- Linux-stable-mirror - lists.linaro.org

[PATCH v2] media: uvcvideo: Fix support for V4L2_CTRL_FLAG_HAS_WHICH_MIN_MAX

by Ricardo Ribalda

The VIDIOC_G_EXT_CTRLS with which V4L2_CTRL_WHICH_(MIN|MAX)_VAL can only work for controls that have previously announced support for it. This patch fixes the following v4l2-compliance error: info: checking extended control 'User Controls' (0x00980001) fail: v4l2-test-controls.cpp(980): ret != EINVAL (got 13) test VIDIOC_G/S/TRY_EXT_CTRLS: FAIL Fixes: 39d2c891c96e ("media: uvcvideo: support V4L2_CTRL_WHICH_MIN/MAX_VAL") Cc: stable(a)vger.kernel.org Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Changes in v2, Thanks Laurent: - Remove redundant ioctl check - CodeStyle - Link to v1: https://lore.kernel.org/r/20251028-uvc-fix-which-v1-1-a7e6b82672a3@chromium… --- drivers/media/usb/uvc/uvc_ctrl.c | 14 ++++++++++++-- drivers/media/usb/uvc/uvc_v4l2.c | 10 ++++++---- drivers/media/usb/uvc/uvcvideo.h | 2 +- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index 2905505c240c060e5034ea12d33b59d5702f2e1f..2738ef74c7373b185b67611da57610fd0b442080 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -1432,7 +1432,7 @@ static bool uvc_ctrl_is_readable(u32 which, struct uvc_control *ctrl, * auto_exposure=1, exposure_time_absolute=251. */ int uvc_ctrl_is_accessible(struct uvc_video_chain *chain, u32 v4l2_id, - const struct v4l2_ext_controls *ctrls, + const struct v4l2_ext_controls *ctrls, u32 which, unsigned long ioctl) { struct uvc_control_mapping *master_map = NULL; @@ -1442,14 +1442,24 @@ int uvc_ctrl_is_accessible(struct uvc_video_chain *chain, u32 v4l2_id, s32 val; int ret; int i; + /* + * There is no need to check the ioctl, all the ioctls except + * VIDIOC_G_EXT_CTRLS use which=V4L2_CTRL_WHICH_CUR_VAL. + */ + bool is_which_min_max = which == V4L2_CTRL_WHICH_MIN_VAL || + which == V4L2_CTRL_WHICH_MAX_VAL; if (__uvc_query_v4l2_class(chain, v4l2_id, 0) >= 0) - return -EACCES; + return is_which_min_max ? -EINVAL : -EACCES; ctrl = uvc_find_control(chain, v4l2_id, &mapping); if (!ctrl) return -EINVAL; + if ((!(ctrl->info.flags & UVC_CTRL_FLAG_GET_MIN) || + !(ctrl->info.flags & UVC_CTRL_FLAG_GET_MAX)) && is_which_min_max) + return -EINVAL; + if (ioctl == VIDIOC_G_EXT_CTRLS) return uvc_ctrl_is_readable(ctrls->which, ctrl, mapping); diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c index 9e4a251eca88085a1b4e0e854370015855be92ee..30c160daed8cb057b31ec00d665107dfdf4be1dc 100644 --- a/drivers/media/usb/uvc/uvc_v4l2.c +++ b/drivers/media/usb/uvc/uvc_v4l2.c @@ -765,14 +765,15 @@ static int uvc_ioctl_query_ext_ctrl(struct file *file, void *priv, static int uvc_ctrl_check_access(struct uvc_video_chain *chain, struct v4l2_ext_controls *ctrls, - unsigned long ioctl) + u32 which, unsigned long ioctl) { struct v4l2_ext_control *ctrl = ctrls->controls; unsigned int i; int ret = 0; for (i = 0; i < ctrls->count; ++ctrl, ++i) { - ret = uvc_ctrl_is_accessible(chain, ctrl->id, ctrls, ioctl); + ret = uvc_ctrl_is_accessible(chain, ctrl->id, ctrls, which, + ioctl); if (ret) break; } @@ -806,7 +807,7 @@ static int uvc_ioctl_g_ext_ctrls(struct file *file, void *priv, which = V4L2_CTRL_WHICH_CUR_VAL; } - ret = uvc_ctrl_check_access(chain, ctrls, VIDIOC_G_EXT_CTRLS); + ret = uvc_ctrl_check_access(chain, ctrls, which, VIDIOC_G_EXT_CTRLS); if (ret < 0) return ret; @@ -840,7 +841,8 @@ static int uvc_ioctl_s_try_ext_ctrls(struct uvc_fh *handle, if (!ctrls->count) return 0; - ret = uvc_ctrl_check_access(chain, ctrls, ioctl); + ret = uvc_ctrl_check_access(chain, ctrls, V4L2_CTRL_WHICH_CUR_VAL, + ioctl); if (ret < 0) return ret; diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h index ed7bad31f75ca474c1037d666d5310c78dd764df..d583425893a5f716185153a07aae9bfe20182964 100644 --- a/drivers/media/usb/uvc/uvcvideo.h +++ b/drivers/media/usb/uvc/uvcvideo.h @@ -786,7 +786,7 @@ int uvc_ctrl_get(struct uvc_video_chain *chain, u32 which, struct v4l2_ext_control *xctrl); int uvc_ctrl_set(struct uvc_fh *handle, struct v4l2_ext_control *xctrl); int uvc_ctrl_is_accessible(struct uvc_video_chain *chain, u32 v4l2_id, - const struct v4l2_ext_controls *ctrls, + const struct v4l2_ext_controls *ctrls, u32 which, unsigned long ioctl); int uvc_xu_ctrl_query(struct uvc_video_chain *chain, --- base-commit: c218ce4f98eccf5a40de64c559c52d61e9cc78ee change-id: 20251028-uvc-fix-which-c3ba1fb68ed5 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

3 days

2
1
0 0

[PATCH] staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure

by Liang Jie

From: Liang Jie <liangjie(a)lixiang.com> The return value of sdio_alloc_irq() was not stored in status. If sdio_alloc_irq() fails after rtw_drv_register_netdev() succeeds, status remains _SUCCESS and the error path skips resource cleanup, while rtw_drv_init() still returns success. Store the return value of sdio_alloc_irq() in status and reuse the existing error handling which relies on status. Cc: stable(a)vger.kernel.org Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Reviewed-by: fanggeng <fanggeng(a)lixiang.com> Signed-off-by: Liang Jie <liangjie(a)lixiang.com> --- drivers/staging/rtl8723bs/os_dep/sdio_intf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/staging/rtl8723bs/os_dep/sdio_intf.c b/drivers/staging/rtl8723bs/os_dep/sdio_intf.c index f3caaa857c86..139ace51486d 100644 --- a/drivers/staging/rtl8723bs/os_dep/sdio_intf.c +++ b/drivers/staging/rtl8723bs/os_dep/sdio_intf.c @@ -377,7 +377,8 @@ static int rtw_drv_init( if (status != _SUCCESS) goto free_if1; - if (sdio_alloc_irq(dvobj) != _SUCCESS) + status = sdio_alloc_irq(dvobj); + if (status != _SUCCESS) goto free_if1; status = _SUCCESS; -- 2.25.1

3 days

1
0
0 0

[PATCH 6.18 regression fix] dma-mapping: Fix DMA_BIT_MASK() macro being broken

by Hans de Goede

After commit a50f7456f853 ("dma-mapping: Allow use of DMA_BIT_MASK(64) in global scope"), the DMA_BIT_MASK() macro is broken when passed non trivial statements for the value of 'n'. This is caused by the new version missing parenthesis around 'n' when evaluating 'n'. One example of this breakage is the IPU6 driver now crashing due to it getting DMA-addresses with address bit 32 set even though it has tried to set a 32 bit DMA mask. The IPU6 CSI2 engine has a DMA mask of either 31 or 32 bits depending on if it is in secure mode or not and it sets this masks like this: mmu_info->aperture_end = (dma_addr_t)DMA_BIT_MASK(isp->secure_mode ? IPU6_MMU_ADDR_BITS : IPU6_MMU_ADDR_BITS_NON_SECURE); So the 'n' argument here is "isp->secure_mode ? IPU6_MMU_ADDR_BITS : IPU6_MMU_ADDR_BITS_NON_SECURE" which gets expanded into: isp->secure_mode ? IPU6_MMU_ADDR_BITS : IPU6_MMU_ADDR_BITS_NON_SECURE - 1 With the -1 only being applied in the non secure case, causing the secure mode mask to be one 1 bit too large. Fixes: a50f7456f853 ("dma-mapping: Allow use of DMA_BIT_MASK(64) in global scope") Cc: Sakari Ailus <sakari.ailus(a)linux.intel.com> Cc: James Clark <james.clark(a)linaro.org> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <johannes.goede(a)oss.qualcomm.com> --- include/linux/dma-mapping.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h index 2ceda49c609f..aa36a0d1d9df 100644 --- a/include/linux/dma-mapping.h +++ b/include/linux/dma-mapping.h @@ -90,7 +90,7 @@ */ #define DMA_MAPPING_ERROR (~(dma_addr_t)0) -#define DMA_BIT_MASK(n) GENMASK_ULL(n - 1, 0) +#define DMA_BIT_MASK(n) GENMASK_ULL((n) - 1, 0) struct dma_iova_state { dma_addr_t addr; -- 2.52.0

3 days, 1 hour

4
3
0 0

[PATCH] reset: gpio: suppress bind attributes in sysfs

by Bartosz Golaszewski

This is a special device that's created dynamically and is supposed to stay in memory forever. We also currently don't have a devlink between it and the actual reset consumer. Suppress sysfs bind attributes so that user-space can't unbind the device because - as of now - it will cause a use-after-free splat from any user that puts the reset control handle. Fixes: cee544a40e44 ("reset: gpio: Add GPIO-based reset controller") Cc: stable(a)vger.kernel.org Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)oss.qualcomm.com> --- drivers/reset/reset-gpio.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/reset/reset-gpio.c b/drivers/reset/reset-gpio.c index e5512b3b596b..626c4c639c15 100644 --- a/drivers/reset/reset-gpio.c +++ b/drivers/reset/reset-gpio.c @@ -111,6 +111,7 @@ static struct auxiliary_driver reset_gpio_driver = { .id_table = reset_gpio_ids, .driver = { .name = "reset-gpio", + .suppress_bind_attrs = true, }, }; module_auxiliary_driver(reset_gpio_driver); -- 2.51.0

3 days, 3 hours

3
5
0 0

FAILED: patch "[PATCH] xhci: dbgtty: fix device unregister" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1f73b8b56cf35de29a433aee7bfff26cea98be3f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025120110-deuce-arrange-e66c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1f73b8b56cf35de29a433aee7bfff26cea98be3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Bartosik?= <ukaszb(a)chromium.org> Date: Wed, 19 Nov 2025 21:29:09 +0000 Subject: [PATCH] xhci: dbgtty: fix device unregister MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When DbC is disconnected then xhci_dbc_tty_unregister_device() is called. However if there is any user space process blocked on write to DbC terminal device then it will never be signalled and thus stay blocked indifinitely. This fix adds a tty_vhangup() call in xhci_dbc_tty_unregister_device(). The tty_vhangup() wakes up any blocked writers and causes subsequent write attempts to DbC terminal device to fail. Cc: stable <stable(a)kernel.org> Fixes: dfba2174dc42 ("usb: xhci: Add DbC support in xHCI driver") Signed-off-by: Łukasz Bartosik <ukaszb(a)chromium.org> Link: https://patch.msgid.link/20251119212910.1245694-1-ukaszb@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-dbgtty.c b/drivers/usb/host/xhci-dbgtty.c index b7f95565524d..57cdda4e09c8 100644 --- a/drivers/usb/host/xhci-dbgtty.c +++ b/drivers/usb/host/xhci-dbgtty.c @@ -550,6 +550,12 @@ static void xhci_dbc_tty_unregister_device(struct xhci_dbc *dbc) if (!port->registered) return; + /* + * Hang up the TTY. This wakes up any blocked + * writers and causes subsequent writes to fail. + */ + tty_vhangup(port->port.tty); + tty_unregister_device(dbc_tty_driver, port->minor); xhci_dbc_tty_exit_port(port); port->registered = false;

3 days, 3 hours

2
2
0 0

[PATCH] xfs: Fix a memory leak bug in xfs_buf_item_init()

by Haoxiang Li

xfs_buf_item_get_format() may allocate memory for bip->bli_formats, free the memory in the error path. Fixes: c3d5f0c2fb85 ("xfs: complain if anyone tries to create a too-large buffer log item") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <lihaoxiang(a)isrc.iscas.ac.cn> --- fs/xfs/xfs_buf_item.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/xfs/xfs_buf_item.c b/fs/xfs/xfs_buf_item.c index 8d85b5eee444..f4c5be67826e 100644 --- a/fs/xfs/xfs_buf_item.c +++ b/fs/xfs/xfs_buf_item.c @@ -896,6 +896,7 @@ xfs_buf_item_init( map_size = DIV_ROUND_UP(chunks, NBWORD); if (map_size > XFS_BLF_DATAMAP_SIZE) { + xfs_buf_item_free_format(bip); kmem_cache_free(xfs_buf_item_cache, bip); xfs_err(mp, "buffer item dirty bitmap (%u uints) too small to reflect %u bytes!", -- 2.25.1

3 days, 3 hours

2
1
0 0

[STATUS] stable/linux-5.10.y - f964b940099f9982d723d4c77988d4b0dda9c165

by KernelCI bot

Hello, Status summary for stable/linux-5.10.y Dashboard: https://d.kernelci.org/c/stable/linux-5.10.y/f964b940099f9982d723d4c77988d4… giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git branch: linux-5.10.y commit hash: f964b940099f9982d723d4c77988d4b0dda9c165 origin: maestro test start time: 2025-12-06 22:05:22.856000+00:00 Builds: 38 ✅ 0 ❌ 0 ⚠️ Boots: 69 ✅ 0 ❌ 0 ⚠️ Tests: 972 ✅ 267 ❌ 200 ⚠️ ### POSSIBLE REGRESSIONS No possible regressions observed. ### FIXED REGRESSIONS Hardware: beaglebone-black > Config: multi_v7_defconfig - Architecture/compiler: arm/gcc-14 - ltp last run: https://d.kernelci.org/test/maestro:6934ce3b1ca5bf9d0fd6c4d7 history: > ❌ > ❌ > ✅ > ✅ > ✅ ### UNSTABLE TESTS No unstable tests observed. Sent every day if there were changes in the past 24 hours. Legend: ✅ PASS ❌ FAIL ⚠️ INCONCLUSIVE -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 days, 7 hours

1
0
0 0

[STATUS] stable/linux-6.12.y - dcbeffaf66d03968970d7d68ec7800032d00180e

by KernelCI bot

Hello, Status summary for stable/linux-6.12.y Dashboard: https://d.kernelci.org/c/stable/linux-6.12.y/dcbeffaf66d03968970d7d68ec7800… giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git branch: linux-6.12.y commit hash: dcbeffaf66d03968970d7d68ec7800032d00180e origin: maestro test start time: 2025-12-06 22:05:24.548000+00:00 Builds: 39 ✅ 0 ❌ 0 ⚠️ Boots: 193 ✅ 0 ❌ 0 ⚠️ Tests: 12053 ✅ 779 ❌ 3133 ⚠️ ### POSSIBLE REGRESSIONS Hardware: dell-latitude-5400-4305U-sarien > Config: x86_64_defconfig+lab-setup+x86-board+kselftest - Architecture/compiler: x86_64/gcc-14 - kselftest.cpufreq.suspend last run: https://d.kernelci.org/test/maestro:6934b9581ca5bf9d0fd66c53 history: > ✅ > ❌ - kselftest.cpufreq.suspend.cpufreq_main_sh last run: https://d.kernelci.org/test/maestro:6935156f1ca5bf9d0fd7d7ed history: > ✅ > ❌ Hardware: dell-latitude-5400-8665U-sarien > Config: x86_64_defconfig+lab-setup+x86-board+kselftest - Architecture/compiler: x86_64/gcc-14 - kselftest.cpufreq.suspend last run: https://d.kernelci.org/test/maestro:6934b9591ca5bf9d0fd66c56 history: > ✅ > ❌ - kselftest.cpufreq.suspend.cpufreq_main_sh last run: https://d.kernelci.org/test/maestro:6934c2821ca5bf9d0fd6a446 history: > ✅ > ❌ Hardware: hp-x360-12b-ca0010nr-n4020-octopus > Config: x86_64_defconfig+lab-setup+x86-board+kselftest - Architecture/compiler: x86_64/gcc-14 - kernelci_wifi_basic last run: https://d.kernelci.org/test/maestro:6934bc4b1ca5bf9d0fd68a11 history: > ✅ > ❌ Hardware: meson-sm1-s905d3-libretech-cc > Config: defconfig+lab-setup+kselftest - Architecture/compiler: arm64/gcc-14 - kselftest.breakpoints last run: https://d.kernelci.org/test/maestro:6934b5901ca5bf9d0fd64a44 history: > ✅ > ❌ Hardware: sun50i-h5-libretech-all-h3-cc > Config: defconfig+lab-setup+kselftest - Architecture/compiler: arm64/gcc-14 - kselftest.arm64 last run: https://d.kernelci.org/test/maestro:6934b58e1ca5bf9d0fd64a2a history: > ✅ > ❌ ### FIXED REGRESSIONS Hardware: mt8186-corsola-steelix-sku131072 > Config: defconfig+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y - Architecture/compiler: arm64/gcc-14 - kernelci_watchdog_reset.wdt-reset.wdt-get-timeout last run: https://d.kernelci.org/test/maestro:6934b7ac1ca5bf9d0fd65f2b history: > ❌ > ✅ ### UNSTABLE TESTS Hardware: beaglebone-black > Config: multi_v7_defconfig - Architecture/compiler: arm/gcc-14 - ltp last run: https://d.kernelci.org/test/maestro:6934b4f81ca5bf9d0fd6480d history: > ✅ > ❌ > ❌ > ✅ > ✅ Sent every day if there were changes in the past 24 hours. Legend: ✅ PASS ❌ FAIL ⚠️ INCONCLUSIVE -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 days, 7 hours

1
0
0 0

[STATUS] stable/linux-5.15.y - 68efe5a6c16a05391e3d96025b41e9bf573f968c

by KernelCI bot

Hello, Status summary for stable/linux-5.15.y Dashboard: https://d.kernelci.org/c/stable/linux-5.15.y/68efe5a6c16a05391e3d96025b41e9… giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git branch: linux-5.15.y commit hash: 68efe5a6c16a05391e3d96025b41e9bf573f968c origin: maestro test start time: 2025-12-06 22:05:23.274000+00:00 Builds: 34 ✅ 4 ❌ 0 ⚠️ Boots: 45 ✅ 0 ❌ 0 ⚠️ Tests: 855 ✅ 252 ❌ 887 ⚠️ ### POSSIBLE REGRESSIONS No possible regressions observed. ### FIXED REGRESSIONS Hardware: beaglebone-black > Config: multi_v7_defconfig - Architecture/compiler: arm/gcc-14 - ltp last run: https://d.kernelci.org/test/maestro:6934ae5d1ca5bf9d0fd6352c history: > ❌ > ❌ > ❌ > ✅ > ✅ ### UNSTABLE TESTS No unstable tests observed. This branch has 4 pre-existing build issues. See details in the dashboard. Sent every day if there were changes in the past 24 hours. Legend: ✅ PASS ❌ FAIL ⚠️ INCONCLUSIVE -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 days, 7 hours

1
0
0 0

[STATUS] stable/linux-6.6.y - 5fa4793a2d2d70ad08b85387b41020f1fcc2d19e

by KernelCI bot

Hello, Status summary for stable/linux-6.6.y Dashboard: https://d.kernelci.org/c/stable/linux-6.6.y/5fa4793a2d2d70ad08b85387b41020f… giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git branch: linux-6.6.y commit hash: 5fa4793a2d2d70ad08b85387b41020f1fcc2d19e origin: maestro test start time: 2025-12-06 22:05:24.119000+00:00 Builds: 35 ✅ 4 ❌ 0 ⚠️ Boots: 92 ✅ 0 ❌ 0 ⚠️ Tests: 4404 ✅ 350 ❌ 1689 ⚠️ ### POSSIBLE REGRESSIONS No possible regressions observed. ### FIXED REGRESSIONS Hardware: beaglebone-black > Config: multi_v7_defconfig - Architecture/compiler: arm/gcc-14 - ltp last run: https://d.kernelci.org/test/maestro:6934b2071ca5bf9d0fd63f8f history: > ❌ > ❌ > ❌ > ✅ > ✅ ### UNSTABLE TESTS No unstable tests observed. This branch has 4 pre-existing build issues. See details in the dashboard. Sent every day if there were changes in the past 24 hours. Legend: ✅ PASS ❌ FAIL ⚠️ INCONCLUSIVE -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

3 days, 7 hours

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror