Linux-stable-mirror

linux-stable-mirror@lists.linaro.org

266 participants
124088 discussions

Start a nNew thread

FAILED: patch "[PATCH] drm/mediatek: ovl_adaptor: Fix probe device leaks" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

2 days, 17 hours

FAILED: patch "[PATCH] drm/mediatek: ovl_adaptor: Fix probe device leaks" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x e0f44f74ed6313e50b38eb39a2c7f210ae208db2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026010626-drainable-stricken-476d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e0f44f74ed6313e50b38eb39a2c7f210ae208db2 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Tue, 23 Sep 2025 17:23:40 +0200 Subject: [PATCH] drm/mediatek: ovl_adaptor: Fix probe device leaks Make sure to drop the references taken to the component devices by of_find_device_by_node() during probe on probe failure (e.g. probe deferral) and on driver unbind. Fixes: 453c3364632a ("drm/mediatek: Add ovl_adaptor support for MT8195") Cc: stable(a)vger.kernel.org # 6.4 Cc: Nancy.Lin <nancy.lin(a)mediatek.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Link: https://patchwork.kernel.org/project/dri-devel/patch/20250923152340.18234-6… Signed-off-by: Chun-Kuang Hu <chunkuang.hu(a)kernel.org> diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c index fe97bb97e004..c0af3e3b51d5 100644 --- a/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c +++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl_adaptor.c @@ -527,6 +527,13 @@ bool mtk_ovl_adaptor_is_comp_present(struct device_node *node) type == OVL_ADAPTOR_TYPE_PADDING; } +static void ovl_adaptor_put_device(void *_dev) +{ + struct device *dev = _dev; + + put_device(dev); +} + static int ovl_adaptor_comp_init(struct device *dev, struct component_match **match) { struct mtk_disp_ovl_adaptor *priv = dev_get_drvdata(dev); @@ -560,6 +567,11 @@ static int ovl_adaptor_comp_init(struct device *dev, struct component_match **ma if (!comp_pdev) return -EPROBE_DEFER; + ret = devm_add_action_or_reset(dev, ovl_adaptor_put_device, + &comp_pdev->dev); + if (ret) + return ret; + priv->ovl_adaptor_comp[id] = &comp_pdev->dev; drm_of_component_match_add(dev, match, component_compare_of, node);

2 days, 18 hours

[PATCH RESEND] Revert "gpio: swnode: don't use the swnode's name as the key for GPIO lookup"

by Charles Keepax

This reverts commit 25decf0469d4c91d90aa2e28d996aed276bfc622. This software node change doesn't actually fix any current issues with the kernel, it is an improvement to the lookup process rather than fixing a live bug. It also causes a couple of regressions with shipping laptops, which relied on the label based lookup. There is a fix for the regressions in mainline, the first 5 patches of [1]. However, those patches are fairly substantial changes and given the patch causing the regression doesn't actually fix a bug it seems better to just revert it in stable. CC: stable(a)vger.kernel.org # 6.18 Link: https://lore.kernel.org/linux-sound/20251120-reset-gpios-swnodes-v7-0-a1004… [1] Closes: https://github.com/thesofproject/linux/issues/5599 Closes: https://github.com/thesofproject/linux/issues/5603 Acked-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Signed-off-by: Charles Keepax <ckeepax(a)opensource.cirrus.com> --- This fix for the software node lookups is also required on 6.18 stable, see the discussion for 6.12/6.17 in [2] for why we are doing a revert rather than backporting the other fixes. The "full" fixes are merged in 6.19 so this should be the last kernel we need to push this revert onto. Thanks, Charles drivers/gpio/gpiolib-swnode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpio/gpiolib-swnode.c b/drivers/gpio/gpiolib-swnode.c index e3806db1c0e07..f21dbc28cf2c8 100644 --- a/drivers/gpio/gpiolib-swnode.c +++ b/drivers/gpio/gpiolib-swnode.c @@ -41,7 +41,7 @@ static struct gpio_device *swnode_get_gpio_device(struct fwnode_handle *fwnode) !strcmp(gdev_node->name, GPIOLIB_SWNODE_UNDEFINED_NAME)) return ERR_PTR(-ENOENT); - gdev = gpio_device_find_by_fwnode(fwnode); + gdev = gpio_device_find_by_label(gdev_node->name); return gdev ?: ERR_PTR(-EPROBE_DEFER); } -- 2.47.3

2 days, 18 hours

FAILED: patch "[PATCH] firmware: stratix10-svc: Add mutex in stratix10 memory" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 85f96cbbbc67b59652b2c1ec394b8ddc0ddf1b0b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026010654-kimono-starlight-7676@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 85f96cbbbc67b59652b2c1ec394b8ddc0ddf1b0b Mon Sep 17 00:00:00 2001 From: Mahesh Rao <mahesh.rao(a)altera.com> Date: Mon, 27 Oct 2025 22:54:40 +0800 Subject: [PATCH] firmware: stratix10-svc: Add mutex in stratix10 memory management Add mutex lock to stratix10_svc_allocate_memory and stratix10_svc_free_memory for thread safety. This prevents race conditions and ensures proper synchronization during memory operations. This is required for parallel communication with the Stratix10 service channel. Fixes: 7ca5ce896524f ("firmware: add Intel Stratix10 service layer driver") Cc: stable(a)vger.kernel.org Signed-off-by: Mahesh Rao <mahesh.rao(a)altera.com> Reviewed-by: Matthew Gerlach <matthew.gerlach(a)altera.com> Signed-off-by: Dinh Nguyen <dinguyen(a)kernel.org> diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c index 5a32c1054bee..9372a17d89b7 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 /* * Copyright (C) 2017-2018, Intel Corporation + * Copyright (C) 2025, Altera Corporation */ #include <linux/completion.h> @@ -172,6 +173,12 @@ struct stratix10_svc_chan { static LIST_HEAD(svc_ctrl); static LIST_HEAD(svc_data_mem); +/** + * svc_mem_lock protects access to the svc_data_mem list for + * concurrent multi-client operations + */ +static DEFINE_MUTEX(svc_mem_lock); + /** * svc_pa_to_va() - translate physical address to virtual address * @addr: to be translated physical address @@ -184,6 +191,7 @@ static void *svc_pa_to_va(unsigned long addr) struct stratix10_svc_data_mem *pmem; pr_debug("claim back P-addr=0x%016x\n", (unsigned int)addr); + guard(mutex)(&svc_mem_lock); list_for_each_entry(pmem, &svc_data_mem, node) if (pmem->paddr == addr) return pmem->vaddr; @@ -1002,6 +1010,7 @@ int stratix10_svc_send(struct stratix10_svc_chan *chan, void *msg) p_data->flag = ct->flags; } } else { + guard(mutex)(&svc_mem_lock); list_for_each_entry(p_mem, &svc_data_mem, node) if (p_mem->vaddr == p_msg->payload) { p_data->paddr = p_mem->paddr; @@ -1084,6 +1093,7 @@ void *stratix10_svc_allocate_memory(struct stratix10_svc_chan *chan, if (!pmem) return ERR_PTR(-ENOMEM); + guard(mutex)(&svc_mem_lock); va = gen_pool_alloc(genpool, s); if (!va) return ERR_PTR(-ENOMEM); @@ -1112,6 +1122,7 @@ EXPORT_SYMBOL_GPL(stratix10_svc_allocate_memory); void stratix10_svc_free_memory(struct stratix10_svc_chan *chan, void *kaddr) { struct stratix10_svc_data_mem *pmem; + guard(mutex)(&svc_mem_lock); list_for_each_entry(pmem, &svc_data_mem, node) if (pmem->vaddr == kaddr) {

2 days, 18 hours

FAILED: patch "[PATCH] firmware: stratix10-svc: Add mutex in stratix10 memory" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 85f96cbbbc67b59652b2c1ec394b8ddc0ddf1b0b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026010654-universe-wrongly-32af@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 85f96cbbbc67b59652b2c1ec394b8ddc0ddf1b0b Mon Sep 17 00:00:00 2001 From: Mahesh Rao <mahesh.rao(a)altera.com> Date: Mon, 27 Oct 2025 22:54:40 +0800 Subject: [PATCH] firmware: stratix10-svc: Add mutex in stratix10 memory management Add mutex lock to stratix10_svc_allocate_memory and stratix10_svc_free_memory for thread safety. This prevents race conditions and ensures proper synchronization during memory operations. This is required for parallel communication with the Stratix10 service channel. Fixes: 7ca5ce896524f ("firmware: add Intel Stratix10 service layer driver") Cc: stable(a)vger.kernel.org Signed-off-by: Mahesh Rao <mahesh.rao(a)altera.com> Reviewed-by: Matthew Gerlach <matthew.gerlach(a)altera.com> Signed-off-by: Dinh Nguyen <dinguyen(a)kernel.org> diff --git a/drivers/firmware/stratix10-svc.c b/drivers/firmware/stratix10-svc.c index 5a32c1054bee..9372a17d89b7 100644 --- a/drivers/firmware/stratix10-svc.c +++ b/drivers/firmware/stratix10-svc.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 /* * Copyright (C) 2017-2018, Intel Corporation + * Copyright (C) 2025, Altera Corporation */ #include <linux/completion.h> @@ -172,6 +173,12 @@ struct stratix10_svc_chan { static LIST_HEAD(svc_ctrl); static LIST_HEAD(svc_data_mem); +/** + * svc_mem_lock protects access to the svc_data_mem list for + * concurrent multi-client operations + */ +static DEFINE_MUTEX(svc_mem_lock); + /** * svc_pa_to_va() - translate physical address to virtual address * @addr: to be translated physical address @@ -184,6 +191,7 @@ static void *svc_pa_to_va(unsigned long addr) struct stratix10_svc_data_mem *pmem; pr_debug("claim back P-addr=0x%016x\n", (unsigned int)addr); + guard(mutex)(&svc_mem_lock); list_for_each_entry(pmem, &svc_data_mem, node) if (pmem->paddr == addr) return pmem->vaddr; @@ -1002,6 +1010,7 @@ int stratix10_svc_send(struct stratix10_svc_chan *chan, void *msg) p_data->flag = ct->flags; } } else { + guard(mutex)(&svc_mem_lock); list_for_each_entry(p_mem, &svc_data_mem, node) if (p_mem->vaddr == p_msg->payload) { p_data->paddr = p_mem->paddr; @@ -1084,6 +1093,7 @@ void *stratix10_svc_allocate_memory(struct stratix10_svc_chan *chan, if (!pmem) return ERR_PTR(-ENOMEM); + guard(mutex)(&svc_mem_lock); va = gen_pool_alloc(genpool, s); if (!va) return ERR_PTR(-ENOMEM); @@ -1112,6 +1122,7 @@ EXPORT_SYMBOL_GPL(stratix10_svc_allocate_memory); void stratix10_svc_free_memory(struct stratix10_svc_chan *chan, void *kaddr) { struct stratix10_svc_data_mem *pmem; + guard(mutex)(&svc_mem_lock); list_for_each_entry(pmem, &svc_data_mem, node) if (pmem->vaddr == kaddr) {

2 days, 18 hours

[PATCH v2 0/2] Fix vm.dirtytime_expire_seconds=0 causing 100% CPU

by Laveesh Bansal

Setting vm.dirtytime_expire_seconds to 0 causes wakeup_dirtytime_writeback() to reschedule itself with a delay of 0, creating an infinite busy loop that spins kworker at 100% CPU. This series: - Patch 1: Fixes the bug by handling interval=0 as "disable writeback" (consistent with dirty_writeback_centisecs behavior) - Patch 2: Documents that setting the value to 0 disables writeback Tested by booting kernels in QEMU with virtme-ng: - Buggy kernel: kworker CPU spikes to ~73% when interval set to 0 - Fixed kernel: CPU remains normal, writeback correctly disabled - Re-enabling (0 -> non-zero): writeback resumes correctly v2: - Added Reviewed-by from Jan Kara (no code changes) Laveesh Bansal (2): writeback: fix 100% CPU usage when dirtytime_expire_interval is 0 docs: clarify that dirtytime_expire_seconds=0 disables writeback Documentation/admin-guide/sysctl/vm.rst | 2 ++ fs/fs-writeback.c | 14 ++++++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) -- 2.43.0

2 days, 18 hours

[PATCH] crypto: padlock-sha - Disable broken driver

by Eric Biggers

This driver is known broken, as it computes the wrong SHA-1 and SHA-256 hashes. Correctness needs to be the first priority for cryptographic code. Just disable it, allowing the standard (and actually correct) SHA-1 and SHA-256 implementations to take priority. Reported-by: larryw3i <larryw3i(a)yeah.net> Closes: https://lore.kernel.org/r/3af01fec-b4d3-4d0c-9450-2b722d4bbe39@yeah.net/ Closes: https://lists.debian.org/debian-kernel/2025/09/msg00019.html Closes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113996 Cc: stable(a)vger.kernel.org Cc: AlanSong-oc(a)zhaoxin.com Cc: CobeChen(a)zhaoxin.com Cc: GeorgeXue(a)zhaoxin.com Cc: HansHu(a)zhaoxin.com Cc: LeoLiu-oc(a)zhaoxin.com Cc: TonyWWang-oc(a)zhaoxin.com Cc: YunShen(a)zhaoxin.com Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> --- This patch is targeting crypto/master drivers/crypto/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig index a6688d54984c..16ea3e741350 100644 --- a/drivers/crypto/Kconfig +++ b/drivers/crypto/Kconfig @@ -38,11 +38,11 @@ config CRYPTO_DEV_PADLOCK_AES If unsure say M. The compiled module will be called padlock-aes. config CRYPTO_DEV_PADLOCK_SHA tristate "PadLock driver for SHA1 and SHA256 algorithms" - depends on CRYPTO_DEV_PADLOCK + depends on CRYPTO_DEV_PADLOCK && BROKEN select CRYPTO_HASH select CRYPTO_SHA1 select CRYPTO_SHA256 help Use VIA PadLock for SHA1/SHA256 algorithms. base-commit: 59b0afd01b2ce353ab422ea9c8375b03db313a21 -- 2.51.2

2 days, 18 hours

FAILED: patch "[PATCH] drm/tilcdc: Fix removal actions in case of failed probe" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x a585c7ef9cabda58088916baedc6573e9a5cd2a7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2026010529-certainty-unguided-7d41@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a585c7ef9cabda58088916baedc6573e9a5cd2a7 Mon Sep 17 00:00:00 2001 From: "Kory Maincent (TI.com)" <kory.maincent(a)bootlin.com> Date: Tue, 25 Nov 2025 10:05:44 +0100 Subject: [PATCH] drm/tilcdc: Fix removal actions in case of failed probe The drm_kms_helper_poll_fini() and drm_atomic_helper_shutdown() helpers should only be called when the device has been successfully registered. Currently, these functions are called unconditionally in tilcdc_fini(), which causes warnings during probe deferral scenarios. [ 7.972317] WARNING: CPU: 0 PID: 23 at drivers/gpu/drm/drm_atomic_state_helper.c:175 drm_atomic_helper_crtc_duplicate_state+0x60/0x68 ... [ 8.005820] drm_atomic_helper_crtc_duplicate_state from drm_atomic_get_crtc_state+0x68/0x108 [ 8.005858] drm_atomic_get_crtc_state from drm_atomic_helper_disable_all+0x90/0x1c8 [ 8.005885] drm_atomic_helper_disable_all from drm_atomic_helper_shutdown+0x90/0x144 [ 8.005911] drm_atomic_helper_shutdown from tilcdc_fini+0x68/0xf8 [tilcdc] [ 8.005957] tilcdc_fini [tilcdc] from tilcdc_pdev_probe+0xb0/0x6d4 [tilcdc] Fix this by rewriting the failed probe cleanup path using the standard goto error handling pattern, which ensures that cleanup functions are only called on successfully initialized resources. Additionally, remove the now-unnecessary is_registered flag. Cc: stable(a)vger.kernel.org Fixes: 3c4babae3c4a ("drm: Call drm_atomic_helper_shutdown() at shutdown/remove time for misc drivers") Signed-off-by: Kory Maincent (TI.com) <kory.maincent(a)bootlin.com> Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Reviewed-by: Luca Ceresoli <luca.ceresoli(a)bootlin.com> Signed-off-by: Douglas Anderson <dianders(a)chromium.org> Link: https://patch.msgid.link/20251125090546.137193-1-kory.maincent@bootlin.com diff --git a/drivers/gpu/drm/tilcdc/tilcdc_crtc.c b/drivers/gpu/drm/tilcdc/tilcdc_crtc.c index b5f60b2b2d0e..41802c9bd147 100644 --- a/drivers/gpu/drm/tilcdc/tilcdc_crtc.c +++ b/drivers/gpu/drm/tilcdc/tilcdc_crtc.c @@ -586,7 +586,7 @@ static void tilcdc_crtc_recover_work(struct work_struct *work) drm_modeset_unlock(&crtc->mutex); } -static void tilcdc_crtc_destroy(struct drm_crtc *crtc) +void tilcdc_crtc_destroy(struct drm_crtc *crtc) { struct tilcdc_drm_private *priv = crtc->dev->dev_private; diff --git a/drivers/gpu/drm/tilcdc/tilcdc_drv.c b/drivers/gpu/drm/tilcdc/tilcdc_drv.c index 7caec4d38ddf..3dcbec312bac 100644 --- a/drivers/gpu/drm/tilcdc/tilcdc_drv.c +++ b/drivers/gpu/drm/tilcdc/tilcdc_drv.c @@ -172,8 +172,7 @@ static void tilcdc_fini(struct drm_device *dev) if (priv->crtc) tilcdc_crtc_shutdown(priv->crtc); - if (priv->is_registered) - drm_dev_unregister(dev); + drm_dev_unregister(dev); drm_kms_helper_poll_fini(dev); drm_atomic_helper_shutdown(dev); @@ -220,21 +219,21 @@ static int tilcdc_init(const struct drm_driver *ddrv, struct device *dev) priv->wq = alloc_ordered_workqueue("tilcdc", 0); if (!priv->wq) { ret = -ENOMEM; - goto init_failed; + goto put_drm; } priv->mmio = devm_platform_ioremap_resource(pdev, 0); if (IS_ERR(priv->mmio)) { dev_err(dev, "failed to request / ioremap\n"); ret = PTR_ERR(priv->mmio); - goto init_failed; + goto free_wq; } priv->clk = clk_get(dev, "fck"); if (IS_ERR(priv->clk)) { dev_err(dev, "failed to get functional clock\n"); ret = -ENODEV; - goto init_failed; + goto free_wq; } pm_runtime_enable(dev); @@ -313,7 +312,7 @@ static int tilcdc_init(const struct drm_driver *ddrv, struct device *dev) ret = tilcdc_crtc_create(ddev); if (ret < 0) { dev_err(dev, "failed to create crtc\n"); - goto init_failed; + goto disable_pm; } modeset_init(ddev); @@ -324,46 +323,46 @@ static int tilcdc_init(const struct drm_driver *ddrv, struct device *dev) if (ret) { dev_err(dev, "failed to register cpufreq notifier\n"); priv->freq_transition.notifier_call = NULL; - goto init_failed; + goto destroy_crtc; } #endif if (priv->is_componentized) { ret = component_bind_all(dev, ddev); if (ret < 0) - goto init_failed; + goto unregister_cpufreq_notif; ret = tilcdc_add_component_encoder(ddev); if (ret < 0) - goto init_failed; + goto unbind_component; } else { ret = tilcdc_attach_external_device(ddev); if (ret) - goto init_failed; + goto unregister_cpufreq_notif; } if (!priv->external_connector && ((priv->num_encoders == 0) || (priv->num_connectors == 0))) { dev_err(dev, "no encoders/connectors found\n"); ret = -EPROBE_DEFER; - goto init_failed; + goto unbind_component; } ret = drm_vblank_init(ddev, 1); if (ret < 0) { dev_err(dev, "failed to initialize vblank\n"); - goto init_failed; + goto unbind_component; } ret = platform_get_irq(pdev, 0); if (ret < 0) - goto init_failed; + goto unbind_component; priv->irq = ret; ret = tilcdc_irq_install(ddev, priv->irq); if (ret < 0) { dev_err(dev, "failed to install IRQ handler\n"); - goto init_failed; + goto unbind_component; } drm_mode_config_reset(ddev); @@ -372,16 +371,34 @@ static int tilcdc_init(const struct drm_driver *ddrv, struct device *dev) ret = drm_dev_register(ddev, 0); if (ret) - goto init_failed; - priv->is_registered = true; + goto stop_poll; drm_client_setup_with_color_mode(ddev, bpp); return 0; -init_failed: - tilcdc_fini(ddev); +stop_poll: + drm_kms_helper_poll_fini(ddev); + tilcdc_irq_uninstall(ddev); +unbind_component: + if (priv->is_componentized) + component_unbind_all(dev, ddev); +unregister_cpufreq_notif: +#ifdef CONFIG_CPU_FREQ + cpufreq_unregister_notifier(&priv->freq_transition, + CPUFREQ_TRANSITION_NOTIFIER); +destroy_crtc: +#endif + tilcdc_crtc_destroy(priv->crtc); +disable_pm: + pm_runtime_disable(dev); + clk_put(priv->clk); +free_wq: + destroy_workqueue(priv->wq); +put_drm: platform_set_drvdata(pdev, NULL); + ddev->dev_private = NULL; + drm_dev_put(ddev); return ret; } diff --git a/drivers/gpu/drm/tilcdc/tilcdc_drv.h b/drivers/gpu/drm/tilcdc/tilcdc_drv.h index b818448c83f6..58b276f82a66 100644 --- a/drivers/gpu/drm/tilcdc/tilcdc_drv.h +++ b/drivers/gpu/drm/tilcdc/tilcdc_drv.h @@ -82,7 +82,6 @@ struct tilcdc_drm_private { struct drm_encoder *external_encoder; struct drm_connector *external_connector; - bool is_registered; bool is_componentized; bool irq_enabled; }; @@ -164,6 +163,7 @@ void tilcdc_crtc_set_panel_info(struct drm_crtc *crtc, void tilcdc_crtc_set_simulate_vesa_sync(struct drm_crtc *crtc, bool simulate_vesa_sync); void tilcdc_crtc_shutdown(struct drm_crtc *crtc); +void tilcdc_crtc_destroy(struct drm_crtc *crtc); int tilcdc_crtc_update_fb(struct drm_crtc *crtc, struct drm_framebuffer *fb, struct drm_pending_vblank_event *event);

2 days, 18 hours

Vendors Registration

by EXXONMOBIL

2 days, 20 hours

[PATCH] ocfs2: Fix circular locking dependency in ocfs2_del_inode_from_orphan()

by Prithvi Tambewagh

A possible circular locking dependency in ocfs2_del_inode_from_orphan() is detected by syzbot, which occurs due to change in the sequence of acquiring locks. The existing chain is: &ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE] --> &dquot->dq_lock --> &ocfs2_quota_ip_alloc_sem_key In ocfs2_dio_end_io_write(), &ocfs2_quota_ip_alloc_sem_key is acquired, and then ocfs2_del_inode_from_orphan() is called, which acquires &ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]. This opposes the existing dependency chain: -> #3 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 down_write+0x3a/0x50 kernel/locking/rwsem.c:1590 ocfs2_create_local_dquot+0x19d/0x1a40 fs/ocfs2/quota_local.c:1227 ocfs2_acquire_dquot+0x80f/0xb30 fs/ocfs2/quota_global.c:883 dqget+0x7c1/0xf20 fs/quota/dquot.c:980 __dquot_initialize+0x3b3/0xcb0 fs/quota/dquot.c:1508 ocfs2_get_init_inode+0x13b/0x1b0 fs/ocfs2/namei.c:205 ocfs2_mknod+0x863/0x2050 fs/ocfs2/namei.c:313 ocfs2_create+0x1a5/0x440 fs/ocfs2/namei.c:676 lookup_open fs/namei.c:3796 [inline] open_last_lookups fs/namei.c:3895 [inline] path_openat+0x1500/0x3840 fs/namei.c:4131 do_filp_open+0x1fa/0x410 fs/namei.c:4161 do_sys_openat2+0x121/0x1c0 fs/open.c:1437 do_sys_open fs/open.c:1452 [inline] __do_sys_openat fs/open.c:1468 [inline] __se_sys_openat fs/open.c:1463 [inline] __x64_sys_openat+0x138/0x170 fs/open.c:1463 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #2 (&dquot->dq_lock){+.+.}-{4:4}: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 __mutex_lock_common kernel/locking/rtmutex_api.c:535 [inline] mutex_lock_nested+0x5a/0x1d0 kernel/locking/rtmutex_api.c:547 wait_on_dquot fs/quota/dquot.c:357 [inline] dqget+0x73a/0xf20 fs/quota/dquot.c:975 __dquot_initialize+0x3b3/0xcb0 fs/quota/dquot.c:1508 ocfs2_get_init_inode+0x13b/0x1b0 fs/ocfs2/namei.c:205 ocfs2_mknod+0x863/0x2050 fs/ocfs2/namei.c:313 ocfs2_create+0x1a5/0x440 fs/ocfs2/namei.c:676 lookup_open fs/namei.c:3796 [inline] open_last_lookups fs/namei.c:3895 [inline] path_openat+0x1500/0x3840 fs/namei.c:4131 do_filp_open+0x1fa/0x410 fs/namei.c:4161 do_sys_openat2+0x121/0x1c0 fs/open.c:1437 do_sys_open fs/open.c:1452 [inline] __do_sys_openat fs/open.c:1468 [inline] __se_sys_openat fs/open.c:1463 [inline] __x64_sys_openat+0x138/0x170 fs/open.c:1463 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #1 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}: lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 down_write+0x3a/0x50 kernel/locking/rwsem.c:1590 inode_lock include/linux/fs.h:980 [inline] ocfs2_remove_inode fs/ocfs2/inode.c:731 [inline] ocfs2_wipe_inode fs/ocfs2/inode.c:894 [inline] ocfs2_delete_inode fs/ocfs2/inode.c:1155 [inline] ocfs2_evict_inode+0x153d/0x40d0 fs/ocfs2/inode.c:1295 evict+0x504/0x9c0 fs/inode.c:810 do_unlinkat+0x39f/0x570 fs/namei.c:4744 __do_sys_unlinkat fs/namei.c:4778 [inline] __se_sys_unlinkat fs/namei.c:4771 [inline] __x64_sys_unlinkat+0xd3/0xf0 fs/namei.c:4771 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]){+.+.}-{4:4}: check_prev_add kernel/locking/lockdep.c:3165 [inline] check_prevs_add kernel/locking/lockdep.c:3284 [inline] validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3908 __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5237 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868 down_write+0x3a/0x50 kernel/locking/rwsem.c:1590 inode_lock include/linux/fs.h:980 [inline] ocfs2_del_inode_from_orphan+0x134/0x740 fs/ocfs2/namei.c:2730 ocfs2_dio_end_io_write fs/ocfs2/aops.c:2306 [inline] ocfs2_dio_end_io+0x47b/0x1100 fs/ocfs2/aops.c:2404 dio_complete+0x25e/0x790 fs/direct-io.c:281 __blockdev_direct_IO+0x2bc0/0x31f0 fs/direct-io.c:1303 ocfs2_direct_IO+0x260/0x2d0 fs/ocfs2/aops.c:2441 generic_file_direct_write+0x1dc/0x3e0 mm/filemap.c:4189 __generic_file_write_iter+0x120/0x240 mm/filemap.c:4358 ocfs2_file_write_iter+0x157d/0x1d20 fs/ocfs2/file.c:2469 iter_file_splice_write+0x97a/0x10f0 fs/splice.c:738 do_splice_from fs/splice.c:938 [inline] direct_splice_actor+0x104/0x160 fs/splice.c:1161 splice_direct_to_actor+0x5b3/0xcd0 fs/splice.c:1105 do_splice_direct_actor fs/splice.c:1204 [inline] do_splice_direct+0x187/0x270 fs/splice.c:1230 do_sendfile+0x4ec/0x7f0 fs/read_write.c:1370 __do_sys_sendfile64 fs/read_write.c:1431 [inline] __se_sys_sendfile64+0x13e/0x190 fs/read_write.c:1417 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Fix this by acquiring &ocfs2_quota_ip_alloc_sem_key after acquiring &ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE], effectively calling down_write(&oi->ip_alloc_sem) after the call to ocfs2_del_inode_from_orphan(). Reported-by: syzbot+78359d5fbb04318c35e9(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=78359d5fbb04318c35e9 Tested-by: syzbot+78359d5fbb04318c35e9(a)syzkaller.appspotmail.com Cc: stable(a)vger.kernel.org Signed-off-by: Prithvi Tambewagh <activprithvi(a)gmail.com> --- fs/ocfs2/aops.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c index 76c86f1c2b1c..586e3b74d782 100644 --- a/fs/ocfs2/aops.c +++ b/fs/ocfs2/aops.c @@ -2295,8 +2295,6 @@ static int ocfs2_dio_end_io_write(struct inode *inode, goto out; } - down_write(&oi->ip_alloc_sem); - /* Delete orphan before acquire i_rwsem. */ if (dwc->dw_orphaned) { BUG_ON(dwc->dw_writer_pid != task_pid_nr(current)); @@ -2309,6 +2307,8 @@ static int ocfs2_dio_end_io_write(struct inode *inode, mlog_errno(ret); } + down_write(&oi->ip_alloc_sem); + di = (struct ocfs2_dinode *)di_bh->b_data; ocfs2_init_dinode_extent_tree(&et, INODE_CACHE(inode), di_bh); base-commit: 765e56e41a5af2d456ddda6cbd617b9d3295ab4e -- 2.34.1

2 days, 20 hours

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror