use dev_err_probe() on clocks parsing failure. - Explain why the ABI break is necessary. - Drop the extra 'clk' suffix from the clock name. So ref instead of refclk. - Link to v2: https://lore.kernel.org/r/20250903-phy-qcom-edp-add-missing-refclk-v2-0-d88… Changes in v2: - Fix schema by adding the minItems, as suggested by Krzysztof. - Use devm_clk_bulk_get_all, as suggested by Konrad. - Rephrase the commit messages to reflect the flexible number of clocks. - Link to v1: https://lore.kernel.org/r/20250730-phy-qcom-edp-add-missing-refclk-v1-0-6f7… --- Abel Vesa (3): dt-bindings: phy: qcom-edp: Add missing clock for X Elite phy: qcom: edp: Make the number of clocks flexible arm64: dts: qcom: x1e80100: Add missing TCSR ref clock to the DP PHYs .../devicetree/bindings/phy/qcom,edp-phy.yaml | 28 +++++++++++++++++++++- arch/arm64/boot/dts/qcom/hamoa.dtsi | 12 ++++++---- drivers/phy/qualcomm/phy-qcom-edp.c | 16 ++++++------- 3 files changed, 43 insertions(+), 13 deletions(-) --- base-commit: 131f3d9446a6075192cdd91f197989d98302faa6 change-id: 20250730-phy-qcom-edp-add-missing-refclk-5ab82828f8e7 Best regards, -- Abel Vesa <abel.vesa(a)linaro.org>

1 month, 1 week

1
3
0 0

[PATCH v4 0/3] phy: qcom: edp: Add missing ref clock to x1e80100

by Abel Vesa

According to documentation, the DP PHY on x1e80100 has another clock called ref. The current X Elite devices supported upstream work fine without this clock, because the boot firmware leaves this clock enabled. But we should not rely on that. Also, when it comes to power management, this clock needs to be also disabled on suspend. So even though this change breaks the ABI, it is needed in order to make we disable this clock on runtime PM, when that is going to be enabled in the driver. So rework the driver to allow different number of clocks, fix the dt-bindings schema and add the clock to the DT node as well. Signed-off-by: Abel Vesa <abel.vesa(a)linaro.org> --- Changes in v4: - Picked Dmitry's R-b tag for the driver patch - Added x1e80100 substring to subject of dts patch - Link to v3 (resend): https://lore.kernel.org/r/20251014-phy-qcom-edp-add-missing-refclk-v3-0-078… Changes in v3 (resend) - picked-up Krzysztof's R-b tag for bindings patch - Link to v3: https://lore.kernel.org/r/20250909-phy-qcom-edp-add-missing-refclk-v3-0-4ec… Changes in v3: - Use dev_err_probe() on clocks parsing failure. - Explain why the ABI break is necessary. - Drop the extra 'clk' suffix from the clock name. So ref instead of refclk. - Link to v2: https://lore.kernel.org/r/20250903-phy-qcom-edp-add-missing-refclk-v2-0-d88… Changes in v2: - Fix schema by adding the minItems, as suggested by Krzysztof. - Use devm_clk_bulk_get_all, as suggested by Konrad. - Rephrase the commit messages to reflect the flexible number of clocks. - Link to v1: https://lore.kernel.org/r/20250730-phy-qcom-edp-add-missing-refclk-v1-0-6f7… --- Abel Vesa (3): dt-bindings: phy: qcom-edp: Add missing clock for X Elite phy: qcom: edp: Make the number of clocks flexible arm64: dts: qcom: x1e80100: Add missing TCSR ref clock to the DP PHYs .../devicetree/bindings/phy/qcom,edp-phy.yaml | 28 +++++++++++++++++++++- arch/arm64/boot/dts/qcom/hamoa.dtsi | 12 ++++++---- drivers/phy/qualcomm/phy-qcom-edp.c | 16 ++++++------- 3 files changed, 43 insertions(+), 13 deletions(-) --- base-commit: f9ba12abc5282bf992f9a9ae87ad814fd03a0270 change-id: 20250730-phy-qcom-edp-add-missing-refclk-5ab82828f8e7 Best regards, -- Abel Vesa <abel.vesa(a)linaro.org>

1 month, 1 week

2
8
0 0

[PATCH v2 1/4] ASoC: cs4271: Fix cs4271 I2C and SPI drivers automatic module loading

by Herve Codina

In commit c973b8a7dc50 ("ASoC: cs4271: Split SPI and I2C code into different modules") the driver was slit into a core, an SPI and an I2C part. However, the MODULE_DEVICE_TABLE(of, cs4271_dt_ids) was in the core part and so, module loading based on module.alias (based on DT compatible string matching) loads the core part but not the SPI or I2C parts. In order to have the I2C or the SPI module loaded automatically, move the MODULE_DEVICE_TABLE(of, ...) the core to I2C and SPI parts. Also move cs4271_dt_ids itself from the core part to I2C and SPI parts as both the call to MODULE_DEVICE_TABLE(of, ...) and the cs4271_dt_ids table itself need to be in the same file. Fixes: c973b8a7dc50 ("ASoC: cs4271: Split SPI and I2C code into different modules") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- sound/soc/codecs/cs4271-i2c.c | 6 ++++++ sound/soc/codecs/cs4271-spi.c | 13 +++++++++++++ sound/soc/codecs/cs4271.c | 9 --------- sound/soc/codecs/cs4271.h | 1 - 4 files changed, 19 insertions(+), 10 deletions(-) diff --git a/sound/soc/codecs/cs4271-i2c.c b/sound/soc/codecs/cs4271-i2c.c index 1d210b969173..cefb8733fc61 100644 --- a/sound/soc/codecs/cs4271-i2c.c +++ b/sound/soc/codecs/cs4271-i2c.c @@ -28,6 +28,12 @@ static const struct i2c_device_id cs4271_i2c_id[] = { }; MODULE_DEVICE_TABLE(i2c, cs4271_i2c_id); +static const struct of_device_id cs4271_dt_ids[] = { + { .compatible = "cirrus,cs4271", }, + { } +}; +MODULE_DEVICE_TABLE(of, cs4271_dt_ids); + static struct i2c_driver cs4271_i2c_driver = { .driver = { .name = "cs4271", diff --git a/sound/soc/codecs/cs4271-spi.c b/sound/soc/codecs/cs4271-spi.c index 4feb80436bd9..28dd7b8f3507 100644 --- a/sound/soc/codecs/cs4271-spi.c +++ b/sound/soc/codecs/cs4271-spi.c @@ -23,11 +23,24 @@ static int cs4271_spi_probe(struct spi_device *spi) return cs4271_probe(&spi->dev, devm_regmap_init_spi(spi, &config)); } +static const struct spi_device_id cs4271_id_spi[] = { + { "cs4271", 0 }, + {} +}; +MODULE_DEVICE_TABLE(spi, cs4271_id_spi); + +static const struct of_device_id cs4271_dt_ids[] = { + { .compatible = "cirrus,cs4271", }, + { } +}; +MODULE_DEVICE_TABLE(of, cs4271_dt_ids); + static struct spi_driver cs4271_spi_driver = { .driver = { .name = "cs4271", .of_match_table = of_match_ptr(cs4271_dt_ids), }, + .id_table = cs4271_id_spi, .probe = cs4271_spi_probe, }; module_spi_driver(cs4271_spi_driver); diff --git a/sound/soc/codecs/cs4271.c b/sound/soc/codecs/cs4271.c index 6a3cca3d26c7..ff9c6628224c 100644 --- a/sound/soc/codecs/cs4271.c +++ b/sound/soc/codecs/cs4271.c @@ -543,15 +543,6 @@ static int cs4271_soc_resume(struct snd_soc_component *component) #define cs4271_soc_resume NULL #endif /* CONFIG_PM */ -#ifdef CONFIG_OF -const struct of_device_id cs4271_dt_ids[] = { - { .compatible = "cirrus,cs4271", }, - { } -}; -MODULE_DEVICE_TABLE(of, cs4271_dt_ids); -EXPORT_SYMBOL_GPL(cs4271_dt_ids); -#endif - static int cs4271_component_probe(struct snd_soc_component *component) { struct cs4271_private *cs4271 = snd_soc_component_get_drvdata(component); diff --git a/sound/soc/codecs/cs4271.h b/sound/soc/codecs/cs4271.h index 290283a9149e..4965ce085875 100644 --- a/sound/soc/codecs/cs4271.h +++ b/sound/soc/codecs/cs4271.h @@ -4,7 +4,6 @@ #include <linux/regmap.h> -extern const struct of_device_id cs4271_dt_ids[]; extern const struct regmap_config cs4271_regmap_config; int cs4271_probe(struct device *dev, struct regmap *regmap); -- 2.51.0

1 month, 1 week

3
5
0 0

[PATCH v2] Bluetooth: rfcomm: fix modem control handling

by Johan Hovold

The RFCOMM driver confuses the local and remote modem control signals, which specifically means that the reported DTR and RTS state will instead reflect the remote end (i.e. DSR and CTS). This issue dates back to the original driver (and a follow-on update) merged in 2002, which resulted in a non-standard implementation of TIOCMSET that allowed controlling also the TS07.10 IC and DV signals by mapping them to the RI and DCD input flags, while TIOCMGET failed to return the actual state of DTR and RTS. Note that the bogus control of input signals in tiocmset() is just dead code as those flags will have been masked out by the tty layer since 2003. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Johan Hovold <johan(a)kernel.org> --- Changes in v2 - fix a compilation issue discovered before sending v1 but never folded into the actual patch... net/bluetooth/rfcomm/tty.c | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c index 376ce6de84be..b783526ab588 100644 --- a/net/bluetooth/rfcomm/tty.c +++ b/net/bluetooth/rfcomm/tty.c @@ -643,8 +643,8 @@ static void rfcomm_dev_modem_status(struct rfcomm_dlc *dlc, u8 v24_sig) tty_port_tty_hangup(&dev->port, true); dev->modem_status = - ((v24_sig & RFCOMM_V24_RTC) ? (TIOCM_DSR | TIOCM_DTR) : 0) | - ((v24_sig & RFCOMM_V24_RTR) ? (TIOCM_RTS | TIOCM_CTS) : 0) | + ((v24_sig & RFCOMM_V24_RTC) ? TIOCM_DSR : 0) | + ((v24_sig & RFCOMM_V24_RTR) ? TIOCM_CTS : 0) | ((v24_sig & RFCOMM_V24_IC) ? TIOCM_RI : 0) | ((v24_sig & RFCOMM_V24_DV) ? TIOCM_CD : 0); } @@ -1055,10 +1055,14 @@ static void rfcomm_tty_hangup(struct tty_struct *tty) static int rfcomm_tty_tiocmget(struct tty_struct *tty) { struct rfcomm_dev *dev = tty->driver_data; + struct rfcomm_dlc *dlc = dev->dlc; + u8 v24_sig; BT_DBG("tty %p dev %p", tty, dev); - return dev->modem_status; + rfcomm_dlc_get_modem_status(dlc, &v24_sig); + + return (v24_sig & (TIOCM_DTR | TIOCM_RTS)) | dev->modem_status; } static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigned int clear) @@ -1071,23 +1075,15 @@ static int rfcomm_tty_tiocmset(struct tty_struct *tty, unsigned int set, unsigne rfcomm_dlc_get_modem_status(dlc, &v24_sig); - if (set & TIOCM_DSR || set & TIOCM_DTR) + if (set & TIOCM_DTR) v24_sig |= RFCOMM_V24_RTC; - if (set & TIOCM_RTS || set & TIOCM_CTS) + if (set & TIOCM_RTS) v24_sig |= RFCOMM_V24_RTR; - if (set & TIOCM_RI) - v24_sig |= RFCOMM_V24_IC; - if (set & TIOCM_CD) - v24_sig |= RFCOMM_V24_DV; - if (clear & TIOCM_DSR || clear & TIOCM_DTR) + if (clear & TIOCM_DTR) v24_sig &= ~RFCOMM_V24_RTC; - if (clear & TIOCM_RTS || clear & TIOCM_CTS) + if (clear & TIOCM_RTS) v24_sig &= ~RFCOMM_V24_RTR; - if (clear & TIOCM_RI) - v24_sig &= ~RFCOMM_V24_IC; - if (clear & TIOCM_CD) - v24_sig &= ~RFCOMM_V24_DV; rfcomm_dlc_set_modem_status(dlc, v24_sig); -- 2.49.1

1 month, 1 week

3
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror