--- /dev/null
+From c5b14df7a80acadbbd184808dc3f519fbb2ab96c Mon Sep 17 00:00:00 2001
+From: Colin Ian King <colin.king@canonical.com>
+Date: Fri, 15 Jan 2021 11:11:26 +0100
+Subject: media: venus: Fix uninitialized variable count being checked for zero
+
+From: Colin Ian King <colin.king@canonical.com>
+
+commit c5b14df7a80acadbbd184808dc3f519fbb2ab96c upstream.
+
+In the case where plat->codecs is NULL the variable count is uninitialized
+but is being checked to see if it is 0. Fix this by initializing
+count to 0.
+
+Addresses-Coverity: ("Uninitialized scalar variable")
+
+Fixes: e29929266be1 ("media: venus: Get codecs and capabilities from hfi platform")
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Signed-off-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/media/platform/qcom/venus/hfi_parser.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/media/platform/qcom/venus/hfi_parser.c
++++ b/drivers/media/platform/qcom/venus/hfi_parser.c
+@@ -266,7 +266,7 @@ static int hfi_platform_parser(struct ve
+ {
+ const struct hfi_platform *plat;
+ const struct hfi_plat_caps *caps = NULL;
+- u32 enc_codecs, dec_codecs, count;
++ u32 enc_codecs, dec_codecs, count = 0;
+ unsigned int entries;
+
+ if (inst)
--- /dev/null
+From 9b5d8fd580caa898c6e1b8605c774f2517f786ab Mon Sep 17 00:00:00 2001
+From: Stanimir Varbanov <stanimir.varbanov@linaro.org>
+Date: Sun, 7 Mar 2021 12:17:27 +0100
+Subject: media: venus: hfi_parser: Check for instance after hfi platform get
+
+From: Stanimir Varbanov <stanimir.varbanov@linaro.org>
+
+commit 9b5d8fd580caa898c6e1b8605c774f2517f786ab upstream.
+
+The inst function argument is != NULL only for Venus v1 and
+we did not migrate v1 to a hfi_platform abstraction yet. So
+check for instance != NULL only after hfi_platform_get returns
+no error.
+
+Fixes: e29929266be1 ("media: venus: Get codecs and capabilities from hfi platform")
+Cc: stable@vger.kernel.org # v5.12
+Signed-off-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
+Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/media/platform/qcom/venus/hfi_parser.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/media/platform/qcom/venus/hfi_parser.c
++++ b/drivers/media/platform/qcom/venus/hfi_parser.c
+@@ -269,13 +269,13 @@ static int hfi_platform_parser(struct ve
+ u32 enc_codecs, dec_codecs, count = 0;
+ unsigned int entries;
+
+- if (inst)
+- return 0;
+-
+ plat = hfi_platform_get(core->res->hfi_version);
+ if (!plat)
+ return -EINVAL;
+
++ if (inst)
++ return 0;
++
+ if (plat->codecs)
+ plat->codecs(&enc_codecs, &dec_codecs, &count);
+
--- /dev/null
+From b73c3ccdca95c237750c981054997c71d33e09d7 Mon Sep 17 00:00:00 2001
+From: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Date: Fri, 28 Feb 2025 15:37:02 +0100
+Subject: MIPS: cm: Fix warning if MIPS_CM is disabled
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+
+commit b73c3ccdca95c237750c981054997c71d33e09d7 upstream.
+
+Commit e27fbe16af5c ("MIPS: cm: Detect CM quirks from device tree")
+introduced
+
+arch/mips/include/asm/mips-cm.h:119:13: error: ‘mips_cm_update_property’
+ defined but not used [-Werror=unused-function]
+
+Fix this by making empty function implementation inline
+
+Fixes: e27fbe16af5c ("MIPS: cm: Detect CM quirks from device tree")
+Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/mips/include/asm/mips-cm.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/mips/include/asm/mips-cm.h
++++ b/arch/mips/include/asm/mips-cm.h
+@@ -104,7 +104,7 @@ static inline bool mips_cm_present(void)
+ #ifdef CONFIG_MIPS_CM
+ extern void mips_cm_update_property(void);
+ #else
+-static void mips_cm_update_property(void) {}
++static inline void mips_cm_update_property(void) {}
+ #endif
+
+ /**
--- /dev/null
+From 26d7fb4fd4ca1180e2fa96587dea544563b4962a Mon Sep 17 00:00:00 2001
+From: Hannes Reinecke <hare@kernel.org>
+Date: Mon, 14 Apr 2025 14:05:09 +0200
+Subject: nvme: fixup scan failure for non-ANA multipath controllers
+
+From: Hannes Reinecke <hare@kernel.org>
+
+commit 26d7fb4fd4ca1180e2fa96587dea544563b4962a upstream.
+
+Commit 62baf70c3274 caused the ANA log page to be re-read, even on
+controllers that do not support ANA. While this should generally
+harmless, some controllers hang on the unsupported log page and
+never finish probing.
+
+Fixes: 62baf70c3274 ("nvme: re-read ANA log page after ns scan completes")
+Signed-off-by: Hannes Reinecke <hare@kernel.org>
+Tested-by: Srikanth Aithal <sraithal@amd.com>
+[hch: more detailed commit message]
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/nvme/host/core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/nvme/host/core.c
++++ b/drivers/nvme/host/core.c
+@@ -4271,7 +4271,7 @@ static void nvme_scan_work(struct work_s
+ if (test_bit(NVME_AER_NOTICE_NS_CHANGED, &ctrl->events))
+ nvme_queue_scan(ctrl);
+ #ifdef CONFIG_NVME_MULTIPATH
+- else
++ else if (ctrl->ana_log_buf)
+ /* Re-read the ANA log page to not miss updates */
+ queue_work(nvme_wq, &ctrl->ana_work);
+ #endif
--- /dev/null
+From 30ba2d09edb5ea857a1473ae3d820911347ada62 Mon Sep 17 00:00:00 2001
+From: Rob Herring <robh@kernel.org>
+Date: Wed, 29 Mar 2023 07:38:35 -0500
+Subject: PCI: Fix use-after-free in pci_bus_release_domain_nr()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Rob Herring <robh@kernel.org>
+
+commit 30ba2d09edb5ea857a1473ae3d820911347ada62 upstream.
+
+Commit c14f7ccc9f5d ("PCI: Assign PCI domain IDs by ida_alloc()")
+introduced a use-after-free bug in the bus removal cleanup. The issue was
+found with kfence:
+
+ [ 19.293351] BUG: KFENCE: use-after-free read in pci_bus_release_domain_nr+0x10/0x70
+
+ [ 19.302817] Use-after-free read at 0x000000007f3b80eb (in kfence-#115):
+ [ 19.309677] pci_bus_release_domain_nr+0x10/0x70
+ [ 19.309691] dw_pcie_host_deinit+0x28/0x78
+ [ 19.309702] tegra_pcie_deinit_controller+0x1c/0x38 [pcie_tegra194]
+ [ 19.309734] tegra_pcie_dw_probe+0x648/0xb28 [pcie_tegra194]
+ [ 19.309752] platform_probe+0x90/0xd8
+ ...
+
+ [ 19.311457] kfence-#115: 0x00000000063a155a-0x00000000ba698da8, size=1072, cache=kmalloc-2k
+
+ [ 19.311469] allocated by task 96 on cpu 10 at 19.279323s:
+ [ 19.311562] __kmem_cache_alloc_node+0x260/0x278
+ [ 19.311571] kmalloc_trace+0x24/0x30
+ [ 19.311580] pci_alloc_bus+0x24/0xa0
+ [ 19.311590] pci_register_host_bridge+0x48/0x4b8
+ [ 19.311601] pci_scan_root_bus_bridge+0xc0/0xe8
+ [ 19.311613] pci_host_probe+0x18/0xc0
+ [ 19.311623] dw_pcie_host_init+0x2c0/0x568
+ [ 19.311630] tegra_pcie_dw_probe+0x610/0xb28 [pcie_tegra194]
+ [ 19.311647] platform_probe+0x90/0xd8
+ ...
+
+ [ 19.311782] freed by task 96 on cpu 10 at 19.285833s:
+ [ 19.311799] release_pcibus_dev+0x30/0x40
+ [ 19.311808] device_release+0x30/0x90
+ [ 19.311814] kobject_put+0xa8/0x120
+ [ 19.311832] device_unregister+0x20/0x30
+ [ 19.311839] pci_remove_bus+0x78/0x88
+ [ 19.311850] pci_remove_root_bus+0x5c/0x98
+ [ 19.311860] dw_pcie_host_deinit+0x28/0x78
+ [ 19.311866] tegra_pcie_deinit_controller+0x1c/0x38 [pcie_tegra194]
+ [ 19.311883] tegra_pcie_dw_probe+0x648/0xb28 [pcie_tegra194]
+ [ 19.311900] platform_probe+0x90/0xd8
+ ...
+
+ [ 19.313579] CPU: 10 PID: 96 Comm: kworker/u24:2 Not tainted 6.2.0 #4
+ [ 19.320171] Hardware name: /, BIOS 1.0-d7fb19b 08/10/2022
+ [ 19.325852] Workqueue: events_unbound deferred_probe_work_func
+
+The stack trace is a bit misleading as dw_pcie_host_deinit() doesn't
+directly call pci_bus_release_domain_nr(). The issue turns out to be in
+pci_remove_root_bus() which first calls pci_remove_bus() which frees the
+struct pci_bus when its struct device is released. Then
+pci_bus_release_domain_nr() is called and accesses the freed struct
+pci_bus. Reordering these fixes the issue.
+
+Fixes: c14f7ccc9f5d ("PCI: Assign PCI domain IDs by ida_alloc()")
+Link: https://lore.kernel.org/r/20230329123835.2724518-1-robh@kernel.org
+Link: https://lore.kernel.org/r/b529cb69-0602-9eed-fc02-2f068707a006@nvidia.com
+Reported-by: Jon Hunter <jonathanh@nvidia.com>
+Tested-by: Jon Hunter <jonathanh@nvidia.com>
+Signed-off-by: Rob Herring <robh@kernel.org>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
+Cc: stable@vger.kernel.org # v6.2+
+Cc: Pali Rohár <pali@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pci/remove.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/pci/remove.c
++++ b/drivers/pci/remove.c
+@@ -156,8 +156,6 @@ void pci_remove_root_bus(struct pci_bus
+ list_for_each_entry_safe(child, tmp,
+ &bus->devices, bus_list)
+ pci_remove_bus_device(child);
+- pci_remove_bus(bus);
+- host_bridge->bus = NULL;
+
+ #ifdef CONFIG_PCI_DOMAINS_GENERIC
+ /* Release domain_nr if it was dynamically allocated */
+@@ -165,6 +163,9 @@ void pci_remove_root_bus(struct pci_bus
+ pci_bus_release_domain_nr(bus, host_bridge->dev.parent);
+ #endif
+
++ pci_remove_bus(bus);
++ host_bridge->bus = NULL;
++
+ /* remove the host bridge */
+ device_del(&host_bridge->dev);
+ }
comedi-jr3_pci-fix-synchronous-deletion-of-timer.patch
crypto-atmel-sha204a-set-hwrng-quality-to-lowest-possible.patch
xdp-reset-bpf_redirect_info-before-running-a-xdp-s-bpf-prog.patch
+mips-cm-fix-warning-if-mips_cm-is-disabled.patch
+nvme-fixup-scan-failure-for-non-ana-multipath-controllers.patch
+pci-fix-use-after-free-in-pci_bus_release_domain_nr.patch
+soc-samsung-exynos-chipid-correct-helpers-__init-annotation.patch
+media-venus-fix-uninitialized-variable-count-being-checked-for-zero.patch
+media-venus-hfi_parser-check-for-instance-after-hfi-platform-get.patch
--- /dev/null
+From 6166174afc2bc74ca550af388508384b57d5163d Mon Sep 17 00:00:00 2001
+From: Krzysztof Kozlowski <krzk@kernel.org>
+Date: Tue, 5 Jan 2021 18:44:40 +0100
+Subject: soc: samsung: exynos-chipid: correct helpers __init annotation
+
+From: Krzysztof Kozlowski <krzk@kernel.org>
+
+commit 6166174afc2bc74ca550af388508384b57d5163d upstream.
+
+After converting to builtin driver, the probe function should not call
+__init functions anymore:
+
+ >> WARNING: modpost: vmlinux.o(.text+0x8884d4):
+ Section mismatch in reference from the function exynos_chipid_probe() to the function .init.text:product_id_to_soc_id()
+
+Reported-by: kernel test robot <lkp@intel.com>
+Fixes: 352bfbb3e023 ("soc: samsung: exynos-chipid: convert to driver and merge exynos-asv")
+Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
+Link: https://lore.kernel.org/r/20210105174440.120041-1-krzk@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/soc/samsung/exynos-chipid.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/soc/samsung/exynos-chipid.c
++++ b/drivers/soc/samsung/exynos-chipid.c
+@@ -55,7 +55,7 @@ static const struct exynos_soc_id {
+ { "EXYNOS5433", 0xE5433000 },
+ };
+
+-static const char * __init product_id_to_soc_id(unsigned int product_id)
++static const char *product_id_to_soc_id(unsigned int product_id)
+ {
+ int i;
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
