September 2025 - Linux-stable-mirror

[PATCH v3] bus: mhi: ep: Fix chained transfer handling in read path

by Sumit Kumar

The mhi_ep_read_channel function incorrectly assumes the End of Transfer (EOT) bit is received with the doorbell in chained transactions, causing it to advance mhi_chan->rd_offset beyond wr_offset during host-to-device transfers when EOT has not yet arrived, leading to access of unmapped host memory that causes IOMMU faults and processing of stale TREs. Modify the loop condition to ensure mhi_queue is not empty, allowing the function to process only valid TREs up to the current write pointer to prevent premature reads and ensure safe traversal of chained TREs. Remove buf_left from the while loop condition to avoid exiting prematurely before reading the ring completely, and remove write_offset since it will always be zero because the new cache buffer is allocated every time. Fixes: 5301258899773 ("bus: mhi: ep: Add support for reading from the host") Cc: stable(a)vger.kernel.org Co-developed-by: Akhil Vinod <akhil.vinod(a)oss.qualcomm.com> Signed-off-by: Akhil Vinod <akhil.vinod(a)oss.qualcomm.com> Signed-off-by: Sumit Kumar <sumit.kumar(a)oss.qualcomm.com> --- Changes in v3: - Update commit message - Migrated to new mail - Link to v2: https://lore.kernel.org/r/20250822-chained_transfer-v2-1-7aeb5ac215b6@quici… Changes in v2: - Use mhi_ep_queue_is_empty in while loop (Mani). - Remove do while loop in mhi_ep_process_ch_ring (Mani). - Remove buf_left, wr_offset, tr_done. - Haven't added Reviewed-by as there is change in logic. - Link to v1: https://lore.kernel.org/r/20250709-chained_transfer-v1-1-2326a4605c9c@quici… --- drivers/bus/mhi/ep/main.c | 37 ++++++++++++------------------------- 1 file changed, 12 insertions(+), 25 deletions(-) diff --git a/drivers/bus/mhi/ep/main.c b/drivers/bus/mhi/ep/main.c index b3eafcf2a2c50d95e3efd3afb27038ecf55552a5..cdea24e9291959ae0a92487c1b9698dc8164d2f1 100644 --- a/drivers/bus/mhi/ep/main.c +++ b/drivers/bus/mhi/ep/main.c @@ -403,17 +403,13 @@ static int mhi_ep_read_channel(struct mhi_ep_cntrl *mhi_cntrl, { struct mhi_ep_chan *mhi_chan = &mhi_cntrl->mhi_chan[ring->ch_id]; struct device *dev = &mhi_cntrl->mhi_dev->dev; - size_t tr_len, read_offset, write_offset; + size_t tr_len, read_offset; struct mhi_ep_buf_info buf_info = {}; u32 len = MHI_EP_DEFAULT_MTU; struct mhi_ring_element *el; - bool tr_done = false; void *buf_addr; - u32 buf_left; int ret; - buf_left = len; - do { /* Don't process the transfer ring if the channel is not in RUNNING state */ if (mhi_chan->state != MHI_CH_STATE_RUNNING) { @@ -426,24 +422,23 @@ static int mhi_ep_read_channel(struct mhi_ep_cntrl *mhi_cntrl, /* Check if there is data pending to be read from previous read operation */ if (mhi_chan->tre_bytes_left) { dev_dbg(dev, "TRE bytes remaining: %u\n", mhi_chan->tre_bytes_left); - tr_len = min(buf_left, mhi_chan->tre_bytes_left); + tr_len = min(len, mhi_chan->tre_bytes_left); } else { mhi_chan->tre_loc = MHI_TRE_DATA_GET_PTR(el); mhi_chan->tre_size = MHI_TRE_DATA_GET_LEN(el); mhi_chan->tre_bytes_left = mhi_chan->tre_size; - tr_len = min(buf_left, mhi_chan->tre_size); + tr_len = min(len, mhi_chan->tre_size); } read_offset = mhi_chan->tre_size - mhi_chan->tre_bytes_left; - write_offset = len - buf_left; buf_addr = kmem_cache_zalloc(mhi_cntrl->tre_buf_cache, GFP_KERNEL); if (!buf_addr) return -ENOMEM; buf_info.host_addr = mhi_chan->tre_loc + read_offset; - buf_info.dev_addr = buf_addr + write_offset; + buf_info.dev_addr = buf_addr; buf_info.size = tr_len; buf_info.cb = mhi_ep_read_completion; buf_info.cb_buf = buf_addr; @@ -459,16 +454,12 @@ static int mhi_ep_read_channel(struct mhi_ep_cntrl *mhi_cntrl, goto err_free_buf_addr; } - buf_left -= tr_len; mhi_chan->tre_bytes_left -= tr_len; - if (!mhi_chan->tre_bytes_left) { - if (MHI_TRE_DATA_GET_IEOT(el)) - tr_done = true; - + if (!mhi_chan->tre_bytes_left) mhi_chan->rd_offset = (mhi_chan->rd_offset + 1) % ring->ring_size; - } - } while (buf_left && !tr_done); + /* Read until the some buffer is left or the ring becomes not empty */ + } while (!mhi_ep_queue_is_empty(mhi_chan->mhi_dev, DMA_TO_DEVICE)); return 0; @@ -502,15 +493,11 @@ static int mhi_ep_process_ch_ring(struct mhi_ep_ring *ring) mhi_chan->xfer_cb(mhi_chan->mhi_dev, &result); } else { /* UL channel */ - do { - ret = mhi_ep_read_channel(mhi_cntrl, ring); - if (ret < 0) { - dev_err(&mhi_chan->mhi_dev->dev, "Failed to read channel\n"); - return ret; - } - - /* Read until the ring becomes empty */ - } while (!mhi_ep_queue_is_empty(mhi_chan->mhi_dev, DMA_TO_DEVICE)); + ret = mhi_ep_read_channel(mhi_cntrl, ring); + if (ret < 0) { + dev_err(&mhi_chan->mhi_dev->dev, "Failed to read channel\n"); + return ret; + } } return 0; --- base-commit: 4c06e63b92038fadb566b652ec3ec04e228931e8 change-id: 20250910-final_chained-750c213725f1 Best regards, -- Sumit Kumar <sumit.kumar(a)oss.qualcomm.com>

3 days

2
1
0 0

[PATCH v1] ACPI: video: Fix missing backlight node creation on Zhaoxin platforms

by Zihuan Zhang

Some recent Lenovo and Inspur machines with Zhaoxin CPUs fail to create /sys/class/backlight/acpi_video0 on v6.6 kernels, while the same hardware works correctly on v5.4. Our analysis shows that the current implementation assumes the presence of a GPU. The backlight registration is only triggered if a GPU is detected, but on these platforms the backlight is handled purely by the EC without any GPU. As a result, the detection path does not create the expected backlight node. To fix this, move the following logic: /* Use ACPI video if available, except when native should be preferred. */ if ((video_caps & ACPI_VIDEO_BACKLIGHT) && !(native_available && prefer_native_over_acpi_video())) return acpi_backlight_video; above the if (auto_detect) *auto_detect = true; statement. This ensures that the ACPI video backlight node is created even when no GPU is present, restoring the correct behavior observed on older kernels. Fixes: 78dfc9d1d1ab ("ACPI: video: Add auto_detect arg to __acpi_video_get_backlight_type()") Cc: stable(a)vger.kernel.org Signed-off-by: Zihuan Zhang <zhangzihuan(a)kylinos.cn> --- drivers/acpi/video_detect.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c index d507d5e08435..c1bb22b57f56 100644 --- a/drivers/acpi/video_detect.c +++ b/drivers/acpi/video_detect.c @@ -1011,6 +1011,11 @@ enum acpi_backlight_type __acpi_video_get_backlight_type(bool native, bool *auto if (acpi_backlight_dmi != acpi_backlight_undef) return acpi_backlight_dmi; + /* Use ACPI video if available, except when native should be preferred. */ + if ((video_caps & ACPI_VIDEO_BACKLIGHT) && + !(native_available && prefer_native_over_acpi_video())) + return acpi_backlight_video; + if (auto_detect) *auto_detect = true; @@ -1024,11 +1029,6 @@ enum acpi_backlight_type __acpi_video_get_backlight_type(bool native, bool *auto if (dell_uart_present) return acpi_backlight_dell_uart; - /* Use ACPI video if available, except when native should be preferred. */ - if ((video_caps & ACPI_VIDEO_BACKLIGHT) && - !(native_available && prefer_native_over_acpi_video())) - return acpi_backlight_video; - /* Use native if available */ if (native_available) return acpi_backlight_native; -- 2.25.1

3 days, 1 hour

2
7
0 0

[PATCH 1/2] staging: axis-fifo: fix TX handling on copy_from_user() failure

by Ovidiu Panait

If copy_from_user() fails, write() currently returns -EFAULT, but any partially written data leaves the TX FIFO in an inconsistent state. Subsequent write() calls then fail with "transmit length mismatch" errors. Once partial data is written to the hardware FIFO, it cannot be removed without a TX reset. Commit c6e8d85fafa7 ("staging: axis-fifo: Remove hardware resets for user errors") removed a full FIFO reset for this case, which fixed a potential RX data loss, but introduced this TX issue. Fix this by introducing a bounce buffer: copy the full packet from userspace first, and write to the hardware FIFO only if the copy was successful. Fixes: c6e8d85fafa7 ("staging: axis-fifo: Remove hardware resets for user errors") Cc: stable(a)vger.kernel.org Signed-off-by: Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> --- drivers/staging/axis-fifo/axis-fifo.c | 36 ++++++++------------------- 1 file changed, 10 insertions(+), 26 deletions(-) diff --git a/drivers/staging/axis-fifo/axis-fifo.c b/drivers/staging/axis-fifo/axis-fifo.c index f54614ba1aa8..c47c6a022402 100644 --- a/drivers/staging/axis-fifo/axis-fifo.c +++ b/drivers/staging/axis-fifo/axis-fifo.c @@ -43,7 +43,6 @@ #define DRIVER_NAME "axis_fifo" #define READ_BUF_SIZE 128U /* read buffer length in words */ -#define WRITE_BUF_SIZE 128U /* write buffer length in words */ #define AXIS_FIFO_DEBUG_REG_NAME_MAX_LEN 4 @@ -305,11 +304,8 @@ static ssize_t axis_fifo_write(struct file *f, const char __user *buf, { struct axis_fifo *fifo = (struct axis_fifo *)f->private_data; unsigned int words_to_write; - unsigned int copied; - unsigned int copy; - unsigned int i; + u32 *txbuf; int ret; - u32 tmp_buf[WRITE_BUF_SIZE]; if (len % sizeof(u32)) { dev_err(fifo->dt_device, @@ -374,32 +370,20 @@ static ssize_t axis_fifo_write(struct file *f, const char __user *buf, } } - /* write data from an intermediate buffer into the fifo IP, refilling - * the buffer with userspace data as needed - */ - copied = 0; - while (words_to_write > 0) { - copy = min(words_to_write, WRITE_BUF_SIZE); - - if (copy_from_user(tmp_buf, buf + copied * sizeof(u32), - copy * sizeof(u32))) { - ret = -EFAULT; - goto end_unlock; - } - - for (i = 0; i < copy; i++) - iowrite32(tmp_buf[i], fifo->base_addr + - XLLF_TDFD_OFFSET); - - copied += copy; - words_to_write -= copy; + txbuf = vmemdup_user(buf, len); + if (IS_ERR(txbuf)) { + ret = PTR_ERR(txbuf); + goto end_unlock; } - ret = copied * sizeof(u32); + for (int i = 0; i < words_to_write; ++i) + iowrite32(txbuf[i], fifo->base_addr + XLLF_TDFD_OFFSET); /* write packet size to fifo */ - iowrite32(ret, fifo->base_addr + XLLF_TLR_OFFSET); + iowrite32(len, fifo->base_addr + XLLF_TLR_OFFSET); + ret = len; + kvfree(txbuf); end_unlock: mutex_unlock(&fifo->write_lock); -- 2.50.0

3 days, 1 hour

1
1
0 0

[PATCH 0/2] PCI: Keystone: __init and IRQ Fixes

by Siddharth Vadapalli

Hello, This series is based on commit 320475fbd590 Merge tag 'mtd/fixes-for-6.17-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux of Mainline Linux. The first patch in the series has been posted as a Fix in contrast to its predecessor at: https://lore.kernel.org/r/20250903124505.365913-10-s-vadapalli@ti.com/ based on the feedback provided by Jiri Slaby <jirislaby(a)kernel.org> at: https://lore.kernel.org/r/3d3a4b52-e343-42f3-9d69-94c259812143@kernel.org/ Since the Fix is independent of enabling loadable module support for the pci-keystone.c driver, it is being posted as a new patch. Checking out at the commit of Mainline Linux which this series is based on, I noticed an exception triggered by the pci-keystone.c driver during its probe. Although this is not a fatal exception and Linux continues to boot, the driver is non-functional. I root-caused the exception to free_initmem() freeing the memory associated with the ks_pcie_host_init() function in the driver before the driver's probe was invoked. This appears to be a race condition but it is easily reproducible with the Linux .config that I have used. The fix therefore is to remove the __init macro which is implemented by the second patch in the series. For reference, the logs for the case where Linux is built by checking out at the base commit of Mainline Linux are: https://gist.github.com/Siddharth-Vadapalli-at-TI/f4891b707921c53dfb464ad2f… and the logs clearly prove that the print associated with free_initmem() which is: [ 2.446834] Freeing unused kernel memory: 4864K is displayed prior to the prints associated with the pci-keystone.c driver being probed which is: [ 7.707103] keystone-pcie 5500000.pcie: host bridge /bus@100000/pcie@5500000 ranges: Building Linux by applying both patches in the series on the base commit of Mainline Linux, the driver probes successfully without any exceptions or errors. This was tested on AM654-EVM with an NVMe SSD connected to the PCIe Connector on the board. The NVMe SSD enumerates successfully. Additionally, the 'hdparm' utility was used to read from the SSD confirming that the SSD is functional. The logs corresponding to this are: https://gist.github.com/Siddharth-Vadapalli-at-TI/1b09a12a53db4233e82c5bcfc… Regards, Siddharth. Siddharth Vadapalli (2): PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit PCI: keystone: Remove the __init macro for the ks_pcie_host_init() callback drivers/pci/controller/dwc/pci-keystone.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) -- 2.43.0

3 days, 1 hour

1
2
0 0

[PATCH v2] pinctrl: renesas: rzg2l: Fix ISEL restore on resume

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Commit 1d2da79708cb ("pinctrl: renesas: rzg2l: Avoid configuring ISEL in gpio_irq_{en,dis}able*()") dropped the configuration of ISEL from struct irq_chip::{irq_enable, irq_disable} APIs and moved it to struct gpio_chip::irq::{child_to_parent_hwirq, child_irq_domain_ops::free} APIs to fix spurious IRQs. After commit 1d2da79708cb ("pinctrl: renesas: rzg2l: Avoid configuring ISEL in gpio_irq_{en,dis}able*()"), ISEL was no longer configured properly on resume. This is because the pinctrl resume code used struct irq_chip::irq_enable (called from rzg2l_gpio_irq_restore()) to reconfigure the wakeup interrupts. Some drivers (e.g. Ethernet) may also reconfigure non-wakeup interrupts on resume through their own code, eventually calling struct irq_chip::irq_enable. Fix this by adding ISEL configuration back into the struct irq_chip::irq_enable API and on resume path for wakeup interrupts. As struct irq_chip::irq_enable needs now to lock to update the ISEL, convert the struct rzg2l_pinctrl::lock to a raw spinlock and replace the locking API calls with the raw variants. Otherwise the lockdep reports invalid wait context when probing the adv7511 module on RZ/G2L: [ BUG: Invalid wait context ] 6.17.0-rc5-next-20250911-00001-gfcfac22533c9 #18 Not tainted ----------------------------- (udev-worker)/165 is trying to lock: ffff00000e3664a8 (&pctrl->lock){....}-{3:3}, at: rzg2l_gpio_irq_enable+0x38/0x78 other info that might help us debug this: context-{5:5} 3 locks held by (udev-worker)/165: #0: ffff00000e890108 (&dev->mutex){....}-{4:4}, at: __driver_attach+0x90/0x1ac #1: ffff000011c07240 (request_class){+.+.}-{4:4}, at: __setup_irq+0xb4/0x6dc #2: ffff000011c070c8 (lock_class){....}-{2:2}, at: __setup_irq+0xdc/0x6dc stack backtrace: CPU: 1 UID: 0 PID: 165 Comm: (udev-worker) Not tainted 6.17.0-rc5-next-20250911-00001-gfcfac22533c9 #18 PREEMPT Hardware name: Renesas SMARC EVK based on r9a07g044l2 (DT) Call trace: show_stack+0x18/0x24 (C) dump_stack_lvl+0x90/0xd0 dump_stack+0x18/0x24 __lock_acquire+0xa14/0x20b4 lock_acquire+0x1c8/0x354 _raw_spin_lock_irqsave+0x60/0x88 rzg2l_gpio_irq_enable+0x38/0x78 irq_enable+0x40/0x8c __irq_startup+0x78/0xa4 irq_startup+0x108/0x16c __setup_irq+0x3c0/0x6dc request_threaded_irq+0xec/0x1ac devm_request_threaded_irq+0x80/0x134 adv7511_probe+0x928/0x9a4 [adv7511] i2c_device_probe+0x22c/0x3dc really_probe+0xbc/0x2a0 __driver_probe_device+0x78/0x12c driver_probe_device+0x40/0x164 __driver_attach+0x9c/0x1ac bus_for_each_dev+0x74/0xd0 driver_attach+0x24/0x30 bus_add_driver+0xe4/0x208 driver_register+0x60/0x128 i2c_register_driver+0x48/0xd0 adv7511_init+0x5c/0x1000 [adv7511] do_one_initcall+0x64/0x30c do_init_module+0x58/0x23c load_module+0x1bcc/0x1d40 init_module_from_file+0x88/0xc4 idempotent_init_module+0x188/0x27c __arm64_sys_finit_module+0x68/0xac invoke_syscall+0x48/0x110 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x4c/0x160 el0t_64_sync_handler+0xa0/0xe4 el0t_64_sync+0x198/0x19c Having ISEL configuration back into the struct irq_chip::irq_enable API should be safe with respect to spurious IRQs, as in the probe case IRQs are enabled anyway in struct gpio_chip::irq::child_to_parent_hwirq. No spurious IRQs were detected on suspend/resume, boot, ethernet link insert/remove tests (executed on RZ/G3S). Boot, ethernet link insert/remove tests were also executed successfully on RZ/G2L. Fixes: 1d2da79708cb ("pinctrl: renesas: rzg2l: Avoid configuring ISEL in gpio_irq_{en,dis}able*(") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v2: - changed the implementation approach by dropping the spinlock in rzg2l_gpio_irq_endisable(), renaming it to __rzg2l_gpio_irq_endisable() and using it in rzg2l_gpio_irq_endisable(), the newly introduced __rzg2l_gpio_irq_enable() and rzg2l_gpio_irq_restore() - convert struct rzg2l_pinctrl::lock to raw_spinlock_t drivers/pinctrl/renesas/pinctrl-rzg2l.c | 71 +++++++++++++++---------- 1 file changed, 44 insertions(+), 27 deletions(-) diff --git a/drivers/pinctrl/renesas/pinctrl-rzg2l.c b/drivers/pinctrl/renesas/pinctrl-rzg2l.c index f524af6f586f..c360e473488c 100644 --- a/drivers/pinctrl/renesas/pinctrl-rzg2l.c +++ b/drivers/pinctrl/renesas/pinctrl-rzg2l.c @@ -359,7 +359,7 @@ struct rzg2l_pinctrl { spinlock_t bitmap_lock; /* protect tint_slot bitmap */ unsigned int hwirq[RZG2L_TINT_MAX_INTERRUPT]; - spinlock_t lock; /* lock read/write registers */ + raw_spinlock_t lock; /* lock read/write registers */ struct mutex mutex; /* serialize adding groups and functions */ struct rzg2l_pinctrl_pin_settings *settings; @@ -543,7 +543,7 @@ static void rzg2l_pinctrl_set_pfc_mode(struct rzg2l_pinctrl *pctrl, unsigned long flags; u32 reg; - spin_lock_irqsave(&pctrl->lock, flags); + raw_spin_lock_irqsave(&pctrl->lock, flags); /* Set pin to 'Non-use (Hi-Z input protection)' */ reg = readw(pctrl->base + PM(off)); @@ -567,7 +567,7 @@ static void rzg2l_pinctrl_set_pfc_mode(struct rzg2l_pinctrl *pctrl, pctrl->data->pwpr_pfc_lock_unlock(pctrl, true); - spin_unlock_irqrestore(&pctrl->lock, flags); + raw_spin_unlock_irqrestore(&pctrl->lock, flags); }; static int rzg2l_pinctrl_set_mux(struct pinctrl_dev *pctldev, @@ -882,10 +882,10 @@ static void rzg2l_rmw_pin_config(struct rzg2l_pinctrl *pctrl, u32 offset, addr += 4; } - spin_lock_irqsave(&pctrl->lock, flags); + raw_spin_lock_irqsave(&pctrl->lock, flags); reg = readl(addr) & ~(mask << (bit * 8)); writel(reg | (val << (bit * 8)), addr); - spin_unlock_irqrestore(&pctrl->lock, flags); + raw_spin_unlock_irqrestore(&pctrl->lock, flags); } static int rzg2l_caps_to_pwr_reg(const struct rzg2l_register_offsets *regs, u32 caps) @@ -1121,7 +1121,7 @@ static int rzg2l_write_oen(struct rzg2l_pinctrl *pctrl, unsigned int _pin, u8 oe if (bit < 0) return -EINVAL; - spin_lock_irqsave(&pctrl->lock, flags); + raw_spin_lock_irqsave(&pctrl->lock, flags); val = readb(pctrl->base + oen_offset); if (oen) val &= ~BIT(bit); @@ -1134,7 +1134,7 @@ static int rzg2l_write_oen(struct rzg2l_pinctrl *pctrl, unsigned int _pin, u8 oe writeb(val, pctrl->base + oen_offset); if (pctrl->data->hwcfg->oen_pwpr_lock) writeb(pwpr & ~PWPR_REGWE_B, pctrl->base + regs->pwpr); - spin_unlock_irqrestore(&pctrl->lock, flags); + raw_spin_unlock_irqrestore(&pctrl->lock, flags); return 0; } @@ -1687,14 +1687,14 @@ static int rzg2l_gpio_request(struct gpio_chip *chip, unsigned int offset) if (ret) return ret; - spin_lock_irqsave(&pctrl->lock, flags); + raw_spin_lock_irqsave(&pctrl->lock, flags); /* Select GPIO mode in PMC Register */ reg8 = readb(pctrl->base + PMC(off)); reg8 &= ~BIT(bit); pctrl->data->pmc_writeb(pctrl, reg8, PMC(off)); - spin_unlock_irqrestore(&pctrl->lock, flags); + raw_spin_unlock_irqrestore(&pctrl->lock, flags); return 0; } @@ -1709,7 +1709,7 @@ static void rzg2l_gpio_set_direction(struct rzg2l_pinctrl *pctrl, u32 offset, unsigned long flags; u16 reg16; - spin_lock_irqsave(&pctrl->lock, flags); + raw_spin_lock_irqsave(&pctrl->lock, flags); reg16 = readw(pctrl->base + PM(off)); reg16 &= ~(PM_MASK << (bit * 2)); @@ -1717,7 +1717,7 @@ static void rzg2l_gpio_set_direction(struct rzg2l_pinctrl *pctrl, u32 offset, reg16 |= (output ? PM_OUTPUT : PM_INPUT) << (bit * 2); writew(reg16, pctrl->base + PM(off)); - spin_unlock_irqrestore(&pctrl->lock, flags); + raw_spin_unlock_irqrestore(&pctrl->lock, flags); } static int rzg2l_gpio_get_direction(struct gpio_chip *chip, unsigned int offset) @@ -1761,7 +1761,7 @@ static int rzg2l_gpio_set(struct gpio_chip *chip, unsigned int offset, unsigned long flags; u8 reg8; - spin_lock_irqsave(&pctrl->lock, flags); + raw_spin_lock_irqsave(&pctrl->lock, flags); reg8 = readb(pctrl->base + P(off)); @@ -1770,7 +1770,7 @@ static int rzg2l_gpio_set(struct gpio_chip *chip, unsigned int offset, else writeb(reg8 & ~BIT(bit), pctrl->base + P(off)); - spin_unlock_irqrestore(&pctrl->lock, flags); + raw_spin_unlock_irqrestore(&pctrl->lock, flags); return 0; } @@ -2429,14 +2429,13 @@ static int rzg2l_gpio_get_gpioint(unsigned int virq, struct rzg2l_pinctrl *pctrl return gpioint; } -static void rzg2l_gpio_irq_endisable(struct rzg2l_pinctrl *pctrl, - unsigned int hwirq, bool enable) +static void __rzg2l_gpio_irq_endisable(struct rzg2l_pinctrl *pctrl, + unsigned int hwirq, bool enable) { const struct pinctrl_pin_desc *pin_desc = &pctrl->desc.pins[hwirq]; u64 *pin_data = pin_desc->drv_data; u32 off = RZG2L_PIN_CFG_TO_PORT_OFFSET(*pin_data); u8 bit = RZG2L_PIN_ID_TO_PIN(hwirq); - unsigned long flags; void __iomem *addr; addr = pctrl->base + ISEL(off); @@ -2445,12 +2444,20 @@ static void rzg2l_gpio_irq_endisable(struct rzg2l_pinctrl *pctrl, addr += 4; } - spin_lock_irqsave(&pctrl->lock, flags); if (enable) writel(readl(addr) | BIT(bit * 8), addr); else writel(readl(addr) & ~BIT(bit * 8), addr); - spin_unlock_irqrestore(&pctrl->lock, flags); +} + +static void rzg2l_gpio_irq_endisable(struct rzg2l_pinctrl *pctrl, + unsigned int hwirq, bool enable) +{ + unsigned long flags; + + raw_spin_lock_irqsave(&pctrl->lock, flags); + __rzg2l_gpio_irq_endisable(pctrl, hwirq, enable); + raw_spin_unlock_irqrestore(&pctrl->lock, flags); } static void rzg2l_gpio_irq_disable(struct irq_data *d) @@ -2462,15 +2469,25 @@ static void rzg2l_gpio_irq_disable(struct irq_data *d) gpiochip_disable_irq(gc, hwirq); } -static void rzg2l_gpio_irq_enable(struct irq_data *d) +static void __rzg2l_gpio_irq_enable(struct irq_data *d, bool lock) { struct gpio_chip *gc = irq_data_get_irq_chip_data(d); + struct rzg2l_pinctrl *pctrl = container_of(gc, struct rzg2l_pinctrl, gpio_chip); unsigned int hwirq = irqd_to_hwirq(d); gpiochip_enable_irq(gc, hwirq); + if (lock) + rzg2l_gpio_irq_endisable(pctrl, hwirq, true); + else + __rzg2l_gpio_irq_endisable(pctrl, hwirq, true); irq_chip_enable_parent(d); } +static void rzg2l_gpio_irq_enable(struct irq_data *d) +{ + __rzg2l_gpio_irq_enable(d, true); +} + static int rzg2l_gpio_irq_set_type(struct irq_data *d, unsigned int type) { return irq_chip_set_type_parent(d, type); @@ -2616,11 +2633,11 @@ static void rzg2l_gpio_irq_restore(struct rzg2l_pinctrl *pctrl) * This has to be atomically executed to protect against a concurrent * interrupt. */ - spin_lock_irqsave(&pctrl->lock, flags); + raw_spin_lock_irqsave(&pctrl->lock, flags); ret = rzg2l_gpio_irq_set_type(data, irqd_get_trigger_type(data)); if (!ret && !irqd_irq_disabled(data)) - rzg2l_gpio_irq_enable(data); - spin_unlock_irqrestore(&pctrl->lock, flags); + __rzg2l_gpio_irq_enable(data, false); + raw_spin_unlock_irqrestore(&pctrl->lock, flags); if (ret) dev_crit(pctrl->dev, "Failed to set IRQ type for virq=%u\n", virq); @@ -2950,7 +2967,7 @@ static int rzg2l_pinctrl_probe(struct platform_device *pdev) "failed to enable GPIO clk\n"); } - spin_lock_init(&pctrl->lock); + raw_spin_lock_init(&pctrl->lock); spin_lock_init(&pctrl->bitmap_lock); mutex_init(&pctrl->mutex); atomic_set(&pctrl->wakeup_path, 0); @@ -3093,7 +3110,7 @@ static void rzg2l_pinctrl_pm_setup_pfc(struct rzg2l_pinctrl *pctrl) u32 nports = pctrl->data->n_port_pins / RZG2L_PINS_PER_PORT; unsigned long flags; - spin_lock_irqsave(&pctrl->lock, flags); + raw_spin_lock_irqsave(&pctrl->lock, flags); pctrl->data->pwpr_pfc_lock_unlock(pctrl, false); /* Restore port registers. */ @@ -3138,7 +3155,7 @@ static void rzg2l_pinctrl_pm_setup_pfc(struct rzg2l_pinctrl *pctrl) } pctrl->data->pwpr_pfc_lock_unlock(pctrl, true); - spin_unlock_irqrestore(&pctrl->lock, flags); + raw_spin_unlock_irqrestore(&pctrl->lock, flags); } static int rzg2l_pinctrl_suspend_noirq(struct device *dev) @@ -3187,14 +3204,14 @@ static int rzg2l_pinctrl_resume_noirq(struct device *dev) writeb(cache->qspi, pctrl->base + QSPI); if (pctrl->data->hwcfg->oen_pwpr_lock) { - spin_lock_irqsave(&pctrl->lock, flags); + raw_spin_lock_irqsave(&pctrl->lock, flags); pwpr = readb(pctrl->base + regs->pwpr); writeb(pwpr | PWPR_REGWE_B, pctrl->base + regs->pwpr); } writeb(cache->oen, pctrl->base + pctrl->data->hwcfg->regs.oen); if (pctrl->data->hwcfg->oen_pwpr_lock) { writeb(pwpr & ~PWPR_REGWE_B, pctrl->base + regs->pwpr); - spin_unlock_irqrestore(&pctrl->lock, flags); + raw_spin_unlock_irqrestore(&pctrl->lock, flags); } for (u8 i = 0; i < 2; i++) { if (regs->sd_ch) -- 2.43.0

3 days, 1 hour

1
0
0 0

[PATCH] drm/omap: Mark dispc_save_context() with noinline_for_stack

by Nathan Chancellor

A recent innocuous internal optimization change in LLVM [1] causes the same issue that necessitated commit 660942f2441d ("drm: omapdrm: reduce clang stack usage") to occur in dispc_runtime_suspend() from inlinling dispc_save_context(). drivers/gpu/drm/omapdrm/dss/dispc.c:4720:27: error: stack frame size (2272) exceeds limit (2048) in 'dispc_runtime_suspend' [-Werror,-Wframe-larger-than] 4720 | static __maybe_unused int dispc_runtime_suspend(struct device *dev) | ^ There is an unfortunate interaction between the inner loops of dispc_save_context() getting unrolled and the calculation of the index into the ctx array being spilled to the stack when sanitizers are enabled [2]. While this should obviously be addressed on the LLVM side, such a fix may not be easy to craft and it is simple enough to work around the issue in the same manner as before by marking dispc_save_context() with noinline_for_stack, which makes it use the same amount of stack as dispc_restore_context() does after the same change. Cc: stable(a)vger.kernel.org Link: https://github.com/llvm/llvm-project/commit/055bfc027141bbfafd51fb43f5ab81b… [1] Link: https://llvm.org/pr143908 [2] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- drivers/gpu/drm/omapdrm/dss/dispc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/omapdrm/dss/dispc.c b/drivers/gpu/drm/omapdrm/dss/dispc.c index cf055815077cffad554a4ae58cfd7b81edcbb0d4..d079f557c8f24d1afd0bc182edd13165cb9c356c 100644 --- a/drivers/gpu/drm/omapdrm/dss/dispc.c +++ b/drivers/gpu/drm/omapdrm/dss/dispc.c @@ -417,7 +417,7 @@ static bool dispc_has_feature(struct dispc_device *dispc, #define RR(dispc, reg) \ dispc_write_reg(dispc, DISPC_##reg, dispc->ctx[DISPC_##reg / sizeof(u32)]) -static void dispc_save_context(struct dispc_device *dispc) +static noinline_for_stack void dispc_save_context(struct dispc_device *dispc) { int i, j; --- base-commit: 76eeb9b8de9880ca38696b2fb56ac45ac0a25c6c change-id: 20250911-omapdrm-reduce-clang-stack-usage-pt-2-9a9ae9263b91 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

3 days, 2 hours

2
1
0 0

[PATCH wireless-next] wifi: mt76: mt7921u: Add VID/PID for Netgear A7500

by Nick

Add VID/PID 0846/9065 for Netgear A7500. Reported-by: Autumn Dececco <autumndececco(a)gmail.com> Tested-by: Autumn Dececco <autumndececco(a)gmail.com> Signed-off-by: Nick Morrow <morrownr(a)gmail.com> Cc: stable(a)vger.kernel.org --- drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/usb.c b/drivers/net/wireless/mediatek/mt76/mt7921/usb.c index fe9751851ff7..100bdba32ba5 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7921/usb.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/usb.c @@ -21,6 +21,9 @@ static const struct usb_device_id mt7921u_device_table[] = { /* Netgear, Inc. [A8000,AXE3000] */ { USB_DEVICE_AND_INTERFACE_INFO(0x0846, 0x9060, 0xff, 0xff, 0xff), .driver_info = (kernel_ulong_t)MT7921_FIRMWARE_WM }, + /* Netgear, Inc. A7500 */ + { USB_DEVICE_AND_INTERFACE_INFO(0x0846, 0x9065, 0xff, 0xff, 0xff), + .driver_info = (kernel_ulong_t)MT7921_FIRMWARE_WM }, /* TP-Link TXE50UH */ { USB_DEVICE_AND_INTERFACE_INFO(0x35bc, 0x0107, 0xff, 0xff, 0xff), .driver_info = (kernel_ulong_t)MT7921_FIRMWARE_WM }, -- 2.47.3

3 days, 4 hours

2
1
0 0

[PATCH v2] arm64: dts: qcom: sdm845-shift-axolotl: Fix typo of compatible

by Tamura Dai

The bug is a typo in the compatible string for the touchscreen node. According to Documentation/devicetree/bindings/input/touchscreen/edt-ft5x06.yaml, the correct compatible is "focaltech,ft8719", but the device tree used "focaltech,fts8719". Fixes: 45882459159de (arm64: dts: qcom: sdm845: add device tree for SHIFT6mq) Cc: stable(a)vger.kernel.org Signed-off-by: Tamura Dai <kirinode0(a)gmail.com> --- arch/arm64/boot/dts/qcom/sdm845-shift-axolotl.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/qcom/sdm845-shift-axolotl.dts b/arch/arm64/boot/dts/qcom/sdm845-shift-axolotl.dts index 2cf7b5e1243c..a0b288d6162f 100644 --- a/arch/arm64/boot/dts/qcom/sdm845-shift-axolotl.dts +++ b/arch/arm64/boot/dts/qcom/sdm845-shift-axolotl.dts @@ -432,7 +432,7 @@ &i2c5 { status = "okay"; touchscreen@38 { - compatible = "focaltech,fts8719"; + compatible = "focaltech,ft8719"; reg = <0x38>; wakeup-source; interrupt-parent = <&tlmm>; -- 2.34.1

3 days, 4 hours

3
2
0 0

[PATCH] arm64: dts: qcom: sdm845-shift-axolotl: Fix typo of compatible

by Tamura Dai

Merge a hibernation regression fix and an fix related to energy model The bug is a typo in the compatible string for the touchscreen node. According to Documentation/devicetree/bindings/input/touchscreen/edt-ft5x06.yaml, the correct compatible is "focaltech,ft8719", but the device tree used "focaltech,fts8719". Fixes: 45882459159de (arm64: dts: qcom: sdm845: add device tree for SHIFT6mq) Cc: stable(a)vger.kernel.org Signed-off-by: Tamura Dai <kirinode0(a)gmail.com> --- arch/arm64/boot/dts/qcom/sdm845-shift-axolotl.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/qcom/sdm845-shift-axolotl.dts b/arch/arm64/boot/dts/qcom/sdm845-shift-axolotl.dts index 2cf7b5e1243c..a0b288d6162f 100644 --- a/arch/arm64/boot/dts/qcom/sdm845-shift-axolotl.dts +++ b/arch/arm64/boot/dts/qcom/sdm845-shift-axolotl.dts @@ -432,7 +432,7 @@ &i2c5 { status = "okay"; touchscreen@38 { - compatible = "focaltech,fts8719"; + compatible = "focaltech,ft8719"; reg = <0x38>; wakeup-source; interrupt-parent = <&tlmm>; -- 2.34.1

3 days, 4 hours

1
0
0 0

[PATCH] arm64 defconfig: remove CONFIG_SCHED_DEBUG reference

by Mikko Rapeli

It has been completely removed since v6.14-rc6 by commit dd5bdaf2b72da81d57f4f99e518af80002b6562e Author: Ingo Molnar <mingo(a)kernel.org> AuthorDate: Mon Mar 17 11:42:54 2025 +0100 Commit: Ingo Molnar <mingo(a)kernel.org> CommitDate: Wed Mar 19 22:20:53 2025 +0100 sched/debug: Make CONFIG_SCHED_DEBUG functionality unconditional Fixes yocto meta-arm sbsa-ref kernel config warning which uses kernel.org arm64 defconfig: DEBUG: Executing python function do_kernel_configcheck WARNING: [kernel config]: This BSP contains fragments with warnings: [INFO]: the following symbols were not found in the active configuration: - CONFIG_SCHED_DEBUG DEBUG: Python function do_kernel_configcheck finished Fixes: dd5bdaf2b72d ("sched/debug: Make CONFIG_SCHED_DEBUG functionality unconditional") Cc: <stable(a)vger.kernel.org> Cc: Jon Mason <jon.mason(a)arm.com> Cc: Ross Burton <ross.burton(a)arm.com> Cc: bruce.ashfield(a)gmail.com Signed-off-by: Mikko Rapeli <mikko.rapeli(a)linaro.org> --- arch/arm64/configs/defconfig | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig index 58f87d09366cd..4126281665bf2 100644 --- a/arch/arm64/configs/defconfig +++ b/arch/arm64/configs/defconfig @@ -1798,7 +1798,6 @@ CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y CONFIG_DEBUG_INFO_REDUCED=y CONFIG_MAGIC_SYSRQ=y CONFIG_DEBUG_FS=y -# CONFIG_SCHED_DEBUG is not set # CONFIG_DEBUG_PREEMPT is not set # CONFIG_FTRACE is not set CONFIG_CORESIGHT=m -- 2.34.1

3 days, 5 hours

2
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2025