September 2023 - Linux-stable-mirror

FAILED: patch "[PATCH] scsi: qla2xxx: Fix session hang in gnl" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 39d22740712c7563a2e18c08f033deeacdaf66e7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023091354-fantasize-premiere-2530@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 39d22740712c ("scsi: qla2xxx: Fix session hang in gnl") 31e6cdbe0eae ("scsi: qla2xxx: Implement ref count for SRB") d4523bd6fd5d ("scsi: qla2xxx: Refactor asynchronous command initialization") 2cabf10dbbe3 ("scsi: qla2xxx: Fix hang on NVMe command timeouts") e3d2612f583b ("scsi: qla2xxx: Fix use after free in debug code") 9efea843a906 ("scsi: qla2xxx: edif: Add detection of secure device") dd30706e73b7 ("scsi: qla2xxx: edif: Add key update") fac2807946c1 ("scsi: qla2xxx: edif: Add extraction of auth_els from the wire") 84318a9f01ce ("scsi: qla2xxx: edif: Add send, receive, and accept for auth_els") 7878f22a2e03 ("scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs") 7ebb336e45ef ("scsi: qla2xxx: edif: Add start + stop bsgs") d94d8158e184 ("scsi: qla2xxx: Add heartbeat check") f7a0ed479e66 ("scsi: qla2xxx: Fix crash in PCIe error handling") 2ce35c0821af ("scsi: qla2xxx: Fix use after free in bsg") 5777fef788a5 ("scsi: qla2xxx: Consolidate zio threshold setting for both FCP & NVMe") 960204ecca5e ("scsi: qla2xxx: Simplify if statement") a04658594399 ("scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe") dbf1f53cfd23 ("scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port") 707531bc2626 ("scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry") 605e74025f95 ("scsi: qla2xxx: Move sess cmd list/lock to driver") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 39d22740712c7563a2e18c08f033deeacdaf66e7 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran(a)marvell.com> Date: Fri, 14 Jul 2023 12:31:00 +0530 Subject: [PATCH] scsi: qla2xxx: Fix session hang in gnl Connection does not resume after a host reset / chip reset. The cause of the blockage is due to the FCF_ASYNC_ACTIVE left on. The gnl command was interrupted by the chip reset. On exiting the command, this flag should be turn off to allow relogin to reoccur. Clear this flag to prevent blockage. Cc: stable(a)vger.kernel.org Fixes: 17e64648aa47 ("scsi: qla2xxx: Correct fcport flags handling") Signed-off-by: Quinn Tran <qutran(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20230714070104.40052-7-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c index 1236acb1fd83..7ac4738fda25 100644 --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c @@ -1141,7 +1141,7 @@ int qla24xx_async_gnl(struct scsi_qla_host *vha, fc_port_t *fcport) u16 *mb; if (!vha->flags.online || (fcport->flags & FCF_ASYNC_SENT)) - return rval; + goto done; ql_dbg(ql_dbg_disc, vha, 0x20d9, "Async-gnlist WWPN %8phC \n", fcport->port_name); @@ -1195,8 +1195,9 @@ int qla24xx_async_gnl(struct scsi_qla_host *vha, fc_port_t *fcport) done_free_sp: /* ref: INIT */ kref_put(&sp->cmd_kref, qla2x00_sp_release); + fcport->flags &= ~(FCF_ASYNC_SENT); done: - fcport->flags &= ~(FCF_ASYNC_ACTIVE | FCF_ASYNC_SENT); + fcport->flags &= ~(FCF_ASYNC_ACTIVE); return rval; }

2 years, 1 month

1
0
0 0

Regression with raid1 in stable 5.15.132-rc1 and 6.1.53-rc1

by Jinpu Wang

Hi Greg and Stable folks. We've noticed regression in raid1 due to following commits: 79dabfd00a2b ("md/raid1: hold the barrier until handle_read_error() finishes") caeed0b9f1ce ("md/raid1: free the r1bio before waiting for blocked rdev") Kernel crash during io tests like below: Sep 11 23:03:15 ps401a-901 kernel: [ 449.007040] RIP: 0010:call_bio_endio+0x1a/0x60 [raid1] Sep 11 23:03:15 ps401a-901 kernel: [ 449.007147] Code: 00 5b e9 d9 79 b3 f0 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 53 48 8b 47 18 48 8b 5f 30 a8 01 75 04 c6 43 1a 0a 48 8b 53 08 <48> 8b 82 40 02 00 00 48 8b 40 50 48 8b 40 60 a8 80 74 12 48 8b 47 Sep 11 23:03:15 ps401a-901 kernel: [ 449.007347] RSP: 0018:ffffb3300f627b90 EFLAGS: 00010202 Sep 11 23:03:15 ps401a-901 kernel: [ 449.007448] RAX: 0000000000000025 RBX: ffff8d2cab013210 RCX: 0000000000000000 Sep 11 23:03:15 ps401a-901 kernel: [ 449.007582] RDX: 00000001ab000000 RSI: ffff8d2cab013210 RDI: ffff8cfdb1e1d100 Sep 11 23:03:15 ps401a-901 kernel: [ 449.007688] RBP: ffff8d34c2ee2800 R08: 000000000000c0d4 R09: 0000000000073f2c Sep 11 23:03:15 ps401a-901 kernel: [ 449.007795] R10: 0000000000073f34 R11: ffff8cfdb1e1d100 R12: ffff8d2cab013200 Sep 11 23:03:15 ps401a-901 kernel: [ 449.007901] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8d34c2ee2800 Sep 11 23:03:15 ps401a-901 kernel: [ 449.008011] FS: 0000000000000000(0000) GS:ffff8d3487c40000(0000) knlGS:0000000000000000 Sep 11 23:03:15 ps401a-901 kernel: [ 449.008146] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Sep 11 23:03:15 ps401a-901 kernel: [ 449.008248] CR2: 00000001ab000240 CR3: 000000038360a000 CR4: 00000000000406e0 Sep 11 23:03:15 ps401a-901 kernel: [ 449.008355] Call Trace: Sep 11 23:03:15 ps401a-901 kernel: [ 449.008448] <TASK> Sep 11 23:03:15 ps401a-901 kernel: [ 449.008539] ? __die_body+0x1a/0x60 Sep 11 23:03:15 ps401a-901 kernel: [ 449.008638] ? page_fault_oops+0x136/0x2a0 Sep 11 23:03:15 ps401a-901 kernel: [ 449.008754] ? exc_page_fault+0x5f/0x110 Sep 11 23:03:15 ps401a-901 kernel: [ 449.008853] ? asm_exc_page_fault+0x22/0x30 Sep 11 23:03:15 ps401a-901 kernel: [ 449.008955] ? call_bio_endio+0x1a/0x60 [raid1] Sep 11 23:03:15 ps401a-901 kernel: [ 449.009055] raid_end_bio_io+0x28/0x90 [raid1] Sep 11 23:03:15 ps401a-901 kernel: [ 449.009158] raid1_end_write_request+0x10b/0x340 [raid1] Sep 11 23:03:15 ps401a-901 kernel: [ 449.009263] submit_bio_checks+0x84/0x450 Sep 11 23:03:15 ps401a-901 kernel: [ 449.009364] ? __wake_up_common+0x77/0x140 Sep 11 23:03:15 ps401a-901 kernel: [ 449.009463] __submit_bio+0x106/0x190 Sep 11 23:03:15 ps401a-901 kernel: [ 449.009560] ? __queue_work+0x136/0x3b0 Sep 11 23:03:15 ps401a-901 kernel: [ 449.009659] submit_bio_noacct+0x268/0x2c0 Sep 11 23:03:15 ps401a-901 kernel: [ 449.009758] flush_bio_list+0x60/0x100 [raid1] Sep 11 23:03:15 ps401a-901 kernel: [ 449.009859] flush_pending_writes+0x71/0xb0 [raid1] Sep 11 23:03:15 ps401a-901 kernel: [ 449.009976] raid1d+0xa6/0x1280 [raid1] Sep 11 23:03:15 ps401a-901 kernel: [ 449.010076] ? psi_task_switch+0xde/0x200 Sep 11 23:03:15 ps401a-901 kernel: [ 449.010175] ? __switch_to_asm+0x3a/0x60 Sep 11 23:03:15 ps401a-901 kernel: [ 449.010274] ? finish_task_switch+0x7d/0x280 Sep 11 23:03:15 ps401a-901 kernel: [ 449.010373] ? try_to_del_timer_sync+0x4d/0x80 Sep 11 23:03:15 ps401a-901 kernel: [ 449.010475] ? md_thread+0x137/0x170 [md_mod] Sep 11 23:03:15 ps401a-901 kernel: [ 449.010586] ? process_checks+0x4c0/0x4c0 [raid1] Sep 11 23:03:15 ps401a-901 kernel: [ 449.010688] md_thread+0x137/0x170 [md_mod] Reverting both patches locally I can no longer reproduce the crash. Please drop both patches from all the stable queues. Thx! Jnipu Wang @ IONOS cloud

2 years, 1 month

2
4
0 0

[PATCH AUTOSEL 6.5 01/45] spi: sun6i: add quirk for dual and quad SPI modes support

by Sasha Levin

From: Maksim Kiselev <bigunclemax(a)gmail.com> [ Upstream commit 0605d9fb411f3337482976842a3901d6c125d298 ] New Allwinner's SPI controllers can support dual and quad SPI modes. To enable one of these modes, we should set the corresponding bit in the SUN6I_BURST_CTL_CNT_REG register. DRM (28 bits) for dual mode and Quad_EN (29 bits) for quad transmission. Signed-off-by: Maksim Kiselev <bigunclemax(a)gmail.com> Link: https://lore.kernel.org/r/20230624131632.2972546-2-bigunclemax@gmail.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/spi/spi-sun6i.c | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/drivers/spi/spi-sun6i.c b/drivers/spi/spi-sun6i.c index 30d541612253e..cec2747235abf 100644 --- a/drivers/spi/spi-sun6i.c +++ b/drivers/spi/spi-sun6i.c @@ -83,6 +83,9 @@ #define SUN6I_XMIT_CNT_REG 0x34 #define SUN6I_BURST_CTL_CNT_REG 0x38 +#define SUN6I_BURST_CTL_CNT_STC_MASK GENMASK(23, 0) +#define SUN6I_BURST_CTL_CNT_DRM BIT(28) +#define SUN6I_BURST_CTL_CNT_QUAD_EN BIT(29) #define SUN6I_TXDATA_REG 0x200 #define SUN6I_RXDATA_REG 0x300 @@ -90,6 +93,7 @@ struct sun6i_spi_cfg { unsigned long fifo_depth; bool has_clk_ctl; + u32 mode_bits; }; struct sun6i_spi { @@ -266,7 +270,7 @@ static int sun6i_spi_transfer_one(struct spi_master *master, unsigned int div, div_cdr1, div_cdr2, timeout; unsigned int start, end, tx_time; unsigned int trig_level; - unsigned int tx_len = 0, rx_len = 0; + unsigned int tx_len = 0, rx_len = 0, nbits = 0; bool use_dma; int ret = 0; u32 reg; @@ -418,13 +422,29 @@ static int sun6i_spi_transfer_one(struct spi_master *master, sun6i_spi_write(sspi, SUN6I_GBL_CTL_REG, reg); /* Setup the transfer now... */ - if (sspi->tx_buf) + if (sspi->tx_buf) { tx_len = tfr->len; + nbits = tfr->tx_nbits; + } else if (tfr->rx_buf) { + nbits = tfr->rx_nbits; + } + + switch (nbits) { + case SPI_NBITS_DUAL: + reg = SUN6I_BURST_CTL_CNT_DRM; + break; + case SPI_NBITS_QUAD: + reg = SUN6I_BURST_CTL_CNT_QUAD_EN; + break; + case SPI_NBITS_SINGLE: + default: + reg = FIELD_PREP(SUN6I_BURST_CTL_CNT_STC_MASK, tx_len); + } /* Setup the counters */ + sun6i_spi_write(sspi, SUN6I_BURST_CTL_CNT_REG, reg); sun6i_spi_write(sspi, SUN6I_BURST_CNT_REG, tfr->len); sun6i_spi_write(sspi, SUN6I_XMIT_CNT_REG, tx_len); - sun6i_spi_write(sspi, SUN6I_BURST_CTL_CNT_REG, tx_len); if (!use_dma) { /* Fill the TX FIFO */ @@ -623,7 +643,8 @@ static int sun6i_spi_probe(struct platform_device *pdev) master->set_cs = sun6i_spi_set_cs; master->transfer_one = sun6i_spi_transfer_one; master->num_chipselect = 4; - master->mode_bits = SPI_CPOL | SPI_CPHA | SPI_CS_HIGH | SPI_LSB_FIRST; + master->mode_bits = SPI_CPOL | SPI_CPHA | SPI_CS_HIGH | SPI_LSB_FIRST | + sspi->cfg->mode_bits; master->bits_per_word_mask = SPI_BPW_MASK(8); master->dev.of_node = pdev->dev.of_node; master->auto_runtime_pm = true; -- 2.40.1

2 years, 1 month

6
49
0 0

[PATCH v2] vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE

by Eric Auger

Commit e2ae38cf3d91 ("vhost: fix hung thread due to erroneous iotlb entries") Forbade vhost iotlb msg with null size to prevent entries with size = start = 0 and last = ULONG_MAX to end up in the iotlb. Then commit 95932ab2ea07 ("vhost: allow batching hint without size") only applied the check for VHOST_IOTLB_UPDATE and VHOST_IOTLB_INVALIDATE message types to fix a regression observed with batching hit. Still, the introduction of that check introduced a regression for some users attempting to invalidate the whole ULONG_MAX range by setting the size to 0. This is the case with qemu/smmuv3/vhost integration which does not work anymore. It Looks safe to partially revert the original commit and allow VHOST_IOTLB_INVALIDATE messages with null size. vhost_iotlb_del_range() will compute a correct end iova. Same for vhost_vdpa_iotlb_unmap(). Signed-off-by: Eric Auger <eric.auger(a)redhat.com> Fixes: e2ae38cf3d91 ("vhost: fix hung thread due to erroneous iotlb entries") Cc: stable(a)vger.kernel.org # v5.17+ Acked-by: Jason Wang <jasowang(a)redhat.com> --- v1 -> v2: - Added Cc stable and Jason's Acked-by --- drivers/vhost/vhost.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index c71d573f1c94..e0c181ad17e3 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -1458,9 +1458,7 @@ ssize_t vhost_chr_write_iter(struct vhost_dev *dev, goto done; } - if ((msg.type == VHOST_IOTLB_UPDATE || - msg.type == VHOST_IOTLB_INVALIDATE) && - msg.size == 0) { + if (msg.type == VHOST_IOTLB_UPDATE && msg.size == 0) { ret = -EINVAL; goto done; } -- 2.41.0

2 years, 1 month

1
1
0 0

[PATCH v2 1/2] maple_tree: Disable mas_wr_append() when other readers are possible

by Liam R. Howlett

The current implementation of append may cause duplicate data and/or incorrect ranges to be returned to a reader during an update. Although this has not been reported or seen, disable the append write operation while the tree is in rcu mode out of an abundance of caution. During the analysis of the mas_next_slot() the following was artificially created by separating the writer and reader code: Writer: reader: mas_wr_append set end pivot updates end metata Detects write to last slot last slot write is to start of slot store current contents in slot overwrite old end pivot mas_next_slot(): read end metadata read old end pivot return with incorrect range store new value Alternatively: Writer: reader: mas_wr_append set end pivot updates end metata Detects write to last slot last lost write to end of slot store value mas_next_slot(): read end metadata read old end pivot read new end pivot return with incorrect range set old end pivot There may be other accesses that are not safe since we are now updating both metadata and pointers, so disabling append if there could be rcu readers is the safest action. Fixes: 54a611b60590 ("Maple Tree: add new data structure") Cc: stable(a)vger.kernel.org Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> --- lib/maple_tree.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/maple_tree.c b/lib/maple_tree.c index ffb9d15bd815..05d5db255c39 100644 --- a/lib/maple_tree.c +++ b/lib/maple_tree.c @@ -4107,6 +4107,10 @@ static inline unsigned char mas_wr_new_end(struct ma_wr_state *wr_mas) * mas_wr_append: Attempt to append * @wr_mas: the maple write state * + * This is currently unsafe in rcu mode since the end of the node may be cached + * by readers while the node contents may be updated which could result in + * inaccurate information. + * * Return: True if appended, false otherwise */ static inline bool mas_wr_append(struct ma_wr_state *wr_mas, @@ -4116,6 +4120,9 @@ static inline bool mas_wr_append(struct ma_wr_state *wr_mas, struct ma_state *mas = wr_mas->mas; unsigned char node_pivots = mt_pivots[wr_mas->type]; + if (mt_in_rcu(mas->tree)) + return false; + if (mas->offset != wr_mas->node_end) return false; -- 2.39.2

2 years, 1 month

10
42
0 0

[git:media_tree/master] media: uvcvideo: Fix menu count handling for userspace XU mappings

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: uvcvideo: Fix menu count handling for userspace XU mappings Author: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Date: Tue Jun 6 18:55:30 2023 +0200 When commit 716c330433e3 ("media: uvcvideo: Use standard names for menus") reworked the handling of menu controls, it inadvertently replaced a GENMASK(n - 1, 0) with a BIT_MASK(n). The latter isn't equivalent to the former, which broke adding XU mappings from userspace. Fix it. Link: https://lore.kernel.org/linux-media/468a36ec-c3ac-cb47-e12f-5906239ae3cd@sp… Cc: stable(a)vger.kernel.org Reported-by: Poncho <poncho(a)spahan.ch> Fixes: 716c330433e3 ("media: uvcvideo: Use standard names for menus") Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Reviewed-by: Ricardo Ribalda <ribalda(a)chromium.org> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> drivers/media/usb/uvc/uvc_v4l2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c index 5ac2a424b13d..f4988f03640a 100644 --- a/drivers/media/usb/uvc/uvc_v4l2.c +++ b/drivers/media/usb/uvc/uvc_v4l2.c @@ -45,7 +45,7 @@ static int uvc_control_add_xu_mapping(struct uvc_video_chain *chain, map->menu_names = NULL; map->menu_mapping = NULL; - map->menu_mask = BIT_MASK(xmap->menu_count); + map->menu_mask = GENMASK(xmap->menu_count - 1, 0); size = xmap->menu_count * sizeof(*map->menu_mapping); map->menu_mapping = kzalloc(size, GFP_KERNEL);

2 years, 1 month

1
0
0 0

[git:media_stage/master] media: uvcvideo: Fix menu count handling for userspace XU mappings

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: uvcvideo: Fix menu count handling for userspace XU mappings Author: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Date: Tue Jun 6 18:55:30 2023 +0200 When commit 716c330433e3 ("media: uvcvideo: Use standard names for menus") reworked the handling of menu controls, it inadvertently replaced a GENMASK(n - 1, 0) with a BIT_MASK(n). The latter isn't equivalent to the former, which broke adding XU mappings from userspace. Fix it. Link: https://lore.kernel.org/linux-media/468a36ec-c3ac-cb47-e12f-5906239ae3cd@sp… Cc: stable(a)vger.kernel.org Reported-by: Poncho <poncho(a)spahan.ch> Fixes: 716c330433e3 ("media: uvcvideo: Use standard names for menus") Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Reviewed-by: Ricardo Ribalda <ribalda(a)chromium.org> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> drivers/media/usb/uvc/uvc_v4l2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c index 5ac2a424b13d..f4988f03640a 100644 --- a/drivers/media/usb/uvc/uvc_v4l2.c +++ b/drivers/media/usb/uvc/uvc_v4l2.c @@ -45,7 +45,7 @@ static int uvc_control_add_xu_mapping(struct uvc_video_chain *chain, map->menu_names = NULL; map->menu_mapping = NULL; - map->menu_mask = BIT_MASK(xmap->menu_count); + map->menu_mask = GENMASK(xmap->menu_count - 1, 0); size = xmap->menu_count * sizeof(*map->menu_mapping); map->menu_mapping = kzalloc(size, GFP_KERNEL);

2 years, 1 month

1
0
0 0

[git:media_stage/master] media: vcodec: Fix potential array out-of-bounds in encoder queue_setup

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: vcodec: Fix potential array out-of-bounds in encoder queue_setup Author: Wei Chen <harperchen1110(a)gmail.com> Date: Thu Aug 10 08:23:33 2023 +0000 variable *nplanes is provided by user via system call argument. The possible value of q_data->fmt->num_planes is 1-3, while the value of *nplanes can be 1-8. The array access by index i can cause array out-of-bounds. Fix this bug by checking *nplanes against the array size. Fixes: 4e855a6efa54 ("[media] vcodec: mediatek: Add Mediatek V4L2 Video Encoder Driver") Signed-off-by: Wei Chen <harperchen1110(a)gmail.com> Cc: stable(a)vger.kernel.org Reviewed-by: Chen-Yu Tsai <wenst(a)chromium.org> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c | 2 ++ 1 file changed, 2 insertions(+) --- diff --git a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c index 9ff439a50f53..315e97a2450e 100644 --- a/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c +++ b/drivers/media/platform/mediatek/vcodec/mtk_vcodec_enc.c @@ -821,6 +821,8 @@ static int vb2ops_venc_queue_setup(struct vb2_queue *vq, return -EINVAL; if (*nplanes) { + if (*nplanes != q_data->fmt->num_planes) + return -EINVAL; for (i = 0; i < *nplanes; i++) if (sizes[i] < q_data->sizeimage[i]) return -EINVAL;

2 years, 1 month

1
0
0 0

[git:media_stage/master] media: qcom: camss: Fix pm_domain_on sequence in probe

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: qcom: camss: Fix pm_domain_on sequence in probe Author: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Date: Wed Aug 30 16:16:06 2023 +0100 We need to make sure camss_configure_pd() happens before camss_register_entities() as the vfe_get() path relies on the pointer provided by camss_configure_pd(). Fix the ordering sequence in probe to ensure the pointers vfe_get() demands are present by the time camss_register_entities() runs. In order to facilitate backporting to stable kernels I've moved the configure_pd() call pretty early on the probe() function so that irrespective of the existence of the old error handling jump labels this patch should still apply to -next circa Aug 2023 to v5.13 inclusive. Fixes: 2f6f8af67203 ("media: camss: Refactor VFE power domain toggling") Cc: stable(a)vger.kernel.org Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/platform/qcom/camss/camss.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) --- diff --git a/drivers/media/platform/qcom/camss/camss.c b/drivers/media/platform/qcom/camss/camss.c index f11dc59135a5..75991d849b57 100644 --- a/drivers/media/platform/qcom/camss/camss.c +++ b/drivers/media/platform/qcom/camss/camss.c @@ -1619,6 +1619,12 @@ static int camss_probe(struct platform_device *pdev) if (ret < 0) goto err_cleanup; + ret = camss_configure_pd(camss); + if (ret < 0) { + dev_err(dev, "Failed to configure power domains: %d\n", ret); + goto err_cleanup; + } + ret = camss_init_subdevices(camss); if (ret < 0) goto err_cleanup; @@ -1678,12 +1684,6 @@ static int camss_probe(struct platform_device *pdev) } } - ret = camss_configure_pd(camss); - if (ret < 0) { - dev_err(dev, "Failed to configure power domains: %d\n", ret); - return ret; - } - pm_runtime_enable(dev); return 0;

2 years, 1 month

1
0
0 0

[git:media_stage/master] media: qcom: camss: Fix vfe_get() error jump

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: qcom: camss: Fix vfe_get() error jump Author: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Date: Wed Aug 30 16:16:09 2023 +0100 Right now it is possible to do a vfe_get() with the internal reference count at 1. If vfe_check_clock_rates() returns non-zero then we will leave the reference count as-is and run: - pm_runtime_put_sync() - vfe->ops->pm_domain_off() skip: - camss_disable_clocks() Subsequent vfe_put() calls will when the ref-count is non-zero unconditionally run: - pm_runtime_put_sync() - vfe->ops->pm_domain_off() - camss_disable_clocks() vfe_get() should not attempt to roll-back on error when the ref-count is non-zero as the upper layers will still do their own vfe_put() operations. vfe_put() will drop the reference count and do the necessary power domain release, the cleanup jumps in vfe_get() should only be run when the ref-count is zero. [ 50.095796] CPU: 7 PID: 3075 Comm: cam Not tainted 6.3.2+ #80 [ 50.095798] Hardware name: LENOVO 21BXCTO1WW/21BXCTO1WW, BIOS N3HET82W (1.54 ) 05/26/2023 [ 50.095799] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 50.095802] pc : refcount_warn_saturate+0xf4/0x148 [ 50.095804] lr : refcount_warn_saturate+0xf4/0x148 [ 50.095805] sp : ffff80000c7cb8b0 [ 50.095806] x29: ffff80000c7cb8b0 x28: ffff16ecc0e3fc10 x27: 0000000000000000 [ 50.095810] x26: 0000000000000000 x25: 0000000000020802 x24: 0000000000000000 [ 50.095813] x23: ffff16ecc7360640 x22: 00000000ffffffff x21: 0000000000000005 [ 50.095815] x20: ffff16ed175f4400 x19: ffffb4d9852942a8 x18: ffffffffffffffff [ 50.095818] x17: ffffb4d9852d4a48 x16: ffffb4d983da5db8 x15: ffff80000c7cb320 [ 50.095821] x14: 0000000000000001 x13: 2e656572662d7265 x12: 7466612d65737520 [ 50.095823] x11: 00000000ffffefff x10: ffffb4d9850cebf0 x9 : ffffb4d9835cf954 [ 50.095826] x8 : 0000000000017fe8 x7 : c0000000ffffefff x6 : 0000000000057fa8 [ 50.095829] x5 : ffff16f813fe3d08 x4 : 0000000000000000 x3 : ffff621e8f4d2000 [ 50.095832] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff16ed32119040 [ 50.095835] Call trace: [ 50.095836] refcount_warn_saturate+0xf4/0x148 [ 50.095838] device_link_put_kref+0x84/0xc8 [ 50.095843] device_link_del+0x38/0x58 [ 50.095846] vfe_pm_domain_off+0x3c/0x50 [qcom_camss] [ 50.095860] vfe_put+0x114/0x140 [qcom_camss] [ 50.095869] csid_set_power+0x2c8/0x408 [qcom_camss] [ 50.095878] pipeline_pm_power_one+0x164/0x170 [videodev] [ 50.095896] pipeline_pm_power+0xc4/0x110 [videodev] [ 50.095909] v4l2_pipeline_pm_use+0x5c/0xa0 [videodev] [ 50.095923] v4l2_pipeline_pm_get+0x1c/0x30 [videodev] [ 50.095937] video_open+0x7c/0x100 [qcom_camss] [ 50.095945] v4l2_open+0x84/0x130 [videodev] [ 50.095960] chrdev_open+0xc8/0x250 [ 50.095964] do_dentry_open+0x1bc/0x498 [ 50.095966] vfs_open+0x34/0x40 [ 50.095968] path_openat+0xb44/0xf20 [ 50.095971] do_filp_open+0xa4/0x160 [ 50.095974] do_sys_openat2+0xc8/0x188 [ 50.095975] __arm64_sys_openat+0x6c/0xb8 [ 50.095977] invoke_syscall+0x50/0x128 [ 50.095982] el0_svc_common.constprop.0+0x4c/0x100 [ 50.095985] do_el0_svc+0x40/0xa8 [ 50.095988] el0_svc+0x2c/0x88 [ 50.095991] el0t_64_sync_handler+0xf4/0x120 [ 50.095994] el0t_64_sync+0x190/0x198 [ 50.095996] ---[ end trace 0000000000000000 ]--- Fixes: 779096916dae ("media: camss: vfe: Fix runtime PM imbalance on error") Cc: stable(a)vger.kernel.org Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/platform/qcom/camss/camss-vfe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- diff --git a/drivers/media/platform/qcom/camss/camss-vfe.c b/drivers/media/platform/qcom/camss/camss-vfe.c index 06c95568e5af..5d8462ec0af2 100644 --- a/drivers/media/platform/qcom/camss/camss-vfe.c +++ b/drivers/media/platform/qcom/camss/camss-vfe.c @@ -611,7 +611,7 @@ int vfe_get(struct vfe_device *vfe) } else { ret = vfe_check_clock_rates(vfe); if (ret < 0) - goto error_pm_runtime_get; + goto error_pm_domain; } vfe->power_count++;

2 years, 1 month

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2023