- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.244 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/admin-guide/hw-vuln/index.rst | 1 Documentation/admin-guide/hw-vuln/vmscape.rst | 110 ++++++++ Documentation/admin-guide/kernel-parameters.txt | 11 Makefile | 2 arch/x86/Kconfig | 9 arch/x86/include/asm/cpufeatures.h | 2 arch/x86/include/asm/entry-common.h | 7 arch/x86/include/asm/nospec-branch.h | 2 arch/x86/kernel/cpu/bugs.c | 264 ++++++++++++++------- arch/x86/kernel/cpu/common.c | 74 +++-- arch/x86/kvm/x86.c | 9 drivers/base/cpu.c | 6 include/linux/cpu.h | 1 14 files changed, 390 insertions(+), 109 deletions(-) Greg Kroah-Hartman (1): Linux 5.10.244 Pawan Gupta (7): Documentation/hw-vuln: Add VMSCAPE documentation x86/vmscape: Enumerate VMSCAPE bug x86/vmscape: Add conditional IBPB mitigation x86/vmscape: Enable the mitigation x86/bugs: Move cpu_bugs_smt_update() down x86/vmscape: Warn when STIBP is disabled with SMT x86/vmscape: Add old Intel CPUs to affected list

1 month, 3 weeks

1
1
0 0

[PATCH] sched/core: Fix potential deadlock on rq lock

by Wang Tao

When CPU 1 enters the nohz_full state, and the kworker on CPU 0 executes the function sched_tick_remote, holding the lock on CPU1's rq and triggering the warning WARN_ON_ONCE(delta > (u64)NSEC_PER_SEC * 3). This leads to the process of printing the warning message, where the console_sem semaphore is held. At this point, the print task on the CPU1's rq cannot acquire the console_sem and joins the wait queue, entering the UNINTERRUPTIBLE state. It waits for the console_sem to be released and then wakes up. After the task on CPU 0 releases the console_sem, it wakes up the waiting console_sem task. In try_to_wake_up, it attempts to acquire the lock on CPU1's rq again, resulting in a deadlock. The triggering scenario is as follows: CPU0 CPU1 sched_tick_remote WARN_ON_ONCE(delta > (u64)NSEC_PER_SEC * 3) report_bug con_write printk console_unlock do_con_write console_lock down(&console_sem) list_add_tail(&waiter.list, &sem->wait_list); up(&console_sem) wake_up_q(&wake_q) try_to_wake_up __task_rq_lock _raw_spin_lock This patch fixes the issue by deffering all printk console printing during the lock holding period. Fixes: d84b31313ef8 ("sched/isolation: Offload residual 1Hz scheduler tick") Signed-off-by: Wang Tao <wangtao554(a)huawei.com> --- kernel/sched/core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index be00629f0ba4..8b2d5b5bfb93 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -5723,8 +5723,10 @@ static void sched_tick_remote(struct work_struct *work) * Make sure the next tick runs within a * reasonable amount of time. */ + printk_deferred_enter(); u64 delta = rq_clock_task(rq) - curr->se.exec_start; WARN_ON_ONCE(delta > (u64)NSEC_PER_SEC * 3); + printk_deferred_exit(); } curr->sched_class->task_tick(rq, curr, 0); -- 2.34.1

1 month, 3 weeks

4
4
0 0

[PATCH v2] mtd: core: always verify OOB offset in mtd_check_oob_ops()

by Gabor Juhos

Using an OOB offset past end of the available OOB data is invalid, irregardless of whether the 'ooblen' is set in the ops or not. Move the relevant check out from the if statement to always verify that. The 'oobtest' module executes four tests to verify how reading/writing OOB data past end of the devices is handled. It expects errors in case of these tests, but this expectation fails in the last two tests on MTD devices, which have no OOB bytes available. This is indicated in the test output like the following: [ 212.059416] mtd_oobtest: attempting to write past end of device [ 212.060379] mtd_oobtest: an error is expected... [ 212.066353] mtd_oobtest: error: wrote past end of device [ 212.071142] mtd_oobtest: attempting to read past end of device [ 212.076507] mtd_oobtest: an error is expected... [ 212.082080] mtd_oobtest: error: read past end of device ... [ 212.330508] mtd_oobtest: finished with 2 errors For reference, here is the corresponding code from the oobtest module: /* Attempt to write off end of device */ ops.mode = MTD_OPS_AUTO_OOB; ops.len = 0; ops.retlen = 0; ops.ooblen = mtd->oobavail; ops.oobretlen = 0; ops.ooboffs = 1; ops.datbuf = NULL; ops.oobbuf = writebuf; pr_info("attempting to write past end of device\n"); pr_info("an error is expected...\n"); err = mtd_write_oob(mtd, mtd->size - mtd->writesize, &ops); if (err) { pr_info("error occurred as expected\n"); } else { pr_err("error: wrote past end of device\n"); errcnt += 1; } As it can be seen, the code sets 'ooboffs' to 1, and 'ooblen' to mtd->oobavail which is zero in our case. Since the mtd_check_oob_ops() function only verifies 'ooboffs' if 'ooblen' is not zero, the 'ooboffs' value does not gets validated and the function returns success whereas it should fail. After the change, the oobtest module will bail out early with an error if there are no OOB bytes available on the MDT device under test: # cat /sys/class/mtd/mtd0/oobavail 0 # insmod mtd_test; insmod mtd_oobtest dev=0 [ 943.606228] [ 943.606259] ================================================= [ 943.606784] mtd_oobtest: MTD device: 0 [ 943.612660] mtd_oobtest: MTD device size 524288, eraseblock size 131072, page size 2048, count of eraseblocks 4, pages per eraseblock 64, OOB size 128 [ 943.616091] mtd_test: scanning for bad eraseblocks [ 943.629571] mtd_test: scanned 4 eraseblocks, 0 are bad [ 943.634313] mtd_oobtest: test 1 of 5 [ 943.653402] mtd_oobtest: writing OOBs of whole device [ 943.653424] mtd_oobtest: error: writeoob failed at 0x0 [ 943.657419] mtd_oobtest: error: use_len 0, use_offset 0 [ 943.662493] mtd_oobtest: error -22 occurred [ 943.667574] ================================================= This behaviour is more accurate than the current one where most tests are indicating successful writing of OOB data even that in fact nothing gets written into the device, which is quite misleading. Cc: stable(a)vger.kernel.org Fixes: 5cdd929da53d ("mtd: Add sanity checks in mtd_write/read_oob()") Reviewed-by: Daniel Golle <daniel(a)makrotopia.org> Signed-off-by: Gabor Juhos <j4g8y7(a)gmail.com> --- Changes in v2: - add Reviewed-by tag from Daniel - add stable and Fixes tags - Link to v1: https://lore.kernel.org/r/20250831-mtd-validate-ooboffs-v1-1-d3fdce7a8698@g… --- drivers/mtd/mtdcore.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5ba9a741f5ac3c297ae21329c2827baf5dc471f0..9a3c9f163219bcb9fde66839f228fd8d38310f2d 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -1590,12 +1590,12 @@ static int mtd_check_oob_ops(struct mtd_info *mtd, loff_t offs, if (offs < 0 || offs + ops->len > mtd->size) return -EINVAL; + if (ops->ooboffs >= mtd_oobavail(mtd, ops)) + return -EINVAL; + if (ops->ooblen) { size_t maxooblen; - if (ops->ooboffs >= mtd_oobavail(mtd, ops)) - return -EINVAL; - maxooblen = ((size_t)(mtd_div_by_ws(mtd->size, mtd) - mtd_div_by_ws(offs, mtd)) * mtd_oobavail(mtd, ops)) - ops->ooboffs; --- base-commit: 1b237f190eb3d36f52dffe07a40b5eb210280e00 change-id: 20250831-mtd-validate-ooboffs-e35c796540fe Best regards, -- Gabor Juhos <j4g8y7(a)gmail.com>

1 month, 3 weeks

4
8
0 0

[PATCH] pinctrl: renesas: rzg2l: Fix ISEL restore on resume

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Commit 1d2da79708cb ("pinctrl: renesas: rzg2l: Avoid configuring ISEL in gpio_irq_{en,dis}able*()") dropped the configuration of ISEL from rzg2l_gpio_irq_enable()/rzg2l_gpio_irq_disable() and moved it to rzg2l_gpio_child_to_parent_hwirq()/rzg2l_gpio_irq_domain_free() to fix spurious IRQs. The resume code used rzg2l_gpio_irq_enable() (called from rzg2l_gpio_irq_restore()) to reconfigure the wakeup interrupts. Some drivers (e.g. Ethernet) may also reconfigure interrupts in their own code, eventually calling rzg2l_gpio_irq_enable(), when these are not wakeup interrupts. After commit 1d2da79708cb ("pinctrl: renesas: rzg2l: Avoid configuring ISEL in gpio_irq_{en,dis}able*()"), ISEL was no longer configured properly after resume. Fix this by adding rzg2l_gpio_irq_endisable() back into rzg2l_gpio_irq_enable(), and by using its unlocked variant in rzg2l_gpio_irq_restore(). Having IRQs enable in rzg2l_gpio_irq_enable() should be safe with respect to spurious IRQs, as in the probe case IRQs are enabled anyway in rzg2l_gpio_child_to_parent_hwirq(). No spurious IRQs were detected on suspend/resume tests (executed on RZ/G3S). Fixes: 1d2da79708cb ("pinctrl: renesas: rzg2l: Avoid configuring ISEL in gpio_irq_{en,dis}able*(") Cc: stable(a)vger.kernel.org Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- drivers/pinctrl/renesas/pinctrl-rzg2l.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/drivers/pinctrl/renesas/pinctrl-rzg2l.c b/drivers/pinctrl/renesas/pinctrl-rzg2l.c index b182b3b8a542..6ae1ee3ffc81 100644 --- a/drivers/pinctrl/renesas/pinctrl-rzg2l.c +++ b/drivers/pinctrl/renesas/pinctrl-rzg2l.c @@ -2428,7 +2428,7 @@ static int rzg2l_gpio_get_gpioint(unsigned int virq, struct rzg2l_pinctrl *pctrl } static void rzg2l_gpio_irq_endisable(struct rzg2l_pinctrl *pctrl, - unsigned int hwirq, bool enable) + unsigned int hwirq, bool enable, bool lock) { const struct pinctrl_pin_desc *pin_desc = &pctrl->desc.pins[hwirq]; u64 *pin_data = pin_desc->drv_data; @@ -2443,12 +2443,16 @@ static void rzg2l_gpio_irq_endisable(struct rzg2l_pinctrl *pctrl, addr += 4; } - spin_lock_irqsave(&pctrl->lock, flags); + if (lock) + spin_lock_irqsave(&pctrl->lock, flags); + if (enable) writel(readl(addr) | BIT(bit * 8), addr); else writel(readl(addr) & ~BIT(bit * 8), addr); - spin_unlock_irqrestore(&pctrl->lock, flags); + + if (lock) + spin_unlock_irqrestore(&pctrl->lock, flags); } static void rzg2l_gpio_irq_disable(struct irq_data *d) @@ -2460,15 +2464,22 @@ static void rzg2l_gpio_irq_disable(struct irq_data *d) gpiochip_disable_irq(gc, hwirq); } -static void rzg2l_gpio_irq_enable(struct irq_data *d) +static void rzg2l_gpio_irq_enable_helper(struct irq_data *d, bool lock) { struct gpio_chip *gc = irq_data_get_irq_chip_data(d); + struct rzg2l_pinctrl *pctrl = container_of(gc, struct rzg2l_pinctrl, gpio_chip); unsigned int hwirq = irqd_to_hwirq(d); gpiochip_enable_irq(gc, hwirq); + rzg2l_gpio_irq_endisable(pctrl, hwirq, true, lock); irq_chip_enable_parent(d); } +static void rzg2l_gpio_irq_enable(struct irq_data *d) +{ + rzg2l_gpio_irq_enable_helper(d, true); +} + static int rzg2l_gpio_irq_set_type(struct irq_data *d, unsigned int type) { return irq_chip_set_type_parent(d, type); @@ -2570,7 +2581,7 @@ static int rzg2l_gpio_child_to_parent_hwirq(struct gpio_chip *gc, goto err; } - rzg2l_gpio_irq_endisable(pctrl, child, true); + rzg2l_gpio_irq_endisable(pctrl, child, true, true); pctrl->hwirq[irq] = child; irq += pctrl->data->hwcfg->tint_start_index; @@ -2617,7 +2628,7 @@ static void rzg2l_gpio_irq_restore(struct rzg2l_pinctrl *pctrl) spin_lock_irqsave(&pctrl->lock, flags); ret = rzg2l_gpio_irq_set_type(data, irqd_get_trigger_type(data)); if (!ret && !irqd_irq_disabled(data)) - rzg2l_gpio_irq_enable(data); + rzg2l_gpio_irq_enable_helper(data, false); spin_unlock_irqrestore(&pctrl->lock, flags); if (ret) @@ -2640,7 +2651,7 @@ static void rzg2l_gpio_irq_domain_free(struct irq_domain *domain, unsigned int v for (i = 0; i < RZG2L_TINT_MAX_INTERRUPT; i++) { if (pctrl->hwirq[i] == hwirq) { - rzg2l_gpio_irq_endisable(pctrl, hwirq, false); + rzg2l_gpio_irq_endisable(pctrl, hwirq, false, true); rzg2l_gpio_free(gc, hwirq); spin_lock_irqsave(&pctrl->bitmap_lock, flags); bitmap_release_region(pctrl->tint_slot, i, get_order(1)); -- 2.43.0

1 month, 3 weeks

4
6
0 0

Vendor / Contractor Registration Request 2025/2026

by Etihad Aviation Group PJSC

-- Attn: Sir/Madam, We are interested in your services and invite your company to register for Vendor/Contractor Partnership with Etihad Aviation Group for our 2025/2026 projects. If you wish to participate, please confirm your interest, and we will send the Vendor Questionnaire and EOI. Thank you. Kind Regards, Engr, Tami Hassan, Vendor Procurement & Contracts Shared Services Center Etihad Aviation Group PJSC

1 month, 3 weeks

1
0
0 0

[PATCH net v3] rds: ib: Increment i_fastreg_wrs before bailing out

by Håkon Bugge

We need to increment i_fastreg_wrs before we bail out from rds_ib_post_reg_frmr(). We have a fixed budget of how many FRWR operations that can be outstanding using the dedicated QP used for memory registrations and de-registrations. This budget is enforced by the atomic_t i_fastreg_wrs. If we bail out early in rds_ib_post_reg_frmr(), we will "leak" the possibility of posting an FRWR operation, and if that accumulates, no FRWR operation can be carried out. Fixes: 1659185fb4d0 ("RDS: IB: Support Fastreg MR (FRMR) memory registration mode") Fixes: 3a2886cca703 ("net/rds: Keep track of and wait for FRWR segments in use upon shutdown") Cc: stable(a)vger.kernel.org Signed-off-by: Håkon Bugge <haakon.bugge(a)oracle.com> --- v2 -> v3: * Amended commit message * Removed indentation of this section * Fixing error path from ib_post_send() v1 -> v2: Added Cc: stable(a)vger.kernel.org --- net/rds/ib_frmr.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/net/rds/ib_frmr.c b/net/rds/ib_frmr.c index 28c1b00221780..395a99b5a65ca 100644 --- a/net/rds/ib_frmr.c +++ b/net/rds/ib_frmr.c @@ -133,12 +133,15 @@ static int rds_ib_post_reg_frmr(struct rds_ib_mr *ibmr) ret = ib_map_mr_sg_zbva(frmr->mr, ibmr->sg, ibmr->sg_dma_len, &off, PAGE_SIZE); - if (unlikely(ret != ibmr->sg_dma_len)) - return ret < 0 ? ret : -EINVAL; + if (unlikely(ret != ibmr->sg_dma_len)) { + ret = ret < 0 ? ret : -EINVAL; + goto out_inc; + } - if (cmpxchg(&frmr->fr_state, - FRMR_IS_FREE, FRMR_IS_INUSE) != FRMR_IS_FREE) - return -EBUSY; + if (cmpxchg(&frmr->fr_state, FRMR_IS_FREE, FRMR_IS_INUSE) != FRMR_IS_FREE) { + ret = -EBUSY; + goto out_inc; + } atomic_inc(&ibmr->ic->i_fastreg_inuse_count); @@ -166,11 +169,10 @@ static int rds_ib_post_reg_frmr(struct rds_ib_mr *ibmr) /* Failure here can be because of -ENOMEM as well */ rds_transition_frwr_state(ibmr, FRMR_IS_INUSE, FRMR_IS_STALE); - atomic_inc(&ibmr->ic->i_fastreg_wrs); if (printk_ratelimit()) pr_warn("RDS/IB: %s returned error(%d)\n", __func__, ret); - goto out; + goto out_inc; } /* Wait for the registration to complete in order to prevent an invalid @@ -178,9 +180,11 @@ static int rds_ib_post_reg_frmr(struct rds_ib_mr *ibmr) * being accessed while registration is still pending. */ wait_event(frmr->fr_reg_done, !frmr->fr_reg); - out: + return ret; +out_inc: + atomic_inc(&ibmr->ic->i_fastreg_wrs); return ret; } -- 2.43.5

1 month, 3 weeks

4
3
0 0

[PATCH stable/linux-5.10.y] sched/core: Fix potential deadlock on rq lock

by Wang Tao

When CPU 1 enters the nohz_full state, and the kworker on CPU 0 executes the function sched_tick_remote, holding the lock on CPU1's rq and triggering the warning WARN_ON_ONCE(delta > (u64)NSEC_PER_SEC * 3). This leads to the process of printing the warning message, where the console_sem semaphore is held. At this point, the print task on the CPU1's rq cannot acquire the console_sem and joins the wait queue, entering the UNINTERRUPTIBLE state. It waits for the console_sem to be released and then wakes up. After the task on CPU 0 releases the console_sem, it wakes up the waiting console_sem task. In try_to_wake_up, it attempts to acquire the lock on CPU1's rq again, resulting in a deadlock. The triggering scenario is as follows: CPU 0 CPU1 sched_tick_remote WARN_ON_ONCE(delta > (u64)NSEC_PER_SEC * 3) report_bug con_write printk console_unlock do_con_write console_lock down(&console_sem) list_add_tail(&waiter.list, &sem->wait_list); up(&console_sem) wake_up_q(&wake_q) try_to_wake_up __task_rq_lock _raw_spin_lock This patch fixes the issue by deffering all printk console printing during the lock holding period. Fixes: d84b31313ef8 ("sched/isolation: Offload residual 1Hz scheduler tick") Signed-off-by: Wang Tao <wangtao554(a)huawei.com> --- kernel/sched/core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 40f40f359c5d..fd2c83058ec2 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -4091,6 +4091,7 @@ static void sched_tick_remote(struct work_struct *work) goto out_requeue; rq_lock_irq(rq, &rf); + printk_deferred_enter(); curr = rq->curr; if (cpu_is_offline(cpu)) goto out_unlock; @@ -4109,6 +4110,7 @@ static void sched_tick_remote(struct work_struct *work) calc_load_nohz_remote(rq); out_unlock: + printk_deferred_exit(); rq_unlock_irq(rq, &rf); out_requeue: -- 2.34.1

1 month, 3 weeks

3
4
0 0

[PATCH v5] Bluetooth: btintel: Correctly declare all module firmware files

by DaanDeMeyer

From: Dimitri John Ledkov <dimitri.ledkov(a)canonical.com> Strictly encode patterns of supported hw_variants of firmware files the kernel driver supports requesting. This now includes many missing and previously undeclared module firmware files for 0x07, 0x08, 0x11-0x14, 0x17-0x1b hw_variants. This especially affects environments that only install firmware files declared and referenced by the kernel modules. In such environments, only the declared firmware files are copied resulting in most Intel Bluetooth devices not working. I.e. host-only dracut-install initrds, or Ubuntu Core kernel snaps. BugLink: https://bugs.launchpad.net/bugs/1970819 Cc: stable(a)vger.kernel.org # 4.15+ Signed-off-by: Dimitri John Ledkov <dimitri.ledkov(a)canonical.com> --- Notes: Changes since v4: - Add missing "intel/" prefix for 0x17+ firmware - Add Cc stable for v4.15+ kernels Changes since v3: - Hopefully pacify trailing whitespace from GitLint in this optional portion of the commit. Changes since v2: - encode patterns for 0x17 0x18 0x19 0x1b hw_variants - rebase on top of latest rc tag Changes since v1: - encode strict patterns of supported firmware files for each of the supported hw_variant generations. drivers/bluetooth/btintel.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/drivers/bluetooth/btintel.c b/drivers/bluetooth/btintel.c index a657e9a3e96a..d0e22fe09567 100644 --- a/drivers/bluetooth/btintel.c +++ b/drivers/bluetooth/btintel.c @@ -2656,7 +2656,25 @@ MODULE_AUTHOR("Marcel Holtmann <marcel(a)holtmann.org>"); MODULE_DESCRIPTION("Bluetooth support for Intel devices ver " VERSION); MODULE_VERSION(VERSION); MODULE_LICENSE("GPL"); -MODULE_FIRMWARE("intel/ibt-11-5.sfi"); -MODULE_FIRMWARE("intel/ibt-11-5.ddc"); -MODULE_FIRMWARE("intel/ibt-12-16.sfi"); -MODULE_FIRMWARE("intel/ibt-12-16.ddc"); +/* hw_variant 0x07 0x08 */ +MODULE_FIRMWARE("intel/ibt-hw-37.7.*-fw-*.*.*.*.*.bseq"); +MODULE_FIRMWARE("intel/ibt-hw-37.7.bseq"); +MODULE_FIRMWARE("intel/ibt-hw-37.8.*-fw-*.*.*.*.*.bseq"); +MODULE_FIRMWARE("intel/ibt-hw-37.8.bseq"); +/* hw_variant 0x0b 0x0c */ +MODULE_FIRMWARE("intel/ibt-11-*.sfi"); +MODULE_FIRMWARE("intel/ibt-12-*.sfi"); +MODULE_FIRMWARE("intel/ibt-11-*.ddc"); +MODULE_FIRMWARE("intel/ibt-12-*.ddc"); +/* hw_variant 0x11 0x12 0x13 0x14 */ +MODULE_FIRMWARE("intel/ibt-17-*-*.sfi"); +MODULE_FIRMWARE("intel/ibt-18-*-*.sfi"); +MODULE_FIRMWARE("intel/ibt-19-*-*.sfi"); +MODULE_FIRMWARE("intel/ibt-20-*-*.sfi"); +MODULE_FIRMWARE("intel/ibt-17-*-*.ddc"); +MODULE_FIRMWARE("intel/ibt-18-*-*.ddc"); +MODULE_FIRMWARE("intel/ibt-19-*-*.ddc"); +MODULE_FIRMWARE("intel/ibt-20-*-*.ddc"); +/* hw_variant 0x17 0x18 0x19 0x1b, read and use cnvi/cnvr */ +MODULE_FIRMWARE("intel/ibt-[0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9].sfi"); +MODULE_FIRMWARE("intel/ibt-[0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9].ddc"); -- 2.34.1

1 month, 3 weeks

3
4
0 0

[PATCH v2] firmware: exynos-acpm: fix PMIC returned errno

by Tudor Ambarus

ACPM PMIC command handlers returned a u8 value when they should have returned either zero or negative error codes. Translate the APM PMIC errno to linux errno. Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Closes: https://lore.kernel.org/linux-input/aElHlTApXj-W_o1r@stanley.mountain/ Fixes: a88927b534ba ("firmware: add Exynos ACPM protocol driver") Cc: stable(a)vger.kernel.org Signed-off-by: Tudor Ambarus <tudor.ambarus(a)linaro.org> --- Changes in v2: - remove `enum acpm_pmic_error_codes`. use designated initializers in the array instead. - constify acpm_pmic_linux_errmap - drop inline from acpm_pmic_to_linux_errno - s/errno/err - Link to v1: https://lore.kernel.org/r/20250821-acpm-pmix-fix-errno-v1-1-771a5969324c@li… --- drivers/firmware/samsung/exynos-acpm-pmic.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/drivers/firmware/samsung/exynos-acpm-pmic.c b/drivers/firmware/samsung/exynos-acpm-pmic.c index 39b33a356ebd240506b6390163229a70a2d1fe68..961d7599e4224ef6ebe64dfa2fcb441a4dbd78a3 100644 --- a/drivers/firmware/samsung/exynos-acpm-pmic.c +++ b/drivers/firmware/samsung/exynos-acpm-pmic.c @@ -4,7 +4,9 @@ * Copyright 2020 Google LLC. * Copyright 2024 Linaro Ltd. */ +#include <linux/array_size.h> #include <linux/bitfield.h> +#include <linux/errno.h> #include <linux/firmware/samsung/exynos-acpm-protocol.h> #include <linux/ktime.h> #include <linux/types.h> @@ -33,6 +35,19 @@ enum exynos_acpm_pmic_func { ACPM_PMIC_BULK_WRITE, }; +static const int acpm_pmic_linux_errmap[] = { + [0] = 0, /* ACPM_PMIC_SUCCESS */ + [1] = -EACCES, /* Read register can't be accessed or issues to access it. */ + [2] = -EACCES, /* Write register can't be accessed or issues to access it. */ +}; + +static int acpm_pmic_to_linux_err(int err) +{ + if (err >= 0 && err < ARRAY_SIZE(acpm_pmic_linux_errmap)) + return acpm_pmic_linux_errmap[err]; + return -EIO; +} + static inline u32 acpm_pmic_set_bulk(u32 data, unsigned int i) { return (data & ACPM_PMIC_BULK_MASK) << (ACPM_PMIC_BULK_SHIFT * i); @@ -79,7 +94,7 @@ int acpm_pmic_read_reg(const struct acpm_handle *handle, *buf = FIELD_GET(ACPM_PMIC_VALUE, xfer.rxd[1]); - return FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]); + return acpm_pmic_to_linux_err(FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1])); } static void acpm_pmic_init_bulk_read_cmd(u32 cmd[4], u8 type, u8 reg, u8 chan, @@ -110,7 +125,7 @@ int acpm_pmic_bulk_read(const struct acpm_handle *handle, if (ret) return ret; - ret = FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]); + ret = acpm_pmic_to_linux_err(FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1])); if (ret) return ret; @@ -150,7 +165,7 @@ int acpm_pmic_write_reg(const struct acpm_handle *handle, if (ret) return ret; - return FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]); + return acpm_pmic_to_linux_err(FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1])); } static void acpm_pmic_init_bulk_write_cmd(u32 cmd[4], u8 type, u8 reg, u8 chan, @@ -190,7 +205,7 @@ int acpm_pmic_bulk_write(const struct acpm_handle *handle, if (ret) return ret; - return FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]); + return acpm_pmic_to_linux_err(FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1])); } static void acpm_pmic_init_update_cmd(u32 cmd[4], u8 type, u8 reg, u8 chan, @@ -220,5 +235,5 @@ int acpm_pmic_update_reg(const struct acpm_handle *handle, if (ret) return ret; - return FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]); + return acpm_pmic_to_linux_err(FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1])); } --- base-commit: c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9 change-id: 20250820-acpm-pmix-fix-errno-92b3e6e17d1b Best regards, -- Tudor Ambarus <tudor.ambarus(a)linaro.org>

1 month, 3 weeks

2
1
0 0

[PATCH 6.12] drm/xe/hw_engine_group: Avoid call kfree() for drmm_kzalloc()

by Mikhail Dmitrichenko

From: Shuicheng Lin <shuicheng.lin(a)intel.com> commit 4846856c3a4afa882b6d1b842ed2fad6f3781f4d upstream. Memory allocated with drmm_kzalloc() should not be freed using kfree(), as it is managed by the DRM subsystem. The memory will be automatically freed when the associated drm_device is released. These 3 group pointers are allocated using drmm_kzalloc() in hw_engine_group_alloc(), so they don't require manual deallocation. Fixes: 67979060740f ("drm/xe/hw_engine_group: Fix potential leak") Signed-off-by: Shuicheng Lin <shuicheng.lin(a)intel.com> Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> Signed-off-by: Michal Wajdeczko <michal.wajdeczko(a)intel.com> Link: https://lore.kernel.org/r/20250724193854.1124510-2-shuicheng.lin@intel.com (cherry picked from commit f98de826b418885a21ece67f0f5b921ae759b7bf) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Signed-off-by: Mikhail Dmitrichenko <mdmitrichenko(a)astralinux.ru> --- drivers/gpu/drm/xe/xe_hw_engine_group.c | 28 ++++++------------------- 1 file changed, 6 insertions(+), 22 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_hw_engine_group.c b/drivers/gpu/drm/xe/xe_hw_engine_group.c index 82750520a90a..d0f1bf32cdd5 100644 --- a/drivers/gpu/drm/xe/xe_hw_engine_group.c +++ b/drivers/gpu/drm/xe/xe_hw_engine_group.c @@ -84,25 +84,18 @@ int xe_hw_engine_setup_groups(struct xe_gt *gt) enum xe_hw_engine_id id; struct xe_hw_engine_group *group_rcs_ccs, *group_bcs, *group_vcs_vecs; struct xe_device *xe = gt_to_xe(gt); - int err; group_rcs_ccs = hw_engine_group_alloc(xe); - if (IS_ERR(group_rcs_ccs)) { - err = PTR_ERR(group_rcs_ccs); - goto err_group_rcs_ccs; - } + if (IS_ERR(group_rcs_ccs)) + return PTR_ERR(group_rcs_ccs); group_bcs = hw_engine_group_alloc(xe); - if (IS_ERR(group_bcs)) { - err = PTR_ERR(group_bcs); - goto err_group_bcs; - } + if (IS_ERR(group_bcs)) + return PTR_ERR(group_bcs); group_vcs_vecs = hw_engine_group_alloc(xe); - if (IS_ERR(group_vcs_vecs)) { - err = PTR_ERR(group_vcs_vecs); - goto err_group_vcs_vecs; - } + if (IS_ERR(group_vcs_vecs)) + return PTR_ERR(group_vcs_vecs); for_each_hw_engine(hwe, gt, id) { switch (hwe->class) { @@ -125,15 +118,6 @@ int xe_hw_engine_setup_groups(struct xe_gt *gt) } return 0; - -err_group_vcs_vecs: - kfree(group_vcs_vecs); -err_group_bcs: - kfree(group_bcs); -err_group_rcs_ccs: - kfree(group_rcs_ccs); - - return err; } /** -- 2.39.2

1 month, 3 weeks

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror