Linux-stable-mirror

linux-stable-mirror@lists.linaro.org

262 participants
124084 discussions

[PATCH v2] hpsa: fix a memory leak in hpsa_find_cfgtables()

by Haoxiang Li

If write_driver_ver_to_cfgtable() fails, add iounmap() to release the memory allocated by remap_pci_mem(). Found by manual static code review. Fixes: 580ada3c1e2f ("[SCSI] hpsa: do a better job of detecting controller reset failure") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> --- Changes in v2: - replace iounmap with unified release method. Thanks, Greg! --- drivers/scsi/hpsa.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c index 3654b12c5d5a..e38d4a7488f8 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -7646,8 +7646,10 @@ static int hpsa_find_cfgtables(struct ctlr_info *h) return -ENOMEM; } rc = write_driver_ver_to_cfgtable(h->cfgtable); - if (rc) + if (rc) { + hpsa_free_cfgtables(h); return rc; + } /* Find performant mode table. */ trans_offset = readl(&h->cfgtable->TransMethodOffset); h->transtable = remap_pci_mem(pci_resource_start(h->pdev, -- 2.25.1

16 hours, 2 minutes

[PATCH] ALSA: pcm: Improve the fix for race of buffer access at PCM OSS layer

by Jaroslav Kysela

Handle the error code from snd_pcm_buffer_access_lock() in snd_pcm_runtime_buffer_set_silence() function. Found by Alexandros Panagiotou <apanagio(a)redhat.com> Fixes: 93a81ca06577 ("ALSA: pcm: Fix race of buffer access at PCM OSS layer") Cc: stable(a)vger.kernel.org # 6.15 Signed-off-by: Jaroslav Kysela <perex(a)perex.cz> --- include/sound/pcm.h | 2 +- sound/core/oss/pcm_oss.c | 4 +++- sound/core/pcm_native.c | 9 +++++++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/include/sound/pcm.h b/include/sound/pcm.h index 58fd6e84f961..a7860c047503 100644 --- a/include/sound/pcm.h +++ b/include/sound/pcm.h @@ -1402,7 +1402,7 @@ int snd_pcm_lib_mmap_iomem(struct snd_pcm_substream *substream, struct vm_area_s #define snd_pcm_lib_mmap_iomem NULL #endif -void snd_pcm_runtime_buffer_set_silence(struct snd_pcm_runtime *runtime); +int snd_pcm_runtime_buffer_set_silence(struct snd_pcm_runtime *runtime); /** * snd_pcm_limit_isa_dma_size - Get the max size fitting with ISA DMA transfer diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c index a82dd155e1d3..b12df5b5ddfc 100644 --- a/sound/core/oss/pcm_oss.c +++ b/sound/core/oss/pcm_oss.c @@ -1074,7 +1074,9 @@ static int snd_pcm_oss_change_params_locked(struct snd_pcm_substream *substream) runtime->oss.params = 0; runtime->oss.prepare = 1; runtime->oss.buffer_used = 0; - snd_pcm_runtime_buffer_set_silence(runtime); + err = snd_pcm_runtime_buffer_set_silence(runtime); + if (err < 0) + goto failure; runtime->oss.period_frames = snd_pcm_alsa_frames(substream, oss_period_size); diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c index 68bee40c9ada..932a9bf98cbc 100644 --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c @@ -730,13 +730,18 @@ static void snd_pcm_buffer_access_unlock(struct snd_pcm_runtime *runtime) } /* fill the PCM buffer with the current silence format; called from pcm_oss.c */ -void snd_pcm_runtime_buffer_set_silence(struct snd_pcm_runtime *runtime) +int snd_pcm_runtime_buffer_set_silence(struct snd_pcm_runtime *runtime) { - snd_pcm_buffer_access_lock(runtime); + int err; + + err = snd_pcm_buffer_access_lock(runtime); + if (err < 0) + return err; if (runtime->dma_area) snd_pcm_format_set_silence(runtime->format, runtime->dma_area, bytes_to_samples(runtime, runtime->dma_bytes)); snd_pcm_buffer_access_unlock(runtime); + return 0; } EXPORT_SYMBOL_GPL(snd_pcm_runtime_buffer_set_silence); -- 2.52.0

16 hours, 12 minutes

[PATCH v3] drm/amdkfd: fix a memory leak in device_queue_manager_init()

by Haoxiang Li

If dqm->ops.initialize() fails, add deallocate_hiq_sdma_mqd() to release the memory allocated by allocate_hiq_sdma_mqd(). Move deallocate_hiq_sdma_mqd() up to ensure proper function visibility at the point of use. Fixes: 11614c36bc8f ("drm/amdkfd: Allocate MQD trunk for HIQ and SDMA") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> --- Chnages in v3: - recheck the patch format. Changes in v2: - Move deallocate_hiq_sdma_mqd() up. Thanks, Felix! - Add a Fixes tag. --- .../drm/amd/amdkfd/kfd_device_queue_manager.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c index d7a2e7178ea9..8af0929ca40a 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c @@ -2919,6 +2919,14 @@ static int allocate_hiq_sdma_mqd(struct device_queue_manager *dqm) return retval; } +static void deallocate_hiq_sdma_mqd(struct kfd_node *dev, + struct kfd_mem_obj *mqd) +{ + WARN(!mqd, "No hiq sdma mqd trunk to free"); + + amdgpu_amdkfd_free_gtt_mem(dev->adev, &mqd->gtt_mem); +} + struct device_queue_manager *device_queue_manager_init(struct kfd_node *dev) { struct device_queue_manager *dqm; @@ -3042,19 +3050,14 @@ struct device_queue_manager *device_queue_manager_init(struct kfd_node *dev) return dqm; } + if (!dev->kfd->shared_resources.enable_mes) + deallocate_hiq_sdma_mqd(dev, &dqm->hiq_sdma_mqd); + out_free: kfree(dqm); return NULL; } -static void deallocate_hiq_sdma_mqd(struct kfd_node *dev, - struct kfd_mem_obj *mqd) -{ - WARN(!mqd, "No hiq sdma mqd trunk to free"); - - amdgpu_amdkfd_free_gtt_mem(dev->adev, &mqd->gtt_mem); -} - void device_queue_manager_uninit(struct device_queue_manager *dqm) { dqm->ops.stop(dqm); -- 2.25.1

16 hours, 17 minutes

[PATCH v5.10-v6.6] RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem

by Shivani Agarwal

From: Zhu Yanjun <yanjun.zhu(a)linux.dev> [ Upstream commit d0706bfd3ee40923c001c6827b786a309e2a8713 ] Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xc3/0x670 mm/kasan/report.c:521 kasan_report+0xe0/0x110 mm/kasan/report.c:634 strlen+0x93/0xa0 lib/string.c:420 __fortify_strlen include/linux/fortify-string.h:268 [inline] get_kobj_path_length lib/kobject.c:118 [inline] kobject_get_path+0x3f/0x2a0 lib/kobject.c:158 kobject_uevent_env+0x289/0x1870 lib/kobject_uevent.c:545 ib_register_device drivers/infiniband/core/device.c:1472 [inline] ib_register_device+0x8cf/0xe00 drivers/infiniband/core/device.c:1393 rxe_register_device+0x275/0x320 drivers/infiniband/sw/rxe/rxe_verbs.c:1552 rxe_net_add+0x8e/0xe0 drivers/infiniband/sw/rxe/rxe_net.c:550 rxe_newlink+0x70/0x190 drivers/infiniband/sw/rxe/rxe.c:225 nldev_newlink+0x3a3/0x680 drivers/infiniband/core/nldev.c:1796 rdma_nl_rcv_msg+0x387/0x6e0 drivers/infiniband/core/netlink.c:195 rdma_nl_rcv_skb.constprop.0.isra.0+0x2e5/0x450 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x53a/0x7f0 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x8d1/0xdd0 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg net/socket.c:727 [inline] ____sys_sendmsg+0xa95/0xc70 net/socket.c:2566 ___sys_sendmsg+0x134/0x1d0 net/socket.c:2620 __sys_sendmsg+0x16d/0x220 net/socket.c:2652 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f This problem is similar to the problem that the commit 1d6a9e7449e2 ("RDMA/core: Fix use-after-free when rename device name") fixes. The root cause is: the function ib_device_rename() renames the name with lock. But in the function kobject_uevent(), this name is accessed without lock protection at the same time. The solution is to add the lock protection when this name is accessed in the function kobject_uevent(). Fixes: 779e0bf47632 ("RDMA/core: Do not indicate device ready when device enablement fails") Link: https://patch.msgid.link/r/20250506151008.75701-1-yanjun.zhu@linux.dev Reported-by: syzbot+e2ce9e275ecc70a30b72(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=e2ce9e275ecc70a30b72 Signed-off-by: Zhu Yanjun <yanjun.zhu(a)linux.dev> Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [ Ajay: Modified to apply on v5.10.y-v6.6.y ib_device_notify_register() not present in v5.10.y-v6.6.y, so directly added lock for kobject_uevent() ] Signed-off-by: Ajay Kaher <ajay.kaher(a)broadcom.com> Signed-off-by: Shivani Agarwal <shivani.agarwal(a)broadcom.com> --- drivers/infiniband/core/device.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/infiniband/core/device.c b/drivers/infiniband/core/device.c index 26f1d2f29..ea9b48108 100644 --- a/drivers/infiniband/core/device.c +++ b/drivers/infiniband/core/device.c @@ -1396,8 +1396,13 @@ int ib_register_device(struct ib_device *device, const char *name, return ret; } dev_set_uevent_suppress(&device->dev, false); + + down_read(&devices_rwsem); + /* Mark for userspace that device is ready */ kobject_uevent(&device->dev.kobj, KOBJ_ADD); + + up_read(&devices_rwsem); ib_device_put(device); return 0; -- 2.40.4

17 hours, 2 minutes

[PATCH 0/2 v5.10] Fix CVE-2023-52975

by Shivani Agarwal

Fix CVE-2023-52975 by backporting the required upstream commit 6f1d64b13097. This commit depends on a1f3486b3b09, so both patches have been backported to the v5.10 kernel. Mike Christie (2): scsi: iscsi: Move pool freeing scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress drivers/scsi/iscsi_tcp.c | 11 +++++++++-- drivers/scsi/libiscsi.c | 39 +++++++++++++++++++++++++++++++-------- include/scsi/libiscsi.h | 2 ++ 3 files changed, 42 insertions(+), 10 deletions(-) -- 2.43.7

17 hours, 13 minutes

[PATCH 0/7] clk: qcom: gcc: Do not turn off PCIe GDSCs during gdsc_disable()

by Krishna Chaitanya Chundru

With PWRSTS_OFF_ON, PCIe GDSCs are turned off during gdsc_disable(). This can happen during scenarios such as system suspend and breaks the resume of PCIe controllers from suspend. So use PWRSTS_RET_ON to indicate the GDSC driver to not turn off the GDSCs during gdsc_disable() and allow the hardware to transition the GDSCs to retention when the parent domain enters low power state during system suspend. Signed-off-by: Krishna Chaitanya Chundru <krishna.chundru(a)oss.qualcomm.com> --- Krishna Chaitanya Chundru (7): clk: qcom: gcc-sc7280: Do not turn off PCIe GDSCs during gdsc_disable() clk: qcom: gcc-sa8775p: Do not turn off PCIe GDSCs during gdsc_disable() clk: qcom: gcc-sm8750: Do not turn off PCIe GDSCs during gdsc_disable() clk: qcom: gcc-glymur: Do not turn off PCIe GDSCs during gdsc_disable() clk: qcom: gcc-qcs8300: Do not turn off PCIe GDSCs during gdsc_disable() clk: qcom: gcc-x1e80100: Do not turn off PCIe GDSCs during gdsc_disable() clk: qcom: gcc-kaanapali: Do not turn off PCIe GDSCs during gdsc_disable() drivers/clk/qcom/gcc-glymur.c | 16 ++++++++-------- drivers/clk/qcom/gcc-kaanapali.c | 2 +- drivers/clk/qcom/gcc-qcs8300.c | 4 ++-- drivers/clk/qcom/gcc-sa8775p.c | 4 ++-- drivers/clk/qcom/gcc-sc7280.c | 2 +- drivers/clk/qcom/gcc-sm8750.c | 2 +- drivers/clk/qcom/gcc-x1e80100.c | 16 ++++++++-------- 7 files changed, 23 insertions(+), 23 deletions(-) --- base-commit: 98e506ee7d10390b527aeddee7bbeaf667129646 change-id: 20260102-pci_gdsc_fix-1dcf08223922 Best regards, -- Krishna Chaitanya Chundru <krishna.chundru(a)oss.qualcomm.com>

17 hours, 36 minutes

Fwd: Request to add mainline merged patch to stable kernels

by JP Dehollain

Hi Greg, thanks for looking into this.. The full commit hash is 807221d3c5ff6e3c91ff57bc82a0b7a541462e20 Note: apologies if you received this multiple times, the previous one got bounced due to html Cheers, JP ________________________________ From: Greg KH <gregkh(a)linuxfoundation.org> Sent: Tuesday, December 23, 2025 6:39:22 PM To: JP Dehollain <jpdehollain(a)gmail.com> Cc: stable(a)vger.kernel.org <stable(a)vger.kernel.org> Subject: Re: Request to add mainline merged patch to stable kernels On Tue, Dec 23, 2025 at 04:05:24PM +1100, JP Dehollain wrote: > Hello, > I recently used the patch misc: rtsx_pci: Add separate CD/WP pin > polarity reversal support with commit ID 807221d, to fix a bug causing > the cardreader driver to always load sd cards in read-only mode. > On the suggestion of the driver maintainer, I am requesting that this > patch be applied to all stable kernel versions, as it is currently > only applied to >=6.18. > Thanks, > JP > What is the git id of the commit you are looking to have backported? thanks, greg k-h

18 hours

[PATCH v2] arm64: fix cleared E0POE bit after cpu_suspend()/resume()

by Yeoreum Yun

TCR2_ELx.E0POE is set during smp_init(). However, this bit is not reprogrammed when the CPU enters suspension and later resumes via cpu_resume(), as __cpu_setup() does not re-enable E0POE and there is no save/restore logic for the TCR2_ELx system register. As a result, the E0POE feature no longer works after cpu_resume(). To address this, save and restore TCR2_EL1 in the cpu_suspend()/cpu_resume() path, rather than adding related logic to __cpu_setup(), taking into account possible future extensions of the TCR2_ELx feature. Cc: stable(a)vger.kernel.org Fixes: bf83dae90fbc ("arm64: enable the Permission Overlay Extension for EL0") Signed-off-by: Yeoreum Yun <yeoreum.yun(a)arm.com> --- Patch History ============== from v1 to v2: - following @Kevin Brodsky suggestion. - https://lore.kernel.org/all/20260105200707.2071169-1-yeoreum.yun@arm.com/ NOTE: This patch based on v6.19-rc4 --- arch/arm64/include/asm/suspend.h | 2 +- arch/arm64/mm/proc.S | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/suspend.h b/arch/arm64/include/asm/suspend.h index e65f33edf9d6..e9ce68d50ba4 100644 --- a/arch/arm64/include/asm/suspend.h +++ b/arch/arm64/include/asm/suspend.h @@ -2,7 +2,7 @@ #ifndef __ASM_SUSPEND_H #define __ASM_SUSPEND_H -#define NR_CTX_REGS 13 +#define NR_CTX_REGS 14 #define NR_CALLEE_SAVED_REGS 12 /* diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S index 01e868116448..5d907ce3b6d3 100644 --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -110,6 +110,10 @@ SYM_FUNC_START(cpu_do_suspend) * call stack. */ str x18, [x0, #96] +alternative_if ARM64_HAS_TCR2 + mrs x2, REG_TCR2_EL1 + str x2, [x0, #104] +alternative_else_nop_endif ret SYM_FUNC_END(cpu_do_suspend) @@ -144,6 +148,10 @@ SYM_FUNC_START(cpu_do_resume) msr tcr_el1, x8 msr vbar_el1, x9 msr mdscr_el1, x10 +alternative_if ARM64_HAS_TCR2 + ldr x2, [x0, #104] + msr REG_TCR2_EL1, x2 +alternative_else_nop_endif msr sctlr_el1, x12 set_this_cpu_offset x13 -- LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}

18 hours, 9 minutes

[PATCH net v4] net: nfc: nci: Fix parameter validation for packet data

by Michael Thalmeier

Since commit 9c328f54741b ("net: nfc: nci: Add parameter validation for packet data") communication with nci nfc chips is not working any more. The mentioned commit tries to fix access of uninitialized data, but failed to understand that in some cases the data packet is of variable length and can therefore not be compared to the maximum packet length given by the sizeof(struct). Fixes: 9c328f54741b ("net: nfc: nci: Add parameter validation for packet data") Cc: stable(a)vger.kernel.org Signed-off-by: Michael Thalmeier <michael.thalmeier(a)hale.at> --- v4: - formatting fixes v3: - perform complete checks - replace magic numbers with offsetofend and sizeof v2: - Reference correct commit hash --- net/nfc/nci/ntf.c | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/net/nfc/nci/ntf.c b/net/nfc/nci/ntf.c index 418b84e2b260..a5cafcd10cc3 100644 --- a/net/nfc/nci/ntf.c +++ b/net/nfc/nci/ntf.c @@ -58,7 +58,7 @@ static int nci_core_conn_credits_ntf_packet(struct nci_dev *ndev, struct nci_conn_info *conn_info; int i; - if (skb->len < sizeof(struct nci_core_conn_credit_ntf)) + if (skb->len < offsetofend(struct nci_core_conn_credit_ntf, num_entries)) return -EINVAL; ntf = (struct nci_core_conn_credit_ntf *)skb->data; @@ -68,6 +68,10 @@ static int nci_core_conn_credits_ntf_packet(struct nci_dev *ndev, if (ntf->num_entries > NCI_MAX_NUM_CONN) ntf->num_entries = NCI_MAX_NUM_CONN; + if (skb->len < offsetofend(struct nci_core_conn_credit_ntf, num_entries) + + ntf->num_entries * sizeof(struct conn_credit_entry)) + return -EINVAL; + /* update the credits */ for (i = 0; i < ntf->num_entries; i++) { ntf->conn_entries[i].conn_id = @@ -364,7 +368,7 @@ static int nci_rf_discover_ntf_packet(struct nci_dev *ndev, const __u8 *data; bool add_target = true; - if (skb->len < sizeof(struct nci_rf_discover_ntf)) + if (skb->len < offsetofend(struct nci_rf_discover_ntf, rf_tech_specific_params_len)) return -EINVAL; data = skb->data; @@ -380,6 +384,10 @@ static int nci_rf_discover_ntf_packet(struct nci_dev *ndev, pr_debug("rf_tech_specific_params_len %d\n", ntf.rf_tech_specific_params_len); + if (skb->len < (data - skb->data) + + ntf.rf_tech_specific_params_len + sizeof(ntf.ntf_type)) + return -EINVAL; + if (ntf.rf_tech_specific_params_len > 0) { switch (ntf.rf_tech_and_mode) { case NCI_NFC_A_PASSIVE_POLL_MODE: @@ -596,7 +604,7 @@ static int nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev, const __u8 *data; int err = NCI_STATUS_OK; - if (skb->len < sizeof(struct nci_rf_intf_activated_ntf)) + if (skb->len < offsetofend(struct nci_rf_intf_activated_ntf, rf_tech_specific_params_len)) return -EINVAL; data = skb->data; @@ -628,6 +636,9 @@ static int nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev, if (ntf.rf_interface == NCI_RF_INTERFACE_NFCEE_DIRECT) goto listen; + if (skb->len < (data - skb->data) + ntf.rf_tech_specific_params_len) + return -EINVAL; + if (ntf.rf_tech_specific_params_len > 0) { switch (ntf.activation_rf_tech_and_mode) { case NCI_NFC_A_PASSIVE_POLL_MODE: @@ -668,6 +679,13 @@ static int nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev, } } + if (skb->len < (data - skb->data) + + sizeof(ntf.data_exch_rf_tech_and_mode) + + sizeof(ntf.data_exch_tx_bit_rate) + + sizeof(ntf.data_exch_rx_bit_rate) + + sizeof(ntf.activation_params_len)) + return -EINVAL; + ntf.data_exch_rf_tech_and_mode = *data++; ntf.data_exch_tx_bit_rate = *data++; ntf.data_exch_rx_bit_rate = *data++; @@ -679,6 +697,9 @@ static int nci_rf_intf_activated_ntf_packet(struct nci_dev *ndev, pr_debug("data_exch_rx_bit_rate 0x%x\n", ntf.data_exch_rx_bit_rate); pr_debug("activation_params_len %d\n", ntf.activation_params_len); + if (skb->len < (data - skb->data) + ntf.activation_params_len) + return -EINVAL; + if (ntf.activation_params_len > 0) { switch (ntf.rf_interface) { case NCI_RF_INTERFACE_ISO_DEP: -- 2.52.0

21 hours, 20 minutes

[PATCH 00/12] drm/bridge: convert users of of_drm_find_bridge(), part 2

by Luca Ceresoli

This series converts all DRM bridge drivers (*) from the now deprecated of_drm_find_bridge() to its replacement of_drm_find_and_get_bridge() which allows correct bridge refcounting. It also converts per-driver "next_bridge" pointers to the unified drm_bridge::next_bridge which puts the reference automatically on bridge deallocation. This is part of the work to support hotplug of DRM bridges. The grand plan was discussed in [0]. Here's the work breakdown (➜ marks the current series): 1. ➜ add refcounting to DRM bridges struct drm_bridge, based on devm_drm_bridge_alloc() A. ✔ add new alloc API and refcounting (v6.16) B. ✔ convert all bridge drivers to new API (v6.17) C. ✔ kunit tests (v6.17) D. ✔ add get/put to drm_bridge_add/remove() + attach/detach() and warn on old allocation pattern (v6.17) E. ➜ add get/put on drm_bridge accessors 1. ✔ drm_bridge_chain_get_first_bridge(), add cleanup action (v6.18) 2. ✔ drm_bridge_get_prev_bridge() (v6.18) 3. ✔ drm_bridge_get_next_bridge() (v6.19) 4. ✔ drm_for_each_bridge_in_chain() (v6.19) 5. ✔ drm_bridge_connector_init (v6.19) 6. … protect encoder bridge chain with a mutex 7. ➜ of_drm_find_bridge a. ✔… add of_drm_get_bridge(), convert basic direct users (v6.20?, one driver still pending) b. ➜ convert direct of_drm_get_bridge() users, part 2 c. convert direct of_drm_get_bridge() users, part 3 d. convert direct of_drm_get_bridge() users, part 4 e. convert bridge-only drm_of_find_panel_or_bridge() users 8. drm_of_find_panel_or_bridge, *_of_get_bridge 9. ✔ enforce drm_bridge_add before drm_bridge_attach (v6.19) F. ✔ debugfs improvements 1. ✔ add top-level 'bridges' file (v6.16) 2. ✔ show refcount and list lingering bridges (v6.19) 2. … handle gracefully atomic updates during bridge removal A. ✔ Add drm_dev_enter/exit() to protect device resources (v6.20?) B. … protect private_obj removal from list 3. … DSI host-device driver interaction 4. ✔ removing the need for the "always-disconnected" connector 5. finish the hotplug bridge work, moving code to the core and potentially removing the hotplug-bridge itself (this needs to be clarified as points 1-3 are developed) [0] https://lore.kernel.org/lkml/20250206-hotplug-drm-bridge-v6-0-9d6f2c9c3058@… This work is a continuation of the work to correctly handle bridge refcounting for existing of_drm_find_bridge(). The ground work is in: - commit 293a8fd7721a ("drm/bridge: add of_drm_find_and_get_bridge()") - commit 9da0e06abda8 ("drm/bridge: deprecate of_drm_find_bridge()") - commit 3fdeae134ba9 ("drm/bridge: add next_bridge pointer to struct drm_bridge") The whole conversion is split in multiple series to make the review process a bit smoother. Parts 3 and 4 are converting non-bridge drivers (mostly encoders). (*) One bridge driver (synopsys/dw-hdmi) is converted in another series, together with its (non-bridge) users. Additionally this series converts drm_of_panel_bridge_remove() which is a special case, and has a bugfix for it too. Signed-off-by: Luca Ceresoli <luca.ceresoli(a)bootlin.com> --- Luca Ceresoli (12): drm: of: drm_of_panel_bridge_remove(): fix device_node leak drm: of: drm_of_panel_bridge_remove(): convert to of_drm_find_and_get_bridge() drm/bridge: sii902x: convert to of_drm_find_and_get_bridge() drm/bridge: thc63lvd1024: convert to of_drm_find_and_get_bridge() drm/bridge: tfp410: convert to of_drm_find_and_get_bridge() drm/bridge: tpd12s015: convert to of_drm_find_and_get_bridge() drm/bridge: lt8912b: convert to of_drm_find_and_get_bridge() drm/bridge: imx8mp-hdmi-pvi: convert to of_drm_find_and_get_bridge() drm/bridge: imx8qxp-ldb: convert to of_drm_find_and_get_bridge() drm/bridge: samsung-dsim: samsung_dsim_host_attach: use a temporary variable for the next bridge drm/bridge: samsung-dsim: samsung_dsim_host_attach: don't use the bridge pointer as an error indicator drm/bridge: samsung-dsim: samsung_dsim_host_attach: convert to of_drm_find_and_get_bridge() drivers/gpu/drm/bridge/imx/imx8mp-hdmi-pvi.c | 15 +++++++------- drivers/gpu/drm/bridge/imx/imx8qxp-ldb.c | 3 ++- drivers/gpu/drm/bridge/lontium-lt8912b.c | 31 ++++++++++++++-------------- drivers/gpu/drm/bridge/samsung-dsim.c | 28 ++++++++++++++++--------- drivers/gpu/drm/bridge/sii902x.c | 7 +++---- drivers/gpu/drm/bridge/thc63lvd1024.c | 7 +++---- drivers/gpu/drm/bridge/ti-tfp410.c | 27 ++++++++++++------------ drivers/gpu/drm/bridge/ti-tpd12s015.c | 8 +++---- include/drm/bridge/samsung-dsim.h | 1 - include/drm/drm_of.h | 6 +++++- 10 files changed, 69 insertions(+), 64 deletions(-) --- base-commit: 2bcba510a612cea32b8a536eedeabd7fcb413cd0 change-id: 20251223-drm-bridge-alloc-getput-drm_of_find_bridge-2-12c6bbcb6896 Best regards, -- Luca Ceresoli <luca.ceresoli(a)bootlin.com>

23 hours, 46 minutes

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror