- Linux-stable-mirror - lists.linaro.org

[PATCH v4 00/14] of: fix bugs and improve codes

by Zijun Hu

This patch series is to fix bugs and improve codes for drivers/of/*. Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- Changes in v4: - Remove 2 modalias relevant patches, and add more patches. - Link to v3: https://lore.kernel.org/r/20241217-of_core_fix-v3-0-3bc49a2e8bda@quicinc.com Changes in v3: - Drop 2 applied patches and pick up patch 4/7 again - Fix build error for patch 6/7. - Include of_private.h instead of function declaration for patch 2/7 - Correct tile and commit messages. - Link to v2: https://lore.kernel.org/r/20241216-of_core_fix-v2-0-e69b8f60da63@quicinc.com Changes in v2: - Drop applied/conflict/TBD patches. - Correct based on Rob's comments. - Link to v1: https://lore.kernel.org/r/20241206-of_core_fix-v1-0-dc28ed56bec3@quicinc.com --- Zijun Hu (14): of: Correct child specifier used as input of the 2nd nexus node of: Do not expose of_alias_scan() and correct its comments of: Make of_property_present() applicable to all kinds of property of: property: Use of_property_present() for of_fwnode_property_present() of: Fix available buffer size calculating error in API of_device_uevent_modalias() of: property: Avoiding using uninitialized variable @imaplen in parse_interrupt_map() of: property: Fix potential fwnode reference's argument count got out of range of: Remove a duplicated code block of: reserved-memory: Fix using wrong number of cells to get property 'alignment' of: reserved-memory: Do not make kmemleak ignore freed address of: reserved-memory: Warn for missing static reserved memory regions of: reserved-memory: Move an assignment to effective place in __reserved_mem_alloc_size() of/fdt: Check fdt_get_mem_rsv() error in early_init_fdt_scan_reserved_mem() of: Improve __of_add_property_sysfs() readability drivers/of/address.c | 21 +++------------------ drivers/of/base.c | 7 +++---- drivers/of/device.c | 14 ++++++++++---- drivers/of/fdt.c | 7 ++++++- drivers/of/fdt_address.c | 21 ++++----------------- drivers/of/kobj.c | 3 ++- drivers/of/of_private.h | 20 ++++++++++++++++++++ drivers/of/of_reserved_mem.c | 15 ++++++++++----- drivers/of/pdt.c | 2 ++ drivers/of/property.c | 9 +++++++-- include/linux/of.h | 24 ++++++++++++------------ 11 files changed, 79 insertions(+), 64 deletions(-) --- base-commit: 456f3000f82571697d23c255c451cfcfb5c9ae75 change-id: 20241206-of_core_fix-dc3021a06418 Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

