January 2024 - Linux-stable-mirror

[PATCH for-5.4.y 0/4] db845c(sdm845) ath10k fixes

by Amit Pundir

Hi, v5.4.y commit 3cf391e4174a ("wifi: ath10k: Don't touch the CE interrupt registers after power up"), which is commit 170c75d43a77 upstream, unleashed multiple DB845c(sdm845) regressions ranging from random RCU stalls to UFS crashes as also reported here https://lore.kernel.org/lkml/20230630151842.1.If764ede23c4e09a43a842771c2dd… Taking a cue from the commit message of 170c75d43a77, I tried backporting upstream commit d66d24ac300c ("ath10k: Keep track of which interrupts fired, don't poll them") and other relevant fixes and that seem to have done the trick. We no longer see any of the above reported regressions with the following patchset. This upstream patchset is just an educated guess and there may be one or more fixes in this series which are not needed at all but I have not tested them individually and marked all of them as Stable-dep-of: 170c75d43a77 ("ath10k: Don't touch the CE interrupt registers after power up") instead. Douglas Anderson (3): ath10k: Wait until copy complete is actually done before completing ath10k: Keep track of which interrupts fired, don't poll them ath10k: Get rid of "per_ce_irq" hw param Rakesh Pillai (1): ath10k: Add interrupt summary based CE processing drivers/net/wireless/ath/ath10k/ce.c | 79 ++++++++++++++------------ drivers/net/wireless/ath/ath10k/ce.h | 15 +++-- drivers/net/wireless/ath/ath10k/core.c | 13 ----- drivers/net/wireless/ath/ath10k/hw.h | 3 - drivers/net/wireless/ath/ath10k/snoc.c | 19 +++++-- drivers/net/wireless/ath/ath10k/snoc.h | 1 + 6 files changed, 64 insertions(+), 66 deletions(-) -- 2.25.1

1 year, 4 months

2
5
0 0

[PATCH v2] usb: core: Prevent null pointer dereference in update_port_device_state

by Udipto Goswami

Currently,the function update_port_device_state gets the usb_hub from udev->parent by calling usb_hub_to_struct_hub. However, in case the actconfig or the maxchild is 0, the usb_hub would be NULL and upon further accessing to get port_dev would result in null pointer dereference. Fix this by introducing an if check after the usb_hub is populated. Fixes: 83cb2604f641 ("usb: core: add sysfs entry for usb device state") Cc: stable(a)vger.kernel.org Signed-off-by: Udipto Goswami <quic_ugoswami(a)quicinc.com> --- v2: Introduced comment for the if check & CC'ed stable. drivers/usb/core/hub.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index ffd7c99e24a3..d40b5500f95b 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -2053,9 +2053,18 @@ static void update_port_device_state(struct usb_device *udev) if (udev->parent) { hub = usb_hub_to_struct_hub(udev->parent); - port_dev = hub->ports[udev->portnum - 1]; - WRITE_ONCE(port_dev->state, udev->state); - sysfs_notify_dirent(port_dev->state_kn); + + /* + * usb_hub_to_struct_hub() if returns NULL can + * potentially cause NULL pointer dereference upon further + * access. + * Avoid this with an if check. + */ + if (hub) { + port_dev = hub->ports[udev->portnum - 1]; + WRITE_ONCE(port_dev->state, udev->state); + sysfs_notify_dirent(port_dev->state_kn); + } } } -- 2.17.1

1 year, 4 months

2
2
0 0

[PATCH for-6.1.y] Revert "interconnect: qcom: sm8250: Enable sync_state"

by Amit Pundir

This reverts commit 3637f6bdfe2ccd53c493836b6e43c9a73e4513b3 which is commit bfc7db1cb94ad664546d70212699f8cc6c539e8c upstream. This resulted in boot regression on RB5 (sm8250), causing the device to hard crash into USB crash dump mode everytime. Signed-off-by: Amit Pundir <amit.pundir(a)linaro.org> --- drivers/interconnect/qcom/sm8250.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/interconnect/qcom/sm8250.c b/drivers/interconnect/qcom/sm8250.c index 9c2dd40d9a55..5cdb058fa095 100644 --- a/drivers/interconnect/qcom/sm8250.c +++ b/drivers/interconnect/qcom/sm8250.c @@ -551,7 +551,6 @@ static struct platform_driver qnoc_driver = { .driver = { .name = "qnoc-sm8250", .of_match_table = qnoc_of_match, - .sync_state = icc_sync_state, }, }; module_platform_driver(qnoc_driver); -- 2.25.1

1 year, 4 months

3
5
0 0

[PATCH v4] PCI: mediatek: Clear interrupt status before dispatching handler

by Jianjun Wang

From: qizhong cheng <qizhong.cheng(a)mediatek.com> We found a failure when used iperf tool for wifi performance testing, there are some MSIs received while clearing the interrupt status, these MSIs cannot be serviced. The interrupt status can be cleared even the MSI status still remaining, as an edge-triggered interrupts, its interrupt status should be cleared before dispatching to the handler of device. Fixes: 43e6409db64d ("PCI: mediatek: Add MSI support for MT2712 and MT7622") Signed-off-by: qizhong cheng <qizhong.cheng(a)mediatek.com> Signed-off-by: Jianjun Wang <jianjun.wang(a)mediatek.com> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Cc: stable(a)vger.kernel.org --- v4: - Found that this patch has not been merged, resending it as v4. v3: - Add Fix tag. v2: - Update the subject line. - Improve the commit log and code comments. --- drivers/pci/controller/pcie-mediatek.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/pci/controller/pcie-mediatek.c b/drivers/pci/controller/pcie-mediatek.c index 66a8f73296fc..3fb7f08de061 100644 --- a/drivers/pci/controller/pcie-mediatek.c +++ b/drivers/pci/controller/pcie-mediatek.c @@ -617,12 +617,17 @@ static void mtk_pcie_intr_handler(struct irq_desc *desc) if (status & MSI_STATUS){ unsigned long imsi_status; + /* + * The interrupt status can be cleared even the MSI + * status still remaining, hence as an edge-triggered + * interrupts, its interrupt status should be cleared + * before dispatching handler. + */ + writel(MSI_STATUS, port->base + PCIE_INT_STATUS); while ((imsi_status = readl(port->base + PCIE_IMSI_STATUS))) { for_each_set_bit(bit, &imsi_status, MTK_MSI_IRQS_NUM) generic_handle_domain_irq(port->inner_domain, bit); } - /* Clear MSI interrupt status */ - writel(MSI_STATUS, port->base + PCIE_INT_STATUS); } } -- 2.18.0

1 year, 4 months

2
1
0 0

[PATCH 5.10.y] powerpc: update ppc_save_regs to save current r1 in pt_regs

by Aditya Gupta

commit b684c09f09e7a6af3794d4233ef785819e72db79 upstream. ppc_save_regs() skips one stack frame while saving the CPU register states. Instead of saving current R1, it pulls the previous stack frame pointer. When vmcores caused by direct panic call (such as `echo c > /proc/sysrq-trigger`), are debugged with gdb, gdb fails to show the backtrace correctly. On further analysis, it was found that it was because of mismatch between r1 and NIP. GDB uses NIP to get current function symbol and uses corresponding debug info of that function to unwind previous frames, but due to the mismatching r1 and NIP, the unwinding does not work, and it fails to unwind to the 2nd frame and hence does not show the backtrace. GDB backtrace with vmcore of kernel without this patch: --------- (gdb) bt #0 0xc0000000002a53e8 in crash_setup_regs (oldregs=<optimized out>, newregs=0xc000000004f8f8d8) at ./arch/powerpc/include/asm/kexec.h:69 #1 __crash_kexec (regs=<optimized out>) at kernel/kexec_core.c:974 #2 0x0000000000000063 in ?? () #3 0xc000000003579320 in ?? () --------- Further analysis revealed that the mismatch occurred because "ppc_save_regs" was saving the previous stack's SP instead of the current r1. This patch fixes this by storing current r1 in the saved pt_regs. GDB backtrace with vmcore of patched kernel: -------- (gdb) bt #0 0xc0000000002a53e8 in crash_setup_regs (oldregs=0x0, newregs=0xc00000000670b8d8) at ./arch/powerpc/include/asm/kexec.h:69 #1 __crash_kexec (regs=regs@entry=0x0) at kernel/kexec_core.c:974 #2 0xc000000000168918 in panic (fmt=fmt@entry=0xc000000001654a60 "sysrq triggered crash\n") at kernel/panic.c:358 #3 0xc000000000b735f8 in sysrq_handle_crash (key=<optimized out>) at drivers/tty/sysrq.c:155 #4 0xc000000000b742cc in __handle_sysrq (key=key@entry=99, check_mask=check_mask@entry=false) at drivers/tty/sysrq.c:602 #5 0xc000000000b7506c in write_sysrq_trigger (file=<optimized out>, buf=<optimized out>, count=2, ppos=<optimized out>) at drivers/tty/sysrq.c:1163 #6 0xc00000000069a7bc in pde_write (ppos=<optimized out>, count=<optimized out>, buf=<optimized out>, file=<optimized out>, pde=0xc00000000362cb40) at fs/proc/inode.c:340 #7 proc_reg_write (file=<optimized out>, buf=<optimized out>, count=<optimized out>, ppos=<optimized out>) at fs/proc/inode.c:352 #8 0xc0000000005b3bbc in vfs_write (file=file@entry=0xc000000006aa6b00, buf=buf@entry=0x61f498b4f60 <error: Cannot access memory at address 0x61f498b4f60>, count=count@entry=2, pos=pos@entry=0xc00000000670bda0) at fs/read_write.c:582 #9 0xc0000000005b4264 in ksys_write (fd=<optimized out>, buf=0x61f498b4f60 <error: Cannot access memory at address 0x61f498b4f60>, count=2) at fs/read_write.c:637 #10 0xc00000000002ea2c in system_call_exception (regs=0xc00000000670be80, r0=<optimized out>) at arch/powerpc/kernel/syscall.c:171 #11 0xc00000000000c270 in system_call_vectored_common () at arch/powerpc/kernel/interrupt_64.S:192 -------- Nick adds: So this now saves regs as though it was an interrupt taken in the caller, at the instruction after the call to ppc_save_regs, whereas previously the NIP was there, but R1 came from the caller's caller and that mismatch is what causes gdb's dwarf unwinder to go haywire. Signed-off-by: Aditya Gupta <adityag(a)linux.ibm.com> Fixes: d16a58f8854b1 ("powerpc: Improve ppc_save_regs()") Reivewed-by: Nicholas Piggin <npiggin(a)gmail.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20230615091047.90433-1-adityag@linux.ibm.com Cc: stable(a)vger.kernel.org Signed-off-by: Aditya Gupta <adityag(a)linux.ibm.com> --- This is backport for the upstream commit b684c09f09e7a6af3794d4233ef785819e72db79. This solves a register mismatch issue while saving registers after a kernel crash. With this fixed, gdb can also unwind backtraces correctly for vmcores collected from such kernel crashes. Please let me know if this is not correct format for a backport patch. Thanks. --- --- arch/powerpc/kernel/ppc_save_regs.S | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/kernel/ppc_save_regs.S b/arch/powerpc/kernel/ppc_save_regs.S index 2d4d21bb46a9..5d284f78b0b4 100644 --- a/arch/powerpc/kernel/ppc_save_regs.S +++ b/arch/powerpc/kernel/ppc_save_regs.S @@ -58,10 +58,10 @@ _GLOBAL(ppc_save_regs) lbz r0,PACAIRQSOFTMASK(r13) PPC_STL r0,SOFTE-STACK_FRAME_OVERHEAD(r3) #endif - /* go up one stack frame for SP */ - PPC_LL r4,0(r1) - PPC_STL r4,1*SZL(r3) + /* store current SP */ + PPC_STL r1,1*SZL(r3) /* get caller's LR */ + PPC_LL r4,0(r1) PPC_LL r0,LRSAVE(r4) PPC_STL r0,_LINK-STACK_FRAME_OVERHEAD(r3) mflr r0 -- 2.43.0

1 year, 4 months

2
1
0 0

[PATCH AUTOSEL 4.14] nfc: Do not send datagram if socket state isn't LLCP_BOUND

by Sasha Levin

From: Siddh Raman Pant <code(a)siddh.me> [ Upstream commit 6ec0d7527c4287369b52df3bcefd21a0c4fb2b7c ] As we know we cannot send the datagram (state can be set to LLCP_CLOSED by nfc_llcp_socket_release()), there is no need to proceed further. Thus, bail out early from llcp_sock_sendmsg(). Signed-off-by: Siddh Raman Pant <code(a)siddh.me> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Suman Ghosh <sumang(a)marvell.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/nfc/llcp_sock.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c index 5bd6494573942..3b37c1ba93e48 100644 --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -803,6 +803,11 @@ static int llcp_sock_sendmsg(struct socket *sock, struct msghdr *msg, } if (sk->sk_type == SOCK_DGRAM) { + if (sk->sk_state != LLCP_BOUND) { + release_sock(sk); + return -ENOTCONN; + } + DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr, msg->msg_name); -- 2.43.0

1 year, 4 months

1
0
0 0

[PATCH AUTOSEL 4.19 1/2] nfc: Do not send datagram if socket state isn't LLCP_BOUND

by Sasha Levin

From: Siddh Raman Pant <code(a)siddh.me> [ Upstream commit 6ec0d7527c4287369b52df3bcefd21a0c4fb2b7c ] As we know we cannot send the datagram (state can be set to LLCP_CLOSED by nfc_llcp_socket_release()), there is no need to proceed further. Thus, bail out early from llcp_sock_sendmsg(). Signed-off-by: Siddh Raman Pant <code(a)siddh.me> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Suman Ghosh <sumang(a)marvell.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/nfc/llcp_sock.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c index 605d7448c3de1..b27bb2e2486c2 100644 --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -802,6 +802,11 @@ static int llcp_sock_sendmsg(struct socket *sock, struct msghdr *msg, } if (sk->sk_type == SOCK_DGRAM) { + if (sk->sk_state != LLCP_BOUND) { + release_sock(sk); + return -ENOTCONN; + } + DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr, msg->msg_name); -- 2.43.0

1 year, 4 months

1
1
0 0

[PATCH AUTOSEL 5.4 1/2] nfc: Do not send datagram if socket state isn't LLCP_BOUND

by Sasha Levin

From: Siddh Raman Pant <code(a)siddh.me> [ Upstream commit 6ec0d7527c4287369b52df3bcefd21a0c4fb2b7c ] As we know we cannot send the datagram (state can be set to LLCP_CLOSED by nfc_llcp_socket_release()), there is no need to proceed further. Thus, bail out early from llcp_sock_sendmsg(). Signed-off-by: Siddh Raman Pant <code(a)siddh.me> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Suman Ghosh <sumang(a)marvell.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/nfc/llcp_sock.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c index aea337d817025..91f5e3a2df8aa 100644 --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -798,6 +798,11 @@ static int llcp_sock_sendmsg(struct socket *sock, struct msghdr *msg, } if (sk->sk_type == SOCK_DGRAM) { + if (sk->sk_state != LLCP_BOUND) { + release_sock(sk); + return -ENOTCONN; + } + DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr, msg->msg_name); -- 2.43.0

1 year, 4 months

1
1
0 0

[PATCH AUTOSEL 5.10 1/3] nfc: Do not send datagram if socket state isn't LLCP_BOUND

by Sasha Levin

From: Siddh Raman Pant <code(a)siddh.me> [ Upstream commit 6ec0d7527c4287369b52df3bcefd21a0c4fb2b7c ] As we know we cannot send the datagram (state can be set to LLCP_CLOSED by nfc_llcp_socket_release()), there is no need to proceed further. Thus, bail out early from llcp_sock_sendmsg(). Signed-off-by: Siddh Raman Pant <code(a)siddh.me> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Suman Ghosh <sumang(a)marvell.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/nfc/llcp_sock.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c index 6e1fba2084930..fd643a1d39bc6 100644 --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -798,6 +798,11 @@ static int llcp_sock_sendmsg(struct socket *sock, struct msghdr *msg, } if (sk->sk_type == SOCK_DGRAM) { + if (sk->sk_state != LLCP_BOUND) { + release_sock(sk); + return -ENOTCONN; + } + DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr, msg->msg_name); -- 2.43.0

1 year, 4 months

1
2
0 0

[PATCH AUTOSEL 5.15 1/3] nfc: Do not send datagram if socket state isn't LLCP_BOUND

by Sasha Levin

From: Siddh Raman Pant <code(a)siddh.me> [ Upstream commit 6ec0d7527c4287369b52df3bcefd21a0c4fb2b7c ] As we know we cannot send the datagram (state can be set to LLCP_CLOSED by nfc_llcp_socket_release()), there is no need to proceed further. Thus, bail out early from llcp_sock_sendmsg(). Signed-off-by: Siddh Raman Pant <code(a)siddh.me> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Suman Ghosh <sumang(a)marvell.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/nfc/llcp_sock.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c index 6e1fba2084930..fd643a1d39bc6 100644 --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -798,6 +798,11 @@ static int llcp_sock_sendmsg(struct socket *sock, struct msghdr *msg, } if (sk->sk_type == SOCK_DGRAM) { + if (sk->sk_state != LLCP_BOUND) { + release_sock(sk); + return -ENOTCONN; + } + DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr, msg->msg_name); -- 2.43.0

1 year, 4 months

1
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror January 2024