- Linux-stable-mirror - lists.linaro.org

[PATCH 4.19 1/3] HID: asus: Remove check for same LED brightness on set

by Stefan Ghinea

From: "Luke D. Jones" <luke(a)ljones.dev> commit 3fdcf7cdfc229346d028242e73562704ad644dd0 upstream Remove the early return on LED brightness set so that any controller application, daemon, or desktop may set the same brightness at any stage. This is required because many ASUS ROG keyboards will default to max brightness on laptop resume if the LEDs were set to off before sleep. Signed-off-by: Luke D Jones <luke(a)ljones.dev> Signed-off-by: Jiri Kosina <jkosina(a)suse.cz> Signed-off-by: Stefan Ghinea <stefan.ghinea(a)windriver.com> --- drivers/hid/hid-asus.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/hid/hid-asus.c b/drivers/hid/hid-asus.c index 800b2364e29e..9ae8e3d5edf1 100644 --- a/drivers/hid/hid-asus.c +++ b/drivers/hid/hid-asus.c @@ -318,9 +318,6 @@ static void asus_kbd_backlight_set(struct led_classdev *led_cdev, { struct asus_kbd_leds *led = container_of(led_cdev, struct asus_kbd_leds, cdev); - if (led->brightness == brightness) - return; - led->brightness = brightness; schedule_work(&led->work); } -- 2.39.1

2 years, 8 months

1
2
0 0

[PATCH 5.4 1/3] HID: asus: Remove check for same LED brightness on set

by Stefan Ghinea

From: "Luke D. Jones" <luke(a)ljones.dev> commit 3fdcf7cdfc229346d028242e73562704ad644dd0 upstream Remove the early return on LED brightness set so that any controller application, daemon, or desktop may set the same brightness at any stage. This is required because many ASUS ROG keyboards will default to max brightness on laptop resume if the LEDs were set to off before sleep. Signed-off-by: Luke D Jones <luke(a)ljones.dev> Signed-off-by: Jiri Kosina <jkosina(a)suse.cz> Signed-off-by: Stefan Ghinea <stefan.ghinea(a)windriver.com> --- drivers/hid/hid-asus.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/hid/hid-asus.c b/drivers/hid/hid-asus.c index 7f84ed0afdfe..d3aca8f80de4 100644 --- a/drivers/hid/hid-asus.c +++ b/drivers/hid/hid-asus.c @@ -351,9 +351,6 @@ static void asus_kbd_backlight_set(struct led_classdev *led_cdev, { struct asus_kbd_leds *led = container_of(led_cdev, struct asus_kbd_leds, cdev); - if (led->brightness == brightness) - return; - led->brightness = brightness; schedule_work(&led->work); } -- 2.39.1

2 years, 8 months

1
2
0 0

[PATCH 5.10 1/3] HID: asus: Remove check for same LED brightness on set

by Stefan Ghinea

From: "Luke D. Jones" <luke(a)ljones.dev> commit 3fdcf7cdfc229346d028242e73562704ad644dd0 upstream Remove the early return on LED brightness set so that any controller application, daemon, or desktop may set the same brightness at any stage. This is required because many ASUS ROG keyboards will default to max brightness on laptop resume if the LEDs were set to off before sleep. Signed-off-by: Luke D Jones <luke(a)ljones.dev> Signed-off-by: Jiri Kosina <jkosina(a)suse.cz> Signed-off-by: Stefan Ghinea <stefan.ghinea(a)windriver.com> --- drivers/hid/hid-asus.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/hid/hid-asus.c b/drivers/hid/hid-asus.c index f85c6e3309a0..9a6b63828634 100644 --- a/drivers/hid/hid-asus.c +++ b/drivers/hid/hid-asus.c @@ -402,9 +402,6 @@ static void asus_kbd_backlight_set(struct led_classdev *led_cdev, { struct asus_kbd_leds *led = container_of(led_cdev, struct asus_kbd_leds, cdev); - if (led->brightness == brightness) - return; - led->brightness = brightness; schedule_work(&led->work); } -- 2.39.1

2 years, 8 months

1
2
0 0

[PATCH 5.15 1/2] HID: asus: use spinlock to protect concurrent accesses

by Stefan Ghinea

From: Pietro Borrello <borrello(a)diag.uniroma1.it> commit 315c537068a13f0b5681d33dd045a912f4bece6f upstream asus driver has a worker that may access data concurrently. Proct the accesses using a spinlock. Fixes: af22a610bc38 ("HID: asus: support backlight on USB keyboards") Signed-off-by: Pietro Borrello <borrello(a)diag.uniroma1.it> Link: https://lore.kernel.org/r/20230125-hid-unregister-leds-v4-4-7860c5763c38@di… Signed-off-by: Benjamin Tissoires <benjamin.tissoires(a)redhat.com> Signed-off-by: Stefan Ghinea <stefan.ghinea(a)windriver.com> --- drivers/hid/hid-asus.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/drivers/hid/hid-asus.c b/drivers/hid/hid-asus.c index b59c3dafa6a4..37500b645ec4 100644 --- a/drivers/hid/hid-asus.c +++ b/drivers/hid/hid-asus.c @@ -98,6 +98,7 @@ struct asus_kbd_leds { struct hid_device *hdev; struct work_struct work; unsigned int brightness; + spinlock_t lock; bool removed; }; @@ -497,7 +498,12 @@ static void asus_kbd_backlight_set(struct led_classdev *led_cdev, { struct asus_kbd_leds *led = container_of(led_cdev, struct asus_kbd_leds, cdev); + unsigned long flags; + + spin_lock_irqsave(&led->lock, flags); led->brightness = brightness; + spin_unlock_irqrestore(&led->lock, flags); + schedule_work(&led->work); } @@ -505,8 +511,14 @@ static enum led_brightness asus_kbd_backlight_get(struct led_classdev *led_cdev) { struct asus_kbd_leds *led = container_of(led_cdev, struct asus_kbd_leds, cdev); + enum led_brightness brightness; + unsigned long flags; - return led->brightness; + spin_lock_irqsave(&led->lock, flags); + brightness = led->brightness; + spin_unlock_irqrestore(&led->lock, flags); + + return brightness; } static void asus_kbd_backlight_work(struct work_struct *work) @@ -514,11 +526,14 @@ static void asus_kbd_backlight_work(struct work_struct *work) struct asus_kbd_leds *led = container_of(work, struct asus_kbd_leds, work); u8 buf[] = { FEATURE_KBD_REPORT_ID, 0xba, 0xc5, 0xc4, 0x00 }; int ret; + unsigned long flags; if (led->removed) return; + spin_lock_irqsave(&led->lock, flags); buf[4] = led->brightness; + spin_unlock_irqrestore(&led->lock, flags); ret = asus_kbd_set_report(led->hdev, buf, sizeof(buf)); if (ret < 0) @@ -586,6 +601,7 @@ static int asus_kbd_register_leds(struct hid_device *hdev) drvdata->kbd_backlight->cdev.brightness_set = asus_kbd_backlight_set; drvdata->kbd_backlight->cdev.brightness_get = asus_kbd_backlight_get; INIT_WORK(&drvdata->kbd_backlight->work, asus_kbd_backlight_work); + spin_lock_init(&drvdata->kbd_backlight->lock); ret = devm_led_classdev_register(&hdev->dev, &drvdata->kbd_backlight->cdev); if (ret < 0) { @@ -1121,9 +1137,13 @@ static int asus_probe(struct hid_device *hdev, const struct hid_device_id *id) static void asus_remove(struct hid_device *hdev) { struct asus_drvdata *drvdata = hid_get_drvdata(hdev); + unsigned long flags; if (drvdata->kbd_backlight) { + spin_lock_irqsave(&drvdata->kbd_backlight->lock, flags); drvdata->kbd_backlight->removed = true; + spin_unlock_irqrestore(&drvdata->kbd_backlight->lock, flags); + cancel_work_sync(&drvdata->kbd_backlight->work); } -- 2.39.1

2 years, 8 months

1
1
0 0

[PATCH] drm/vmwgfx: Avoid NULL-ptr dereference in vmw_cmd_dx_define_query()

by Thomas Zimmermann

There have been reports [1][2] that vmw_cmd_dx_define_query() can be called with ctx_node->ctx set to NULL, which results in undefined behavior in vmw_context_cotable(). Avoid this be returning an errno code. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Link: https://www.cve.org/CVERecord?id=CVE-2022-38096 # 1 Link: https://bugzilla.openanolis.cn/show_bug.cgi?id=2073 # 2 Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c index 6b9aa2b4ef54..1e90362add96 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c @@ -1256,7 +1256,7 @@ static int vmw_cmd_dx_define_query(struct vmw_private *dev_priv, struct vmw_resource *cotable_res; int ret; - if (!ctx_node) + if (!ctx_node || !ctx_node->ctx) return -EINVAL; cmd = container_of(header, typeof(*cmd), header); -- 2.39.2

2 years, 8 months

2
1
0 0

[PATCH v2 3/3] ARM: dts: aspeed: asrock: Correct firmware flash SPI clocks

by Zev Weiss

While I'm not aware of any problems that have occurred running these at 100 MHz, the official word from ASRock is that 50 MHz is the correct speed to use, so let's be safe and use that instead. Signed-off-by: Zev Weiss <zev(a)bewilderbeest.net> Cc: stable(a)vger.kernel.org Fixes: 2b81613ce417 ("ARM: dts: aspeed: Add ASRock E3C246D4I BMC") Fixes: a9a3d60b937a ("ARM: dts: aspeed: Add ASRock ROMED8HM3 BMC") --- arch/arm/boot/dts/aspeed-bmc-asrock-e3c246d4i.dts | 2 +- arch/arm/boot/dts/aspeed-bmc-asrock-romed8hm3.dts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm/boot/dts/aspeed-bmc-asrock-e3c246d4i.dts b/arch/arm/boot/dts/aspeed-bmc-asrock-e3c246d4i.dts index 67a75aeafc2b..c4b2efbfdf56 100644 --- a/arch/arm/boot/dts/aspeed-bmc-asrock-e3c246d4i.dts +++ b/arch/arm/boot/dts/aspeed-bmc-asrock-e3c246d4i.dts @@ -63,7 +63,7 @@ flash@0 { status = "okay"; m25p,fast-read; label = "bmc"; - spi-max-frequency = <100000000>; /* 100 MHz */ + spi-max-frequency = <50000000>; /* 50 MHz */ #include "openbmc-flash-layout.dtsi" }; }; diff --git a/arch/arm/boot/dts/aspeed-bmc-asrock-romed8hm3.dts b/arch/arm/boot/dts/aspeed-bmc-asrock-romed8hm3.dts index 00efe1a93a69..4554abf0c7cd 100644 --- a/arch/arm/boot/dts/aspeed-bmc-asrock-romed8hm3.dts +++ b/arch/arm/boot/dts/aspeed-bmc-asrock-romed8hm3.dts @@ -51,7 +51,7 @@ flash@0 { status = "okay"; m25p,fast-read; label = "bmc"; - spi-max-frequency = <100000000>; /* 100 MHz */ + spi-max-frequency = <50000000>; /* 50 MHz */ #include "openbmc-flash-layout-64.dtsi" }; }; -- 2.39.1.438.gdcb075ea9396.dirty

2 years, 8 months

3
3
0 0

Re: [PATCH 6.2 00/16] 6.2.2-rc1 review

by Ronald Warsow

Hi Greg 6.2.2-rc1 compiles, boots and runs here on x86_64 (Intel i5-11400, Fedora 37) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

2 years, 8 months

2
1
0 0

[PATCH AUTOSEL 6.2 1/6] tracing: Add NULL checks for buffer in ring_buffer_free_read_page()

by Sasha Levin

From: Jia-Ju Bai <baijiaju1990(a)gmail.com> [ Upstream commit 3e4272b9954094907f16861199728f14002fcaf6 ] In a previous commit 7433632c9ff6, buffer, buffer->buffers and buffer->buffers[cpu] in ring_buffer_wake_waiters() can be NULL, and thus the related checks are added. However, in the same call stack, these variables are also used in ring_buffer_free_read_page(): tracing_buffers_release() ring_buffer_wake_waiters(iter->array_buffer->buffer) cpu_buffer = buffer->buffers[cpu] -> Add checks by previous commit ring_buffer_free_read_page(iter->array_buffer->buffer) cpu_buffer = buffer->buffers[cpu] -> No check Thus, to avod possible null-pointer derefernces, the related checks should be added. These results are reported by a static tool designed by myself. Link: https://lkml.kernel.org/r/20230113125501.760324-1-baijiaju1990@gmail.com Reported-by: TOTE Robot <oslab(a)tsinghua.edu.cn> Signed-off-by: Jia-Ju Bai <baijiaju1990(a)gmail.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/trace/ring_buffer.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index c366a0a9ddba4..45d4a23d60444 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -5626,11 +5626,16 @@ EXPORT_SYMBOL_GPL(ring_buffer_alloc_read_page); */ void ring_buffer_free_read_page(struct trace_buffer *buffer, int cpu, void *data) { - struct ring_buffer_per_cpu *cpu_buffer = buffer->buffers[cpu]; + struct ring_buffer_per_cpu *cpu_buffer; struct buffer_data_page *bpage = data; struct page *page = virt_to_page(bpage); unsigned long flags; + if (!buffer || !buffer->buffers || !buffer->buffers[cpu]) + return; + + cpu_buffer = buffer->buffers[cpu]; + /* If the page is still in use someplace else, we can't reuse it */ if (page_ref_count(page) > 1) goto out; -- 2.39.2

2 years, 8 months

2
7
0 0

[PATCH] freevxfs: Fix kernel memory exposure with inline files

by Matthew Wilcox (Oracle)

The memcpy() will unconditionally copy PAGE_SIZE bytes, which far exceeds the length of the array (96 bytes) that it's copying from. You can't see the results using read() because it'll be limmited by i_size (which is less than 96 bytes), but if you mmap the file, you can load the bytes from the page which are beyond i_size. We need to zero the tail of the page before marking it uptodate. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") # actually v2.4.4.4 Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> --- fs/freevxfs/vxfs_immed.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/fs/freevxfs/vxfs_immed.c b/fs/freevxfs/vxfs_immed.c index 9b49ec36e667..c49612a24c18 100644 --- a/fs/freevxfs/vxfs_immed.c +++ b/fs/freevxfs/vxfs_immed.c @@ -30,15 +30,12 @@ */ static int vxfs_immed_read_folio(struct file *fp, struct folio *folio) { - struct vxfs_inode_info *vip = VXFS_INO(folio->mapping->host); - void *src = vip->vii_immed.vi_immed + folio_pos(folio); - unsigned long i; - - for (i = 0; i < folio_nr_pages(folio); i++) { - memcpy_to_page(folio_page(folio, i), 0, src, PAGE_SIZE); - src += PAGE_SIZE; - } + struct inode *inode = folio->mapping->host; + struct vxfs_inode_info *vip = VXFS_INO(inode); + loff_t isize = i_size_read(inode); + memcpy_to_file_folio(folio, 0, vip->vii_immed.vi_immed, isize); + folio_zero_segment(folio, isize, folio_size(folio)); folio_mark_uptodate(folio); folio_unlock(folio); -- 2.39.1

2 years, 8 months

3
3
0 0

[PATCH AUTOSEL 4.14 1/3] tracing: Add NULL checks for buffer in ring_buffer_free_read_page()

by Sasha Levin

From: Jia-Ju Bai <baijiaju1990(a)gmail.com> [ Upstream commit 3e4272b9954094907f16861199728f14002fcaf6 ] In a previous commit 7433632c9ff6, buffer, buffer->buffers and buffer->buffers[cpu] in ring_buffer_wake_waiters() can be NULL, and thus the related checks are added. However, in the same call stack, these variables are also used in ring_buffer_free_read_page(): tracing_buffers_release() ring_buffer_wake_waiters(iter->array_buffer->buffer) cpu_buffer = buffer->buffers[cpu] -> Add checks by previous commit ring_buffer_free_read_page(iter->array_buffer->buffer) cpu_buffer = buffer->buffers[cpu] -> No check Thus, to avod possible null-pointer derefernces, the related checks should be added. These results are reported by a static tool designed by myself. Link: https://lkml.kernel.org/r/20230113125501.760324-1-baijiaju1990@gmail.com Reported-by: TOTE Robot <oslab(a)tsinghua.edu.cn> Signed-off-by: Jia-Ju Bai <baijiaju1990(a)gmail.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/trace/ring_buffer.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c index 999dae39f12e5..a7808f8b6f56a 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -4554,11 +4554,16 @@ EXPORT_SYMBOL_GPL(ring_buffer_alloc_read_page); */ void ring_buffer_free_read_page(struct ring_buffer *buffer, int cpu, void *data) { - struct ring_buffer_per_cpu *cpu_buffer = buffer->buffers[cpu]; + struct ring_buffer_per_cpu *cpu_buffer; struct buffer_data_page *bpage = data; struct page *page = virt_to_page(bpage); unsigned long flags; + if (!buffer || !buffer->buffers || !buffer->buffers[cpu]) + return; + + cpu_buffer = buffer->buffers[cpu]; + /* If the page is still in use someplace else, we can't reuse it */ if (page_ref_count(page) > 1) goto out; -- 2.39.2

2 years, 8 months

2
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror