- Linux-stable-mirror - lists.linaro.org

[PATCH v4] [ARM] fix reference leak in locomo_init_one_child()

by Ma Ke

Once device_register() failed, we should call put_device() to decrement reference count for cleanup. Or it could cause memory leak. device_register() includes device_add(). As comment of device_add() says, 'if device_add() succeeds, you should call device_del() when you want to get rid of it. If device_add() has not succeeded, use only put_device() to drop the reference count'. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v4: - deleted the redundant initialization; Changes in v3: - modified the patch as suggestions; Changes in v2: - modified the patch as suggestions. --- arch/arm/common/locomo.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/arch/arm/common/locomo.c b/arch/arm/common/locomo.c index cb6ef449b987..45106066a17f 100644 --- a/arch/arm/common/locomo.c +++ b/arch/arm/common/locomo.c @@ -223,10 +223,8 @@ locomo_init_one_child(struct locomo *lchip, struct locomo_dev_info *info) int ret; dev = kzalloc(sizeof(struct locomo_dev), GFP_KERNEL); - if (!dev) { - ret = -ENOMEM; - goto out; - } + if (!dev) + return -ENOMEM; /* * If the parent device has a DMA mask associated with it, @@ -254,10 +252,9 @@ locomo_init_one_child(struct locomo *lchip, struct locomo_dev_info *info) NO_IRQ : lchip->irq_base + info->irq[0]; ret = device_register(&dev->dev); - if (ret) { - out: - kfree(dev); - } + if (ret) + put_device(&dev->dev); + return ret; } -- 2.25.1

2 weeks, 4 days

3
2
0 0

[PATCH v2 1/7] mm/hugetlb: Fix avoid_reserve to allow taking folio from subpool

by Peter Xu

Since commit 04f2cbe35699 ("hugetlb: guarantee that COW faults for a process that called mmap(MAP_PRIVATE) on hugetlbfs will succeed"), avoid_reserve was introduced for a special case of CoW on hugetlb private mappings, and only if the owner VMA is trying to allocate yet another hugetlb folio that is not reserved within the private vma reserved map. Later on, in commit d85f69b0b533 ("mm/hugetlb: alloc_huge_page handle areas hole punched by fallocate"), alloc_huge_page() enforced to not consume any global reservation as long as avoid_reserve=true. This operation doesn't look correct, because even if it will enforce the allocation to not use global reservation at all, it will still try to take one reservation from the spool (if the subpool existed). Then since the spool reserved pages take from global reservation, it'll also take one reservation globally. Logically it can cause global reservation to go wrong. I wrote a reproducer below, trigger this special path, and every run of such program will cause global reservation count to increment by one, until it hits the number of free pages: #define _GNU_SOURCE /* See feature_test_macros(7) */ #include <stdio.h> #include <fcntl.h> #include <errno.h> #include <unistd.h> #include <stdlib.h> #include <sys/mman.h> #define MSIZE (2UL << 20) int main(int argc, char *argv[]) { const char *path; int *buf; int fd, ret; pid_t child; if (argc < 2) { printf("usage: %s <hugetlb_file>\n", argv[0]); return -1; } path = argv[1]; fd = open(path, O_RDWR | O_CREAT, 0666); if (fd < 0) { perror("open failed"); return -1; } ret = fallocate(fd, 0, 0, MSIZE); if (ret != 0) { perror("fallocate"); return -1; } buf = mmap(NULL, MSIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0); if (buf == MAP_FAILED) { perror("mmap() failed"); return -1; } /* Allocate a page */ *buf = 1; child = fork(); if (child == 0) { /* child doesn't need to do anything */ exit(0); } /* Trigger CoW from owner */ *buf = 2; munmap(buf, MSIZE); close(fd); unlink(path); return 0; } It can only reproduce with a sub-mount when there're reserved pages on the spool, like: # sysctl vm.nr_hugepages=128 # mkdir ./hugetlb-pool # mount -t hugetlbfs -o min_size=8M,pagesize=2M none ./hugetlb-pool Then run the reproducer on the mountpoint: # ./reproducer ./hugetlb-pool/test Fix it by taking the reservation from spool if available. In general, avoid_reserve is IMHO more about "avoid vma resv map", not spool's. I copied stable, however I have no intention for backporting if it's not a clean cherry-pick, because private hugetlb mapping, and then fork() on top is too rare to hit. Cc: linux-stable <stable(a)vger.kernel.org> Fixes: d85f69b0b533 ("mm/hugetlb: alloc_huge_page handle areas hole punched by fallocate") Reviewed-by: Ackerley Tng <ackerleytng(a)google.com> Tested-by: Ackerley Tng <ackerleytng(a)google.com> Signed-off-by: Peter Xu <peterx(a)redhat.com> --- mm/hugetlb.c | 22 +++------------------- 1 file changed, 3 insertions(+), 19 deletions(-) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 354eec6f7e84..2bf971f77553 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -1394,8 +1394,7 @@ static unsigned long available_huge_pages(struct hstate *h) static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, struct vm_area_struct *vma, - unsigned long address, int avoid_reserve, - long chg) + unsigned long address, long chg) { struct folio *folio = NULL; struct mempolicy *mpol; @@ -1411,10 +1410,6 @@ static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, if (!vma_has_reserves(vma, chg) && !available_huge_pages(h)) goto err; - /* If reserves cannot be used, ensure enough pages are in the pool */ - if (avoid_reserve && !available_huge_pages(h)) - goto err; - gfp_mask = htlb_alloc_mask(h); nid = huge_node(vma, address, gfp_mask, &mpol, &nodemask); @@ -1430,7 +1425,7 @@ static struct folio *dequeue_hugetlb_folio_vma(struct hstate *h, folio = dequeue_hugetlb_folio_nodemask(h, gfp_mask, nid, nodemask); - if (folio && !avoid_reserve && vma_has_reserves(vma, chg)) { + if (folio && vma_has_reserves(vma, chg)) { folio_set_hugetlb_restore_reserve(folio); h->resv_huge_pages--; } @@ -3047,17 +3042,6 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, gbl_chg = hugepage_subpool_get_pages(spool, 1); if (gbl_chg < 0) goto out_end_reservation; - - /* - * Even though there was no reservation in the region/reserve - * map, there could be reservations associated with the - * subpool that can be used. This would be indicated if the - * return value of hugepage_subpool_get_pages() is zero. - * However, if avoid_reserve is specified we still avoid even - * the subpool reservations. - */ - if (avoid_reserve) - gbl_chg = 1; } /* If this allocation is not consuming a reservation, charge it now. @@ -3080,7 +3064,7 @@ struct folio *alloc_hugetlb_folio(struct vm_area_struct *vma, * from the global free pool (global change). gbl_chg == 0 indicates * a reservation exists for the allocation. */ - folio = dequeue_hugetlb_folio_vma(h, vma, addr, avoid_reserve, gbl_chg); + folio = dequeue_hugetlb_folio_vma(h, vma, addr, gbl_chg); if (!folio) { spin_unlock_irq(&hugetlb_lock); folio = alloc_buddy_hugetlb_folio_with_mpol(h, vma, addr); -- 2.47.0

2 weeks, 4 days

2
1
0 0

[PATCH 6.12 000/172] 6.12.6-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.6 release. There are 172 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 19 Dec 2024 17:05:03 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.6-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.6-rc1 Juergen Gross <jgross(a)suse.com> x86/xen: remove hypercall page Juergen Gross <jgross(a)suse.com> x86/xen: use new hypercall functions instead of hypercall page Juergen Gross <jgross(a)suse.com> x86/xen: add central hypercall functions Juergen Gross <jgross(a)suse.com> x86/xen: don't do PV iret hypercall through hypercall page Juergen Gross <jgross(a)suse.com> x86/static-call: provide a way to do very early static-call updates Juergen Gross <jgross(a)suse.com> objtool/x86: allow syscall instruction Juergen Gross <jgross(a)suse.com> x86: make get_cpu_vendor() accessible from Xen code Juergen Gross <jgross(a)suse.com> xen/netfront: fix crash when removing device James Morse <james.morse(a)arm.com> KVM: arm64: Disable MPAM visibility by default and ignore VMM writes Miguel Ojeda <ojeda(a)kernel.org> rust: kbuild: set `bindgen`'s Rust target version Nilay Shroff <nilay(a)linux.ibm.com> block: Fix potential deadlock while freezing queue and acquiring sysfs_lock Ming Lei <ming.lei(a)redhat.com> blk-mq: move cpuhp callback registering out of q->sysfs_lock Weizhao Ouyang <o451686892(a)gmail.com> kselftest/arm64: abi: fix SVCR detection Nathan Chancellor <nathan(a)kernel.org> blk-iocost: Avoid using clamp() on inuse in __propagate_weights() Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/reg_sr: Remove register pool Mirsad Todorovac <mtodorovac69(a)gmail.com> drm/xe: fix the ERR_PTR() returned on failure to allocate tiny pt Robert Hodaszi <robert.hodaszi(a)digi.com> net: dsa: tag_ocelot_8021q: fix broken reception Jesse Van Gavere <jesseevg(a)gmail.com> net: dsa: microchip: KSZ9896 register regmap alignment to 32 bit boundaries Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: renesas: rswitch: fix initial MPIC register setting Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Bluetooth: btmtk: avoid UAF in btmtk_process_coredump Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: iso: Fix circular lock in iso_conn_big_sync Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: iso: Fix circular lock in iso_listen_bis Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: SCO: Add support for 16 bits transparent voice setting Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: iso: Fix recursive locking warning Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: iso: Always release hdev at the end of iso_listen_bis Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating Daniil Tatianin <d-tatianin(a)yandex-team.ru> ACPICA: events/evxfregn: don't release the ContextMutex that was never acquired Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array Daniel Borkmann <daniel(a)iogearbox.net> team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL Daniel Borkmann <daniel(a)iogearbox.net> team: Fix initial vlan_feature set in __team_compute_features Daniel Borkmann <daniel(a)iogearbox.net> bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL Daniel Borkmann <daniel(a)iogearbox.net> bonding: Fix initial {vlan,mpls}_feature set in bond_compute_features Daniel Borkmann <daniel(a)iogearbox.net> net, team, bonding: Add netdev_base_features helper Martin Ottens <martin.ottens(a)fau.de> net/sched: netem: account for backlog updates from child qdisc Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: felix: fix stuck CPU-injected packets with short taprio windows Maxim Levitsky <mlevitsk(a)redhat.com> net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs Maxim Levitsky <mlevitsk(a)redhat.com> net: mana: Fix memory leak in mana_gd_setup_irqs Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: do not defer rule destruction via call_rcu Phil Sutter <phil(a)nwl.cc> netfilter: IDLETIMER: Fix for possible ABBA deadlock Phil Sutter <phil(a)nwl.cc> selftests: netfilter: Stabilize rpath.sh Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_spdif: change IFACE_PCM to IFACE_MIXER Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_xcvr: change IFACE_PCM to IFACE_MIXER James Clark <james.clark(a)linaro.org> libperf: evlist: Fix --cpu argument on hybrid platform Michal Luczaj <mhal(a)rbox.co> Bluetooth: Improve setsockopt() handling of malformed user input Shenghao Ding <shenghao-ding(a)ti.com> ASoC: tas2781: Fix calibration issue in stress test Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: renesas: rswitch: handle stop vs interrupt race Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: renesas: rswitch: avoid use-after-put for a device tree node Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: renesas: rswitch: fix leaked pointer on error path Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: renesas: rswitch: fix race window between tx start and complete Nikita Yushchenko <nikita.yoush(a)cogentembedded.com> net: renesas: rswitch: fix possible early skb release David Howells <dhowells(a)redhat.com> cifs: Fix rmdir failure due to ongoing I/O on deleted file Petr Machata <petrm(a)nvidia.com> Documentation: networking: Add a caveat to nexthop_compat_mode sysctl Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips LongPing Wei <weilongping(a)oppo.com> block: get wp_offset by bdev_offset_from_zone_start Paul Barker <paul.barker.ct(a)bp.renesas.com> Documentation: PM: Clarify pm_runtime_resume_and_get() return value Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: yc: Fix the wrong return value Takashi Iwai <tiwai(a)suse.de> ALSA: control: Avoid WARN() for symlink errors Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Make driver probing reliable Stefan Wahren <wahrenst(a)gmx.net> qca_spi: Fix clock speed for multiple QCA7000 Anumula Murali Mohan Reddy <anumula(a)chelsio.com> cxgb4: use port number to set mac addr Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> ACPI: resource: Fix memory resource type union access Daniel Machon <daniel.machon(a)microchip.com> net: sparx5: fix the maximum frame length register Daniel Machon <daniel.machon(a)microchip.com> net: sparx5: fix FDMA performance issue Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> spi: aspeed: Fix an error handling path in aspeed_spi_[read|write]_user() Philippe Simons <simons.philippe(a)gmail.com> regulator: axp20x: AXP717: set ramp_delay Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: perform error cleanup in ocelot_hwstamp_set() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: be resilient to loss of PTP packets during transmission Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: ocelot->ts_id_lock and ocelot_port->tx_skbs.lock are IRQ-safe Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: improve handling of TX timestamp for unknown skb Vladimir Oltean <vladimir.oltean(a)nxp.com> net: mscc: ocelot: fix memory leak on ocelot_port_add_txtstamp_skb() Eric Dumazet <edumazet(a)google.com> net: defer final 'struct net' free in netns dismantle Eric Dumazet <edumazet(a)google.com> net: lapb: increase LAPB_HEADER_LEN Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix GSO type for HW GRO packets on 5750X chips Thomas Weißschuh <linux(a)weissschuh.net> ptp: kvm: x86: Return EOPNOTSUPP instead of ENODEV from kvm_arch_ptp_init() Danielle Ratson <danieller(a)nvidia.com> selftests: mlxsw: sharedbuffer: Ensure no extra packets are counted Danielle Ratson <danieller(a)nvidia.com> selftests: mlxsw: sharedbuffer: Remove duplicate test cases Danielle Ratson <danieller(a)nvidia.com> selftests: mlxsw: sharedbuffer: Remove h1 ingress test case Haoyu Li <lihaoyu499(a)gmail.com> wifi: cfg80211: sme: init n_channels before channels[] access Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx5: DR, prevent potential error pointer dereference Eric Dumazet <edumazet(a)google.com> tipc: fix NULL deref in cleanup_bearer() Remi Pommarel <repk(a)triplefau.lt> batman-adv: Do not let TT changes list grows indefinitely Remi Pommarel <repk(a)triplefau.lt> batman-adv: Remove uninitialized data in full table TT response Remi Pommarel <repk(a)triplefau.lt> batman-adv: Do not send uninitialized TT changes David (Ming Qiang) Wu <David.Wu3(a)amd.com> amdgpu/uvd: get ring reference from rq scheduler Suraj Sonawane <surajsonawane0215(a)gmail.com> acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl Arnaldo Carvalho de Melo <acme(a)kernel.org> perf machine: Initialize machine->env to address a segfault Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mac80211: fix station NSS capability initialization order Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: mac80211: fix a queue stall in certain cases of CSA Haoyu Li <lihaoyu499(a)gmail.com> wifi: mac80211: init cnt before accessing elem in ieee80211_copy_mbssid_beacon Lin Ma <linma(a)zju.edu.cn> wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one Namhyung Kim <namhyung(a)kernel.org> perf tools: Fix build-id event recording Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Augment raw_tp arguments with PTR_MAYBE_NULL Michal Luczaj <mhal(a)rbox.co> bpf, sockmap: Fix update element with same Michal Luczaj <mhal(a)rbox.co> bpf, sockmap: Fix race between element replace and close() Jiri Olsa <jolsa(a)kernel.org> bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog Jann Horn <jannh(a)google.com> bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Check size for BTF-based ctx access of pointer members Darrick J. Wong <djwong(a)kernel.org> xfs: unlock inodes when erroring out of xfs_trans_alloc_dir Darrick J. Wong <djwong(a)kernel.org> xfs: only run precommits once per transaction object Darrick J. Wong <djwong(a)kernel.org> xfs: fix scrub tracepoints when inode-rooted btrees are involved Darrick J. Wong <djwong(a)kernel.org> xfs: return from xfs_symlink_verify early on V4 filesystems Darrick J. Wong <djwong(a)kernel.org> xfs: fix null bno_hint handling in xfs_rtallocate_rtg Darrick J. Wong <djwong(a)kernel.org> xfs: return a 64-bit block count from xfs_btree_count_blocks Darrick J. Wong <djwong(a)kernel.org> xfs: don't drop errno values when we fail to ficlone the entire range Darrick J. Wong <djwong(a)kernel.org> xfs: update btree keys correctly when _insrec splits an inode root block Darrick J. Wong <djwong(a)kernel.org> xfs: set XFS_SICK_INO_SYMLINK_ZAPPED explicitly when zapping a symlink Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdkfd: hard-code MALL cacheline size for gfx11, gfx12 Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdkfd: hard-code cacheline size for gfx11 Andrew Martin <Andrew.Martin(a)amd.com> drm/amdkfd: Dereference null return value Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix when the cleaner shader is emitted Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: Set SMU v13.0.7 default workload type Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix UVD contiguous CS mapping problem Eugene Kobyak <eugene.kobyak(a)intel.com> drm/i915: Fix NULL pointer dereference in capture_engine Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/color: Stop using non-posted DSB writes for legacy LUT Jiasheng Jiang <jiashengjiangcool(a)outlook.com> drm/i915: Fix memory leak by correcting cache object name in error handler Jesse.zhang(a)amd.com <Jesse.zhang(a)amd.com> drm/amdkfd: pause autosuspend when creating pdd Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/xe: Call invalidation_fence_fini for PT inval fences in error state Yi Liu <yi.l.liu(a)intel.com> iommu/vt-d: Fix qi_batch NULL pointer with nested parent domain Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Remove cache tags before disabling ATS Luis Claudio R. Goncalves <lgoncalv(a)redhat.com> iommu/tegra241-cmdqv: do not use smp_processor_id in preemptible context Neal Frager <neal.frager(a)amd.com> usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode Łukasz Bartosik <ukaszb(a)chromium.org> usb: typec: ucsi: Fix completion notifications Lianqin Hu <hulianqin(a)vivo.com> usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> usb: typec: anx7411: fix OF node reference leaks in anx7411_typec_switch_probe() Xu Yang <xu.yang_2(a)nxp.com> usb: dwc3: imx8mp: fix software node kernel dump Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> usb: typec: anx7411: fix fwnode_handle reference leak Vitalii Mordan <mordan(a)ispras.ru> usb: ehci-hcd: fix call balance of clocks handling routines Takashi Iwai <tiwai(a)suse.de> usb: gadget: midi2: Fix interpretation of is_midi1 bits liuderong <liuderong(a)oppo.com> scsi: ufs: core: Update compl_time_stamp_local_clock after completing a cqe Stefan Wahren <wahrenst(a)gmx.net> usb: dwc2: Fix HCD port connection race Stefan Wahren <wahrenst(a)gmx.net> usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature Stefan Wahren <wahrenst(a)gmx.net> usb: dwc2: Fix HCD resume Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Revert "bpf: Mark raw_tp arguments with PTR_MAYBE_NULL" Xu Yang <xu.yang_2(a)nxp.com> usb: core: hcd: only check primary hcd skip_phy_initialization Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> gpio: graniterapids: Check if GPIO line can be used for IRQs Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> gpio: graniterapids: Determine if GPIO pad can be used by driver Shankar Bandal <shankar.bandal(a)intel.com> gpio: graniterapids: Fix invalid RXEVCFG register bitmask Shankar Bandal <shankar.bandal(a)intel.com> gpio: graniterapids: Fix invalid GPI_IS register offset Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> gpio: graniterapids: Fix incorrect BAR assignment Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> gpio: graniterapids: Fix vGPIO driver crash Damien Le Moal <dlemoal(a)kernel.org> block: Ignore REQ_NOWAIT for zone reset and zone finish operations Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> usb: host: max3421-hcd: Correctly abort a USB request. Miguel Ojeda <ojeda(a)kernel.org> drm/panic: remove spurious empty line to clean warning Chenghai Huang <huangchenghai2(a)huawei.com> crypto: hisilicon/debugfs - fix the struct pointer incorrectly offset problem Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix IPIs usage in kfence_protect_page() Hridesh MG <hridesh699(a)gmail.com> ALSA: hda/realtek: Fix headset mic on Acer Nitro 5 Jaakko Salo <jaakkos(a)gmail.com> ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5 Haoyu Li <lihaoyu499(a)gmail.com> gpio: ljca: Initialize num before accessing item in ljca_gpio_config Christian Loehle <christian.loehle(a)arm.com> spi: rockchip: Fix PM runtime count on no-op cs Shakeel Butt <shakeel.butt(a)linux.dev> memcg: slub: fix SUnreclaim for post charged objects Alan Borzeszkowski <alan.borzeszkowski(a)linux.intel.com> gpio: graniterapids: Fix GPIO Ack functionality Damien Le Moal <dlemoal(a)kernel.org> block: Prevent potential deadlocks in zone write plug error recovery Damien Le Moal <dlemoal(a)kernel.org> dm: Fix dm-zoned-reclaim zone write pointer alignment Damien Le Moal <dlemoal(a)kernel.org> block: Use a zone write plug BIO work for REQ_NOWAIT BIOs Damien Le Moal <dlemoal(a)kernel.org> block: Switch to using refcount_t for zone write plugs Tejun Heo <tj(a)kernel.org> blk-cgroup: Fix UAF in blkcg_unpin_online() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix wrong usage of __pa() on a fixmap address Björn Töpel <bjorn(a)rivosinc.com> riscv: mm: Do not call pmd dtor on vmemmap page table teardown Koichiro Den <koichiro.den(a)canonical.com> virtio_net: ensure netdev_tx_reset_queue is called on tx ring resize Koichiro Den <koichiro.den(a)canonical.com> virtio_ring: add a func argument 'recycle_done' to virtqueue_resize() Koichiro Den <koichiro.den(a)canonical.com> virtio_net: correct netdev_tx_reset_queue() invocation point Kuan-Wei Chiu <visitorckw(a)gmail.com> perf ftrace: Fix undefined behavior in cmp_profile_data() MoYuanhao <moyuanhao3676(a)163.com> tcp: check space before adding MPTCP SYN options Frederik Deweerdt <deweerdt.lkml(a)gmail.com> splice: do not checksum AF_UNIX sockets Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix racy issue from session lookup and expire Christian Marangi <ansuelsmth(a)gmail.com> clk: en7523: Fix wrong BUS clock for EN7581 Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG Juri Lelli <juri.lelli(a)redhat.com> sched/deadline: Fix replenish_dl_new_period dl_server condition Jann Horn <jannh(a)google.com> bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Check if TX data was written to device in .tx_empty() Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> usb: misc: onboard_usb_dev: skip suspend/resume sequence for USB5744 SMBus support ------------- Diffstat: Documentation/networking/ip-sysctl.rst | 6 + Documentation/power/runtime_pm.rst | 4 +- Makefile | 4 +- arch/arm64/kvm/sys_regs.c | 55 ++- arch/riscv/include/asm/kfence.h | 4 +- arch/riscv/kernel/setup.c | 2 +- arch/riscv/mm/init.c | 7 +- arch/x86/events/intel/ds.c | 2 +- arch/x86/include/asm/processor.h | 2 + arch/x86/include/asm/static_call.h | 15 + arch/x86/include/asm/sync_core.h | 6 +- arch/x86/include/asm/xen/hypercall.h | 36 +- arch/x86/kernel/callthunks.c | 5 - arch/x86/kernel/cpu/common.c | 38 +- arch/x86/kernel/static_call.c | 9 + arch/x86/xen/enlighten.c | 64 ++- arch/x86/xen/enlighten_hvm.c | 13 +- arch/x86/xen/enlighten_pv.c | 4 +- arch/x86/xen/enlighten_pvh.c | 7 - arch/x86/xen/xen-asm.S | 50 +- arch/x86/xen/xen-head.S | 106 ++++- arch/x86/xen/xen-ops.h | 9 + block/blk-cgroup.c | 6 +- block/blk-iocost.c | 9 +- block/blk-mq-sysfs.c | 16 +- block/blk-mq.c | 127 ++++- block/blk-sysfs.c | 4 +- block/blk-zoned.c | 526 +++++++++------------ drivers/acpi/acpica/evxfregn.c | 2 - drivers/acpi/nfit/core.c | 7 +- drivers/acpi/resource.c | 6 +- drivers/ata/sata_highbank.c | 1 + drivers/bluetooth/btmtk.c | 20 +- drivers/clk/clk-en7523.c | 5 +- drivers/crypto/hisilicon/debugfs.c | 4 +- drivers/gpio/gpio-graniterapids.c | 52 +- drivers/gpio/gpio-ljca.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 17 +- drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 13 +- drivers/gpu/drm/amd/amdgpu/uvd_v7_0.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 24 +- .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 15 + drivers/gpu/drm/amd/amdkfd/kfd_process.c | 23 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 12 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 1 + drivers/gpu/drm/drm_panic_qr.rs | 1 - drivers/gpu/drm/i915/display/intel_color.c | 30 +- drivers/gpu/drm/i915/i915_gpu_error.c | 18 +- drivers/gpu/drm/i915/i915_scheduler.c | 2 +- drivers/gpu/drm/xe/tests/xe_migrate.c | 4 +- drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 8 + drivers/gpu/drm/xe/xe_gt_tlb_invalidation.h | 1 + drivers/gpu/drm/xe/xe_pt.c | 3 +- drivers/gpu/drm/xe/xe_reg_sr.c | 31 +- drivers/gpu/drm/xe/xe_reg_sr_types.h | 6 - drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 2 +- drivers/iommu/intel/cache.c | 34 +- drivers/iommu/intel/iommu.c | 4 +- drivers/md/dm-zoned-reclaim.c | 6 +- drivers/net/bonding/bond_main.c | 10 +- drivers/net/dsa/microchip/ksz_common.c | 42 +- drivers/net/dsa/ocelot/felix_vsc9959.c | 17 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 14 +- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 9 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4.h | 2 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 5 +- .../mellanox/mlx5/core/steering/dr_domain.c | 4 +- .../net/ethernet/microchip/sparx5/sparx5_main.c | 11 +- .../net/ethernet/microchip/sparx5/sparx5_port.c | 2 +- drivers/net/ethernet/microsoft/mana/gdma_main.c | 6 +- drivers/net/ethernet/mscc/ocelot_ptp.c | 207 ++++---- drivers/net/ethernet/qualcomm/qca_spi.c | 26 +- drivers/net/ethernet/qualcomm/qca_spi.h | 1 - drivers/net/ethernet/renesas/rswitch.c | 95 ++-- drivers/net/ethernet/renesas/rswitch.h | 14 +- drivers/net/team/team_core.c | 11 +- drivers/net/virtio_net.c | 24 +- drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c | 2 +- drivers/net/xen-netfront.c | 5 +- drivers/ptp/ptp_kvm_x86.c | 6 +- drivers/regulator/axp20x-regulator.c | 36 +- drivers/spi/spi-aspeed-smc.c | 10 +- drivers/spi/spi-rockchip.c | 14 + drivers/tty/serial/sh-sci.c | 29 ++ drivers/ufs/core/ufshcd.c | 1 + drivers/usb/core/hcd.c | 8 +- drivers/usb/dwc2/hcd.c | 19 +- drivers/usb/dwc3/dwc3-imx8mp.c | 30 +- drivers/usb/dwc3/dwc3-xilinx.c | 5 +- drivers/usb/gadget/function/f_midi2.c | 6 +- drivers/usb/gadget/function/u_serial.c | 9 +- drivers/usb/host/ehci-sh.c | 9 +- drivers/usb/host/max3421-hcd.c | 16 +- drivers/usb/misc/onboard_usb_dev.c | 4 +- drivers/usb/typec/anx7411.c | 66 ++- drivers/usb/typec/ucsi/ucsi.c | 6 +- drivers/virtio/virtio_ring.c | 6 +- fs/smb/client/inode.c | 5 +- fs/smb/server/auth.c | 2 + fs/smb/server/mgmt/user_session.c | 6 +- fs/smb/server/server.c | 4 +- fs/smb/server/smb2pdu.c | 27 +- fs/xfs/libxfs/xfs_btree.c | 33 +- fs/xfs/libxfs/xfs_btree.h | 2 +- fs/xfs/libxfs/xfs_ialloc_btree.c | 4 +- fs/xfs/libxfs/xfs_symlink_remote.c | 4 +- fs/xfs/scrub/agheader.c | 6 +- fs/xfs/scrub/agheader_repair.c | 6 +- fs/xfs/scrub/fscounters.c | 2 +- fs/xfs/scrub/ialloc.c | 4 +- fs/xfs/scrub/refcount.c | 2 +- fs/xfs/scrub/symlink_repair.c | 3 +- fs/xfs/scrub/trace.h | 2 +- fs/xfs/xfs_bmap_util.c | 2 +- fs/xfs/xfs_file.c | 8 + fs/xfs/xfs_rtalloc.c | 2 +- fs/xfs/xfs_trans.c | 19 +- include/linux/blkdev.h | 5 +- include/linux/bpf.h | 19 +- include/linux/compiler.h | 39 +- include/linux/dsa/ocelot.h | 1 + include/linux/netdev_features.h | 7 + include/linux/static_call.h | 1 + include/linux/virtio.h | 3 +- include/net/bluetooth/bluetooth.h | 10 +- include/net/lapb.h | 2 +- include/net/mac80211.h | 4 +- include/net/net_namespace.h | 1 + include/net/netfilter/nf_tables.h | 4 - include/soc/mscc/ocelot.h | 2 - kernel/bpf/btf.c | 149 +++++- kernel/bpf/verifier.c | 79 +--- kernel/sched/deadline.c | 2 +- kernel/static_call_inline.c | 2 +- kernel/trace/bpf_trace.c | 11 + kernel/trace/trace_uprobe.c | 6 +- mm/slub.c | 21 +- net/batman-adv/translation-table.c | 58 ++- net/bluetooth/hci_event.c | 33 +- net/bluetooth/hci_sock.c | 14 +- net/bluetooth/iso.c | 71 ++- net/bluetooth/l2cap_sock.c | 20 +- net/bluetooth/rfcomm/sock.c | 9 +- net/bluetooth/sco.c | 40 +- net/core/net_namespace.c | 20 +- net/core/sock_map.c | 6 +- net/dsa/tag_ocelot_8021q.c | 2 +- net/ipv4/tcp_output.c | 6 +- net/mac80211/cfg.c | 9 +- net/mac80211/ieee80211_i.h | 49 +- net/mac80211/iface.c | 12 +- net/mac80211/mlme.c | 2 - net/mac80211/util.c | 23 +- net/netfilter/nf_tables_api.c | 32 +- net/netfilter/xt_IDLETIMER.c | 52 +- net/sched/sch_netem.c | 22 +- net/tipc/udp_media.c | 7 +- net/unix/af_unix.c | 1 + net/wireless/nl80211.c | 2 +- net/wireless/sme.c | 1 + rust/Makefile | 15 +- sound/core/control_led.c | 14 +- sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/yc/acp6x-mach.c | 13 +- sound/soc/codecs/tas2781-i2c.c | 2 +- sound/soc/fsl/fsl_spdif.c | 2 +- sound/soc/fsl/fsl_xcvr.c | 2 +- sound/soc/intel/boards/sof_sdw.c | 8 +- sound/usb/quirks.c | 2 + tools/lib/perf/evlist.c | 18 +- tools/objtool/check.c | 9 +- tools/perf/builtin-ftrace.c | 3 +- tools/perf/util/build-id.c | 4 +- tools/perf/util/machine.c | 2 + .../testing/selftests/arm64/abi/syscall-abi-asm.S | 32 +- .../selftests/bpf/progs/test_tp_btf_nullable.c | 6 +- .../selftests/bpf/progs/verifier_btf_ctx_access.c | 4 +- .../testing/selftests/bpf/progs/verifier_d_path.c | 4 +- .../selftests/drivers/net/mlxsw/sharedbuffer.sh | 55 ++- tools/testing/selftests/net/netfilter/rpath.sh | 18 +- 182 files changed, 2200 insertions(+), 1299 deletions(-)

2 weeks, 4 days

18
194
0 0

[PATCH 1/2] media: streamzap: fix race between device disconnection and urb callback

by Murad Masimov

Syzkaller has reported a general protection fault at function ir_raw_event_store_with_filter(). This crash is caused by a NULL pointer dereference of dev->raw pointer, even though it is checked for NULL in the same function, which means there is a race condition. It occurs due to the incorrect order of actions in the streamzap_disconnect() function: rc_unregister_device() is called before usb_kill_urb(). The dev->raw pointer is freed and set to NULL in rc_unregister_device(), and only after that usb_kill_urb() waits for in-progress requests to finish. If rc_unregister_device() is called while streamzap_callback() handler is not finished, this can lead to accessing freed resources. Thus rc_unregister_device() should be called after usb_kill_urb(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 8e9e60640067 ("V4L/DVB: staging/lirc: port lirc_streamzap to ir-core") Cc: stable(a)vger.kernel.org Reported-by: syzbot+34008406ee9a31b13c73(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=34008406ee9a31b13c73 Signed-off-by: Murad Masimov <m.masimov(a)mt-integration.ru> --- drivers/media/rc/streamzap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/rc/streamzap.c b/drivers/media/rc/streamzap.c index 9b209e687f25..2ce62fe5d60f 100644 --- a/drivers/media/rc/streamzap.c +++ b/drivers/media/rc/streamzap.c @@ -385,8 +385,8 @@ static void streamzap_disconnect(struct usb_interface *interface) if (!sz) return; - rc_unregister_device(sz->rdev); usb_kill_urb(sz->urb_in); + rc_unregister_device(sz->rdev); usb_free_urb(sz->urb_in); usb_free_coherent(usbdev, sz->buf_in_len, sz->buf_in, sz->dma_in); -- 2.39.2

2 weeks, 4 days

1
0
0 0

FAILED: patch "[PATCH] tty: serial: 8250: Fix another runtime PM usage counter" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ed2761958ad77e54791802b07095786150eab844 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025011340-empirical-actress-7e43@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed2761958ad77e54791802b07095786150eab844 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ilpo=20J=C3=A4rvinen?= <ilpo.jarvinen(a)linux.intel.com> Date: Tue, 10 Dec 2024 19:01:20 +0200 Subject: [PATCH] tty: serial: 8250: Fix another runtime PM usage counter underflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The commit f9b11229b79c ("serial: 8250: Fix PM usage_count for console handover") fixed one runtime PM usage counter balance problem that occurs because .dev is not set during univ8250 setup preventing call to pm_runtime_get_sync(). Later, univ8250_console_exit() will trigger the runtime PM usage counter underflow as .dev is already set at that time. Call pm_runtime_get_sync() to balance the RPM usage counter also in serial8250_register_8250_port() before trying to add the port. Reported-by: Borislav Petkov (AMD) <bp(a)alien8.de> Fixes: bedb404e91bb ("serial: 8250_port: Don't use power management for kernel console") Cc: stable <stable(a)kernel.org> Tested-by: Borislav Petkov (AMD) <bp(a)alien8.de> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Link: https://lore.kernel.org/r/20241210170120.2231-1-ilpo.jarvinen@linux.intel.c… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c index 5f9f06911795..68baf75bdadc 100644 --- a/drivers/tty/serial/8250/8250_core.c +++ b/drivers/tty/serial/8250/8250_core.c @@ -812,6 +812,9 @@ int serial8250_register_8250_port(const struct uart_8250_port *up) uart->dl_write = up->dl_write; if (uart->port.type != PORT_8250_CIR) { + if (uart_console_registered(&uart->port)) + pm_runtime_get_sync(uart->port.dev); + if (serial8250_isa_config != NULL) serial8250_isa_config(0, &uart->port, &uart->capabilities);

2 weeks, 4 days

1
0
0 0

FAILED: patch "[PATCH] tty: serial: 8250: Fix another runtime PM usage counter" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ed2761958ad77e54791802b07095786150eab844 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025011341-kisser-strained-c171@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed2761958ad77e54791802b07095786150eab844 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ilpo=20J=C3=A4rvinen?= <ilpo.jarvinen(a)linux.intel.com> Date: Tue, 10 Dec 2024 19:01:20 +0200 Subject: [PATCH] tty: serial: 8250: Fix another runtime PM usage counter underflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The commit f9b11229b79c ("serial: 8250: Fix PM usage_count for console handover") fixed one runtime PM usage counter balance problem that occurs because .dev is not set during univ8250 setup preventing call to pm_runtime_get_sync(). Later, univ8250_console_exit() will trigger the runtime PM usage counter underflow as .dev is already set at that time. Call pm_runtime_get_sync() to balance the RPM usage counter also in serial8250_register_8250_port() before trying to add the port. Reported-by: Borislav Petkov (AMD) <bp(a)alien8.de> Fixes: bedb404e91bb ("serial: 8250_port: Don't use power management for kernel console") Cc: stable <stable(a)kernel.org> Tested-by: Borislav Petkov (AMD) <bp(a)alien8.de> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Link: https://lore.kernel.org/r/20241210170120.2231-1-ilpo.jarvinen@linux.intel.c… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c index 5f9f06911795..68baf75bdadc 100644 --- a/drivers/tty/serial/8250/8250_core.c +++ b/drivers/tty/serial/8250/8250_core.c @@ -812,6 +812,9 @@ int serial8250_register_8250_port(const struct uart_8250_port *up) uart->dl_write = up->dl_write; if (uart->port.type != PORT_8250_CIR) { + if (uart_console_registered(&uart->port)) + pm_runtime_get_sync(uart->port.dev); + if (serial8250_isa_config != NULL) serial8250_isa_config(0, &uart->port, &uart->capabilities);

2 weeks, 4 days

1
0
0 0

FAILED: patch "[PATCH] tty: serial: 8250: Fix another runtime PM usage counter" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ed2761958ad77e54791802b07095786150eab844 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025011340-happily-deport-200b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed2761958ad77e54791802b07095786150eab844 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ilpo=20J=C3=A4rvinen?= <ilpo.jarvinen(a)linux.intel.com> Date: Tue, 10 Dec 2024 19:01:20 +0200 Subject: [PATCH] tty: serial: 8250: Fix another runtime PM usage counter underflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The commit f9b11229b79c ("serial: 8250: Fix PM usage_count for console handover") fixed one runtime PM usage counter balance problem that occurs because .dev is not set during univ8250 setup preventing call to pm_runtime_get_sync(). Later, univ8250_console_exit() will trigger the runtime PM usage counter underflow as .dev is already set at that time. Call pm_runtime_get_sync() to balance the RPM usage counter also in serial8250_register_8250_port() before trying to add the port. Reported-by: Borislav Petkov (AMD) <bp(a)alien8.de> Fixes: bedb404e91bb ("serial: 8250_port: Don't use power management for kernel console") Cc: stable <stable(a)kernel.org> Tested-by: Borislav Petkov (AMD) <bp(a)alien8.de> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Link: https://lore.kernel.org/r/20241210170120.2231-1-ilpo.jarvinen@linux.intel.c… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c index 5f9f06911795..68baf75bdadc 100644 --- a/drivers/tty/serial/8250/8250_core.c +++ b/drivers/tty/serial/8250/8250_core.c @@ -812,6 +812,9 @@ int serial8250_register_8250_port(const struct uart_8250_port *up) uart->dl_write = up->dl_write; if (uart->port.type != PORT_8250_CIR) { + if (uart_console_registered(&uart->port)) + pm_runtime_get_sync(uart->port.dev); + if (serial8250_isa_config != NULL) serial8250_isa_config(0, &uart->port, &uart->capabilities);

2 weeks, 4 days

1
0
0 0

FAILED: patch "[PATCH] usb: typec: ucsi: Set orientation as none when connector is" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x f47eba045e6cb97f9ee154c68dbf7c3c756919aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025011357-emboss-unclaimed-572f@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f47eba045e6cb97f9ee154c68dbf7c3c756919aa Mon Sep 17 00:00:00 2001 From: Abel Vesa <abel.vesa(a)linaro.org> Date: Thu, 12 Dec 2024 19:37:43 +0200 Subject: [PATCH] usb: typec: ucsi: Set orientation as none when connector is unplugged The current implementation of the ucsi glink client connector_status() callback is only relying on the state of the gpio. This means that even when the cable is unplugged, the orientation propagated to the switches along the graph is "orientation normal", instead of "orientation none", which would be the correct one in this case. One of the Qualcomm DP-USB PHY combo drivers, which needs to be aware of the orientation change, is relying on the "orientation none" to skip the reinitialization of the entire PHY. Since the ucsi glink client advertises "orientation normal" even when the cable is unplugged, the mentioned PHY is taken down and reinitialized when in fact it should be left as-is. This triggers a crash within the displayport controller driver in turn, which brings the whole system down on some Qualcomm platforms. Propagating "orientation none" from the ucsi glink client on the connector_status() callback hides the problem of the mentioned PHY driver away for now. But the "orientation none" is nonetheless the correct one to be used in this case. So propagate the "orientation none" instead when the connector status flags says cable is disconnected. Fixes: 76716fd5bf09 ("usb: typec: ucsi: glink: move GPIO reading into connector_status callback") Cc: stable <stable(a)kernel.org> # 6.10 Reviewed-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Signed-off-by: Abel Vesa <abel.vesa(a)linaro.org> Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20241212-usb-typec-ucsi-glink-add-orientation-non… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/ucsi/ucsi_glink.c b/drivers/usb/typec/ucsi/ucsi_glink.c index 90948cd6d297..fed39d458090 100644 --- a/drivers/usb/typec/ucsi/ucsi_glink.c +++ b/drivers/usb/typec/ucsi/ucsi_glink.c @@ -185,6 +185,11 @@ static void pmic_glink_ucsi_connector_status(struct ucsi_connector *con) struct pmic_glink_ucsi *ucsi = ucsi_get_drvdata(con->ucsi); int orientation; + if (!UCSI_CONSTAT(con, CONNECTED)) { + typec_set_orientation(con->port, TYPEC_ORIENTATION_NONE); + return; + } + if (con->num > PMIC_GLINK_MAX_PORTS || !ucsi->port_orientation[con->num - 1]) return;

2 weeks, 4 days

1
0
0 0

FAILED: patch "[PATCH] usb: chipidea: ci_hdrc_imx: decrement device's refcount in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 74adad500346fb07d69af2c79acbff4adb061134 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025011317-dallying-crock-6557@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 74adad500346fb07d69af2c79acbff4adb061134 Mon Sep 17 00:00:00 2001 From: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Date: Mon, 16 Dec 2024 10:55:39 +0900 Subject: [PATCH] usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() Current implementation of ci_hdrc_imx_driver does not decrement the refcount of the device obtained in usbmisc_get_init_data(). Add a put_device() call in .remove() and in .probe() before returning an error. This bug was found by an experimental static analysis tool that I am developing. Cc: stable <stable(a)kernel.org> Fixes: f40017e0f332 ("chipidea: usbmisc_imx: Add USB support for VF610 SoCs") Signed-off-by: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Acked-by: Peter Chen <peter.chen(a)kernel.org> Link: https://lore.kernel.org/r/20241216015539.352579-1-joe@pf.is.s.u-tokyo.ac.jp Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c index f2801700be8e..1a7fc638213e 100644 --- a/drivers/usb/chipidea/ci_hdrc_imx.c +++ b/drivers/usb/chipidea/ci_hdrc_imx.c @@ -370,25 +370,29 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) data->pinctrl = devm_pinctrl_get(dev); if (PTR_ERR(data->pinctrl) == -ENODEV) data->pinctrl = NULL; - else if (IS_ERR(data->pinctrl)) - return dev_err_probe(dev, PTR_ERR(data->pinctrl), + else if (IS_ERR(data->pinctrl)) { + ret = dev_err_probe(dev, PTR_ERR(data->pinctrl), "pinctrl get failed\n"); + goto err_put; + } data->hsic_pad_regulator = devm_regulator_get_optional(dev, "hsic"); if (PTR_ERR(data->hsic_pad_regulator) == -ENODEV) { /* no pad regulator is needed */ data->hsic_pad_regulator = NULL; - } else if (IS_ERR(data->hsic_pad_regulator)) - return dev_err_probe(dev, PTR_ERR(data->hsic_pad_regulator), + } else if (IS_ERR(data->hsic_pad_regulator)) { + ret = dev_err_probe(dev, PTR_ERR(data->hsic_pad_regulator), "Get HSIC pad regulator error\n"); + goto err_put; + } if (data->hsic_pad_regulator) { ret = regulator_enable(data->hsic_pad_regulator); if (ret) { dev_err(dev, "Failed to enable HSIC pad regulator\n"); - return ret; + goto err_put; } } } @@ -402,13 +406,14 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) dev_err(dev, "pinctrl_hsic_idle lookup failed, err=%ld\n", PTR_ERR(pinctrl_hsic_idle)); - return PTR_ERR(pinctrl_hsic_idle); + ret = PTR_ERR(pinctrl_hsic_idle); + goto err_put; } ret = pinctrl_select_state(data->pinctrl, pinctrl_hsic_idle); if (ret) { dev_err(dev, "hsic_idle select failed, err=%d\n", ret); - return ret; + goto err_put; } data->pinctrl_hsic_active = pinctrl_lookup_state(data->pinctrl, @@ -417,7 +422,8 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) dev_err(dev, "pinctrl_hsic_active lookup failed, err=%ld\n", PTR_ERR(data->pinctrl_hsic_active)); - return PTR_ERR(data->pinctrl_hsic_active); + ret = PTR_ERR(data->pinctrl_hsic_active); + goto err_put; } } @@ -527,6 +533,8 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) if (pdata.flags & CI_HDRC_PMQOS) cpu_latency_qos_remove_request(&data->pm_qos_req); data->ci_pdev = NULL; +err_put: + put_device(data->usbmisc_data->dev); return ret; } @@ -551,6 +559,7 @@ static void ci_hdrc_imx_remove(struct platform_device *pdev) if (data->hsic_pad_regulator) regulator_disable(data->hsic_pad_regulator); } + put_device(data->usbmisc_data->dev); } static void ci_hdrc_imx_shutdown(struct platform_device *pdev)

2 weeks, 4 days

1
0
0 0

FAILED: patch "[PATCH] usb: chipidea: ci_hdrc_imx: decrement device's refcount in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 74adad500346fb07d69af2c79acbff4adb061134 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025011316-turbulent-jawed-ce2c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 74adad500346fb07d69af2c79acbff4adb061134 Mon Sep 17 00:00:00 2001 From: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Date: Mon, 16 Dec 2024 10:55:39 +0900 Subject: [PATCH] usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() Current implementation of ci_hdrc_imx_driver does not decrement the refcount of the device obtained in usbmisc_get_init_data(). Add a put_device() call in .remove() and in .probe() before returning an error. This bug was found by an experimental static analysis tool that I am developing. Cc: stable <stable(a)kernel.org> Fixes: f40017e0f332 ("chipidea: usbmisc_imx: Add USB support for VF610 SoCs") Signed-off-by: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Acked-by: Peter Chen <peter.chen(a)kernel.org> Link: https://lore.kernel.org/r/20241216015539.352579-1-joe@pf.is.s.u-tokyo.ac.jp Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c index f2801700be8e..1a7fc638213e 100644 --- a/drivers/usb/chipidea/ci_hdrc_imx.c +++ b/drivers/usb/chipidea/ci_hdrc_imx.c @@ -370,25 +370,29 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) data->pinctrl = devm_pinctrl_get(dev); if (PTR_ERR(data->pinctrl) == -ENODEV) data->pinctrl = NULL; - else if (IS_ERR(data->pinctrl)) - return dev_err_probe(dev, PTR_ERR(data->pinctrl), + else if (IS_ERR(data->pinctrl)) { + ret = dev_err_probe(dev, PTR_ERR(data->pinctrl), "pinctrl get failed\n"); + goto err_put; + } data->hsic_pad_regulator = devm_regulator_get_optional(dev, "hsic"); if (PTR_ERR(data->hsic_pad_regulator) == -ENODEV) { /* no pad regulator is needed */ data->hsic_pad_regulator = NULL; - } else if (IS_ERR(data->hsic_pad_regulator)) - return dev_err_probe(dev, PTR_ERR(data->hsic_pad_regulator), + } else if (IS_ERR(data->hsic_pad_regulator)) { + ret = dev_err_probe(dev, PTR_ERR(data->hsic_pad_regulator), "Get HSIC pad regulator error\n"); + goto err_put; + } if (data->hsic_pad_regulator) { ret = regulator_enable(data->hsic_pad_regulator); if (ret) { dev_err(dev, "Failed to enable HSIC pad regulator\n"); - return ret; + goto err_put; } } } @@ -402,13 +406,14 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) dev_err(dev, "pinctrl_hsic_idle lookup failed, err=%ld\n", PTR_ERR(pinctrl_hsic_idle)); - return PTR_ERR(pinctrl_hsic_idle); + ret = PTR_ERR(pinctrl_hsic_idle); + goto err_put; } ret = pinctrl_select_state(data->pinctrl, pinctrl_hsic_idle); if (ret) { dev_err(dev, "hsic_idle select failed, err=%d\n", ret); - return ret; + goto err_put; } data->pinctrl_hsic_active = pinctrl_lookup_state(data->pinctrl, @@ -417,7 +422,8 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) dev_err(dev, "pinctrl_hsic_active lookup failed, err=%ld\n", PTR_ERR(data->pinctrl_hsic_active)); - return PTR_ERR(data->pinctrl_hsic_active); + ret = PTR_ERR(data->pinctrl_hsic_active); + goto err_put; } } @@ -527,6 +533,8 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) if (pdata.flags & CI_HDRC_PMQOS) cpu_latency_qos_remove_request(&data->pm_qos_req); data->ci_pdev = NULL; +err_put: + put_device(data->usbmisc_data->dev); return ret; } @@ -551,6 +559,7 @@ static void ci_hdrc_imx_remove(struct platform_device *pdev) if (data->hsic_pad_regulator) regulator_disable(data->hsic_pad_regulator); } + put_device(data->usbmisc_data->dev); } static void ci_hdrc_imx_shutdown(struct platform_device *pdev)

2 weeks, 4 days

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror