- Linux-stable-mirror - lists.linaro.org

[PATCH 6.14.y v3] wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process

by Alexander Tsoy

From: P Praneesh <quic_ppranees(a)quicinc.com> [ Upstream commit 63fdc4509bcf483e79548de6bc08bf3c8e504bb3 ] Currently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entry to fetch the next entry from the destination ring. This is incorrect because ath12k_hal_srng_src_get_next_entry is intended for source rings, not destination rings. This leads to invalid entry fetches, causing potential data corruption or crashes due to accessing incorrect memory locations. This happens because the source ring and destination ring have different handling mechanisms and using the wrong function results in incorrect pointer arithmetic and ring management. To fix this issue, replace the call to ath12k_hal_srng_src_get_next_entry with ath12k_hal_srng_dst_get_next_entry in ath12k_dp_mon_srng_process. This ensures that the correct function is used for fetching entries from the destination ring, preventing invalid memory accesses. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 Signed-off-by: P Praneesh <quic_ppranees(a)quicinc.com> Link: https://patch.msgid.link/20241223060132.3506372-7-quic_ppranees@quicinc.com Signed-off-by: Jeff Johnson <jeff.johnson(a)oss.qualcomm.com> Signed-off-by: Alexander Tsoy <alexander(a)tsoy.me> --- drivers/net/wireless/ath/ath12k/dp_mon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath12k/dp_mon.c b/drivers/net/wireless/ath/ath12k/dp_mon.c index 8005d30a4dbe..b952e79179d0 100644 --- a/drivers/net/wireless/ath/ath12k/dp_mon.c +++ b/drivers/net/wireless/ath/ath12k/dp_mon.c @@ -2054,7 +2054,7 @@ int ath12k_dp_mon_srng_process(struct ath12k *ar, int mac_id, int *budget, dest_idx = 0; move_next: ath12k_dp_mon_buf_replenish(ab, buf_ring, 1); - ath12k_hal_srng_src_get_next_entry(ab, srng); + ath12k_hal_srng_dst_get_next_entry(ab, srng); num_buffs_reaped++; } -- 2.49.0

3 days, 17 hours

1
0
0 0

[PATCH v2] x86/mm: fix _pgd_alloc() for Xen PV mode

by Juergen Gross

Recently _pgd_alloc() was switched from using __get_free_pages() to pagetable_alloc_noprof(), which might return a compound page in case the allocation order is larger than 0. On x86 this will be the case if CONFIG_MITIGATION_PAGE_TABLE_ISOLATION is set, even if PTI has been disabled at runtime. When running as a Xen PV guest (this will always disable PTI), using a compound page for a PGD will result in VM_BUG_ON_PGFLAGS being triggered when the Xen code tries to pin the PGD. Fix the Xen issue together with the not needed 8k allocation for a PGD with PTI disabled by replacing PGD_ALLOCATION_ORDER with an inline helper returning the needed order for PGD allocations. Reported-by: Petr Vaněk <arkamar(a)atlas.cz> Fixes: a9b3c355c2e6 ("asm-generic: pgalloc: provide generic __pgd_{alloc,free}") Cc: stable(a)vger.kernel.org Signed-off-by: Juergen Gross <jgross(a)suse.com> --- V2: - use pgd_allocation_order() instead of PGD_ALLOCATION_ORDER (Dave Hansen) --- arch/x86/include/asm/pgalloc.h | 19 +++++++++++-------- arch/x86/kernel/machine_kexec_32.c | 4 ++-- arch/x86/mm/pgtable.c | 4 ++-- arch/x86/platform/efi/efi_64.c | 4 ++-- 4 files changed, 17 insertions(+), 14 deletions(-) diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h index a33147520044..c88691b15f3c 100644 --- a/arch/x86/include/asm/pgalloc.h +++ b/arch/x86/include/asm/pgalloc.h @@ -6,6 +6,8 @@ #include <linux/mm.h> /* for struct page */ #include <linux/pagemap.h> +#include <asm/cpufeature.h> + #define __HAVE_ARCH_PTE_ALLOC_ONE #define __HAVE_ARCH_PGD_FREE #include <asm-generic/pgalloc.h> @@ -29,16 +31,17 @@ static inline void paravirt_release_pud(unsigned long pfn) {} static inline void paravirt_release_p4d(unsigned long pfn) {} #endif -#ifdef CONFIG_MITIGATION_PAGE_TABLE_ISOLATION /* - * Instead of one PGD, we acquire two PGDs. Being order-1, it is - * both 8k in size and 8k-aligned. That lets us just flip bit 12 - * in a pointer to swap between the two 4k halves. + * In case of Page Table Isolation active, we acquire two PGDs instead of one. + * Being order-1, it is both 8k in size and 8k-aligned. That lets us just + * flip bit 12 in a pointer to swap between the two 4k halves. */ -#define PGD_ALLOCATION_ORDER 1 -#else -#define PGD_ALLOCATION_ORDER 0 -#endif +static inline unsigned int pgd_allocation_order(void) +{ + if (cpu_feature_enabled(X86_FEATURE_PTI)) + return 1; + return 0; +} /* * Allocate and free page tables. diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c index 80265162aeff..1f325304c4a8 100644 --- a/arch/x86/kernel/machine_kexec_32.c +++ b/arch/x86/kernel/machine_kexec_32.c @@ -42,7 +42,7 @@ static void load_segments(void) static void machine_kexec_free_page_tables(struct kimage *image) { - free_pages((unsigned long)image->arch.pgd, PGD_ALLOCATION_ORDER); + free_pages((unsigned long)image->arch.pgd, pgd_allocation_order()); image->arch.pgd = NULL; #ifdef CONFIG_X86_PAE free_page((unsigned long)image->arch.pmd0); @@ -59,7 +59,7 @@ static void machine_kexec_free_page_tables(struct kimage *image) static int machine_kexec_alloc_page_tables(struct kimage *image) { image->arch.pgd = (pgd_t *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, - PGD_ALLOCATION_ORDER); + pgd_allocation_order()); #ifdef CONFIG_X86_PAE image->arch.pmd0 = (pmd_t *)get_zeroed_page(GFP_KERNEL); image->arch.pmd1 = (pmd_t *)get_zeroed_page(GFP_KERNEL); diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index a05fcddfc811..f7ae44d3dd9e 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -360,7 +360,7 @@ static inline pgd_t *_pgd_alloc(struct mm_struct *mm) * We allocate one page for pgd. */ if (!SHARED_KERNEL_PMD) - return __pgd_alloc(mm, PGD_ALLOCATION_ORDER); + return __pgd_alloc(mm, pgd_allocation_order()); /* * Now PAE kernel is not running as a Xen domain. We can allocate @@ -380,7 +380,7 @@ static inline void _pgd_free(struct mm_struct *mm, pgd_t *pgd) static inline pgd_t *_pgd_alloc(struct mm_struct *mm) { - return __pgd_alloc(mm, PGD_ALLOCATION_ORDER); + return __pgd_alloc(mm, pgd_allocation_order()); } static inline void _pgd_free(struct mm_struct *mm, pgd_t *pgd) diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c index ac57259a432b..a4b4ebd41b8f 100644 --- a/arch/x86/platform/efi/efi_64.c +++ b/arch/x86/platform/efi/efi_64.c @@ -73,7 +73,7 @@ int __init efi_alloc_page_tables(void) gfp_t gfp_mask; gfp_mask = GFP_KERNEL | __GFP_ZERO; - efi_pgd = (pgd_t *)__get_free_pages(gfp_mask, PGD_ALLOCATION_ORDER); + efi_pgd = (pgd_t *)__get_free_pages(gfp_mask, pgd_allocation_order()); if (!efi_pgd) goto fail; @@ -96,7 +96,7 @@ int __init efi_alloc_page_tables(void) if (pgtable_l5_enabled()) free_page((unsigned long)pgd_page_vaddr(*pgd)); free_pgd: - free_pages((unsigned long)efi_pgd, PGD_ALLOCATION_ORDER); + free_pages((unsigned long)efi_pgd, pgd_allocation_order()); fail: return -ENOMEM; } -- 2.43.0

3 days, 17 hours

2
1
0 0

[PATCH v2] nvmem: zynqmp_nvmem: unbreak driver after cleanup

by Peter Korsgaard

Commit 29be47fcd6a0 ("nvmem: zynqmp_nvmem: zynqmp_nvmem_probe cleanup") changed the driver to expect the device pointer to be passed as the "context", but in nvmem the context parameter comes from nvmem_config.priv which is never set - Leading to null pointer exceptions when the device is accessed. Fixes: 29be47fcd6a0 ("nvmem: zynqmp_nvmem: zynqmp_nvmem_probe cleanup") Cc: stable(a)vger.kernel.org Signed-off-by: Peter Korsgaard <peter(a)korsgaard.com> --- Changes since v1: - Cc stable drivers/nvmem/zynqmp_nvmem.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/nvmem/zynqmp_nvmem.c b/drivers/nvmem/zynqmp_nvmem.c index 8682adaacd692..7da717d6c7faf 100644 --- a/drivers/nvmem/zynqmp_nvmem.c +++ b/drivers/nvmem/zynqmp_nvmem.c @@ -213,6 +213,7 @@ static int zynqmp_nvmem_probe(struct platform_device *pdev) econfig.word_size = 1; econfig.size = ZYNQMP_NVMEM_SIZE; econfig.dev = dev; + econfig.priv = dev; econfig.add_legacy_fixed_of_cells = true; econfig.reg_read = zynqmp_nvmem_read; econfig.reg_write = zynqmp_nvmem_write; -- 2.39.5

3 days, 17 hours

1
0
0 0

Re: [PATCH 1/3 v5.4.y] dmaengine: ti: edma: Add support for handling reserved channels

by Hardik Gohil

> > > I'm sorry, I have no idea what to do here > > please add all the patches 1/3,2/3 and 3/3 to v5.4.y.

3 days, 17 hours

1
0
0 0

[PATCH 1/3 v5.4.y] dmaengine: ti: edma: Add support for handling reserved channels

by Hardik Gohil

From: Peter Ujfalusi <peter.ujfalusi(a)ti.com> Like paRAM slots, channels could be used by other cores and in this case we need to make sure that the driver do not alter these channels. Handle the generic dma-channel-mask property to mark channels in a bitmap which can not be used by Linux and convert the legacy rsv_chans if it is provided by platform_data. Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)ti.com> Link: https://lore.kernel.org/r/20191025073056.25450-4-peter.ujfalusi@ti.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> Signed-off-by: Hardik Gohil <hgohil(a)mvista.com> --- The patch [dmaengine: ti: edma: Add some null pointer checks to the edma_probe] fix for CVE-2024-26771 needs to be backported to v5.4.y kernel. patch 2/3 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… patch 3/3 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… patch 2 and 3 are cleanly applicable to v5.4.y, build test was sucessful. drivers/dma/ti/edma.c | 59 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 53 insertions(+), 6 deletions(-) diff --git a/drivers/dma/ti/edma.c b/drivers/dma/ti/edma.c index 01089e5c565f..47423bbd7bc7 100644 --- a/drivers/dma/ti/edma.c +++ b/drivers/dma/ti/edma.c @@ -259,6 +259,13 @@ struct edma_cc { */ unsigned long *slot_inuse; + /* + * For tracking reserved channels used by DSP. + * If the bit is cleared, the channel is allocated to be used by DSP + * and Linux must not touch it. + */ + unsigned long *channels_mask; + struct dma_device dma_slave; struct dma_device *dma_memcpy; struct edma_chan *slave_chans; @@ -715,6 +722,12 @@ static int edma_alloc_channel(struct edma_chan *echan, struct edma_cc *ecc = echan->ecc; int channel = EDMA_CHAN_SLOT(echan->ch_num); + if (!test_bit(echan->ch_num, ecc->channels_mask)) { + dev_err(ecc->dev, "Channel%d is reserved, can not be used!\n", + echan->ch_num); + return -EINVAL; + } + /* ensure access through shadow region 0 */ edma_or_array2(ecc, EDMA_DRAE, 0, EDMA_REG_ARRAY_INDEX(channel), EDMA_CHANNEL_BIT(channel)); @@ -2249,7 +2262,7 @@ static int edma_probe(struct platform_device *pdev) struct edma_soc_info *info = pdev->dev.platform_data; s8 (*queue_priority_mapping)[2]; int i, off; - const s16 (*rsv_slots)[2]; + const s16 (*reserved)[2]; const s16 (*xbar_chans)[2]; int irq; char *irq_name; @@ -2330,15 +2343,32 @@ static int edma_probe(struct platform_device *pdev) if (!ecc->slot_inuse) return -ENOMEM; + ecc->channels_mask = devm_kcalloc(dev, + BITS_TO_LONGS(ecc->num_channels), + sizeof(unsigned long), GFP_KERNEL); + if (!ecc->channels_mask) + return -ENOMEM; + + /* Mark all channels available initially */ + bitmap_fill(ecc->channels_mask, ecc->num_channels); + ecc->default_queue = info->default_queue; if (info->rsv) { /* Set the reserved slots in inuse list */ - rsv_slots = info->rsv->rsv_slots; - if (rsv_slots) { - for (i = 0; rsv_slots[i][0] != -1; i++) - bitmap_set(ecc->slot_inuse, rsv_slots[i][0], - rsv_slots[i][1]); + reserved = info->rsv->rsv_slots; + if (reserved) { + for (i = 0; reserved[i][0] != -1; i++) + bitmap_set(ecc->slot_inuse, reserved[i][0], + reserved[i][1]); + } + + /* Clear channels not usable for Linux */ + reserved = info->rsv->rsv_chans; + if (reserved) { + for (i = 0; reserved[i][0] != -1; i++) + bitmap_clear(ecc->channels_mask, reserved[i][0], + reserved[i][1]); } } @@ -2398,6 +2428,7 @@ static int edma_probe(struct platform_device *pdev) if (!ecc->legacy_mode) { int lowest_priority = 0; + unsigned int array_max; struct of_phandle_args tc_args; ecc->tc_list = devm_kcalloc(dev, ecc->num_tc, @@ -2421,6 +2452,18 @@ static int edma_probe(struct platform_device *pdev) } of_node_put(tc_args.np); } + + /* See if we have optional dma-channel-mask array */ + array_max = DIV_ROUND_UP(ecc->num_channels, BITS_PER_TYPE(u32)); + ret = of_property_read_variable_u32_array(node, + "dma-channel-mask", + (u32 *)ecc->channels_mask, + 1, array_max); + if (ret > 0 && ret != array_max) + dev_warn(dev, "dma-channel-mask is not complete.\n"); + else if (ret == -EOVERFLOW || ret == -ENODATA) + dev_warn(dev, + "dma-channel-mask is out of range or empty\n"); } /* Event queue priority mapping */ @@ -2438,6 +2481,10 @@ static int edma_probe(struct platform_device *pdev) edma_dma_init(ecc, legacy_mode); for (i = 0; i < ecc->num_channels; i++) { + /* Do not touch reserved channels */ + if (!test_bit(i, ecc->channels_mask)) + continue; + /* Assign all channels to the default queue */ edma_assign_channel_eventq(&ecc->slave_chans[i], info->default_queue); -- 2.25.1

3 days, 18 hours

3
2
0 0

[PATCH 5.15.y] fs/ntfs3: Fixed overflow check in mi_enum_attr()

by bin.lan.cn＠windriver.com

From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> [ Upstream commit 652cfeb43d6b9aba5c7c4902bed7a7340df131fb ] Reported-by: Robert Morris <rtm(a)csail.mit.edu> Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- fs/ntfs3/record.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ntfs3/record.c b/fs/ntfs3/record.c index 383fc3437f02..fb0683c983cf 100644 --- a/fs/ntfs3/record.c +++ b/fs/ntfs3/record.c @@ -263,7 +263,7 @@ struct ATTRIB *mi_enum_attr(struct mft_inode *mi, struct ATTRIB *attr) return NULL; t32 = le32_to_cpu(attr->res.data_size); - if (t16 + t32 > asize) + if (t32 > asize - t16) return NULL; if (attr->name_len && -- 2.34.1

3 days, 18 hours

3
2
0 0

[PATCH 5.15.y] jfs: define xtree root and page independently

by Aditya Dutt

From: Dave Kleikamp <dave.kleikamp(a)oracle.com> [ Upstream commit a779ed754e52d582b8c0e17959df063108bd0656 ] In order to make array bounds checking sane, provide a separate definition of the in-inode xtree root and the external xtree page. Signed-off-by: Dave Kleikamp <dave.kleikamp(a)oracle.com> Tested-by: Manas Ghandat <ghandatmanas(a)gmail.com> (cherry picked from commit a779ed754e52d582b8c0e17959df063108bd0656) Closes: https://syzkaller.appspot.com/bug?extid=ccb458b6679845ee0bae Signed-off-by: Aditya Dutt <duttaditya18(a)gmail.com> --- Tested using C reproducer here: https://syzkaller.appspot.com/x/repro.c?x=113bb250e80000 (given in the dashboard link above UBSAN is not triggered when this commit is there. It is triggered when it is not. fs/jfs/jfs_dinode.h | 2 +- fs/jfs/jfs_imap.c | 6 +++--- fs/jfs/jfs_incore.h | 2 +- fs/jfs/jfs_txnmgr.c | 4 ++-- fs/jfs/jfs_xtree.c | 4 ++-- fs/jfs/jfs_xtree.h | 37 +++++++++++++++++++++++-------------- 6 files changed, 32 insertions(+), 23 deletions(-) diff --git a/fs/jfs/jfs_dinode.h b/fs/jfs/jfs_dinode.h index 5fa9fd594115..e630810a48c6 100644 --- a/fs/jfs/jfs_dinode.h +++ b/fs/jfs/jfs_dinode.h @@ -96,7 +96,7 @@ struct dinode { #define di_gengen u._file._u1._imap._gengen union { - xtpage_t _xtroot; + xtroot_t _xtroot; struct { u8 unused[16]; /* 16: */ dxd_t _dxd; /* 16: */ diff --git a/fs/jfs/jfs_imap.c b/fs/jfs/jfs_imap.c index 937ca07b58b1..5a360cd54098 100644 --- a/fs/jfs/jfs_imap.c +++ b/fs/jfs/jfs_imap.c @@ -671,7 +671,7 @@ int diWrite(tid_t tid, struct inode *ip) * This is the special xtree inside the directory for storing * the directory table */ - xtpage_t *p, *xp; + xtroot_t *p, *xp; xad_t *xad; jfs_ip->xtlid = 0; @@ -685,7 +685,7 @@ int diWrite(tid_t tid, struct inode *ip) * copy xtree root from inode to dinode: */ p = &jfs_ip->i_xtroot; - xp = (xtpage_t *) &dp->di_dirtable; + xp = (xtroot_t *) &dp->di_dirtable; lv = ilinelock->lv; for (n = 0; n < ilinelock->index; n++, lv++) { memcpy(&xp->xad[lv->offset], &p->xad[lv->offset], @@ -714,7 +714,7 @@ int diWrite(tid_t tid, struct inode *ip) * regular file: 16 byte (XAD slot) granularity */ if (type & tlckXTREE) { - xtpage_t *p, *xp; + xtroot_t *p, *xp; xad_t *xad; /* diff --git a/fs/jfs/jfs_incore.h b/fs/jfs/jfs_incore.h index a466ec41cfbb..852f4c1f2946 100644 --- a/fs/jfs/jfs_incore.h +++ b/fs/jfs/jfs_incore.h @@ -66,7 +66,7 @@ struct jfs_inode_info { lid_t xtlid; /* lid of xtree lock on directory */ union { struct { - xtpage_t _xtroot; /* 288: xtree root */ + xtroot_t _xtroot; /* 288: xtree root */ struct inomap *_imap; /* 4: inode map header */ } file; struct { diff --git a/fs/jfs/jfs_txnmgr.c b/fs/jfs/jfs_txnmgr.c index dca8edd2378c..7d19324f5a83 100644 --- a/fs/jfs/jfs_txnmgr.c +++ b/fs/jfs/jfs_txnmgr.c @@ -778,7 +778,7 @@ struct tlock *txLock(tid_t tid, struct inode *ip, struct metapage * mp, if (mp->xflag & COMMIT_PAGE) p = (xtpage_t *) mp->data; else - p = &jfs_ip->i_xtroot; + p = (xtpage_t *) &jfs_ip->i_xtroot; xtlck->lwm.offset = le16_to_cpu(p->header.nextindex); } @@ -1708,7 +1708,7 @@ static void xtLog(struct jfs_log * log, struct tblock * tblk, struct lrd * lrd, if (tlck->type & tlckBTROOT) { lrd->log.redopage.type |= cpu_to_le16(LOG_BTROOT); - p = &JFS_IP(ip)->i_xtroot; + p = (xtpage_t *) &JFS_IP(ip)->i_xtroot; if (S_ISDIR(ip->i_mode)) lrd->log.redopage.type |= cpu_to_le16(LOG_DIR_XTREE); diff --git a/fs/jfs/jfs_xtree.c b/fs/jfs/jfs_xtree.c index 3148e9b35f3b..34db519933b4 100644 --- a/fs/jfs/jfs_xtree.c +++ b/fs/jfs/jfs_xtree.c @@ -1224,7 +1224,7 @@ xtSplitRoot(tid_t tid, struct xtlock *xtlck; int rc; - sp = &JFS_IP(ip)->i_xtroot; + sp = (xtpage_t *) &JFS_IP(ip)->i_xtroot; INCREMENT(xtStat.split); @@ -3059,7 +3059,7 @@ static int xtRelink(tid_t tid, struct inode *ip, xtpage_t * p) */ void xtInitRoot(tid_t tid, struct inode *ip) { - xtpage_t *p; + xtroot_t *p; /* * acquire a transaction lock on the root diff --git a/fs/jfs/jfs_xtree.h b/fs/jfs/jfs_xtree.h index 5f51be8596b3..dc9b5f8d6385 100644 --- a/fs/jfs/jfs_xtree.h +++ b/fs/jfs/jfs_xtree.h @@ -65,24 +65,33 @@ struct xadlist { #define XTPAGEMAXSLOT 256 #define XTENTRYSTART 2 -/* - * xtree page: - */ -typedef union { - struct xtheader { - __le64 next; /* 8: */ - __le64 prev; /* 8: */ +struct xtheader { + __le64 next; /* 8: */ + __le64 prev; /* 8: */ - u8 flag; /* 1: */ - u8 rsrvd1; /* 1: */ - __le16 nextindex; /* 2: next index = number of entries */ - __le16 maxentry; /* 2: max number of entries */ - __le16 rsrvd2; /* 2: */ + u8 flag; /* 1: */ + u8 rsrvd1; /* 1: */ + __le16 nextindex; /* 2: next index = number of entries */ + __le16 maxentry; /* 2: max number of entries */ + __le16 rsrvd2; /* 2: */ - pxd_t self; /* 8: self */ - } header; /* (32) */ + pxd_t self; /* 8: self */ +}; +/* + * xtree root (in inode): + */ +typedef union { + struct xtheader header; xad_t xad[XTROOTMAXSLOT]; /* 16 * maxentry: xad array */ +} xtroot_t; + +/* + * xtree page: + */ +typedef union { + struct xtheader header; + xad_t xad[XTPAGEMAXSLOT]; /* 16 * maxentry: xad array */ } xtpage_t; /* -- 2.34.1

3 days, 18 hours

3
3
0 0

[PATCH 6.12.y v2 1/2] Revert "wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process"

by Alexander Tsoy

This reverts commit 535b666118f6ddeae90a480a146c061796d37022 as it was backported incorrectly. A subsequent commit will re-backport the original patch. Signed-off-by: Alexander Tsoy <alexander(a)tsoy.me> --- drivers/net/wireless/ath/ath12k/dp_mon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath12k/dp_mon.c b/drivers/net/wireless/ath/ath12k/dp_mon.c index 1706ec27eb9c..5c6749bc4039 100644 --- a/drivers/net/wireless/ath/ath12k/dp_mon.c +++ b/drivers/net/wireless/ath/ath12k/dp_mon.c @@ -2533,7 +2533,7 @@ int ath12k_dp_mon_rx_process_stats(struct ath12k *ar, int mac_id, dest_idx = 0; move_next: ath12k_dp_mon_buf_replenish(ab, buf_ring, 1); - ath12k_hal_srng_dst_get_next_entry(ab, srng); + ath12k_hal_srng_src_get_next_entry(ab, srng); num_buffs_reaped++; } -- 2.49.0

3 days, 18 hours

2
2
0 0

[PATCH 6.14.y v2 1/2] Revert "wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process"

by Alexander Tsoy

This reverts commit 0c1015493f0e3979bcbd3a12ebc0977578c87f21 as it was backported incorrectly. A subsequent commit will re-backport the original patch. Signed-off-by: Alexander Tsoy <alexander(a)tsoy.me> --- drivers/net/wireless/ath/ath12k/dp_mon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath12k/dp_mon.c b/drivers/net/wireless/ath/ath12k/dp_mon.c index 0b089389087d..8005d30a4dbe 100644 --- a/drivers/net/wireless/ath/ath12k/dp_mon.c +++ b/drivers/net/wireless/ath/ath12k/dp_mon.c @@ -2473,7 +2473,7 @@ int ath12k_dp_mon_rx_process_stats(struct ath12k *ar, int mac_id, dest_idx = 0; move_next: ath12k_dp_mon_buf_replenish(ab, buf_ring, 1); - ath12k_hal_srng_dst_get_next_entry(ab, srng); + ath12k_hal_srng_src_get_next_entry(ab, srng); num_buffs_reaped++; } -- 2.49.0

3 days, 18 hours

2
2
0 0

Request for backporting hid-pidff driver patches

by tomasz.pakula.oficjalny＠gmail.com

Hello Recently AUTOSEL selected some of out patches to hid-pidff and hid-universal-pidff. Though I looked over what was selected and everything will be working, I'd like to keep the drivers up-to-date at least going back to 6.12 as these kernels are widely used and leaving said driers in an incomplete state, not up to upstream might lead to some false positive bug reports to me and Oleg. Here's the full list of the hid-pidff related patches from upstream. It might look like a lot but some granular changes were recorded as the driver was in need of an overhaul for at least 10 years. This mainly touches just two files. I tested it personally and all the patches apply cleanly on top of current 6.12.y, 6.13.y and 6.14.y branches. Thanks in advance! e2fa0bdf08a7 HID: pidff: Fix set_device_control() f98ecedbeca3 HID: pidff: Fix 90 degrees direction name North -> East 1a575044d516 HID: pidff: Compute INFINITE value instead of using hardcoded 0xffff 0c6673e3d17b HID: pidff: Clamp effect playback LOOP_COUNT value bbeface10511 HID: pidff: Rename two functions to align them with naming convention 1bd55e79cbc0 HID: pidff: Remove redundant call to pidff_find_special_keys 9d4174dc4a23 HID: pidff: Support device error response from PID_BLOCK_LOAD e19675c24774 HID: pidff: Comment and code style update c385f61108d4 HID: hid-universal-pidff: Add Asetek wheelbases support 1f650dcec32d HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX 2c2afb50b50f MAINTAINERS: Update hid-universal-pidff entry 5d98079b2d01 HID: pidff: Factor out pool report fetch and remove excess declaration 217551624569 HID: pidff: Use macros instead of hardcoded min/max values for shorts 4eb9c2ee538b HID: pidff: Simplify pidff_rescale_signed 0d24d4b1da96 HID: pidff: Move all hid-pidff definitions to a dedicated header 22a05462c3d0 HID: pidff: Fix null pointer dereference in pidff_find_fields f7ebf0b11b9e HID: pidff: Factor out code for setting gain 8713107221a8 HID: pidff: Rescale time values to match field units 1c12f136891c HID: pidff: Define values used in pidff_find_special_fields e4bdc80ef142 HID: pidff: Simplify pidff_upload_effect function cb3fd788e3fa HID: pidff: Completely rework and fix pidff_reset function abdbf8764f49 HID: pidff: Add PERIODIC_SINE_ONLY quirk 7d3adb9695ec MAINTAINERS: Add entry for hid-universal-pidff driver f06bf8d94fff HID: Add hid-universal-pidff driver and supported device ids ce52c0c939fc HID: pidff: Stop all effects before enabling actuators 3051bf5ec773 HID: pidff: Add FIX_WHEEL_DIRECTION quirk 36de0164bbaf HID: pidff: Add hid_pidff_init_with_quirks and export as GPL symbol a4119108d253 HID: pidff: Add PERMISSIVE_CONTROL quirk fc7c154e9bb3 HID: pidff: Add MISSING_PBO quirk and its detection 2d5c7ce5bf4c HID: pidff: Add MISSING_DELAY quirk and its detection f538183e997a HID: pidff: Clamp PERIODIC effect period to device's logical range 8876fc1884f5 HID: pidff: Do not send effect envelope if it's empty 37e0591fe44d HID: pidff: Convert infinite length from Linux API to PID standard Tomasz

3 days, 19 hours

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror