February 2024 - Linux-stable-mirror

[PATCH 0/3] Support intra-function call validation

by $(name)

From: Rui Qi <qirui.001(a)bytedance.com> Since kernel version 5.4.250 LTS, there has been an issue with the kernel live patching feature becoming unavailable. When compiling the sample code for kernel live patching, the following message is displayed when enabled: livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack After investigation, it was found that this is due to objtool not supporting intra-function calls, resulting in incorrect orc entry generation. This patchset adds support for intra-function calls, allowing the kernel live patching feature to work correctly. Alexandre Chartre (2): objtool: is_fentry_call() crashes if call has no destination objtool: Add support for intra-function calls Rui Qi (1): x86/speculation: Support intra-function call validation arch/x86/include/asm/nospec-branch.h | 7 ++ include/linux/frame.h | 11 ++++ .../Documentation/stack-validation.txt | 8 +++ tools/objtool/arch/x86/decode.c | 6 ++ tools/objtool/check.c | 64 +++++++++++++++++-- 5 files changed, 91 insertions(+), 5 deletions(-) -- 2.39.2 (Apple Git-143)

1 year, 1 month

2
4
0 0

[PATCH 5.15] media: atomisp: sh_css: check ia_css_pipeline_create_and_add_stage() return code

by Alexandra Diupina

commit 912680064f94 ("media: atomisp: make sh_css similar to Intel Aero driver") removes the affected code, but in versions tags/v5.8-rc1~10^2~220 - tags/v5.17-rc1~114^2~261 there is no check for the return value of the ia_css_pipeline_create_and_add_stage() function. ia_css_pipeline_create_and_add_stage() may return an error code, so check and return it on error. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 7796e455170e ("media: staging: media: atomisp: Fix alignment and line length issues") Signed-off-by: Alexandra Diupina <adiupina(a)astralinux.ru> --- drivers/staging/media/atomisp/pci/sh_css.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/staging/media/atomisp/pci/sh_css.c b/drivers/staging/media/atomisp/pci/sh_css.c index ba25d0da8b81..8502adb75a5a 100644 --- a/drivers/staging/media/atomisp/pci/sh_css.c +++ b/drivers/staging/media/atomisp/pci/sh_css.c @@ -7912,6 +7912,10 @@ create_host_regular_capture_pipeline(struct ia_css_pipe *pipe) out_frames, in_frame, NULL); err = ia_css_pipeline_create_and_add_stage(me, &stage_desc, NULL); + if (err) { + IA_CSS_LEAVE_ERR_PRIVATE(err); + return err; + } } else if (need_pp && current_stage) { in_frame = current_stage->args.out_frame[0]; err = add_capture_pp_stage(pipe, me, in_frame, -- 2.30.2

1 year, 1 month

2
1
0 0

[PATCH 0/3] Support intra-function call validation

by $(uname)

From: Rui Qi <qirui.001(a)bytedance.com> Since kernel version 5.4.250 LTS, there has been an issue with the kernel live patching feature becoming unavailable. When compiling the sample code for kernel live patching, the following message is displayed when enabled: livepatch: klp_check_stack: kworker/u256:6:23490 has an unreliable stack After investigation, it was found that this is due to objtool not supporting intra-function calls, resulting in incorrect orc entry generation. This patchset adds support for intra-function calls, allowing the kernel live patching feature to work correctly. Alexandre Chartre (2): objtool: is_fentry_call() crashes if call has no destination objtool: Add support for intra-function calls Rui Qi (1): x86/speculation: Support intra-function call validation arch/x86/include/asm/nospec-branch.h | 7 ++ include/linux/frame.h | 11 ++++ .../Documentation/stack-validation.txt | 8 +++ tools/objtool/arch/x86/decode.c | 6 ++ tools/objtool/check.c | 64 +++++++++++++++++-- 5 files changed, 91 insertions(+), 5 deletions(-) -- 2.39.2 (Apple Git-143)

1 year, 1 month

1
0
0 0

[PATCH V2] usb: dwc3: gadget: Fix suspend/resume warning when no-gadget is connected

by Michael Trimarchi

This patch restore the logic but protects the variable using a spinlock without moving the code [ 45.597274] dwc3 31000000.usb: wait for SETUP phase timed out [ 45.599140] dwc3 31000000.usb: failed to set STALL on ep0out [ 45.601069] ------------[ cut here ]------------ [ 45.601073] WARNING: CPU: 0 PID: 150 at drivers/usb/dwc3/ep0.c:289 dwc3_ep0_out_start+0xcc/0xd4 [ 45.601102] Modules linked in: cfg80211 rfkill ipv6 rpmsg_ctrl rpmsg_char crct10dif_ce rti_wdt k3_j72xx_bandgap rtc_ti_k3 omap_mailbox sa2ul authenc [last unloaded: ti_k3_r5_remoteproc] [ 45.601151] CPU: 0 PID: 150 Comm: sh Not tainted 6.8.0-rc5 #1 [ 45.601159] Hardware name: BSH - CCM-M3 (DT) [ 45.601164] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 45.601172] pc : dwc3_ep0_out_start+0xcc/0xd4 [ 45.601179] lr : dwc3_ep0_out_start+0x50/0xd4 [ 45.601186] sp : ffff8000832739e0 [ 45.601189] x29: ffff8000832739e0 x28: ffff800082a21000 x27: ffff8000808dc630 [ 45.601200] x26: 0000000000000002 x25: ffff800082530a44 x24: 0000000000000000 [ 45.601210] x23: ffff000000e079a0 x22: ffff000000e07a68 x21: 0000000000000001 [ 45.601219] x20: ffff000000e07880 x19: ffff000000e07880 x18: 0000000000000040 [ 45.601229] x17: ffff7fff8e1ce000 x16: ffff800080000000 x15: fffffffffffe5260 [ 45.601239] x14: 0000000000000000 x13: 206e6f204c4c4154 x12: 5320746573206f74 [ 45.601249] x11: 0000000000000001 x10: 000000000000000a x9 : ffff800083273930 [ 45.601259] x8 : 000000000000000a x7 : ffffffffffff3f0c x6 : ffffffffffff3f00 [ 45.601268] x5 : ffffffffffff3f0c x4 : 0000000000000000 x3 : 0000000000000000 [ 45.601278] x2 : 0000000000000000 x1 : ffff000004e7e600 x0 : 00000000ffffff92 [ 45.601289] Call trace: [ 45.601293] dwc3_ep0_out_start+0xcc/0xd4 [ 45.601301] dwc3_ep0_stall_and_restart+0x98/0xbc [ 45.601309] dwc3_ep0_reset_state+0x5c/0x88 [ 45.601315] dwc3_gadget_soft_disconnect+0x144/0x160 [ 45.601323] dwc3_gadget_suspend+0x18/0xb0 [ 45.601329] dwc3_suspend_common+0x5c/0x18c [ 45.601341] dwc3_suspend+0x20/0x44 [ 45.601350] platform_pm_suspend+0x2c/0x6c [ 45.601360] __device_suspend+0x10c/0x34c [ 45.601372] dpm_suspend+0x1a8/0x240 [ 45.601382] dpm_suspend_start+0x80/0x9c [ 45.601391] suspend_devices_and_enter+0x1c4/0x584 [ 45.601402] pm_suspend+0x1b0/0x264 [ 45.601408] state_store+0x80/0xec [ 45.601415] kobj_attr_store+0x18/0x2c [ 45.601426] sysfs_kf_write+0x44/0x54 [ 45.601434] kernfs_fop_write_iter+0x120/0x1ec [ 45.601445] vfs_write+0x23c/0x358 [ 45.601458] ksys_write+0x70/0x104 [ 45.601467] __arm64_sys_write+0x1c/0x28 [ 45.601477] invoke_syscall+0x48/0x114 [ 45.601488] el0_svc_common.constprop.0+0x40/0xe0 [ 45.601498] do_el0_svc+0x1c/0x28 [ 45.601506] el0_svc+0x34/0xb8 [ 45.601516] el0t_64_sync_handler+0x100/0x12c [ 45.601522] el0t_64_sync+0x190/0x194 [ 45.601531] ---[ end trace 0000000000000000 ]--- [ 45.608794] Disabling non-boot CPUs ... [ 45.611029] psci: CPU1 killed (polled 0 ms) [ 45.611837] Enabling non-boot CPUs ... [ 45.612247] Detected VIPT I-cache on CPU1 Tested on a am62x board Fixes: 61a348857e86 ("usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend) Cc: stable(a)vger.kernel.org Signed-off-by: Michael Trimarchi <michael(a)amarulasolutions.com> --- V1->V2: Add cc to stable --- drivers/usb/dwc3/gadget.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 4c8dd6724678..4c88e44127b5 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -4703,13 +4703,19 @@ int dwc3_gadget_suspend(struct dwc3 *dwc) unsigned long flags; int ret; + spin_lock_irqsave(&dwc->lock, flags); + if (!dwc->gadget_driver) { + spin_unlock_irqrestore(&dwc->lock, flags); + return 0; + } + spin_unlock_irqrestore(&dwc->lock, flags); + ret = dwc3_gadget_soft_disconnect(dwc); if (ret) goto err; spin_lock_irqsave(&dwc->lock, flags); - if (dwc->gadget_driver) - dwc3_disconnect_gadget(dwc); + dwc3_disconnect_gadget(dwc); spin_unlock_irqrestore(&dwc->lock, flags); return 0; -- 2.40.1

1 year, 1 month

2
1
0 0

[PATCH] Revert "usb: typec: tcpm: reset counter when enter into unattached state after try role"

by Ondřej Jirman

From: Ondrej Jirman <megi(a)xff.cz> The reverted commit makes the state machine only ever go from SRC_ATTACH_WAIT to SNK_TRY in endless loop when toggling. After revert it goes to SRC_ATTACHED after initially trying SNK_TRY earlier, as it should for toggling to ever detect the power source mode and the port is again able to provide power to attached power sinks. This reverts commit 2d6d80127006ae3da26b1f21a65eccf957f2d1e5. Cc: stable(a)vger.kernel.org Fixes: 2d6d80127006 ("usb: typec: tcpm: reset counter when enter into unattached state after try role") Signed-of-by: Ondrej Jirman <megi(a)xff.cz> --- drivers/usb/typec/tcpm/tcpm.c | 3 --- 1 file changed, 3 deletions(-) See https://lore.kernel.org/all/odggrbbgjpardze76qiv57mw6tllisyu5sbrta37iadjzwa… for more. diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index f7d7daa60c8d..295ae7eb912c 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -3743,9 +3743,6 @@ static void tcpm_detach(struct tcpm_port *port) if (tcpm_port_is_disconnected(port)) port->hard_reset_count = 0; - port->try_src_count = 0; - port->try_snk_count = 0; - if (!port->attached) return; -- 2.43.0

1 year, 1 month

2
1
0 0

[PATCH stable 4.19] mm: memcontrol: switch to rcu protection in drain_all_stock()

by GONG, Ruiqi

From: Roman Gushchin <guro(a)fb.com> commit e1a366be5cb4f849ec4de170d50eebc08bb0af20 upstream. Commit 72f0184c8a00 ("mm, memcg: remove hotplug locking from try_charge") introduced css_tryget()/css_put() calls in drain_all_stock(), which are supposed to protect the target memory cgroup from being released during the mem_cgroup_is_descendant() call. However, it's not completely safe. In theory, memcg can go away between reading stock->cached pointer and calling css_tryget(). This can happen if drain_all_stock() races with drain_local_stock() performed on the remote cpu as a result of a work, scheduled by the previous invocation of drain_all_stock(). The race is a bit theoretical and there are few chances to trigger it, but the current code looks a bit confusing, so it makes sense to fix it anyway. The code looks like as if css_tryget() and css_put() are used to protect stocks drainage. It's not necessary because stocked pages are holding references to the cached cgroup. And it obviously won't work for works, scheduled on other cpus. So, let's read the stock->cached pointer and evaluate the memory cgroup inside a rcu read section, and get rid of css_tryget()/css_put() calls. Link: http://lkml.kernel.org/r/20190802192241.3253165-1-guro@fb.com Signed-off-by: Roman Gushchin <guro(a)fb.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Hillf Danton <hdanton(a)sina.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Vladimir Davydov <vdavydov.dev(a)gmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: stable(a)vger.kernel.org # 4.19 Fixes: cdec2e4265df ("memcg: coalesce charging via percpu storage") Signed-off-by: GONG, Ruiqi <gongruiqi1(a)huawei.com> --- This patch [1] fixed a UAF problem in drain_all_stock() existed prior to 5.9, and following discussions [2] mentioned that the fix depends on an RCU read protection to stock->cached (introduced in 5.4), which doesn't existed in 4.19. So backport this part to 4.19 as well. [1]: https://lore.kernel.org/all/20240221081801.69764-1-gongruiqi1@huawei.com/ [2]: https://lore.kernel.org/all/ZdXLgjpUfpwEwAe0@tiehlicka/ mm/memcontrol.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/mm/memcontrol.c b/mm/memcontrol.c index 8c04296df1c7..d187bfb43b1f 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -2094,21 +2094,22 @@ static void drain_all_stock(struct mem_cgroup *root_memcg) for_each_online_cpu(cpu) { struct memcg_stock_pcp *stock = &per_cpu(memcg_stock, cpu); struct mem_cgroup *memcg; + bool flush = false; + rcu_read_lock(); memcg = stock->cached; - if (!memcg || !stock->nr_pages || !css_tryget(&memcg->css)) - continue; - if (!mem_cgroup_is_descendant(memcg, root_memcg)) { - css_put(&memcg->css); - continue; - } - if (!test_and_set_bit(FLUSHING_CACHED_CHARGE, &stock->flags)) { + if (memcg && stock->nr_pages && + mem_cgroup_is_descendant(memcg, root_memcg)) + flush = true; + rcu_read_unlock(); + + if (flush && + !test_and_set_bit(FLUSHING_CACHED_CHARGE, &stock->flags)) { if (cpu == curcpu) drain_local_stock(&stock->work); else schedule_work_on(cpu, &stock->work); } - css_put(&memcg->css); } put_cpu(); mutex_unlock(&percpu_charge_mutex); -- 2.25.1

1 year, 1 month

2
1
0 0

[PATCH 5.10/5.15 v2 0/1 RESEND] mm/truncate: fix WARNING in ext4_set_page_dirty()

by Roman Smirnov

Syzkaller reports warning in ext4_set_page_dirty() in 5.10 and 5.15 stable releases. It happens because invalidate_inode_page() frees pages that are needed for the system. To fix this we need to add additional checks to the function. page_mapped() checks if a page exists in the page tables, but this is not enough. The page can be used in other places: https://elixir.bootlin.com/linux/v6.8-rc1/source/include/linux/page_ref.h#L… Kernel outputs an error line related to direct I/O: https://syzkaller.appspot.com/text?tag=CrashLog&x=14ab52dac80000 The problem can be fixed in 5.10 and 5.15 stable releases by the following patch. The patch replaces page_mapped() call with check that finds additional references to the page excluding page cache and filesystem private data. If additional references exist, the page cannot be freed. This version does not include the first patch from the first version. The problem can be fixed without it. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Link: https://syzkaller.appspot.com/bug?extid=02f21431b65c214aa1d6 Previous discussion: https://lore.kernel.org/all/20240125130947.600632-1-r.smirnov@omp.ru/T/ Matthew Wilcox (Oracle) (1): mm/truncate: Replace page_mapped() call in invalidate_inode_page() mm/truncate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- 2.34.1

1 year, 1 month

1
2
0 0

Re: Patch "xhci: fix possible null pointer deref during xhci urb enqueue" has been added to the 6.7-stab

by Pascal Ernster

[2024-02-23 18:45] Sasha Levin: > This is a note to let you know that I've just added the patch titled > > xhci: fix possible null pointer deref during xhci urb enqueue > > to the 6.7-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > xhci-fix-possible-null-pointer-deref-during-xhci-urb.patch > and it can be found in the queue-6.7 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit fb9100c2c6b7b172650ba25283cc4cf9af1d082c > Author: Mathias Nyman <mathias.nyman(a)linux.intel.com> > Date: Fri Dec 1 17:06:47 2023 +0200 > > xhci: fix possible null pointer deref during xhci urb enqueue > > [ Upstream commit e2e2aacf042f52854c92775b7800ba668e0bdfe4 ] > > There is a short gap between urb being submitted and actually added to the > endpoint queue (linked). If the device is disconnected during this time > then usb core is not yet aware of the pending urb, and device may be freed > just before xhci_urq_enqueue() continues, dereferencing the freed device. > > Freeing the device is protected by the xhci spinlock, so make sure we take > and keep the lock while checking that device exists, dereference it, and > add the urb to the queue. > > Remove the unnecessary URB check, usb core checks it before calling > xhci_urb_enqueue() > > Suggested-by: Kuen-Han Tsai <khtsai(a)google.com> > Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> > Link: https://lore.kernel.org/r/20231201150647.1307406-20-mathias.nyman@linux.int… > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c > index 884b0898d9c95..ddb686301af5d 100644 > --- a/drivers/usb/host/xhci.c > +++ b/drivers/usb/host/xhci.c > @@ -1522,24 +1522,7 @@ static int xhci_urb_enqueue(struct usb_hcd *hcd, struct urb *urb, gfp_t mem_flag > struct urb_priv *urb_priv; > int num_tds; > > - if (!urb) > - return -EINVAL; > - ret = xhci_check_args(hcd, urb->dev, urb->ep, > - true, true, __func__); > - if (ret <= 0) > - return ret ? ret : -EINVAL; > - > - slot_id = urb->dev->slot_id; > ep_index = xhci_get_endpoint_index(&urb->ep->desc); > - ep_state = &xhci->devs[slot_id]->eps[ep_index].ep_state; > - > - if (!HCD_HW_ACCESSIBLE(hcd)) > - return -ESHUTDOWN; > - > - if (xhci->devs[slot_id]->flags & VDEV_PORT_ERROR) { > - xhci_dbg(xhci, "Can't queue urb, port error, link inactive\n"); > - return -ENODEV; > - } > > if (usb_endpoint_xfer_isoc(&urb->ep->desc)) > num_tds = urb->number_of_packets; > @@ -1578,12 +1561,35 @@ static int xhci_urb_enqueue(struct usb_hcd *hcd, struct urb *urb, gfp_t mem_flag > > spin_lock_irqsave(&xhci->lock, flags); > > + ret = xhci_check_args(hcd, urb->dev, urb->ep, > + true, true, __func__); > + if (ret <= 0) { > + ret = ret ? ret : -EINVAL; > + goto free_priv; > + } > + > + slot_id = urb->dev->slot_id; > + > + if (!HCD_HW_ACCESSIBLE(hcd)) { > + ret = -ESHUTDOWN; > + goto free_priv; > + } > + > + if (xhci->devs[slot_id]->flags & VDEV_PORT_ERROR) { > + xhci_dbg(xhci, "Can't queue urb, port error, link inactive\n"); > + ret = -ENODEV; > + goto free_priv; > + } > + > if (xhci->xhc_state & XHCI_STATE_DYING) { > xhci_dbg(xhci, "Ep 0x%x: URB %p submitted for non-responsive xHCI host.\n", > urb->ep->desc.bEndpointAddress, urb); > ret = -ESHUTDOWN; > goto free_priv; > } > + > + ep_state = &xhci->devs[slot_id]->eps[ep_index].ep_state; > + > if (*ep_state & (EP_GETTING_STREAMS | EP_GETTING_NO_STREAMS)) { > xhci_warn(xhci, "WARN: Can't enqueue URB, ep in streams transition state %x\n", > *ep_state); Hi, this patch is causing my laptop (Dell Precision 7530) to crash during early boot with a kernel 6.7.6 with all the patches from your current stable-queue applied on top (https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tre…). Booting with "module_blacklist=xhci_pci,xhci_pci_renesas" stops the crashes. This patch was already thrown out a few weeks ago because it was causing problems: https://lore.kernel.org/stable/2024020331-confetti-ducking-8afb@gregkh/ Regards Pascal

1 year, 1 month

2
1
0 0

Please apply 56778b49c9a2cbc32c6b0fbd3ba1a9d64192d3af to linux-6.7.y

by Nathan Chancellor

Hi Greg and Sasha, Please apply commit 56778b49c9a2 ("kunit: Add a macro to wrap a deferred action function") to the 6.7 branch, as there are reported kCFI failures that are resolved by that change: https://github.com/ClangBuiltLinux/linux/issues/1998 It applies cleanly for me. We may want this in earlier branches as well but there are some conflicts that I did not have too much time to look at, we can always wait for other reports to come in before going further back as well. Cheers, Nathan

1 year, 1 month

2
1
0 0

[PATCH] PCI/DPC: Request DPC only if also requesting AER

by Bjorn Helgaas

From: Bjorn Helgaas <bhelgaas(a)google.com> When booting with "pci=noaer", we don't request control of AER, but we previously *did* request control of DPC, as in the dmesg log attached at the bugzilla below: Command line: ... pci=noaer acpi PNP0A08:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI EDR HPX-Type3] acpi PNP0A08:00: _OSC: OS now controls [PCIeHotplug SHPCHotplug PME PCIeCapability LTR DPC] That's illegal per PCI Firmware Spec, r3.3, sec 4.5.1, table 4-5, which says: If the operating system sets this bit [OSC_PCI_EXPRESS_DPC_CONTROL], it must also set bit 7 of the Support field (indicating support for Error Disconnect Recover notifications) and bits 3 and 4 of the Control field (requesting control of PCI Express Advanced Error Reporting and the PCI Express Capability Structure). Request DPC control only if we have also requested AER control. Fixes: ac1c8e35a326 ("PCI/DPC: Add Error Disconnect Recover (EDR) support") Link: https://bugzilla.kernel.org/show_bug.cgi?id=218491#c12 Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: <stable(a)vger.kernel.org> # v5.7+ Cc: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Cc: Matthew W Carlis <mattc(a)purestorage.com> Cc: Keith Busch <kbusch(a)kernel.org> Cc: Lukas Wunner <lukas(a)wunner.de> Cc: Mika Westerberg <mika.westerberg(a)linux.intel.com> Cc: Jesse Brandeburg <jesse.brandeburg(a)intel.com> --- drivers/acpi/pci_root.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c index 58b89b8d950e..1c16965427b3 100644 --- a/drivers/acpi/pci_root.c +++ b/drivers/acpi/pci_root.c @@ -518,17 +518,19 @@ static u32 calculate_control(void) if (IS_ENABLED(CONFIG_HOTPLUG_PCI_SHPC)) control |= OSC_PCI_SHPC_NATIVE_HP_CONTROL; - if (pci_aer_available()) + if (pci_aer_available()) { control |= OSC_PCI_EXPRESS_AER_CONTROL; - /* - * Per the Downstream Port Containment Related Enhancements ECN to - * the PCI Firmware Spec, r3.2, sec 4.5.1, table 4-5, - * OSC_PCI_EXPRESS_DPC_CONTROL indicates the OS supports both DPC - * and EDR. - */ - if (IS_ENABLED(CONFIG_PCIE_DPC) && IS_ENABLED(CONFIG_PCIE_EDR)) - control |= OSC_PCI_EXPRESS_DPC_CONTROL; + /* + * Per PCI Firmware Spec, r3.3, sec 4.5.1, table 4-5, the + * OS can request DPC control only if it has advertised + * OSC_PCI_EDR_SUPPORT and requested both + * OSC_PCI_EXPRESS_CAPABILITY_CONTROL and + * OSC_PCI_EXPRESS_AER_CONTROL. + */ + if (IS_ENABLED(CONFIG_PCIE_DPC) && IS_ENABLED(CONFIG_PCIE_EDR)) + control |= OSC_PCI_EXPRESS_DPC_CONTROL; + } return control; } -- 2.34.1

1 year, 1 month

2
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror February 2024