2 weeks, 3 days

3
7
0 0

[PATCH v1] usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS

by Kyle Tso

The Source can drop its output voltage to the minimum of the requested PPS APDO voltage range when it is in Current Limit Mode. If this voltage falls within the range of vPpsShutdown, the Source initiates a Hard Reset and discharges Vbus. However, currently the Sink may disconnect before the voltage reaches vPpsShutdown, leading to unexpected behavior. Prevent premature disconnection by setting the Sink's disconnect threshold to the minimum vPpsShutdown value. Additionally, consider the voltage drop due to IR drop when calculating the appropriate threshold. This ensures a robust and reliable interaction between the Source and Sink during SPR PPS Current Limit Mode operation. Fixes: 4288debeaa4e ("usb: typec: tcpci: Fix up sink disconnect thresholds for PD") Cc: stable(a)vger.kernel.org Signed-off-by: Kyle Tso <kyletso(a)google.com> --- drivers/usb/typec/tcpm/tcpci.c | 13 +++++++++---- drivers/usb/typec/tcpm/tcpm.c | 8 +++++--- include/linux/usb/tcpm.h | 3 ++- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpci.c b/drivers/usb/typec/tcpm/tcpci.c index 48762508cc86..19ab6647af70 100644 --- a/drivers/usb/typec/tcpm/tcpci.c +++ b/drivers/usb/typec/tcpm/tcpci.c @@ -27,6 +27,7 @@ #define VPPS_NEW_MIN_PERCENT 95 #define VPPS_VALID_MIN_MV 100 #define VSINKDISCONNECT_PD_MIN_PERCENT 90 +#define VPPS_SHUTDOWN_MIN_PERCENT 85 struct tcpci { struct device *dev; @@ -366,7 +367,8 @@ static int tcpci_enable_auto_vbus_discharge(struct tcpc_dev *dev, bool enable) } static int tcpci_set_auto_vbus_discharge_threshold(struct tcpc_dev *dev, enum typec_pwr_opmode mode, - bool pps_active, u32 requested_vbus_voltage_mv) + bool pps_active, u32 requested_vbus_voltage_mv, + u32 apdo_min_voltage_mv) { struct tcpci *tcpci = tcpc_to_tcpci(dev); unsigned int pwr_ctrl, threshold = 0; @@ -388,9 +390,12 @@ static int tcpci_set_auto_vbus_discharge_threshold(struct tcpc_dev *dev, enum ty threshold = AUTO_DISCHARGE_DEFAULT_THRESHOLD_MV; } else if (mode == TYPEC_PWR_MODE_PD) { if (pps_active) - threshold = ((VPPS_NEW_MIN_PERCENT * requested_vbus_voltage_mv / 100) - - VSINKPD_MIN_IR_DROP_MV - VPPS_VALID_MIN_MV) * - VSINKDISCONNECT_PD_MIN_PERCENT / 100; + /* + * To prevent disconnect when the source is in Current Limit Mode. + * Set the threshold to the lowest possible voltage vPpsShutdown (min) + */ + threshold = VPPS_SHUTDOWN_MIN_PERCENT * apdo_min_voltage_mv / 100 - + VSINKPD_MIN_IR_DROP_MV; else threshold = ((VSRC_NEW_MIN_PERCENT * requested_vbus_voltage_mv / 100) - VSINKPD_MIN_IR_DROP_MV - VSRC_VALID_MIN_MV) * diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 460dbde9fe22..e4b85a09c3ae 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -2973,10 +2973,12 @@ static int tcpm_set_auto_vbus_discharge_threshold(struct tcpm_port *port, return 0; ret = port->tcpc->set_auto_vbus_discharge_threshold(port->tcpc, mode, pps_active, - requested_vbus_voltage); + requested_vbus_voltage, + port->pps_data.min_volt); tcpm_log_force(port, - "set_auto_vbus_discharge_threshold mode:%d pps_active:%c vbus:%u ret:%d", - mode, pps_active ? 'y' : 'n', requested_vbus_voltage, ret); + "set_auto_vbus_discharge_threshold mode:%d pps_active:%c vbus:%u pps_apdo_min_volt:%u ret:%d", + mode, pps_active ? 'y' : 'n', requested_vbus_voltage, + port->pps_data.min_volt, ret); return ret; } diff --git a/include/linux/usb/tcpm.h b/include/linux/usb/tcpm.h index 061da9546a81..b22e659f81ba 100644 --- a/include/linux/usb/tcpm.h +++ b/include/linux/usb/tcpm.h @@ -163,7 +163,8 @@ struct tcpc_dev { void (*frs_sourcing_vbus)(struct tcpc_dev *dev); int (*enable_auto_vbus_discharge)(struct tcpc_dev *dev, bool enable); int (*set_auto_vbus_discharge_threshold)(struct tcpc_dev *dev, enum typec_pwr_opmode mode, - bool pps_active, u32 requested_vbus_voltage); + bool pps_active, u32 requested_vbus_voltage, + u32 pps_apdo_min_voltage); bool (*is_vbus_vsafe0v)(struct tcpc_dev *dev); void (*set_partner_usb_comm_capable)(struct tcpc_dev *dev, bool enable); void (*check_contaminant)(struct tcpc_dev *dev); -- 2.47.1.688.g23fc6f90ad-goog

2 weeks, 3 days

1
0
0 0

[PATCH v2] ARM: dts: socfpga: sodia: Fix mdio bus probe and PHY address

by Nobuhiro Iwamatsu

On SoCFPGA/Sodia board, mdio bus cannot be probed, so the PHY cannot be found and the network device does not work. ``` stmmaceth ff702000.ethernet eth0: __stmmac_open: Cannot attach to PHY (error: -19) ``` To probe the mdio bus, add "snps,dwmac-mdio" as compatible string of the mdio bus. Also the PHY address connected to this board is 4. Therefore, change to 4. Cc: stable(a)vger.kernel.org # 6.3+ Signed-off-by: Nobuhiro Iwamatsu <iwamatsu(a)nigauri.org> --- v2: Update commit message from 'ID' to 'address'. Drop Fixes tag, because that commit is not the cause. arch/arm/boot/dts/intel/socfpga/socfpga_cyclone5_sodia.dts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/arm/boot/dts/intel/socfpga/socfpga_cyclone5_sodia.dts b/arch/arm/boot/dts/intel/socfpga/socfpga_cyclone5_sodia.dts index ce0d6514eeb571..e4794ccb8e413f 100644 --- a/arch/arm/boot/dts/intel/socfpga/socfpga_cyclone5_sodia.dts +++ b/arch/arm/boot/dts/intel/socfpga/socfpga_cyclone5_sodia.dts @@ -66,8 +66,10 @@ &gmac1 { mdio0 { #address-cells = <1>; #size-cells = <0>; - phy0: ethernet-phy@0 { - reg = <0>; + compatible = "snps,dwmac-mdio"; + + phy0: ethernet-phy@4 { + reg = <4>; rxd0-skew-ps = <0>; rxd1-skew-ps = <0>; rxd2-skew-ps = <0>; -- 2.45.2

2 weeks, 3 days

1
1
0 0

[PATCH] gpio: xilinx: Convert gpio_lock to raw spinlock

by Sean Anderson

irq_chip functions may be called in raw spinlock context. Therefore, we must also use a raw spinlock for our own internal locking. This fixes the following lockdep splat: [ 5.349336] ============================= [ 5.353349] [ BUG: Invalid wait context ] [ 5.357361] 6.13.0-rc5+ #69 Tainted: G W [ 5.363031] ----------------------------- [ 5.367045] kworker/u17:1/44 is trying to lock: [ 5.371587] ffffff88018b02c0 (&chip->gpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8)) [ 5.380079] other info that might help us debug this: [ 5.385138] context-{5:5} [ 5.387762] 5 locks held by kworker/u17:1/44: [ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204) [ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205) [ 5.411528] #2: ffffff880172c900 (&dev->mutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006) [ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596) [ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614) [ 5.436472] stack backtrace: [ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69 [ 5.448690] Tainted: [W]=WARN [ 5.451656] Hardware name: xlnx,zynqmp (DT) [ 5.455845] Workqueue: events_unbound deferred_probe_work_func [ 5.461699] Call trace: [ 5.464147] show_stack+0x18/0x24 C [ 5.467821] dump_stack_lvl (lib/dump_stack.c:123) [ 5.471501] dump_stack (lib/dump_stack.c:130) [ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176) [ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814) [ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) [ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8)) [ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345) [ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250) [ 5.497645] irq_startup (kernel/irq/chip.c:270) [ 5.501143] __setup_irq (kernel/irq/manage.c:1807) [ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208) Fixes: a32c7caea292 ("gpio: gpio-xilinx: Add interrupt support") Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> Cc: stable(a)vger.kernel.org --- drivers/gpio/gpio-xilinx.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/drivers/gpio/gpio-xilinx.c b/drivers/gpio/gpio-xilinx.c index c6a8f2c82680..792d94c49077 100644 --- a/drivers/gpio/gpio-xilinx.c +++ b/drivers/gpio/gpio-xilinx.c @@ -65,7 +65,7 @@ struct xgpio_instance { DECLARE_BITMAP(state, 64); DECLARE_BITMAP(last_irq_read, 64); DECLARE_BITMAP(dir, 64); - spinlock_t gpio_lock; /* For serializing operations */ + raw_spinlock_t gpio_lock; /* For serializing operations */ int irq; DECLARE_BITMAP(enable, 64); DECLARE_BITMAP(rising_edge, 64); @@ -179,14 +179,14 @@ static void xgpio_set(struct gpio_chip *gc, unsigned int gpio, int val) struct xgpio_instance *chip = gpiochip_get_data(gc); int bit = xgpio_to_bit(chip, gpio); - spin_lock_irqsave(&chip->gpio_lock, flags); + raw_spin_lock_irqsave(&chip->gpio_lock, flags); /* Write to GPIO signal and set its direction to output */ __assign_bit(bit, chip->state, val); xgpio_write_ch(chip, XGPIO_DATA_OFFSET, bit, chip->state); - spin_unlock_irqrestore(&chip->gpio_lock, flags); + raw_spin_unlock_irqrestore(&chip->gpio_lock, flags); } /** @@ -210,7 +210,7 @@ static void xgpio_set_multiple(struct gpio_chip *gc, unsigned long *mask, bitmap_remap(hw_mask, mask, chip->sw_map, chip->hw_map, 64); bitmap_remap(hw_bits, bits, chip->sw_map, chip->hw_map, 64); - spin_lock_irqsave(&chip->gpio_lock, flags); + raw_spin_lock_irqsave(&chip->gpio_lock, flags); bitmap_replace(state, chip->state, hw_bits, hw_mask, 64); @@ -218,7 +218,7 @@ static void xgpio_set_multiple(struct gpio_chip *gc, unsigned long *mask, bitmap_copy(chip->state, state, 64); - spin_unlock_irqrestore(&chip->gpio_lock, flags); + raw_spin_unlock_irqrestore(&chip->gpio_lock, flags); } /** @@ -236,13 +236,13 @@ static int xgpio_dir_in(struct gpio_chip *gc, unsigned int gpio) struct xgpio_instance *chip = gpiochip_get_data(gc); int bit = xgpio_to_bit(chip, gpio); - spin_lock_irqsave(&chip->gpio_lock, flags); + raw_spin_lock_irqsave(&chip->gpio_lock, flags); /* Set the GPIO bit in shadow register and set direction as input */ __set_bit(bit, chip->dir); xgpio_write_ch(chip, XGPIO_TRI_OFFSET, bit, chip->dir); - spin_unlock_irqrestore(&chip->gpio_lock, flags); + raw_spin_unlock_irqrestore(&chip->gpio_lock, flags); return 0; } @@ -265,7 +265,7 @@ static int xgpio_dir_out(struct gpio_chip *gc, unsigned int gpio, int val) struct xgpio_instance *chip = gpiochip_get_data(gc); int bit = xgpio_to_bit(chip, gpio); - spin_lock_irqsave(&chip->gpio_lock, flags); + raw_spin_lock_irqsave(&chip->gpio_lock, flags); /* Write state of GPIO signal */ __assign_bit(bit, chip->state, val); @@ -275,7 +275,7 @@ static int xgpio_dir_out(struct gpio_chip *gc, unsigned int gpio, int val) __clear_bit(bit, chip->dir); xgpio_write_ch(chip, XGPIO_TRI_OFFSET, bit, chip->dir); - spin_unlock_irqrestore(&chip->gpio_lock, flags); + raw_spin_unlock_irqrestore(&chip->gpio_lock, flags); return 0; } @@ -398,7 +398,7 @@ static void xgpio_irq_mask(struct irq_data *irq_data) int bit = xgpio_to_bit(chip, irq_offset); u32 mask = BIT(bit / 32), temp; - spin_lock_irqsave(&chip->gpio_lock, flags); + raw_spin_lock_irqsave(&chip->gpio_lock, flags); __clear_bit(bit, chip->enable); @@ -408,7 +408,7 @@ static void xgpio_irq_mask(struct irq_data *irq_data) temp &= ~mask; xgpio_writereg(chip->regs + XGPIO_IPIER_OFFSET, temp); } - spin_unlock_irqrestore(&chip->gpio_lock, flags); + raw_spin_unlock_irqrestore(&chip->gpio_lock, flags); gpiochip_disable_irq(&chip->gc, irq_offset); } @@ -428,7 +428,7 @@ static void xgpio_irq_unmask(struct irq_data *irq_data) gpiochip_enable_irq(&chip->gc, irq_offset); - spin_lock_irqsave(&chip->gpio_lock, flags); + raw_spin_lock_irqsave(&chip->gpio_lock, flags); __set_bit(bit, chip->enable); @@ -447,7 +447,7 @@ static void xgpio_irq_unmask(struct irq_data *irq_data) xgpio_writereg(chip->regs + XGPIO_IPIER_OFFSET, val); } - spin_unlock_irqrestore(&chip->gpio_lock, flags); + raw_spin_unlock_irqrestore(&chip->gpio_lock, flags); } /** @@ -512,7 +512,7 @@ static void xgpio_irqhandler(struct irq_desc *desc) chained_irq_enter(irqchip, desc); - spin_lock(&chip->gpio_lock); + raw_spin_lock(&chip->gpio_lock); xgpio_read_ch_all(chip, XGPIO_DATA_OFFSET, all); @@ -529,7 +529,7 @@ static void xgpio_irqhandler(struct irq_desc *desc) bitmap_copy(chip->last_irq_read, all, 64); bitmap_or(all, rising, falling, 64); - spin_unlock(&chip->gpio_lock); + raw_spin_unlock(&chip->gpio_lock); dev_dbg(gc->parent, "IRQ rising %*pb falling %*pb\n", 64, rising, 64, falling); @@ -620,7 +620,7 @@ static int xgpio_probe(struct platform_device *pdev) bitmap_set(chip->hw_map, 0, width[0]); bitmap_set(chip->hw_map, 32, width[1]); - spin_lock_init(&chip->gpio_lock); + raw_spin_lock_init(&chip->gpio_lock); chip->gc.base = -1; chip->gc.ngpio = bitmap_weight(chip->hw_map, 64); -- 2.35.1.1320.gc452695387.dirty

2 weeks, 3 days

2
1
0 0

[PATCH v2] clk: clk-loongson2: Fix the number count of clk provider

by Binbin Zhou

Since commit 02fb4f008433 ("clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access"), the clk provider register is failed. The count of `clks_num` is shown below: for (p = data; p->name; p++) clks_num++; In fact, `clks_num` represents the number of SoC clocks and should be expressed as the maximum value of the clock binding id in use (p->id + 1). Now we fix it to avoid the following error when trying to register a clk provider: [ 13.409595] of_clk_hw_onecell_get: invalid index 17 Cc: stable(a)vger.kernel.org Cc: Gustavo A. R. Silva <gustavoars(a)kernel.org> Fixes: 02fb4f008433 ("clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access") Signed-off-by: Binbin Zhou <zhoubinbin(a)loongson.cn> --- V2: - Add Gustavo A. R. Silva to cc list; - Populate the onecell data with -ENOENT error pointers to avoid returning NULL, for it is a valid clock. Link to V1: https://lore.kernel.org/all/20241225060600.3094154-1-zhoubinbin@loongson.cn/ drivers/clk/clk-loongson2.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/clk/clk-loongson2.c b/drivers/clk/clk-loongson2.c index 6bf51d5a49a1..9c240a2308f5 100644 --- a/drivers/clk/clk-loongson2.c +++ b/drivers/clk/clk-loongson2.c @@ -294,7 +294,7 @@ static int loongson2_clk_probe(struct platform_device *pdev) return -EINVAL; for (p = data; p->name; p++) - clks_num++; + clks_num = max(clks_num, p->id + 1); clp = devm_kzalloc(dev, struct_size(clp, clk_data.hws, clks_num), GFP_KERNEL); @@ -309,6 +309,9 @@ static int loongson2_clk_probe(struct platform_device *pdev) clp->clk_data.num = clks_num; clp->dev = dev; + /* Avoid returning NULL for unused id */ + memset_p((void **)&clp->clk_data.hws, ERR_PTR(-ENOENT), clks_num); + for (i = 0; i < clks_num; i++) { p = &data[i]; switch (p->type) { -- 2.43.5

2 weeks, 3 days

3
2
0 0

[PATCH 6.1.y] RDMA/rxe: Fix the qp flush warnings in req

by lanbincn＠qq.com

From: Zhu Yanjun <yanjun.zhu(a)linux.dev> commit ea4c990fa9e19ffef0648e40c566b94ba5ab31be upstream. When the qp is in error state, the status of WQEs in the queue should be set to error. Or else the following will appear. [ 920.617269] WARNING: CPU: 1 PID: 21 at drivers/infiniband/sw/rxe/rxe_comp.c:756 rxe_completer+0x989/0xcc0 [rdma_rxe] [ 920.617744] Modules linked in: rnbd_client(O) rtrs_client(O) rtrs_core(O) rdma_ucm rdma_cm iw_cm ib_cm crc32_generic rdma_rxe ip6_udp_tunnel udp_tunnel ib_uverbs ib_core loop brd null_blk ipv6 [ 920.618516] CPU: 1 PID: 21 Comm: ksoftirqd/1 Tainted: G O 6.1.113-storage+ #65 [ 920.618986] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [ 920.619396] RIP: 0010:rxe_completer+0x989/0xcc0 [rdma_rxe] [ 920.619658] Code: 0f b6 84 24 3a 02 00 00 41 89 84 24 44 04 00 00 e9 2a f7 ff ff 39 ca bb 03 00 00 00 b8 0e 00 00 00 48 0f 45 d8 e9 15 f7 ff ff <0f> 0b e9 cb f8 ff ff 41 bf f5 ff ff ff e9 08 f8 ff ff 49 8d bc 24 [ 920.620482] RSP: 0018:ffff97b7c00bbc38 EFLAGS: 00010246 [ 920.620817] RAX: 0000000000000000 RBX: 000000000000000c RCX: 0000000000000008 [ 920.621183] RDX: ffff960dc396ebc0 RSI: 0000000000005400 RDI: ffff960dc4e2fbac [ 920.621548] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffffac406450 [ 920.621884] R10: ffffffffac4060c0 R11: 0000000000000001 R12: ffff960dc4e2f800 [ 920.622254] R13: ffff960dc4e2f928 R14: ffff97b7c029c580 R15: 0000000000000000 [ 920.622609] FS: 0000000000000000(0000) GS:ffff960ef7d00000(0000) knlGS:0000000000000000 [ 920.622979] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 920.623245] CR2: 00007fa056965e90 CR3: 00000001107f1000 CR4: 00000000000006e0 [ 920.623680] Call Trace: [ 920.623815] <TASK> [ 920.623933] ? __warn+0x79/0xc0 [ 920.624116] ? rxe_completer+0x989/0xcc0 [rdma_rxe] [ 920.624356] ? report_bug+0xfb/0x150 [ 920.624594] ? handle_bug+0x3c/0x60 [ 920.624796] ? exc_invalid_op+0x14/0x70 [ 920.624976] ? asm_exc_invalid_op+0x16/0x20 [ 920.625203] ? rxe_completer+0x989/0xcc0 [rdma_rxe] [ 920.625474] ? rxe_completer+0x329/0xcc0 [rdma_rxe] [ 920.625749] rxe_do_task+0x80/0x110 [rdma_rxe] [ 920.626037] rxe_requester+0x625/0xde0 [rdma_rxe] [ 920.626310] ? rxe_cq_post+0xe2/0x180 [rdma_rxe] [ 920.626583] ? do_complete+0x18d/0x220 [rdma_rxe] [ 920.626812] ? rxe_completer+0x1a3/0xcc0 [rdma_rxe] [ 920.627050] rxe_do_task+0x80/0x110 [rdma_rxe] [ 920.627285] tasklet_action_common.constprop.0+0xa4/0x120 [ 920.627522] handle_softirqs+0xc2/0x250 [ 920.627728] ? sort_range+0x20/0x20 [ 920.627942] run_ksoftirqd+0x1f/0x30 [ 920.628158] smpboot_thread_fn+0xc7/0x1b0 [ 920.628334] kthread+0xd6/0x100 [ 920.628504] ? kthread_complete_and_exit+0x20/0x20 [ 920.628709] ret_from_fork+0x1f/0x30 [ 920.628892] </TASK> Fixes: ae720bdb703b ("RDMA/rxe: Generate error completion for error requester QP state") Signed-off-by: Zhu Yanjun <yanjun.zhu(a)linux.dev> Link: https://patch.msgid.link/20241025152036.121417-1-yanjun.zhu@linux.dev Signed-off-by: Leon Romanovsky <leon(a)kernel.org> Signed-off-by: Bin Lan <lanbincn(a)qq.com> --- drivers/infiniband/sw/rxe/rxe_req.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/infiniband/sw/rxe/rxe_req.c b/drivers/infiniband/sw/rxe/rxe_req.c index 35768fdbd5b7..1ef5819e75ff 100644 --- a/drivers/infiniband/sw/rxe/rxe_req.c +++ b/drivers/infiniband/sw/rxe/rxe_req.c @@ -643,13 +643,15 @@ int rxe_requester(void *arg) if (unlikely(qp->req.state == QP_STATE_ERROR)) { wqe = req_next_wqe(qp); - if (wqe) + if (wqe) { /* * Generate an error completion for error qp state */ + wqe->status = IB_WC_WR_FLUSH_ERR; goto err; - else + } else { goto exit; + } } if (unlikely(qp->req.state == QP_STATE_RESET)) { -- 2.43.0

2 weeks, 3 days

2
1
0 0

UBSAN array-index-out-of-bounds: cfg80211_scan_6ghz

by John Rowley

Hi, I'm experiencing UBSAN array-index-out-of-bounds errors while using my Framework 13" AMD laptop with its Mediatek MT7922 wifi adapter (mt7921e). It seems to happen only once on boot, and occurs with both kernel versions 6.12.7 and 6.13-rc4, both compiled from vanilla upstream kernel sources on Fedora 41 using the kernel.org LLVM toolchain (19.1.6). I can try some other kernel series if necessary, and also a bisect if I find a working version, but that may take me a while. I wasn't sure if I should mark this as a regression, as I'm not sure which/if there is a working kernel version at this point. Thanks. ---- [ 17.754417] UBSAN: array-index-out-of-bounds in /data/linux/net/wireless/scan.c:766:2 [ 17.754423] index 0 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]') [ 17.754427] CPU: 13 UID: 0 PID: 620 Comm: kworker/u64:10 Tainted: G T 6.13.0-rc4 #9 [ 17.754433] Tainted: [T]=RANDSTRUCT [ 17.754435] Hardware name: Framework Laptop 13 (AMD Ryzen 7040Series)/FRANMDCP07, BIOS 03.05 03/29/2024 [ 17.754438] Workqueue: events_unbound cfg80211_wiphy_work [ 17.754446] Call Trace: [ 17.754449] <TASK> [ 17.754452] dump_stack_lvl+0x82/0xc0 [ 17.754459] __ubsan_handle_out_of_bounds+0xe7/0x110 [ 17.754464] ? srso_alias_return_thunk+0x5/0xfbef5 [ 17.754470] ? __kmalloc_noprof+0x1a7/0x280 [ 17.754477] cfg80211_scan_6ghz+0x3bb/0xfd0 [ 17.754482] ? srso_alias_return_thunk+0x5/0xfbef5 [ 17.754486] ? try_to_wake_up+0x368/0x4c0 [ 17.754491] ? try_to_wake_up+0x1a9/0x4c0 [ 17.754496] ___cfg80211_scan_done+0xa9/0x1e0 [ 17.754500] cfg80211_wiphy_work+0xb7/0xe0 [ 17.754504] process_scheduled_works+0x205/0x3a0 [ 17.754509] worker_thread+0x24a/0x300 [ 17.754514] ? __cfi_worker_thread+0x10/0x10 [ 17.754519] kthread+0x158/0x180 [ 17.754524] ? __cfi_kthread+0x10/0x10 [ 17.754528] ret_from_fork+0x40/0x50 [ 17.754534] ? __cfi_kthread+0x10/0x10 [ 17.754538] ret_from_fork_asm+0x11/0x30 [ 17.754544] </TASK>

2 weeks, 3 days

3
3
0 0

Re: [PATCH v3] USB: serial: quatech2: Fix null-ptr-deref in qt2_process_read_urb()

by Qasim Ijaz

On Tue, Jan 14, 2025 at 10:47:33AM +0100, Johan Hovold wrote: > On Mon, Jan 13, 2025 at 06:00:34PM +0000, Qasim Ijaz wrote: > > This patch addresses a null-ptr-deref in qt2_process_read_urb() due to > > an incorrect bounds check in the following: > > > > if (newport > serial->num_ports) { > > dev_err(&port->dev, > > "%s - port change to invalid port: %i\n", > > __func__, newport); > > break; > > } > > > > The condition doesn't account for the valid range of the serial->port > > buffer, which is from 0 to serial->num_ports - 1. When newport is equal > > to serial->num_ports, the assignment of "port" in the > > following code is out-of-bounds and NULL: > > > > serial_priv->current_port = newport; > > port = serial->port[serial_priv->current_port]; > > > > The fix checks if newport is greater than or equal to serial->num_ports > > indicating it is out-of-bounds. > > > > Reported-by: syzbot <syzbot+506479ebf12fe435d01a(a)syzkaller.appspotmail.com> > > Closes: https://syzkaller.appspot.com/bug?extid=506479ebf12fe435d01a > > Fixes: f7a33e608d9a ("USB: serial: add quatech2 usb to serial driver") > > Cc: <stable(a)vger.kernel.org> # 3.5 > > Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> > > --- > > Thanks for the update. I've applied the patch now after adding Greg's > Reviewed-by tag (for v2). > > For your future contributions, try to remember to include any > Reviewed-by or Tested-by tags when updating the patch unless the changes > are non-trivial. > > There should typically also be a short change log here under the --- > line to indicate what changes from previous versions. > > It is also encouraged to write the commit message in imperative mood > (add, change, fix) and to avoid the phrase "this patch". There are some > more details in > > Documentation/process/submitting-patches.rst > > Something to keep in mind for the future, but this patch already looks > really good. > > Johan Hi Johan, Thanks for reviewing and applying the patch. I appreciate the guidance on patch style and process, and I'll incorporate your suggestions in future submissions. Best regards, Qasim

2 weeks, 3 days

1
0
0 0

[GIT PULL 4/5] xfs: realtime reverse-mapping support

by Darrick J. Wong

Hi Carlos, Please pull this branch with changes for xfs. As usual, I did a test-merge with the main upstream branch as of a few minutes ago, and didn't see any conflicts. Please let me know if you encounter any problems. --D The following changes since commit 05290bd5c6236b8ad659157edb36bd2d38f46d3e: xfs: allow inode-based btrees to reserve space in the data device (2024-12-23 13:06:03 -0800) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux.git tags/realtime-rmap_2024-12-23 for you to fetch changes up to c2358439af374cad47f771797875d0beb8256738: xfs: enable realtime rmap btree (2024-12-23 13:06:09 -0800) ---------------------------------------------------------------- xfs: realtime reverse-mapping support [v6.2 04/14] This is the latest revision of a patchset that adds to XFS kernel support for reverse mapping for the realtime device. This time around I've fixed some of the bitrot that I've noticed over the past few months, and most notably have converted rtrmapbt to use the metadata inode directory feature instead of burning more space in the superblock. At the beginning of the set are patches to implement storing B+tree leaves in an inode root, since the realtime rmapbt is rooted in an inode, unlike the regular rmapbt which is rooted in an AG block. Prior to this, the only btree that could be rooted in the inode fork was the block mapping btree; if all the extent records fit in the inode, format would be switched from 'btree' to 'extents'. The next few patches enhance the reverse mapping routines to handle the parts that are specific to rtgroups -- adding the new btree type, adding a new log intent item type, and wiring up the metadata directory tree entries. Finally, implement GETFSMAP with the rtrmapbt and scrub functionality for the rtrmapbt and rtbitmap and online fsck functionality. This has been running on the djcloud for months with no problems. Enjoy! Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> ---------------------------------------------------------------- Darrick J. Wong (37): xfs: add some rtgroup inode helpers xfs: prepare rmap btree cursor tracepoints for realtime xfs: simplify the xfs_rmap_{alloc,free}_extent calling conventions xfs: introduce realtime rmap btree ondisk definitions xfs: realtime rmap btree transaction reservations xfs: add realtime rmap btree operations xfs: prepare rmap functions to deal with rtrmapbt xfs: add a realtime flag to the rmap update log redo items xfs: support recovering rmap intent items targetting realtime extents xfs: pretty print metadata file types in error messages xfs: support file data forks containing metadata btrees xfs: add realtime reverse map inode to metadata directory xfs: add metadata reservations for realtime rmap btrees xfs: wire up a new metafile type for the realtime rmap xfs: wire up rmap map and unmap to the realtime rmapbt xfs: create routine to allocate and initialize a realtime rmap btree inode xfs: wire up getfsmap to the realtime reverse mapping btree xfs: check that the rtrmapbt maxlevels doesn't increase when growing fs xfs: report realtime rmap btree corruption errors to the health system xfs: allow queued realtime intents to drain before scrubbing xfs: scrub the realtime rmapbt xfs: cross-reference realtime bitmap to realtime rmapbt scrubber xfs: cross-reference the realtime rmapbt xfs: scan rt rmap when we're doing an intense rmap check of bmbt mappings xfs: scrub the metadir path of rt rmap btree files xfs: walk the rt reverse mapping tree when rebuilding rmap xfs: online repair of realtime file bmaps xfs: repair inodes that have realtime extents xfs: repair rmap btree inodes xfs: online repair of realtime bitmaps for a realtime group xfs: support repairing metadata btrees rooted in metadir inodes xfs: online repair of the realtime rmap btree xfs: create a shadow rmap btree during realtime rmap repair xfs: hook live realtime rmap operations during a repair operation xfs: don't shut down the filesystem for media failures beyond end of log xfs: react to fsdax failure notifications on the rt device xfs: enable realtime rmap btree fs/xfs/Makefile | 3 + fs/xfs/libxfs/xfs_btree.c | 73 +++ fs/xfs/libxfs/xfs_btree.h | 8 +- fs/xfs/libxfs/xfs_btree_mem.c | 1 + fs/xfs/libxfs/xfs_btree_staging.c | 1 + fs/xfs/libxfs/xfs_defer.h | 1 + fs/xfs/libxfs/xfs_exchmaps.c | 4 +- fs/xfs/libxfs/xfs_format.h | 28 +- fs/xfs/libxfs/xfs_fs.h | 7 +- fs/xfs/libxfs/xfs_health.h | 4 +- fs/xfs/libxfs/xfs_inode_buf.c | 32 +- fs/xfs/libxfs/xfs_inode_fork.c | 25 + fs/xfs/libxfs/xfs_log_format.h | 6 +- fs/xfs/libxfs/xfs_log_recover.h | 2 + fs/xfs/libxfs/xfs_metafile.c | 18 + fs/xfs/libxfs/xfs_metafile.h | 2 + fs/xfs/libxfs/xfs_ondisk.h | 2 + fs/xfs/libxfs/xfs_refcount.c | 6 +- fs/xfs/libxfs/xfs_rmap.c | 171 +++++-- fs/xfs/libxfs/xfs_rmap.h | 12 +- fs/xfs/libxfs/xfs_rtbitmap.c | 2 +- fs/xfs/libxfs/xfs_rtbitmap.h | 9 + fs/xfs/libxfs/xfs_rtgroup.c | 53 +- fs/xfs/libxfs/xfs_rtgroup.h | 49 +- fs/xfs/libxfs/xfs_rtrmap_btree.c | 1011 +++++++++++++++++++++++++++++++++++++ fs/xfs/libxfs/xfs_rtrmap_btree.h | 210 ++++++++ fs/xfs/libxfs/xfs_sb.c | 6 + fs/xfs/libxfs/xfs_shared.h | 14 + fs/xfs/libxfs/xfs_trans_resv.c | 12 +- fs/xfs/libxfs/xfs_trans_space.h | 13 + fs/xfs/scrub/alloc_repair.c | 5 +- fs/xfs/scrub/bmap.c | 108 +++- fs/xfs/scrub/bmap_repair.c | 129 ++++- fs/xfs/scrub/common.c | 160 +++++- fs/xfs/scrub/common.h | 23 +- fs/xfs/scrub/health.c | 1 + fs/xfs/scrub/inode.c | 10 +- fs/xfs/scrub/inode_repair.c | 136 ++++- fs/xfs/scrub/metapath.c | 3 + fs/xfs/scrub/newbt.c | 42 ++ fs/xfs/scrub/newbt.h | 1 + fs/xfs/scrub/reap.c | 41 ++ fs/xfs/scrub/reap.h | 2 + fs/xfs/scrub/repair.c | 191 +++++++ fs/xfs/scrub/repair.h | 17 + fs/xfs/scrub/rgsuper.c | 6 +- fs/xfs/scrub/rmap_repair.c | 84 ++- fs/xfs/scrub/rtbitmap.c | 75 ++- fs/xfs/scrub/rtbitmap.h | 55 ++ fs/xfs/scrub/rtbitmap_repair.c | 429 +++++++++++++++- fs/xfs/scrub/rtrmap.c | 271 ++++++++++ fs/xfs/scrub/rtrmap_repair.c | 903 +++++++++++++++++++++++++++++++++ fs/xfs/scrub/rtsummary.c | 17 +- fs/xfs/scrub/rtsummary_repair.c | 3 +- fs/xfs/scrub/scrub.c | 11 +- fs/xfs/scrub/scrub.h | 14 + fs/xfs/scrub/stats.c | 1 + fs/xfs/scrub/tempexch.h | 2 +- fs/xfs/scrub/tempfile.c | 20 +- fs/xfs/scrub/trace.c | 1 + fs/xfs/scrub/trace.h | 228 ++++++++- fs/xfs/xfs_buf.c | 1 + fs/xfs/xfs_buf_item_recover.c | 4 + fs/xfs/xfs_drain.c | 20 +- fs/xfs/xfs_drain.h | 7 +- fs/xfs/xfs_fsmap.c | 174 ++++++- fs/xfs/xfs_fsops.c | 11 + fs/xfs/xfs_health.c | 1 + fs/xfs/xfs_inode.c | 19 +- fs/xfs/xfs_inode_item.c | 2 + fs/xfs/xfs_inode_item_recover.c | 44 +- fs/xfs/xfs_log_recover.c | 2 + fs/xfs/xfs_mount.c | 5 +- fs/xfs/xfs_mount.h | 9 + fs/xfs/xfs_notify_failure.c | 230 +++++---- fs/xfs/xfs_notify_failure.h | 11 + fs/xfs/xfs_qm.c | 8 +- fs/xfs/xfs_rmap_item.c | 216 +++++++- fs/xfs/xfs_rtalloc.c | 82 ++- fs/xfs/xfs_rtalloc.h | 10 + fs/xfs/xfs_stats.c | 4 +- fs/xfs/xfs_stats.h | 2 + fs/xfs/xfs_super.c | 6 - fs/xfs/xfs_super.h | 1 - fs/xfs/xfs_trace.h | 104 ++-- 85 files changed, 5381 insertions(+), 366 deletions(-) create mode 100644 fs/xfs/libxfs/xfs_rtrmap_btree.c create mode 100644 fs/xfs/libxfs/xfs_rtrmap_btree.h create mode 100644 fs/xfs/scrub/rtrmap.c create mode 100644 fs/xfs/scrub/rtrmap_repair.c create mode 100644 fs/xfs/xfs_notify_failure.h

2 weeks, 3 days

2
1
0 0

[GIT PULL 1/5] xfs: bug fixes for 6.13

by Darrick J. Wong

Hi Carlos, Please pull this branch with changes for xfs. As usual, I did a test-merge with the main upstream branch as of a few minutes ago, and didn't see any conflicts. Please let me know if you encounter any problems. --D The following changes since commit 4bbf9020becbfd8fc2c3da790855b7042fad455b: Linux 6.13-rc4 (2024-12-22 13:22:21 -0800) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux.git tags/xfs-6.13-fixes_2024-12-23 for you to fetch changes up to 1aacd3fac248902ea1f7607f2d12b93929a4833b: xfs: release the dquot buf outside of qli_lock (2024-12-23 13:06:01 -0800) ---------------------------------------------------------------- xfs: bug fixes for 6.13 [01/14] Bug fixes for 6.13. This has been running on the djcloud for months with no problems. Enjoy! Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> ---------------------------------------------------------------- Darrick J. Wong (2): xfs: don't over-report free space or inodes in statvfs xfs: release the dquot buf outside of qli_lock fs/xfs/xfs_dquot.c | 12 ++++++++---- fs/xfs/xfs_qm_bhv.c | 27 +++++++++++++++++---------- 2 files changed, 25 insertions(+), 14 deletions(-)

2 weeks, 3 days

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror