- Linux-stable-mirror - lists.linaro.org

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.10 release. There are 189 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 17 Jan 2025 10:34:58 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.10-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.10-rc1 Jakub Kicinski <kuba(a)kernel.org> netdev: prevent accessing NAPI instances from another namespace Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_icm42600: fix spi burst write not supported Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't touch sqd->thread off tw add Daniel Golle <daniel(a)makrotopia.org> drm/mediatek: Only touch DISP_REG_OVL_PITCH_MSB if AFBC is supported Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> xe/oa: Fix query mode of operation for OAR/OAC Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Add input fence dependencies Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa/uapi: Define and parse OA sync properties Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe/oa: Separate batch submission from waiting for completion guanjing <guanjing(a)cmss.chinamobile.com> firewall: remove misplaced semicolon from stm32_firewall_get_firewall Peter Geis <pgwipeout(a)gmail.com> arm64: dts: rockchip: add hevc power domain clock to rk3328 Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() Daniil Stas <daniil.stas(a)posteo.net> hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur Jie Gan <quic_jiegan(a)quicinc.com> arm64: dts: qcom: sa8775p: fix the secure device bootup issue Jesse Taube <Mr.Bossman075(a)gmail.com> ARM: dts: imxrt1050: Fix clocks for mmc Wei Fang <wei.fang(a)nxp.com> arm64: dts: imx95: correct the address length of netcmix_blk_ctrl Jens Axboe <axboe(a)kernel.dk> io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Disable all channels at probe time David Lechner <dlechner(a)baylibre.com> iio: adc: ad7173: fix using shared static info struct Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> iio: inkern: call iio_device_put() only on mapped devices Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> iio: adc: at91: call input_free_device() on allocated iio_dev Fabio Estevam <festevam(a)gmail.com> iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on Charles Han <hanchunchao(a)inspur.com> iio: adc: ti-ads1298: Add NULL check in ads1298_init Carlos Song <carlos.song(a)nxp.com> iio: gyro: fxas21002c: Fix missing data update in trigger handler Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: adc: ti-ads1119: fix sample size in scan struct for triggered buffer Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: adc: ti-ads1119: fix information leak in triggered buffer Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: adc: ti-ads8688: fix information leak in triggered buffer Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: adc: rockchip_saradc: fix information leak in triggered buffer Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: imu: kmx61: fix information leak in triggered buffer Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: bh1745: fix information leak in triggered buffer Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: light: vcnl4035: fix information leak in triggered buffer Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer Javier Carrasco <javier.carrasco.cruz(a)gmail.com> iio: pressure: zpa2326: fix information leak in triggered buffer GONG Ruiqi <gongruiqi1(a)huawei.com> usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() Xu Yang <xu.yang_2(a)nxp.com> usb: host: xhci-plat: set skip_phy_initialization if software node has XHCI_SKIP_PHY_INIT property Ingo Rohloff <ingo.rohloff(a)lauterbach.com> usb: gadget: configfs: Ignore trailing LF for user strings to cdev Akash M <akash.m5(a)samsung.com> usb: gadget: f_fs: Remove WARN_ON in functionfs_bind Dan Carpenter <dan.carpenter(a)linaro.org> usb: typec: tcpm/tcpci_maxim: fix error code in max_contaminant_read_resistance_kohm() Prashanth K <quic_prashk(a)quicinc.com> usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints Xu Yang <xu.yang_2(a)nxp.com> usb: typec: tcpci: fix NULL pointer issue on shared irq case Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() Takashi Iwai <tiwai(a)suse.de> usb: gadget: midi2: Reverse-select at the right place Ma Ke <make_ruc2021(a)163.com> usb: fix reference leak in usb_new_device() Kai-Heng Feng <kaihengf(a)nvidia.com> USB: core: Disable LPM only for non-suspended ports Jun Yan <jerrysteve1101(a)gmail.com> USB: usblp: return error when setting unsupported protocol Prashanth K <quic_prashk(a)quicinc.com> usb: dwc3-am62: Disable autosuspend during remove Rick Edgecombe <rick.p.edgecombe(a)intel.com> x86/fpu: Ensure shadow stack is active before "getting" registers Lianqin Hu <hulianqin(a)vivo.com> usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null Ben Wolsieffer <ben.wolsieffer(a)hefring.com> serial: stm32: use port lock wrappers for break control Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> tty: serial: 8250: Fix another runtime PM usage counter underflow Rengarajan S <rengarajan.s(a)microchip.com> misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set config Rengarajan S <rengarajan.s(a)microchip.com> misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling Li Huafei <lihuafei1(a)huawei.com> topology: Keep the cpumask unchanged when printing cpumap André Draszik <andre.draszik(a)linaro.org> usb: dwc3: gadget: fix writing NYET threshold Johan Hovold <johan(a)kernel.org> USB: serial: cp210x: add Phoenix Contact UPS Device Lubomir Rintel <lrintel(a)redhat.com> usb-storage: Add max sectors quirk for Nokia 208 Zicheng Qu <quzicheng(a)huawei.com> staging: iio: ad9832: Correct phase range check Zicheng Qu <quzicheng(a)huawei.com> staging: iio: ad9834: Correct phase range check Michal Hrusecky <michal.hrusecky(a)turris.com> USB: serial: option: add Neoway N723-EA support Chukun Pan <amadeus(a)jmu.edu.cn> USB: serial: option: add MeiG Smart SRM815 Pavel Begunkov <asml.silence(a)gmail.com> io_uring/sqpoll: zero sqd->thread on tctx errors Pavel Begunkov <asml.silence(a)gmail.com> io_uring/timeout: fix multishot updates Melissa Wen <mwen(a)igalia.com> drm/amd/display: increase MAX_SURFACES to the value supported by hw Melissa Wen <mwen(a)igalia.com> drm/amd/display: fix page fault due to max surface definition mismatch Melissa Wen <mwen(a)igalia.com> drm/amd/display: fix divide error in DM plane scale calcs Zhu Lingshan <lingshan.zhu(a)amd.com> drm/amdkfd: wq_release signals dma_fence only when available Jesse.zhang(a)amd.com <Jesse.zhang(a)amd.com> drm/amdkfd: fixed page fault when enable MES shader debugger Kun Liu <Kun.Liu2(a)amd.com> drm/amd/pm: fix BUG: scheduling while atomic Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> drm/amdgpu: Add a lock when accessing the buddy trim function Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] Binbin Zhou <zhoubinbin(a)loongson.cn> gpio: loongson: Fix Loongson-2K2000 ACPI GPIO register offset Nam Cao <namcao(a)linutronix.de> riscv: kprobes: Fix incorrect address calculation Nam Cao <namcao(a)linutronix.de> riscv: Fix sleeping in invalid context in die() Christian Brauner <brauner(a)kernel.org> fs: kill MNT_ONRB Meetakshi Setiya <msetiya(a)microsoft.com> smb: client: sync the root session and superblock context passwords before automounting Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> arm64: dts: qcom: sa8775p: Fix the size of 'addr_space' regions Qiang Yu <quic_qianyu(a)quicinc.com> arm64: dts: qcom: x1e80100: Fix up BAR space size for PCIe6a Andrea Righi <arighi(a)nvidia.com> sched_ext: idle: Refresh idle masks during idle-to-idle transitions Chen Ridong <chenridong(a)huawei.com> cgroup/cpuset: remove kernfs active break Honglei Wang <jameshongleiwang(a)126.com> sched_ext: switch class when preempted by higher priority scheduler Changwoo Min <changwoo(a)igalia.com> sched_ext: Replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> thermal: of: fix OF node leak in of_thermal_zone_find() Waiman Long <longman(a)redhat.com> cgroup/cpuset: Prevent leakage of isolated CPUs into sched domains Roman Li <Roman.Li(a)amd.com> drm/amd/display: Add check for granularity in dml ceil/floor helpers Alex Hung <alex.hung(a)amd.com> drm/amd/display: Remove unnecessary amdgpu_irq_get/put Chun-Kuang Hu <chunkuang.hu(a)kernel.org> Revert "drm/mediatek: dsi: Correct calculation formula of PHY Timing" Mikhail Zaslonko <zaslonko(a)linux.ibm.com> btrfs: zlib: fix avail_in bytes for s390 zlib HW compression path Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: Implement new SMB3 POSIX type Matthieu Baerts (NGI0) <matttbe(a)kernel.org> rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy Matthieu Baerts (NGI0) <matttbe(a)kernel.org> sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy Matthieu Baerts (NGI0) <matttbe(a)kernel.org> sctp: sysctl: udp_port: avoid using current->nsproxy Matthieu Baerts (NGI0) <matttbe(a)kernel.org> sctp: sysctl: auth_enable: avoid using current->nsproxy Matthieu Baerts (NGI0) <matttbe(a)kernel.org> sctp: sysctl: rto_min/max: avoid using current->nsproxy Matthieu Baerts (NGI0) <matttbe(a)kernel.org> sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sysctl: blackhole timeout: avoid using current->nsproxy Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sysctl: sched: avoid using current->nsproxy Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sysctl: avail sched: remove write access Milan Broz <gmazyland(a)gmail.com> dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) Mikulas Patocka <mpatocka(a)redhat.com> dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY Miklos Szeredi <mszeredi(a)redhat.com> fs: fix is_mnt_ns_file() Amir Goldstein <amir73il(a)gmail.com> fs: relax assertions on failure to encode file handles Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Fallback huge faults for unaligned pfn Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> scsi: ufs: qcom: Power off the PHY if it was already powered on in ufs_qcom_power_up_sequence() Krister Johansen <kjlx(a)templeofstupid.com> dm thin: make get_first_thin use rcu-safe list first function Atish Patra <atishp(a)rivosinc.com> drivers/perf: riscv: Return error for default case Atish Patra <atishp(a)rivosinc.com> drivers/perf: riscv: Fix Platform firmware event data David Howells <dhowells(a)redhat.com> netfs: Fix read-retry for fs with no ->prepare_read() David Howells <dhowells(a)redhat.com> netfs: Fix kernel async DIO Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix tlb invalidation when wedging Clément Léger <cleger(a)rivosinc.com> riscv: use local label names instead of global ones in assembly Clément Léger <cleger(a)rivosinc.com> riscv: stacktrace: fix backtracing through exceptions Xu Lu <luxu.kernel(a)bytedance.com> riscv: mm: Fix the out of bound issue of vmemmap address Javier Carrasco <javier.carrasco.cruz(a)gmail.com> cpuidle: riscv-sbi: fix device node release in early exit of for_each_possible_cpu Clément Léger <cleger(a)rivosinc.com> riscv: module: remove relocation_head rel_entry member allocation He Wang <xw897002528(a)gmail.com> ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked David E. Box <david.e.box(a)linux.intel.com> platform/x86: intel/pmc: Fix ioremap() of bad address Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it David Howells <dhowells(a)redhat.com> afs: Fix the maximum cell name length Wentao Liang <liangwentao(a)iscas.ac.cn> ksmbd: fix a missing return value check bug Liankun Yang <liankun.yang(a)mediatek.com> drm/mediatek: Add return value check when reading DPCD Koichiro Den <koichiro.den(a)canonical.com> gpio: virtuser: fix handling of multiple conn_ids in lookup table Koichiro Den <koichiro.den(a)canonical.com> gpio: virtuser: fix missing lookup table cleanups AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188 Liankun Yang <liankun.yang(a)mediatek.com> drm/mediatek: Fix mode valid issue for dp Liankun Yang <liankun.yang(a)mediatek.com> drm/mediatek: Fix YCbCr422 color format issue for DP Arnd Bergmann <arnd(a)arndb.de> drm/mediatek: stop selecting foreign drivers Jason-JH.Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Add support for 180-degree rotation in the display driver Jason-JH.Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Move mtk_crtc_finish_page_flip() to ddp_cmdq_cb() Guoqing Jiang <guoqing.jiang(a)canonical.com> drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err Chenguang Zhao <zhaochenguang(a)kylinos.cn> net/mlx5: Fix variable not being completed when function returns Dan Carpenter <dan.carpenter(a)linaro.org> rtase: Fix a check for error in rtase_alloc_msix() Parker Newman <pnewman(a)connecttech.com> net: stmmac: dwmac-tegra: Read iommu stream id from device tree Toke Høiland-Jørgensen <toke(a)redhat.com> sched: sch_cake: add bounds checks to host bulk flow fairness counts Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: conntrack: clamp maximum hashtable size to INT_MAX Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: imbalance in flowtable binding Leo Yang <leo.yang.sy0(a)gmail.com> mctp i3c: fix MCTP I3C driver multi-thread issue Jie Wang <wangjie125(a)huawei.com> net: hns3: fix kernel crash when 1588 is sent on HIP08 devices Hao Lan <lanhao(a)huawei.com> net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue Jian Shen <shenjian15(a)huawei.com> net: hns3: initialize reset_timer before hclgevf_misc_irq_init() Jian Shen <shenjian15(a)huawei.com> net: hns3: don't auto enable misc vector Hao Lan <lanhao(a)huawei.com> net: hns3: Resolved the issue that the debugfs query result is inconsistent. Hao Lan <lanhao(a)huawei.com> net: hns3: fix missing features due to dev->features configuration too early Hao Lan <lanhao(a)huawei.com> net: hns3: fixed reset failure issues caused by the incorrect reset type Daniel Borkmann <daniel(a)iogearbox.net> tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset Chris Lu <chris.lu(a)mediatek.com> Bluetooth: btmtk: Fix failed to send func ctrl for MediaTek devices. Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Fix driver sending truncated data Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix Add Device to responding before completing Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix not setting Random Address when required Jakub Kicinski <kuba(a)kernel.org> eth: gve: use appropriate helper to set xdp_features Kuniyuki Iwashima <kuniyu(a)amazon.com> ipvlan: Fix use-after-free in ipvlan_get_iflink(). Benjamin Coddington <bcodding(a)redhat.com> tls: Fix tls_sw_sendmsg error handling En-Wei Wu <en-wei.wu(a)canonical.com> igc: return early when failing to read EECD register Przemyslaw Korba <przemyslaw.korba(a)intel.com> ice: fix incorrect PHY settings for 100 GB/s Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> ice: fix max values for dpll pin phase adjust Jakub Kicinski <kuba(a)kernel.org> net: don't dump Tx and uninitialized NAPIs Anumula Murali Mohan Reddy <anumula(a)chelsio.com> cxgb4: Avoid removal of uninserted tid Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix DIM shutdown Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> bnxt_en: Fix possible memory leak when hwrm_req_replace fails Shannon Nelson <shannon.nelson(a)amd.com> pds_core: limit loop over fw name list Qu Wenruo <wqu(a)suse.com> btrfs: avoid NULL pointer dereference if no valid extent tree Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: fix firmware mailbox abnormal return Eric Dumazet <edumazet(a)google.com> net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute Zhongqiu Duan <dzq.aishenghu0(a)gmail.com> tcp/dccp: allow a connection when sk_max_ack_backlog is zero Antonio Pastor <antonio.pastor(a)gmail.com> net: 802: LLC+SNAP OID:PID lookup on start of skb data Keisuke Nishimura <keisuke.nishimura(a)inria.fr> ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() Li Zhijian <lizhijian(a)fujitsu.com> selftests/alsa: Fix circular dependency involving global-timer Chen-Yu Tsai <wenst(a)chromium.org> ASoC: mediatek: disable buffer pre-allocation Shuming Fan <shumingf(a)realtek.com> ASoC: rt722: add delay time to wait for the calibration procedure Amir Goldstein <amir73il(a)gmail.com> ovl: support encoding fid from inode with no alias Amir Goldstein <amir73il(a)gmail.com> ovl: pass realinode to ovl_encode_real_fh() instead of realdentry Amir Goldstein <amir73il(a)gmail.com> fuse: respect FOPEN_KEEP_CACHE on opendir Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix the infinite loop in __exfat_free_cluster() Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix the new buffer was not zeroed before writing Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix the infinite loop in exfat_readdir() David Howells <dhowells(a)redhat.com> netfs: Fix is-caching check in read-retry David Howells <dhowells(a)redhat.com> netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled David Howells <dhowells(a)redhat.com> netfs: Fix ceph copy to cache on write-begin David Howells <dhowells(a)redhat.com> netfs: Fix missing barriers by using clear_and_wake_up_bit() David Howells <dhowells(a)redhat.com> nfs: Fix oops in nfs_netfs_init_request() when copying to cache David Howells <dhowells(a)redhat.com> netfs: Fix enomem handling in buffered reads Ming-Hung Tsai <mtsai(a)redhat.com> dm array: fix cursor index when skipping across block boundaries Ming-Hung Tsai <mtsai(a)redhat.com> dm array: fix unreleased btree blocks on closing a faulty array cursor Ming-Hung Tsai <mtsai(a)redhat.com> dm array: fix releasing a faulty array block twice in dm_array_cursor_end Long Li <leo.lilong(a)huawei.com> iomap: fix zero padding data issue in concurrent append writes Long Li <leo.lilong(a)huawei.com> iomap: pass byte granular end position to iomap_add_to_ioend Pankaj Raghav <p.raghav(a)samsung.com> fs/writeback: convert wbc_account_cgroup_owner to take a folio Zhang Yi <yi.zhang(a)huawei.com> jbd2: flush filesystem device before updating tail sequence Zhang Yi <yi.zhang(a)huawei.com> jbd2: increase IO priority for writing revoke records ------------- Diffstat: Documentation/admin-guide/cgroup-v2.rst | 2 +- Makefile | 4 +- arch/arm/boot/dts/nxp/imx/imxrt1050.dtsi | 2 +- arch/arm64/boot/dts/freescale/imx95.dtsi | 2 +- arch/arm64/boot/dts/qcom/sa8775p.dtsi | 5 +- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +- arch/arm64/boot/dts/rockchip/rk3328.dtsi | 1 + arch/riscv/include/asm/page.h | 1 + arch/riscv/include/asm/pgtable.h | 2 +- arch/riscv/include/asm/sbi.h | 1 + arch/riscv/kernel/entry.S | 21 +- arch/riscv/kernel/module.c | 18 +- arch/riscv/kernel/probes/kprobes.c | 2 +- arch/riscv/kernel/stacktrace.c | 4 +- arch/riscv/kernel/traps.c | 6 +- arch/riscv/mm/init.c | 17 +- arch/x86/kernel/fpu/regset.c | 3 +- block/bfq-iosched.c | 12 +- drivers/acpi/resource.c | 18 ++ drivers/base/topology.c | 24 +- drivers/bluetooth/btmtk.c | 7 + drivers/bluetooth/btnxpuart.c | 1 + drivers/cpuidle/cpuidle-riscv-sbi.c | 4 +- drivers/gpio/gpio-loongson-64bit.c | 6 +- drivers/gpio/gpio-virtuser.c | 44 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_debug.c | 17 ++ drivers/gpu/drm/amd/amdkfd/kfd_process.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 35 +-- drivers/gpu/drm/amd/display/dc/core/dc.c | 2 +- drivers/gpu/drm/amd/display/dc/core/dc_state.c | 8 +- drivers/gpu/drm/amd/display/dc/dc.h | 4 +- drivers/gpu/drm/amd/display/dc/dc_stream.h | 2 +- drivers/gpu/drm/amd/display/dc/dc_types.h | 1 - .../gpu/drm/amd/display/dc/dml/dml_inline_defs.h | 8 + .../drm/amd/display/dc/dml2/dml2_mall_phantom.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h | 2 + drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 12 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 1 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 1 + drivers/gpu/drm/mediatek/Kconfig | 5 - drivers/gpu/drm/mediatek/mtk_crtc.c | 25 +- drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 69 +++--- drivers/gpu/drm/mediatek/mtk_dp.c | 46 ++-- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 2 + drivers/gpu/drm/mediatek/mtk_dsi.c | 49 ++-- drivers/gpu/drm/xe/xe_gt.c | 8 +- drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 4 +- drivers/gpu/drm/xe/xe_gt_tlb_invalidation.h | 3 +- drivers/gpu/drm/xe/xe_oa.c | 265 ++++++++++++++------- drivers/gpu/drm/xe/xe_oa_types.h | 6 + drivers/gpu/drm/xe/xe_query.c | 2 +- drivers/gpu/drm/xe/xe_ring_ops.c | 5 +- drivers/gpu/drm/xe/xe_sched_job_types.h | 2 + drivers/hwmon/drivetemp.c | 8 +- drivers/iio/adc/ad7124.c | 3 + drivers/iio/adc/ad7173.c | 10 +- drivers/iio/adc/at91_adc.c | 2 +- drivers/iio/adc/rockchip_saradc.c | 2 + drivers/iio/adc/ti-ads1119.c | 4 +- drivers/iio/adc/ti-ads124s08.c | 4 +- drivers/iio/adc/ti-ads1298.c | 2 + drivers/iio/adc/ti-ads8688.c | 2 +- drivers/iio/dummy/iio_simple_dummy_buffer.c | 2 +- drivers/iio/gyro/fxas21002c_core.c | 11 +- drivers/iio/imu/inv_icm42600/inv_icm42600.h | 1 + drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 22 +- drivers/iio/imu/inv_icm42600/inv_icm42600_spi.c | 3 +- drivers/iio/imu/kmx61.c | 2 +- drivers/iio/inkern.c | 2 +- drivers/iio/light/bh1745.c | 2 + drivers/iio/light/vcnl4035.c | 2 +- drivers/iio/pressure/zpa2326.c | 2 + drivers/md/dm-ebs-target.c | 2 +- drivers/md/dm-thin.c | 5 +- drivers/md/dm-verity-fec.c | 40 ++-- drivers/md/persistent-data/dm-array.c | 19 +- drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c | 4 +- drivers/net/ethernet/amd/pds_core/devlink.c | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 38 ++- drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 3 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 5 +- drivers/net/ethernet/google/gve/gve_main.c | 14 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 3 - drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 96 +++----- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 1 - .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 45 +++- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 3 + .../ethernet/hisilicon/hns3/hns3pf/hclge_regs.c | 9 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 41 +++- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_regs.c | 9 +- drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 2 + drivers/net/ethernet/intel/ice/ice_dpll.c | 35 ++- drivers/net/ethernet/intel/ice/ice_ptp_consts.h | 4 +- drivers/net/ethernet/intel/igc/igc_base.c | 6 + drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 1 + drivers/net/ethernet/realtek/rtase/rtase_main.c | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac-tegra.c | 14 +- drivers/net/ethernet/wangxun/libwx/wx_hw.c | 24 +- drivers/net/ieee802154/ca8210.c | 6 +- drivers/net/mctp/mctp-i3c.c | 4 + drivers/perf/riscv_pmu_sbi.c | 17 +- drivers/platform/x86/amd/pmc/pmc.c | 8 +- drivers/platform/x86/intel/pmc/core_ssram.c | 4 + drivers/staging/iio/frequency/ad9832.c | 2 +- drivers/staging/iio/frequency/ad9834.c | 2 +- drivers/thermal/thermal_of.c | 1 + drivers/tty/serial/8250/8250_core.c | 3 + drivers/tty/serial/stm32-usart.c | 4 +- drivers/ufs/core/ufshcd-priv.h | 6 - drivers/ufs/core/ufshcd.c | 1 - drivers/ufs/host/ufs-qcom.c | 13 +- drivers/usb/chipidea/ci_hdrc_imx.c | 25 +- drivers/usb/class/usblp.c | 7 +- drivers/usb/core/hub.c | 6 +- drivers/usb/core/port.c | 7 +- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/dwc3-am62.c | 1 + drivers/usb/dwc3/gadget.c | 4 +- drivers/usb/gadget/Kconfig | 4 +- drivers/usb/gadget/configfs.c | 6 +- drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/gadget/function/f_uac2.c | 1 + drivers/usb/gadget/function/u_serial.c | 8 +- drivers/usb/host/xhci-plat.c | 3 +- drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/option.c | 4 +- drivers/usb/storage/unusual_devs.h | 7 + drivers/usb/typec/tcpm/maxim_contaminant.c | 4 +- drivers/usb/typec/tcpm/tcpci.c | 25 +- drivers/usb/typec/ucsi/ucsi_ccg.c | 4 +- drivers/vfio/pci/vfio_pci_core.c | 17 +- fs/afs/afs.h | 2 +- fs/afs/afs_vl.h | 1 + fs/afs/vl_alias.c | 8 +- fs/afs/vlclient.c | 2 +- fs/btrfs/extent_io.c | 7 +- fs/btrfs/inode.c | 2 +- fs/btrfs/scrub.c | 4 + fs/btrfs/zlib.c | 4 +- fs/buffer.c | 4 +- fs/exfat/dir.c | 3 +- fs/exfat/fatent.c | 10 + fs/exfat/file.c | 6 + fs/ext4/page-io.c | 2 +- fs/f2fs/data.c | 9 +- fs/fs-writeback.c | 8 +- fs/fuse/dir.c | 2 + fs/iomap/buffered-io.c | 68 +++++- fs/jbd2/commit.c | 4 +- fs/jbd2/revoke.c | 2 +- fs/mount.h | 15 +- fs/mpage.c | 2 +- fs/namespace.c | 24 +- fs/netfs/buffered_read.c | 28 ++- fs/netfs/direct_write.c | 7 +- fs/netfs/read_collect.c | 9 +- fs/netfs/read_pgpriv2.c | 4 + fs/netfs/read_retry.c | 5 +- fs/netfs/write_collect.c | 9 +- fs/nfs/fscache.c | 9 +- fs/notify/fdinfo.c | 4 +- fs/overlayfs/copy_up.c | 16 +- fs/overlayfs/export.c | 49 ++-- fs/overlayfs/namei.c | 4 +- fs/overlayfs/overlayfs.h | 2 +- fs/smb/client/namespace.c | 19 +- fs/smb/server/smb2pdu.c | 43 ++++ fs/smb/server/smb2pdu.h | 10 + fs/smb/server/vfs.c | 3 +- include/linux/bus/stm32_firewall_device.h | 2 +- include/linux/iomap.h | 2 +- include/linux/mount.h | 3 +- include/linux/netfs.h | 1 - include/linux/writeback.h | 4 +- include/net/inet_connection_sock.h | 2 +- include/uapi/drm/xe_drm.h | 17 ++ include/ufs/ufshcd.h | 2 - io_uring/eventfd.c | 2 +- io_uring/io_uring.c | 5 +- io_uring/sqpoll.c | 6 +- io_uring/timeout.c | 4 +- kernel/cgroup/cpuset.c | 35 +-- kernel/sched/ext.c | 76 ++++-- kernel/sched/ext.h | 8 +- kernel/sched/idle.c | 5 +- net/802/psnap.c | 4 +- net/bluetooth/hci_sync.c | 11 +- net/bluetooth/mgmt.c | 38 ++- net/bluetooth/rfcomm/tty.c | 4 +- net/core/dev.c | 43 +++- net/core/dev.h | 3 +- net/core/link_watch.c | 10 +- net/core/netdev-genl.c | 9 +- net/ipv4/tcp_ipv4.c | 2 +- net/mptcp/ctrl.c | 17 +- net/netfilter/nf_conntrack_core.c | 5 +- net/netfilter/nf_tables_api.c | 15 +- net/rds/tcp.c | 39 ++- net/sched/cls_flow.c | 3 +- net/sched/sch_cake.c | 140 ++++++----- net/sctp/sysctl.c | 14 +- net/tls/tls_sw.c | 2 +- sound/soc/codecs/rt722-sdca.c | 7 +- .../soc/mediatek/common/mtk-afe-platform-driver.c | 4 +- tools/testing/selftests/alsa/Makefile | 2 +- tools/testing/selftests/cgroup/test_cpuset_prs.sh | 33 +-- 207 files changed, 1626 insertions(+), 884 deletions(-)

1 week, 6 days

13
202
0 0

[PATCH 0/4] soc: qcom: ice: fix dev reference leaked through of_qcom_ice_get

by Tudor Ambarus

Hi! I was recently pointed to this driver for an example on how consumers can get a pointer to the supplier's driver data and I noticed a leak. Callers of of_qcom_ice_get() leak the device reference taken by of_find_device_by_node(). Introduce devm variant for of_qcom_ice_get() to spare consumers of an extra call to put the dev reference. This set touches mmc and scsi subsystems. Since the fix is trivial for them, I'd suggest taking everything through the SoC tree with Acked-by tags if people consider this useful. Thanks! Signed-off-by: Tudor Ambarus <tudor.ambarus(a)linaro.org> --- Tudor Ambarus (4): soc: qcom: ice: introduce devm_of_qcom_ice_get mmc: sdhci-msm: fix dev reference leaked through of_qcom_ice_get scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get soc: qcom: ice: make of_qcom_ice_get() static drivers/mmc/host/sdhci-msm.c | 2 +- drivers/soc/qcom/ice.c | 37 +++++++++++++++++++++++++++++++++++-- drivers/ufs/host/ufs-qcom.c | 2 +- include/soc/qcom/ice.h | 3 ++- 4 files changed, 39 insertions(+), 5 deletions(-) --- base-commit: b323d8e7bc03d27dec646bfdccb7d1a92411f189 change-id: 20250110-qcom-ice-fix-dev-leak-bbff59a964fb Best regards, -- Tudor Ambarus <tudor.ambarus(a)linaro.org>

2 weeks

3
5
0 0

FAILED: patch "[PATCH] xe/oa: Fix query mode of operation for OAR/OAC" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x f0ed39830e6064d62f9c5393505677a26569bb56 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025010650-tuesday-motivate-5cbb@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f0ed39830e6064d62f9c5393505677a26569bb56 Mon Sep 17 00:00:00 2001 From: Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> Date: Fri, 20 Dec 2024 09:19:18 -0800 Subject: [PATCH] xe/oa: Fix query mode of operation for OAR/OAC MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is a set of squashed commits to facilitate smooth applying to stable. Each commit message is retained for reference. 1) Allow a GGTT mapped batch to be submitted to user exec queue For a OA use case, one of the HW registers needs to be modified by submitting an MI_LOAD_REGISTER_IMM command to the users exec queue, so that the register is modified in the user's hardware context. In order to do this a batch that is mapped in GGTT, needs to be submitted to the user exec queue. Since all user submissions use q->vm and hence PPGTT, add some plumbing to enable submission of batches mapped in GGTT. v2: ggtt is zero-initialized, so no need to set it false (Matt Brost) 2) xe/oa: Use MI_LOAD_REGISTER_IMMEDIATE to enable OAR/OAC To enable OAR/OAC, a bit in RING_CONTEXT_CONTROL needs to be set. Setting this bit cause the context image size to change and if not done correct, can cause undesired hangs. Current code uses a separate exec_queue to modify this bit and is error-prone. As per HW recommendation, submit MI_LOAD_REGISTER_IMM to the target hardware context to modify the relevant bit. In v2 version, an attempt to submit everything to the user-queue was made, but it failed the unprivileged-single-ctx-counters test. It appears that the OACTXCONTROL must be modified from a remote context. In v3 version, all context specific register configurations were moved to use LOAD_REGISTER_IMMEDIATE and that seems to work well. This is a cleaner way, since we can now submit all configuration to user exec_queue and the fence handling is simplified. v2: (Matt) - set job->ggtt to true if create job is successful - unlock vm on job error (Ashutosh) - don't wait on job submission - use kernel exec queue where possible v3: (Ashutosh) - Fix checkpatch issues - Remove extra spaces/new-lines - Add Fixes: and Cc: tags - Reset context control bit when OA stream is closed - Submit all config via MI_LOAD_REGISTER_IMMEDIATE (Umesh) - Update commit message for v3 experiment - Squash patches for easier port to stable v4: (Ashutosh) - No need to pass q to xe_oa_submit_bb - Do not support exec queues with width > 1 - Fix disabling of CTX_CTRL_OAC_CONTEXT_ENABLE v5: (Ashutosh) - Drop reg_lri related comments - Use XE_OA_SUBMIT_NO_DEPS in xe_oa_load_with_lri Fixes: 8135f1c09dd2 ("drm/xe/oa: Don't reset OAC_CONTEXT_ENABLE on OA stream close") Signed-off-by: Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> # commit 1 Reviewed-by: Ashutosh Dixit <ashutosh.dixit(a)intel.com> Cc: stable(a)vger.kernel.org Reviewed-by: Jonathan Cavitt <jonathan.cavitt(a)intel.com> Signed-off-by: Ashutosh Dixit <ashutosh.dixit(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20241220171919.571528-2-umesh… (cherry picked from commit 55039832f98c7e05f1cf9e0d8c12b2490abd0f16) Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> diff --git a/drivers/gpu/drm/xe/xe_oa.c b/drivers/gpu/drm/xe/xe_oa.c index 8dd55798ab31..5cc0f6f9bc11 100644 --- a/drivers/gpu/drm/xe/xe_oa.c +++ b/drivers/gpu/drm/xe/xe_oa.c @@ -74,12 +74,6 @@ struct xe_oa_config { struct rcu_head rcu; }; -struct flex { - struct xe_reg reg; - u32 offset; - u32 value; -}; - struct xe_oa_open_param { struct xe_file *xef; u32 oa_unit_id; @@ -596,19 +590,38 @@ static __poll_t xe_oa_poll(struct file *file, poll_table *wait) return ret; } +static void xe_oa_lock_vma(struct xe_exec_queue *q) +{ + if (q->vm) { + down_read(&q->vm->lock); + xe_vm_lock(q->vm, false); + } +} + +static void xe_oa_unlock_vma(struct xe_exec_queue *q) +{ + if (q->vm) { + xe_vm_unlock(q->vm); + up_read(&q->vm->lock); + } +} + static struct dma_fence *xe_oa_submit_bb(struct xe_oa_stream *stream, enum xe_oa_submit_deps deps, struct xe_bb *bb) { + struct xe_exec_queue *q = stream->exec_q ?: stream->k_exec_q; struct xe_sched_job *job; struct dma_fence *fence; int err = 0; - /* Kernel configuration is issued on stream->k_exec_q, not stream->exec_q */ - job = xe_bb_create_job(stream->k_exec_q, bb); + xe_oa_lock_vma(q); + + job = xe_bb_create_job(q, bb); if (IS_ERR(job)) { err = PTR_ERR(job); goto exit; } + job->ggtt = true; if (deps == XE_OA_SUBMIT_ADD_DEPS) { for (int i = 0; i < stream->num_syncs && !err; i++) @@ -623,10 +636,13 @@ static struct dma_fence *xe_oa_submit_bb(struct xe_oa_stream *stream, enum xe_oa fence = dma_fence_get(&job->drm.s_fence->finished); xe_sched_job_push(job); + xe_oa_unlock_vma(q); + return fence; err_put_job: xe_sched_job_put(job); exit: + xe_oa_unlock_vma(q); return ERR_PTR(err); } @@ -675,63 +691,19 @@ static void xe_oa_free_configs(struct xe_oa_stream *stream) dma_fence_put(stream->last_fence); } -static void xe_oa_store_flex(struct xe_oa_stream *stream, struct xe_lrc *lrc, - struct xe_bb *bb, const struct flex *flex, u32 count) -{ - u32 offset = xe_bo_ggtt_addr(lrc->bo); - - do { - bb->cs[bb->len++] = MI_STORE_DATA_IMM | MI_SDI_GGTT | MI_SDI_NUM_DW(1); - bb->cs[bb->len++] = offset + flex->offset * sizeof(u32); - bb->cs[bb->len++] = 0; - bb->cs[bb->len++] = flex->value; - - } while (flex++, --count); -} - -static int xe_oa_modify_ctx_image(struct xe_oa_stream *stream, struct xe_lrc *lrc, - const struct flex *flex, u32 count) +static int xe_oa_load_with_lri(struct xe_oa_stream *stream, struct xe_oa_reg *reg_lri, u32 count) { struct dma_fence *fence; struct xe_bb *bb; int err; - bb = xe_bb_new(stream->gt, 4 * count, false); + bb = xe_bb_new(stream->gt, 2 * count + 1, false); if (IS_ERR(bb)) { err = PTR_ERR(bb); goto exit; } - xe_oa_store_flex(stream, lrc, bb, flex, count); - - fence = xe_oa_submit_bb(stream, XE_OA_SUBMIT_NO_DEPS, bb); - if (IS_ERR(fence)) { - err = PTR_ERR(fence); - goto free_bb; - } - xe_bb_free(bb, fence); - dma_fence_put(fence); - - return 0; -free_bb: - xe_bb_free(bb, NULL); -exit: - return err; -} - -static int xe_oa_load_with_lri(struct xe_oa_stream *stream, struct xe_oa_reg *reg_lri) -{ - struct dma_fence *fence; - struct xe_bb *bb; - int err; - - bb = xe_bb_new(stream->gt, 3, false); - if (IS_ERR(bb)) { - err = PTR_ERR(bb); - goto exit; - } - - write_cs_mi_lri(bb, reg_lri, 1); + write_cs_mi_lri(bb, reg_lri, count); fence = xe_oa_submit_bb(stream, XE_OA_SUBMIT_NO_DEPS, bb); if (IS_ERR(fence)) { @@ -751,71 +723,55 @@ static int xe_oa_load_with_lri(struct xe_oa_stream *stream, struct xe_oa_reg *re static int xe_oa_configure_oar_context(struct xe_oa_stream *stream, bool enable) { const struct xe_oa_format *format = stream->oa_buffer.format; - struct xe_lrc *lrc = stream->exec_q->lrc[0]; - u32 regs_offset = xe_lrc_regs_offset(lrc) / sizeof(u32); u32 oacontrol = __format_to_oactrl(format, OAR_OACONTROL_COUNTER_SEL_MASK) | (enable ? OAR_OACONTROL_COUNTER_ENABLE : 0); - struct flex regs_context[] = { + struct xe_oa_reg reg_lri[] = { { OACTXCONTROL(stream->hwe->mmio_base), - stream->oa->ctx_oactxctrl_offset[stream->hwe->class] + 1, enable ? OA_COUNTER_RESUME : 0, }, + { + OAR_OACONTROL, + oacontrol, + }, { RING_CONTEXT_CONTROL(stream->hwe->mmio_base), - regs_offset + CTX_CONTEXT_CONTROL, - _MASKED_BIT_ENABLE(CTX_CTRL_OAC_CONTEXT_ENABLE), + _MASKED_FIELD(CTX_CTRL_OAC_CONTEXT_ENABLE, + enable ? CTX_CTRL_OAC_CONTEXT_ENABLE : 0) }, }; - struct xe_oa_reg reg_lri = { OAR_OACONTROL, oacontrol }; - int err; - /* Modify stream hwe context image with regs_context */ - err = xe_oa_modify_ctx_image(stream, stream->exec_q->lrc[0], - regs_context, ARRAY_SIZE(regs_context)); - if (err) - return err; - - /* Apply reg_lri using LRI */ - return xe_oa_load_with_lri(stream, &reg_lri); + return xe_oa_load_with_lri(stream, reg_lri, ARRAY_SIZE(reg_lri)); } static int xe_oa_configure_oac_context(struct xe_oa_stream *stream, bool enable) { const struct xe_oa_format *format = stream->oa_buffer.format; - struct xe_lrc *lrc = stream->exec_q->lrc[0]; - u32 regs_offset = xe_lrc_regs_offset(lrc) / sizeof(u32); u32 oacontrol = __format_to_oactrl(format, OAR_OACONTROL_COUNTER_SEL_MASK) | (enable ? OAR_OACONTROL_COUNTER_ENABLE : 0); - struct flex regs_context[] = { + struct xe_oa_reg reg_lri[] = { { OACTXCONTROL(stream->hwe->mmio_base), - stream->oa->ctx_oactxctrl_offset[stream->hwe->class] + 1, enable ? OA_COUNTER_RESUME : 0, }, + { + OAC_OACONTROL, + oacontrol + }, { RING_CONTEXT_CONTROL(stream->hwe->mmio_base), - regs_offset + CTX_CONTEXT_CONTROL, - _MASKED_BIT_ENABLE(CTX_CTRL_OAC_CONTEXT_ENABLE) | + _MASKED_FIELD(CTX_CTRL_OAC_CONTEXT_ENABLE, + enable ? CTX_CTRL_OAC_CONTEXT_ENABLE : 0) | _MASKED_FIELD(CTX_CTRL_RUN_ALONE, enable ? CTX_CTRL_RUN_ALONE : 0), }, }; - struct xe_oa_reg reg_lri = { OAC_OACONTROL, oacontrol }; - int err; /* Set ccs select to enable programming of OAC_OACONTROL */ xe_mmio_write32(&stream->gt->mmio, __oa_regs(stream)->oa_ctrl, __oa_ccs_select(stream)); - /* Modify stream hwe context image with regs_context */ - err = xe_oa_modify_ctx_image(stream, stream->exec_q->lrc[0], - regs_context, ARRAY_SIZE(regs_context)); - if (err) - return err; - - /* Apply reg_lri using LRI */ - return xe_oa_load_with_lri(stream, &reg_lri); + return xe_oa_load_with_lri(stream, reg_lri, ARRAY_SIZE(reg_lri)); } static int xe_oa_configure_oa_context(struct xe_oa_stream *stream, bool enable) @@ -2066,8 +2022,8 @@ int xe_oa_stream_open_ioctl(struct drm_device *dev, u64 data, struct drm_file *f if (XE_IOCTL_DBG(oa->xe, !param.exec_q)) return -ENOENT; - if (param.exec_q->width > 1) - drm_dbg(&oa->xe->drm, "exec_q->width > 1, programming only exec_q->lrc[0]\n"); + if (XE_IOCTL_DBG(oa->xe, param.exec_q->width > 1)) + return -EOPNOTSUPP; } /* diff --git a/drivers/gpu/drm/xe/xe_ring_ops.c b/drivers/gpu/drm/xe/xe_ring_ops.c index 0be4f489d3e1..9f327f27c072 100644 --- a/drivers/gpu/drm/xe/xe_ring_ops.c +++ b/drivers/gpu/drm/xe/xe_ring_ops.c @@ -221,7 +221,10 @@ static int emit_pipe_imm_ggtt(u32 addr, u32 value, bool stall_only, u32 *dw, static u32 get_ppgtt_flag(struct xe_sched_job *job) { - return job->q->vm ? BIT(8) : 0; + if (job->q->vm && !job->ggtt) + return BIT(8); + + return 0; } static int emit_copy_timestamp(struct xe_lrc *lrc, u32 *dw, int i) diff --git a/drivers/gpu/drm/xe/xe_sched_job_types.h b/drivers/gpu/drm/xe/xe_sched_job_types.h index f13f333f00be..d942b20a9f29 100644 --- a/drivers/gpu/drm/xe/xe_sched_job_types.h +++ b/drivers/gpu/drm/xe/xe_sched_job_types.h @@ -56,6 +56,8 @@ struct xe_sched_job { u32 migrate_flush_flags; /** @ring_ops_flush_tlb: The ring ops need to flush TLB before payload. */ bool ring_ops_flush_tlb; + /** @ggtt: mapped in ggtt. */ + bool ggtt; /** @ptrs: per instance pointers. */ struct xe_job_ptrs ptrs[]; };

2 weeks

9
33
0 0

[PATCH v1] usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS

by Kyle Tso

The Source can drop its output voltage to the minimum of the requested PPS APDO voltage range when it is in Current Limit Mode. If this voltage falls within the range of vPpsShutdown, the Source initiates a Hard Reset and discharges Vbus. However, currently the Sink may disconnect before the voltage reaches vPpsShutdown, leading to unexpected behavior. Prevent premature disconnection by setting the Sink's disconnect threshold to the minimum vPpsShutdown value. Additionally, consider the voltage drop due to IR drop when calculating the appropriate threshold. This ensures a robust and reliable interaction between the Source and Sink during SPR PPS Current Limit Mode operation. Fixes: 4288debeaa4e ("usb: typec: tcpci: Fix up sink disconnect thresholds for PD") Cc: stable(a)vger.kernel.org Signed-off-by: Kyle Tso <kyletso(a)google.com> --- drivers/usb/typec/tcpm/tcpci.c | 13 +++++++++---- drivers/usb/typec/tcpm/tcpm.c | 8 +++++--- include/linux/usb/tcpm.h | 3 ++- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpci.c b/drivers/usb/typec/tcpm/tcpci.c index 48762508cc86..19ab6647af70 100644 --- a/drivers/usb/typec/tcpm/tcpci.c +++ b/drivers/usb/typec/tcpm/tcpci.c @@ -27,6 +27,7 @@ #define VPPS_NEW_MIN_PERCENT 95 #define VPPS_VALID_MIN_MV 100 #define VSINKDISCONNECT_PD_MIN_PERCENT 90 +#define VPPS_SHUTDOWN_MIN_PERCENT 85 struct tcpci { struct device *dev; @@ -366,7 +367,8 @@ static int tcpci_enable_auto_vbus_discharge(struct tcpc_dev *dev, bool enable) } static int tcpci_set_auto_vbus_discharge_threshold(struct tcpc_dev *dev, enum typec_pwr_opmode mode, - bool pps_active, u32 requested_vbus_voltage_mv) + bool pps_active, u32 requested_vbus_voltage_mv, + u32 apdo_min_voltage_mv) { struct tcpci *tcpci = tcpc_to_tcpci(dev); unsigned int pwr_ctrl, threshold = 0; @@ -388,9 +390,12 @@ static int tcpci_set_auto_vbus_discharge_threshold(struct tcpc_dev *dev, enum ty threshold = AUTO_DISCHARGE_DEFAULT_THRESHOLD_MV; } else if (mode == TYPEC_PWR_MODE_PD) { if (pps_active) - threshold = ((VPPS_NEW_MIN_PERCENT * requested_vbus_voltage_mv / 100) - - VSINKPD_MIN_IR_DROP_MV - VPPS_VALID_MIN_MV) * - VSINKDISCONNECT_PD_MIN_PERCENT / 100; + /* + * To prevent disconnect when the source is in Current Limit Mode. + * Set the threshold to the lowest possible voltage vPpsShutdown (min) + */ + threshold = VPPS_SHUTDOWN_MIN_PERCENT * apdo_min_voltage_mv / 100 - + VSINKPD_MIN_IR_DROP_MV; else threshold = ((VSRC_NEW_MIN_PERCENT * requested_vbus_voltage_mv / 100) - VSINKPD_MIN_IR_DROP_MV - VSRC_VALID_MIN_MV) * diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 460dbde9fe22..e4b85a09c3ae 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -2973,10 +2973,12 @@ static int tcpm_set_auto_vbus_discharge_threshold(struct tcpm_port *port, return 0; ret = port->tcpc->set_auto_vbus_discharge_threshold(port->tcpc, mode, pps_active, - requested_vbus_voltage); + requested_vbus_voltage, + port->pps_data.min_volt); tcpm_log_force(port, - "set_auto_vbus_discharge_threshold mode:%d pps_active:%c vbus:%u ret:%d", - mode, pps_active ? 'y' : 'n', requested_vbus_voltage, ret); + "set_auto_vbus_discharge_threshold mode:%d pps_active:%c vbus:%u pps_apdo_min_volt:%u ret:%d", + mode, pps_active ? 'y' : 'n', requested_vbus_voltage, + port->pps_data.min_volt, ret); return ret; } diff --git a/include/linux/usb/tcpm.h b/include/linux/usb/tcpm.h index 061da9546a81..b22e659f81ba 100644 --- a/include/linux/usb/tcpm.h +++ b/include/linux/usb/tcpm.h @@ -163,7 +163,8 @@ struct tcpc_dev { void (*frs_sourcing_vbus)(struct tcpc_dev *dev); int (*enable_auto_vbus_discharge)(struct tcpc_dev *dev, bool enable); int (*set_auto_vbus_discharge_threshold)(struct tcpc_dev *dev, enum typec_pwr_opmode mode, - bool pps_active, u32 requested_vbus_voltage); + bool pps_active, u32 requested_vbus_voltage, + u32 pps_apdo_min_voltage); bool (*is_vbus_vsafe0v)(struct tcpc_dev *dev); void (*set_partner_usb_comm_capable)(struct tcpc_dev *dev, bool enable); void (*check_contaminant)(struct tcpc_dev *dev); -- 2.47.1.688.g23fc6f90ad-goog

2 weeks

4
4
0 0

[REGRESSION] Distorted sound on Acer Aspire A115-31 laptop

by Evgeny Kapun

I am using an Acer Aspire A115-31 laptop. When running newer kernel versions, sound played through headphones is distorted, but when running older versions, it is not. Kernel version: Linux version 6.12.5 (user@hostname) (gcc (Debian 14.2.0-8) 14.2.0, GNU ld (GNU Binutils for Debian) 2.43.50.20241210) #1 SMP PREEMPT_DYNAMIC Sun Dec 15 05:09:16 IST 2024 Operating System: Debian GNU/Linux trixie/sid No special actions are needed to reproduce the issue. The sound is distorted all the time, and it doesn't depend on anything besides using an affected kernel version. It seems to be caused by commit 34ab5bbc6e82214d7f7393eba26d164b303ebb4e (ALSA: hda/realtek - Add Headset Mic supported Acer NB platform). Indeed, if I remove the entry that this commit adds, the issue disappears. lspci output for the device in question: 00:0e.0 Multimedia audio controller [0401]: Intel Corporation Celeron/Pentium Silver Processor High Definition Audio [8086:3198] (rev 06) Subsystem: Acer Incorporated [ALI] Device [1025:1360] Flags: bus master, fast devsel, latency 0, IRQ 130 Memory at a1214000 (64-bit, non-prefetchable) [size=16K] Memory at a1000000 (64-bit, non-prefetchable) [size=1M] Capabilities: [50] Power Management version 3 Capabilities: [80] Vendor Specific Information: Len=14 <?> Capabilities: [60] MSI: Enable+ Count=1/1 Maskable- 64bit+ Capabilities: [70] Express Root Complex Integrated Endpoint, IntMsgNum 0 Kernel driver in use: snd_hda_intel Kernel modules: snd_hda_intel, snd_soc_avs, snd_sof_pci_intel_apl

2 weeks

3
15
0 0

[PATCH] PCI: controller: Restore PCI_REASSIGN_ALL_BUS when PCI_PROBE_ONLY is enabled

by Bo Sun

On our Marvell OCTEON CN96XX board, we observed the following panic on the latest kernel: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080 Mem abort info: ESR = 0x0000000096000005 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: level 1 translation fault Data abort info: ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [0000000000000080] user address but active_mm is swapper Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP Modules linked in: CPU: 9 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.13.0-rc7-00149-g9bffa1ad25b8 #1 Hardware name: Marvell OcteonTX CN96XX board (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : of_pci_add_properties+0x278/0x4c8 lr : of_pci_add_properties+0x258/0x4c8 sp : ffff8000822ef9b0 x29: ffff8000822ef9b0 x28: ffff000106dd8000 x27: ffff800081bc3b30 x26: ffff800081540118 x25: ffff8000813d2be0 x24: 0000000000000000 x23: ffff00010528a800 x22: ffff000107c50000 x21: ffff0001039c2630 x20: ffff0001039c2630 x19: 0000000000000000 x18: ffffffffffffffff x17: 00000000a49c1b85 x16: 0000000084c07b58 x15: ffff000103a10f98 x14: ffffffffffffffff x13: ffff000103a10f96 x12: 0000000000000003 x11: 0101010101010101 x10: 000000000000002c x9 : ffff800080ca7acc x8 : ffff0001038fd900 x7 : 0000000000000000 x6 : 0000000000696370 x5 : 0000000000000000 x4 : 0000000000000002 x3 : ffff8000822efa40 x2 : ffff800081341000 x1 : ffff000107c50000 x0 : 0000000000000000 Call trace: of_pci_add_properties+0x278/0x4c8 (P) of_pci_make_dev_node+0xe0/0x158 pci_bus_add_device+0x158/0x210 pci_bus_add_devices+0x40/0x98 pci_host_probe+0x94/0x118 pci_host_common_probe+0x120/0x1a0 platform_probe+0x70/0xf0 really_probe+0xb4/0x2a8 __driver_probe_device+0x80/0x140 driver_probe_device+0x48/0x170 __driver_attach+0x9c/0x1b0 bus_for_each_dev+0x7c/0xe8 driver_attach+0x2c/0x40 bus_add_driver+0xec/0x218 driver_register+0x68/0x138 __platform_driver_register+0x2c/0x40 gen_pci_driver_init+0x24/0x38 do_one_initcall+0x4c/0x278 kernel_init_freeable+0x1f4/0x3d0 kernel_init+0x28/0x1f0 ret_from_fork+0x10/0x20 Code: aa1603e1 f0005522 d2800044 91000042 (f94040a0) This regression was introduced by commit 7246a4520b4b ("PCI: Use preserve_config in place of pci_flags"). On our board, the 002:00:07.0 bridge is misconfigured by the bootloader. Both its secondary and subordinate bus numbers are initialized to 0, while its fixed secondary bus number is set to 8. However, bus number 8 is also assigned to another bridge (0002:00:0f.0). Although this is a bootloader issue, before the change in commit 7246a4520b4b, the PCI_REASSIGN_ALL_BUS flag was set by default when PCI_PROBE_ONLY was enabled, ensuing that all the bus number for these bridges were reassigned, avoiding any conflicts. After the change introduced in commit 7246a4520b4b, the bus numbers assigned by the bootloader are reused by all other bridges, except the misconfigured 002:00:07.0 bridge. The kernel attempt to reconfigure 002:00:07.0 by reusing the fixed secondary bus number 8 assigned by bootloader. However, since a pci_bus has already been allocated for bus 8 due to the probe of 0002:00:0f.0, no new pci_bus allocated for 002:00:07.0. This results in a pci bridge device without a pci_bus attached (pdev->subordinate == NULL). Consequently, accessing pdev->subordinate in of_pci_prop_bus_range() leads to a NULL pointer dereference. To summarize, we need to restore the PCI_REASSIGN_ALL_BUS flag when PCI_PROBE_ONLY is enabled in order to work around issue like the one described above. Cc: stable(a)vger.kernel.org Fixes: 7246a4520b4b ("PCI: Use preserve_config in place of pci_flags") Signed-off-by: Bo Sun <Bo.Sun.CN(a)windriver.com> --- drivers/pci/controller/pci-host-common.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/pci/controller/pci-host-common.c b/drivers/pci/controller/pci-host-common.c index cf5f59a745b3..615923acbc3e 100644 --- a/drivers/pci/controller/pci-host-common.c +++ b/drivers/pci/controller/pci-host-common.c @@ -73,6 +73,10 @@ int pci_host_common_probe(struct platform_device *pdev) if (IS_ERR(cfg)) return PTR_ERR(cfg); + /* Do not reassign resources if probe only */ + if (!pci_has_flag(PCI_PROBE_ONLY)) + pci_add_flags(PCI_REASSIGN_ALL_BUS); + bridge->sysdata = cfg; bridge->ops = (struct pci_ops *)&ops->pci_ops; bridge->msi_domain = true; -- 2.48.1

2 weeks

1
0
0 0

patch "USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From 575a5adf48b06a2980c9eeffedf699ed5534fade Mon Sep 17 00:00:00 2001 From: Qasim Ijaz <qasdev00(a)gmail.com> Date: Mon, 13 Jan 2025 18:00:34 +0000 Subject: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() This patch addresses a null-ptr-deref in qt2_process_read_urb() due to an incorrect bounds check in the following: if (newport > serial->num_ports) { dev_err(&port->dev, "%s - port change to invalid port: %i\n", __func__, newport); break; } The condition doesn't account for the valid range of the serial->port buffer, which is from 0 to serial->num_ports - 1. When newport is equal to serial->num_ports, the assignment of "port" in the following code is out-of-bounds and NULL: serial_priv->current_port = newport; port = serial->port[serial_priv->current_port]; The fix checks if newport is greater than or equal to serial->num_ports indicating it is out-of-bounds. Reported-by: syzbot <syzbot+506479ebf12fe435d01a(a)syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=506479ebf12fe435d01a Fixes: f7a33e608d9a ("USB: serial: add quatech2 usb to serial driver") Cc: <stable(a)vger.kernel.org> # 3.5 Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> Reviewed-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/quatech2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/serial/quatech2.c b/drivers/usb/serial/quatech2.c index a317bdbd00ad..72fe83a6c978 100644 --- a/drivers/usb/serial/quatech2.c +++ b/drivers/usb/serial/quatech2.c @@ -503,7 +503,7 @@ static void qt2_process_read_urb(struct urb *urb) newport = *(ch + 3); - if (newport > serial->num_ports) { + if (newport >= serial->num_ports) { dev_err(&port->dev, "%s - port change to invalid port: %i\n", __func__, newport); -- 2.48.1

2 weeks

1
0
0 0

patch "USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From 575a5adf48b06a2980c9eeffedf699ed5534fade Mon Sep 17 00:00:00 2001 From: Qasim Ijaz <qasdev00(a)gmail.com> Date: Mon, 13 Jan 2025 18:00:34 +0000 Subject: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() This patch addresses a null-ptr-deref in qt2_process_read_urb() due to an incorrect bounds check in the following: if (newport > serial->num_ports) { dev_err(&port->dev, "%s - port change to invalid port: %i\n", __func__, newport); break; } The condition doesn't account for the valid range of the serial->port buffer, which is from 0 to serial->num_ports - 1. When newport is equal to serial->num_ports, the assignment of "port" in the following code is out-of-bounds and NULL: serial_priv->current_port = newport; port = serial->port[serial_priv->current_port]; The fix checks if newport is greater than or equal to serial->num_ports indicating it is out-of-bounds. Reported-by: syzbot <syzbot+506479ebf12fe435d01a(a)syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=506479ebf12fe435d01a Fixes: f7a33e608d9a ("USB: serial: add quatech2 usb to serial driver") Cc: <stable(a)vger.kernel.org> # 3.5 Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> Reviewed-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/usb/serial/quatech2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/serial/quatech2.c b/drivers/usb/serial/quatech2.c index a317bdbd00ad..72fe83a6c978 100644 --- a/drivers/usb/serial/quatech2.c +++ b/drivers/usb/serial/quatech2.c @@ -503,7 +503,7 @@ static void qt2_process_read_urb(struct urb *urb) newport = *(ch + 3); - if (newport > serial->num_ports) { + if (newport >= serial->num_ports) { dev_err(&port->dev, "%s - port change to invalid port: %i\n", __func__, newport); -- 2.48.1

2 weeks

1
0
0 0

[PATCH] arm64: kprobe: fix an error in single stepping support

by 1534428646＠qq.com

From: "Yiren Xie" <1534428646(a)qq.com> It is obvious a conflict between the code and the comment. The function aarch64_insn_is_steppable is used to check if a mrs instruction can be safe in single-stepping environment, in the comment it says only reading DAIF bits by mrs is safe in single-stepping environment, and other mrs instructions are not. So aarch64_insn_is_steppable should returen "TRUE" if the mrs instruction being single stepped is reading DAIF bits. And have verified using a kprobe kernel module which reads the DAIF bits by function arch_local_irq_save with offset setting to 0x4, confirmed that without this modification, it encounters "kprobe_init: register_kprobe failed, returned -22" error while inserting the kprobe kernel module. and with this modification, it can read the DAIF bits in single-stepping environment. Fixes: 2dd0e8d2d2a1 ("arm64: Kprobes with single stepping support") Cc: stable(a)vger.kernel.org Signed-off-by: Yiren Xie <1534428646(a)qq.com> --- arch/arm64/kernel/probes/decode-insn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kernel/probes/decode-insn.c b/arch/arm64/kernel/probes/decode-insn.c index 6438bf62e753..22383eb1c22c 100644 --- a/arch/arm64/kernel/probes/decode-insn.c +++ b/arch/arm64/kernel/probes/decode-insn.c @@ -40,7 +40,7 @@ static bool __kprobes aarch64_insn_is_steppable(u32 insn) */ if (aarch64_insn_is_mrs(insn)) return aarch64_insn_extract_system_reg(insn) - != AARCH64_INSN_SPCLREG_DAIF; + == AARCH64_INSN_SPCLREG_DAIF; /* * The HINT instruction is steppable only if it is in whitelist -- 2.34.1

2 weeks

2
1
0 0

[PATCH] PCI: controller: Restore PCI_REASSIGN_ALL_BUS when PCI_PROBE_ONLY is enabled

by Bo Sun

On our Marvell OCTEON CN96XX board, we observed the following panic on the latest kernel: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080 Mem abort info: ESR = 0x0000000096000005 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: level 1 translation fault Data abort info: ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [0000000000000080] user address but active_mm is swapper Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP Modules linked in: CPU: 9 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.13.0-rc7-00149-g9bffa1ad25b8 #1 Hardware name: Marvell OcteonTX CN96XX board (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : of_pci_add_properties+0x278/0x4c8 lr : of_pci_add_properties+0x258/0x4c8 sp : ffff8000822ef9b0 x29: ffff8000822ef9b0 x28: ffff000106dd8000 x27: ffff800081bc3b30 x26: ffff800081540118 x25: ffff8000813d2be0 x24: 0000000000000000 x23: ffff00010528a800 x22: ffff000107c50000 x21: ffff0001039c2630 x20: ffff0001039c2630 x19: 0000000000000000 x18: ffffffffffffffff x17: 00000000a49c1b85 x16: 0000000084c07b58 x15: ffff000103a10f98 x14: ffffffffffffffff x13: ffff000103a10f96 x12: 0000000000000003 x11: 0101010101010101 x10: 000000000000002c x9 : ffff800080ca7acc x8 : ffff0001038fd900 x7 : 0000000000000000 x6 : 0000000000696370 x5 : 0000000000000000 x4 : 0000000000000002 x3 : ffff8000822efa40 x2 : ffff800081341000 x1 : ffff000107c50000 x0 : 0000000000000000 Call trace: of_pci_add_properties+0x278/0x4c8 (P) of_pci_make_dev_node+0xe0/0x158 pci_bus_add_device+0x158/0x210 pci_bus_add_devices+0x40/0x98 pci_host_probe+0x94/0x118 pci_host_common_probe+0x120/0x1a0 platform_probe+0x70/0xf0 really_probe+0xb4/0x2a8 __driver_probe_device+0x80/0x140 driver_probe_device+0x48/0x170 __driver_attach+0x9c/0x1b0 bus_for_each_dev+0x7c/0xe8 driver_attach+0x2c/0x40 bus_add_driver+0xec/0x218 driver_register+0x68/0x138 __platform_driver_register+0x2c/0x40 gen_pci_driver_init+0x24/0x38 do_one_initcall+0x4c/0x278 kernel_init_freeable+0x1f4/0x3d0 kernel_init+0x28/0x1f0 ret_from_fork+0x10/0x20 Code: aa1603e1 f0005522 d2800044 91000042 (f94040a0) This regression was introduced by commit 7246a4520b4b ("PCI: Use preserve_config in place of pci_flags"). On our board, the 002:00:07.0 bridge is misconfigured by the bootloader. Both its secondary and subordinate bus numbers are initialized to 0, while its fixed secondary bus number is set to 8. However, bus number 8 is also assigned to another bridge (0002:00:0f.0). Although this is a bootloader issue, before the change in commit 7246a4520b4b, the PCI_REASSIGN_ALL_BUS flag was set by default when PCI_PROBE_ONLY was enabled, ensuing that all the bus number for these bridges were reassigned, avoiding any conflicts. After the change introduced in commit 7246a4520b4b, the bus numbers assigned by the bootloader are reused by all other bridges, except the misconfigured 002:00:07.0 bridge. The kernel attempt to reconfigure 002:00:07.0 by reusing the fixed secondary bus number 8 assigned by bootloader. However, since a pci_bus has already been allocated for bus 8 due to the probe of 0002:00:0f.0, no new pci_bus allocated for 002:00:07.0. This results in a pci bridge device without a pci_bus attached (pdev->subordinate == NULL). Consequently, accessing pdev->subordinate in of_pci_prop_bus_range() leads to a NULL pointer dereference. To summarize, we need to restore the PCI_REASSIGN_ALL_BUS flag when PCI_PROBE_ONLY is enabled in order to work around issue like the one described above. Fixes: 7246a4520b4b ("PCI: Use preserve_config in place of pci_flags") Signed-off-by: Bo Sun <Bo.Sun.CN(a)windriver.com> --- drivers/pci/controller/pci-host-common.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/pci/controller/pci-host-common.c b/drivers/pci/controller/pci-host-common.c index cf5f59a745b3..615923acbc3e 100644 --- a/drivers/pci/controller/pci-host-common.c +++ b/drivers/pci/controller/pci-host-common.c @@ -73,6 +73,10 @@ int pci_host_common_probe(struct platform_device *pdev) if (IS_ERR(cfg)) return PTR_ERR(cfg); + /* Do not reassign resources if probe only */ + if (!pci_has_flag(PCI_PROBE_ONLY)) + pci_add_flags(PCI_REASSIGN_ALL_BUS); + bridge->sysdata = cfg; bridge->ops = (struct pci_ops *)&ops->pci_ops; bridge->msi_domain = true; -- 2.48.1

2 weeks

2
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror