From: Steven Rostedt <rostedt(a)goodmis.org>
The function ring_buffer_map_get_reader() is a bit more strict than the
other get reader functions, and except for certain situations the
rb_get_reader_page() should not return NULL. If it does, it triggers a
warning.
This warning was triggering but after looking at why, it was because
another acceptable situation was happening and it wasn't checked for.
If the reader catches up to the writer and there's still data to be read
on the reader page, then the rb_get_reader_page() will return NULL as
there's no new page to get.
In this situation, the reader page should not be updated and no warning
should trigger.
Cc: stable(a)vger.kernel.org
Cc: Masami Hiramatsu <mhiramat(a)kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
Cc: Vincent Donnefort <vdonnefort(a)google.com>
Reported-by: syzbot+92a3745cea5ec6360309(a)syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/690babec.050a0220.baf87.0064.GAE@google.com/
Link: https://lore.kernel.org/20251016132848.1b11bb37@gandalf.local.home
Fixes: 117c39200d9d7 ("ring-buffer: Introducing ring-buffer mapping functions")
Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org>
---
kernel/trace/ring_buffer.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index 1244d2c5c384..afcd3747264d 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -7344,6 +7344,10 @@ int ring_buffer_map_get_reader(struct trace_buffer *buffer, int cpu)
goto out;
}
+ /* Did the reader catch up with the writer? */
+ if (cpu_buffer->reader_page == cpu_buffer->commit_page)
+ goto out;
+
reader = rb_get_reader_page(cpu_buffer);
if (WARN_ON(!reader))
goto out;
--
2.51.0
There are custom-made firmwares based on board ID for a given QCA BT
chip sometimes, and they are different with existing firmwares and put
in a separate subdirectory to avoid conflict, for example:
QCA2066, as a variant of WCN6855, has firmwares under 'qca/QCA2066/'
of linux-firmware repository.
Cc: stable(a)vger.kernel.org
Signed-off-by: Shuai Zhang <quic_shuaz(a)quicinc.com>
---
drivers/bluetooth/btusb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
index dcbff7641..7175e9b2d 100644
--- a/drivers/bluetooth/btusb.c
+++ b/drivers/bluetooth/btusb.c
@@ -3273,6 +3273,7 @@ static const struct qca_device_info qca_devices_table[] = {
static const struct qca_custom_firmware qca_custom_btfws[] = {
{ 0x00130201, 0x030A, "QCA2066" },
+ { 0x00130201, 0x030B, "QCA2066" },
{ },
};
--
2.34.1
From: Jamie Iles <jamie.iles(a)oss.qualcomm.com>
The sysdev_is_parent check was being used to infer PCI devices that have
the DMA mask set from the PCI capabilities, but sysdev_is_parent is also
used for non-PCI ACPI devices in which case the DMA mask would be the
bus default or as set by the _DMA method.
Without this fix the DMA mask would default to 32-bits and so allocation
would fail if there was no DRAM below 4GB.
Fixes: 47ce45906ca9 ("usb: dwc3: leave default DMA for PCI devices")
Cc: stable(a)vger.kernel.org
Signed-off-by: Jamie Iles <jamie.iles(a)oss.qualcomm.com>
Signed-off-by: Punit Agrawal <punit.agrawal(a)oss.qualcomm.com>
Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
---
v1[0] -> v2:
* Added tags
* Cc stable
[0] https://lore.kernel.org/all/20251105145801.485371-1-punit.agrawal@oss.qualc…
drivers/usb/dwc3/core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c
index ae140c356295..c2ce2f5e60a1 100644
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -25,6 +25,7 @@
#include <linux/of.h>
#include <linux/of_graph.h>
#include <linux/acpi.h>
+#include <linux/pci.h>
#include <linux/pinctrl/consumer.h>
#include <linux/pinctrl/devinfo.h>
#include <linux/reset.h>
@@ -2241,7 +2242,7 @@ int dwc3_core_probe(const struct dwc3_probe_data *data)
dev_set_drvdata(dev, dwc);
dwc3_cache_hwparams(dwc);
- if (!dwc->sysdev_is_parent &&
+ if (!dev_is_pci(dwc->sysdev) &&
DWC3_GHWPARAMS0_AWIDTH(dwc->hwparams.hwparams0) == 64) {
ret = dma_set_mask_and_coherent(dwc->sysdev, DMA_BIT_MASK(64));
if (ret)
--
2.34.1
fsi_slave_init() calls device_initialize() for slave->dev
unconditionally. However, in the error paths, put_device() is not
called, leading to an imbalance in the device reference count.
Although kfree(slave) eventually frees the memory, it does not
properly release the device initialized by device_initialize(). For
proper pairing of device_initialize()/put_device(), add put_device()
calls in both error paths.
Found by code review.
Cc: stable(a)vger.kernel.org
Fixes: d1dcd6782576 ("fsi: Add cfam char devices")
Signed-off-by: Ma Ke <make24(a)iscas.ac.cn>
---
drivers/fsi/fsi-core.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/fsi/fsi-core.c b/drivers/fsi/fsi-core.c
index c6c115993ebc..0d45e4442ca9 100644
--- a/drivers/fsi/fsi-core.c
+++ b/drivers/fsi/fsi-core.c
@@ -1075,7 +1075,7 @@ static int fsi_slave_init(struct fsi_master *master, int link, uint8_t id)
rc = __fsi_get_new_minor(slave, fsi_dev_cfam, &slave->dev.devt,
&slave->cdev_idx);
if (rc)
- goto err_free;
+ goto err_put_device;
trace_fsi_slave_init(slave);
@@ -1112,6 +1112,9 @@ static int fsi_slave_init(struct fsi_master *master, int link, uint8_t id)
err_free_ida:
fsi_free_minor(slave->dev.devt);
+err_put_device:
+ put_device(&slave->dev);
+ return rc;
err_free:
of_node_put(slave->dev.of_node);
kfree(slave);
--
2.17.1
`kallsyms_get_symbol_type()` does not take into account the potential
extra byte for "big" symbols.
This makes `/proc/kallsyms` output the wrong symbol type for such "big"
symbols, such as a bogus `1` symbol type, which in turn confused other
tooling [1].
Thus fix it.
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/all/CANiq72ns1sRukpX-4L3FgqfJw4nXZ5AyqQKCEeQ=nhyERG…
Fixes: 73bbb94466fd ("kallsyms: support "big" kernel symbols")
Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org>
---
Somehow this went unnoticed so far... In Fedora 42 I compared the
System.map with `/proc/kallsyms` and that was the only symbol with a
different type -- Arnaldo, could you please confirm this makes it go
away for you? Thanks!
kernel/kallsyms.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
index 1e7635864124..4f9b612d6bf2 100644
--- a/kernel/kallsyms.c
+++ b/kernel/kallsyms.c
@@ -101,11 +101,21 @@ static unsigned int kallsyms_expand_symbol(unsigned int off,
*/
static char kallsyms_get_symbol_type(unsigned int off)
{
+ const u8 len = kallsyms_names[off];
+
+ off++;
+
+ /*
+ * If MSB is 1, it is a "big" symbol, so we need to skip two bytes.
+ */
+ if ((len & 0x80) != 0)
+ off++;
+
/*
* Get just the first code, look it up in the token table,
* and return the first char from this token.
*/
- return kallsyms_token_table[kallsyms_token_index[kallsyms_names[off + 1]]];
+ return kallsyms_token_table[kallsyms_token_index[kallsyms_names[off]]];
}
base-commit: dc77806cf3b4788d328fddf245e86c5b529f31a2
--
2.51.2