5.10-stable patches

added patches:
	acct-block-access-to-kernel-internal-filesystems.patch
	alsa-hda-conexant-add-quirk-for-hp-probook-450-g4-mute-led.patch
	mtd-rawnand-cadence-fix-error-code-in-cadence_nand_init.patch
	mtd-rawnand-cadence-fix-incorrect-device-in-dma_unmap_single.patch
	mtd-rawnand-cadence-use-dma_map_resource-for-sdma-address.patch
	nfp-bpf-add-check-for-nfp_app_ctrl_msg_alloc.patch
	tee-optee-fix-supplicant-wait-loop.patch

diff --git a/queue-5.10/acct-block-access-to-kernel-internal-filesystems.patch b/queue-5.10/acct-block-access-to-kernel-internal-filesystems.patch
new file mode 100644 (file)
index 0000000..27d442a
--- /dev/null
+++ b/queue-5.10/acct-block-access-to-kernel-internal-filesystems.patch
@@ -0,0 +1,47 @@
+From 890ed45bde808c422c3c27d3285fc45affa0f930 Mon Sep 17 00:00:00 2001
+From: Christian Brauner <brauner@kernel.org>
+Date: Tue, 11 Feb 2025 18:16:00 +0100
+Subject: acct: block access to kernel internal filesystems
+
+From: Christian Brauner <brauner@kernel.org>
+
+commit 890ed45bde808c422c3c27d3285fc45affa0f930 upstream.
+
+There's no point in allowing anything kernel internal nor procfs or
+sysfs.
+
+Link: https://lore.kernel.org/r/20250127091811.3183623-1-quzicheng@huawei.com
+Link: https://lore.kernel.org/r/20250211-work-acct-v1-2-1c16aecab8b3@kernel.org
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Reviewed-by: Amir Goldstein <amir73il@gmail.com>
+Reported-by: Zicheng Qu <quzicheng@huawei.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/acct.c |   14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+--- a/kernel/acct.c
++++ b/kernel/acct.c
+@@ -216,6 +216,20 @@ static int acct_on(struct filename *path
+               return -EACCES;
+       }
+ 
++      /* Exclude kernel kernel internal filesystems. */
++      if (file_inode(file)->i_sb->s_flags & (SB_NOUSER | SB_KERNMOUNT)) {
++              kfree(acct);
++              filp_close(file, NULL);
++              return -EINVAL;
++      }
++
++      /* Exclude procfs and sysfs. */
++      if (file_inode(file)->i_sb->s_iflags & SB_I_USERNS_VISIBLE) {
++              kfree(acct);
++              filp_close(file, NULL);
++              return -EINVAL;
++      }
++
+       if (!(file->f_mode & FMODE_CAN_WRITE)) {
+               kfree(acct);
+               filp_close(file, NULL);

diff --git a/queue-5.10/alsa-hda-conexant-add-quirk-for-hp-probook-450-g4-mute-led.patch b/queue-5.10/alsa-hda-conexant-add-quirk-for-hp-probook-450-g4-mute-led.patch
new file mode 100644 (file)
index 0000000..8ea2e2e
--- /dev/null
+++ b/queue-5.10/alsa-hda-conexant-add-quirk-for-hp-probook-450-g4-mute-led.patch
@@ -0,0 +1,31 @@
+From 6d1f86610f23b0bc334d6506a186f21a98f51392 Mon Sep 17 00:00:00 2001
+From: John Veness <john-linux@pelago.org.uk>
+Date: Mon, 17 Feb 2025 12:15:50 +0000
+Subject: ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED
+
+From: John Veness <john-linux@pelago.org.uk>
+
+commit 6d1f86610f23b0bc334d6506a186f21a98f51392 upstream.
+
+Allows the LED on the dedicated mute button on the HP ProBook 450 G4
+laptop to change colour correctly.
+
+Signed-off-by: John Veness <john-linux@pelago.org.uk>
+Cc: <stable@vger.kernel.org>
+Link: https://patch.msgid.link/2fb55d48-6991-4a42-b591-4c78f2fad8d7@pelago.org.uk
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/pci/hda/patch_conexant.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/hda/patch_conexant.c
++++ b/sound/pci/hda/patch_conexant.c
+@@ -1025,6 +1025,7 @@ static const struct snd_pci_quirk cxt506
+       SND_PCI_QUIRK(0x103c, 0x814f, "HP ZBook 15u G3", CXT_FIXUP_MUTE_LED_GPIO),
+       SND_PCI_QUIRK(0x103c, 0x8174, "HP Spectre x360", CXT_FIXUP_HP_SPECTRE),
+       SND_PCI_QUIRK(0x103c, 0x822e, "HP ProBook 440 G4", CXT_FIXUP_MUTE_LED_GPIO),
++      SND_PCI_QUIRK(0x103c, 0x8231, "HP ProBook 450 G4", CXT_FIXUP_MUTE_LED_GPIO),
+       SND_PCI_QUIRK(0x103c, 0x828c, "HP EliteBook 840 G4", CXT_FIXUP_HP_DOCK),
+       SND_PCI_QUIRK(0x103c, 0x8299, "HP 800 G3 SFF", CXT_FIXUP_HP_MIC_NO_PRESENCE),
+       SND_PCI_QUIRK(0x103c, 0x829a, "HP 800 G3 DM", CXT_FIXUP_HP_MIC_NO_PRESENCE),

diff --git a/queue-5.10/mtd-rawnand-cadence-fix-error-code-in-cadence_nand_init.patch b/queue-5.10/mtd-rawnand-cadence-fix-error-code-in-cadence_nand_init.patch
new file mode 100644 (file)
index 0000000..f505563
--- /dev/null
+++ b/queue-5.10/mtd-rawnand-cadence-fix-error-code-in-cadence_nand_init.patch
@@ -0,0 +1,39 @@
+From 2b9df00cded911e2ca2cfae5c45082166b24f8aa Mon Sep 17 00:00:00 2001
+From: Niravkumar L Rabara <niravkumar.l.rabara@intel.com>
+Date: Mon, 10 Feb 2025 13:35:49 +0800
+Subject: mtd: rawnand: cadence: fix error code in cadence_nand_init()
+
+From: Niravkumar L Rabara <niravkumar.l.rabara@intel.com>
+
+commit 2b9df00cded911e2ca2cfae5c45082166b24f8aa upstream.
+
+Replace dma_request_channel() with dma_request_chan_by_mask() and use
+helper functions to return proper error code instead of fixed -EBUSY.
+
+Fixes: ec4ba01e894d ("mtd: rawnand: Add new Cadence NAND driver to MTD subsystem")
+Cc: stable@vger.kernel.org
+Signed-off-by: Niravkumar L Rabara <niravkumar.l.rabara@intel.com>
+Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mtd/nand/raw/cadence-nand-controller.c |    9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+--- a/drivers/mtd/nand/raw/cadence-nand-controller.c
++++ b/drivers/mtd/nand/raw/cadence-nand-controller.c
+@@ -2866,11 +2866,10 @@ static int cadence_nand_init(struct cdns
+       dma_cap_set(DMA_MEMCPY, mask);
+ 
+       if (cdns_ctrl->caps1->has_dma) {
+-              cdns_ctrl->dmac = dma_request_channel(mask, NULL, NULL);
+-              if (!cdns_ctrl->dmac) {
+-                      dev_err(cdns_ctrl->dev,
+-                              "Unable to get a DMA channel\n");
+-                      ret = -EBUSY;
++              cdns_ctrl->dmac = dma_request_chan_by_mask(&mask);
++              if (IS_ERR(cdns_ctrl->dmac)) {
++                      ret = dev_err_probe(cdns_ctrl->dev, PTR_ERR(cdns_ctrl->dmac),
++                                          "%d: Failed to get a DMA channel\n", ret);
+                       goto disable_irq;
+               }
+       }

diff --git a/queue-5.10/mtd-rawnand-cadence-fix-incorrect-device-in-dma_unmap_single.patch b/queue-5.10/mtd-rawnand-cadence-fix-incorrect-device-in-dma_unmap_single.patch
new file mode 100644 (file)
index 0000000..775e56f
--- /dev/null
+++ b/queue-5.10/mtd-rawnand-cadence-fix-incorrect-device-in-dma_unmap_single.patch
@@ -0,0 +1,39 @@
+From f37d135b42cb484bdecee93f56b9f483214ede78 Mon Sep 17 00:00:00 2001
+From: Niravkumar L Rabara <niravkumar.l.rabara@intel.com>
+Date: Mon, 10 Feb 2025 13:35:51 +0800
+Subject: mtd: rawnand: cadence: fix incorrect device in dma_unmap_single
+
+From: Niravkumar L Rabara <niravkumar.l.rabara@intel.com>
+
+commit f37d135b42cb484bdecee93f56b9f483214ede78 upstream.
+
+dma_map_single is using physical/bus device (DMA) but dma_unmap_single
+is using framework device(NAND controller), which is incorrect.
+Fixed dma_unmap_single to use correct physical/bus device.
+
+Fixes: ec4ba01e894d ("mtd: rawnand: Add new Cadence NAND driver to MTD subsystem")
+Cc: stable@vger.kernel.org
+Signed-off-by: Niravkumar L Rabara <niravkumar.l.rabara@intel.com>
+Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mtd/nand/raw/cadence-nand-controller.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/mtd/nand/raw/cadence-nand-controller.c
++++ b/drivers/mtd/nand/raw/cadence-nand-controller.c
+@@ -1858,12 +1858,12 @@ static int cadence_nand_slave_dma_transf
+       dma_async_issue_pending(cdns_ctrl->dmac);
+       wait_for_completion(&finished);
+ 
+-      dma_unmap_single(cdns_ctrl->dev, buf_dma, len, dir);
++      dma_unmap_single(dma_dev->dev, buf_dma, len, dir);
+ 
+       return 0;
+ 
+ err_unmap:
+-      dma_unmap_single(cdns_ctrl->dev, buf_dma, len, dir);
++      dma_unmap_single(dma_dev->dev, buf_dma, len, dir);
+ 
+ err:
+       dev_dbg(cdns_ctrl->dev, "Fall back to CPU I/O\n");

diff --git a/queue-5.10/mtd-rawnand-cadence-use-dma_map_resource-for-sdma-address.patch b/queue-5.10/mtd-rawnand-cadence-use-dma_map_resource-for-sdma-address.patch
new file mode 100644 (file)
index 0000000..3db914d
--- /dev/null
+++ b/queue-5.10/mtd-rawnand-cadence-use-dma_map_resource-for-sdma-address.patch
@@ -0,0 +1,116 @@
+From d76d22b5096c5b05208fd982b153b3f182350b19 Mon Sep 17 00:00:00 2001
+From: Niravkumar L Rabara <niravkumar.l.rabara@intel.com>
+Date: Mon, 10 Feb 2025 13:35:50 +0800
+Subject: mtd: rawnand: cadence: use dma_map_resource for sdma address
+
+From: Niravkumar L Rabara <niravkumar.l.rabara@intel.com>
+
+commit d76d22b5096c5b05208fd982b153b3f182350b19 upstream.
+
+Remap the slave DMA I/O resources to enhance driver portability.
+Using a physical address causes DMA translation failure when the
+ARM SMMU is enabled.
+
+Fixes: ec4ba01e894d ("mtd: rawnand: Add new Cadence NAND driver to MTD subsystem")
+Cc: stable@vger.kernel.org
+Signed-off-by: Niravkumar L Rabara <niravkumar.l.rabara@intel.com>
+Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mtd/nand/raw/cadence-nand-controller.c |   29 +++++++++++++++++++++----
+ 1 file changed, 25 insertions(+), 4 deletions(-)
+
+--- a/drivers/mtd/nand/raw/cadence-nand-controller.c
++++ b/drivers/mtd/nand/raw/cadence-nand-controller.c
+@@ -469,6 +469,8 @@ struct cdns_nand_ctrl {
+       struct {
+               void __iomem *virt;
+               dma_addr_t dma;
++              dma_addr_t iova_dma;
++              u32 size;
+       } io;
+ 
+       int irq;
+@@ -1830,11 +1832,11 @@ static int cadence_nand_slave_dma_transf
+       }
+ 
+       if (dir == DMA_FROM_DEVICE) {
+-              src_dma = cdns_ctrl->io.dma;
++              src_dma = cdns_ctrl->io.iova_dma;
+               dst_dma = buf_dma;
+       } else {
+               src_dma = buf_dma;
+-              dst_dma = cdns_ctrl->io.dma;
++              dst_dma = cdns_ctrl->io.iova_dma;
+       }
+ 
+       tx = dmaengine_prep_dma_memcpy(cdns_ctrl->dmac, dst_dma, src_dma, len,
+@@ -2831,6 +2833,7 @@ cadence_nand_irq_cleanup(int irqnum, str
+ static int cadence_nand_init(struct cdns_nand_ctrl *cdns_ctrl)
+ {
+       dma_cap_mask_t mask;
++      struct dma_device *dma_dev = cdns_ctrl->dmac->device;
+       int ret;
+ 
+       cdns_ctrl->cdma_desc = dma_alloc_coherent(cdns_ctrl->dev,
+@@ -2874,6 +2877,16 @@ static int cadence_nand_init(struct cdns
+               }
+       }
+ 
++      cdns_ctrl->io.iova_dma = dma_map_resource(dma_dev->dev, cdns_ctrl->io.dma,
++                                                cdns_ctrl->io.size,
++                                                DMA_BIDIRECTIONAL, 0);
++
++      ret = dma_mapping_error(dma_dev->dev, cdns_ctrl->io.iova_dma);
++      if (ret) {
++              dev_err(cdns_ctrl->dev, "Failed to map I/O resource to DMA\n");
++              goto dma_release_chnl;
++      }
++
+       nand_controller_init(&cdns_ctrl->controller);
+       INIT_LIST_HEAD(&cdns_ctrl->chips);
+ 
+@@ -2884,18 +2897,22 @@ static int cadence_nand_init(struct cdns
+       if (ret) {
+               dev_err(cdns_ctrl->dev, "Failed to register MTD: %d\n",
+                       ret);
+-              goto dma_release_chnl;
++              goto unmap_dma_resource;
+       }
+ 
+       kfree(cdns_ctrl->buf);
+       cdns_ctrl->buf = kzalloc(cdns_ctrl->buf_size, GFP_KERNEL);
+       if (!cdns_ctrl->buf) {
+               ret = -ENOMEM;
+-              goto dma_release_chnl;
++              goto unmap_dma_resource;
+       }
+ 
+       return 0;
+ 
++unmap_dma_resource:
++      dma_unmap_resource(dma_dev->dev, cdns_ctrl->io.iova_dma,
++                         cdns_ctrl->io.size, DMA_BIDIRECTIONAL, 0);
++
+ dma_release_chnl:
+       if (cdns_ctrl->dmac)
+               dma_release_channel(cdns_ctrl->dmac);
+@@ -2917,6 +2934,8 @@ free_buf_desc:
+ static void cadence_nand_remove(struct cdns_nand_ctrl *cdns_ctrl)
+ {
+       cadence_nand_chips_cleanup(cdns_ctrl);
++      dma_unmap_resource(cdns_ctrl->dmac->device->dev, cdns_ctrl->io.iova_dma,
++                         cdns_ctrl->io.size, DMA_BIDIRECTIONAL, 0);
+       cadence_nand_irq_cleanup(cdns_ctrl->irq, cdns_ctrl);
+       kfree(cdns_ctrl->buf);
+       dma_free_coherent(cdns_ctrl->dev, sizeof(struct cadence_nand_cdma_desc),
+@@ -2985,7 +3004,9 @@ static int cadence_nand_dt_probe(struct
+       cdns_ctrl->io.virt = devm_platform_get_and_ioremap_resource(ofdev, 1, &res);
+       if (IS_ERR(cdns_ctrl->io.virt))
+               return PTR_ERR(cdns_ctrl->io.virt);
++
+       cdns_ctrl->io.dma = res->start;
++      cdns_ctrl->io.size = resource_size(res);
+ 
+       dt->clk = devm_clk_get(cdns_ctrl->dev, "nf_clk");
+       if (IS_ERR(dt->clk))

diff --git a/queue-5.10/nfp-bpf-add-check-for-nfp_app_ctrl_msg_alloc.patch b/queue-5.10/nfp-bpf-add-check-for-nfp_app_ctrl_msg_alloc.patch
new file mode 100644 (file)
index 0000000..5b82a1c
--- /dev/null
+++ b/queue-5.10/nfp-bpf-add-check-for-nfp_app_ctrl_msg_alloc.patch
@@ -0,0 +1,33 @@
+From 878e7b11736e062514e58f3b445ff343e6705537 Mon Sep 17 00:00:00 2001
+From: Haoxiang Li <haoxiang_li2024@163.com>
+Date: Tue, 18 Feb 2025 11:04:09 +0800
+Subject: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
+
+From: Haoxiang Li <haoxiang_li2024@163.com>
+
+commit 878e7b11736e062514e58f3b445ff343e6705537 upstream.
+
+Add check for the return value of nfp_app_ctrl_msg_alloc() in
+nfp_bpf_cmsg_alloc() to prevent null pointer dereference.
+
+Fixes: ff3d43f7568c ("nfp: bpf: implement helpers for FW map ops")
+Cc: stable@vger.kernel.org
+Signed-off-by: Haoxiang Li <haoxiang_li2024@163.com>
+Link: https://patch.msgid.link/20250218030409.2425798-1-haoxiang_li2024@163.com
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/netronome/nfp/bpf/cmsg.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c
++++ b/drivers/net/ethernet/netronome/nfp/bpf/cmsg.c
+@@ -20,6 +20,8 @@ nfp_bpf_cmsg_alloc(struct nfp_app_bpf *b
+       struct sk_buff *skb;
+ 
+       skb = nfp_app_ctrl_msg_alloc(bpf->app, size, GFP_KERNEL);
++      if (!skb)
++              return NULL;
+       skb_put(skb, size);
+ 
+       return skb;

diff --git a/queue-5.10/series b/queue-5.10/series
index 6bb626a2afa1a444d722910eaa8e81b4395d54a6..98b4413757730ed3e06091d8e7a0fad77a88d137 100644 (file)
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -354,3 +354,10 @@ flow_dissector-fix-handling-of-mixed-port-and-port-r.patch
 flow_dissector-fix-port-range-key-handling-in-bpf-co.patch
 power-supply-da9150-fg-fix-potential-overflow.patch
 bpf-skip-non-exist-keys-in-generic_map_lookup_batch.patch
+tee-optee-fix-supplicant-wait-loop.patch
+nfp-bpf-add-check-for-nfp_app_ctrl_msg_alloc.patch
+alsa-hda-conexant-add-quirk-for-hp-probook-450-g4-mute-led.patch
+acct-block-access-to-kernel-internal-filesystems.patch
+mtd-rawnand-cadence-fix-error-code-in-cadence_nand_init.patch
+mtd-rawnand-cadence-use-dma_map_resource-for-sdma-address.patch
+mtd-rawnand-cadence-fix-incorrect-device-in-dma_unmap_single.patch

diff --git a/queue-5.10/tee-optee-fix-supplicant-wait-loop.patch b/queue-5.10/tee-optee-fix-supplicant-wait-loop.patch
new file mode 100644 (file)
index 0000000..ca1f7fe
--- /dev/null
+++ b/queue-5.10/tee-optee-fix-supplicant-wait-loop.patch
@@ -0,0 +1,93 @@
+From 70b0d6b0a199c5a3ee6c72f5e61681ed6f759612 Mon Sep 17 00:00:00 2001
+From: Sumit Garg <sumit.garg@linaro.org>
+Date: Tue, 4 Feb 2025 13:04:18 +0530
+Subject: tee: optee: Fix supplicant wait loop
+
+From: Sumit Garg <sumit.garg@linaro.org>
+
+commit 70b0d6b0a199c5a3ee6c72f5e61681ed6f759612 upstream.
+
+OP-TEE supplicant is a user-space daemon and it's possible for it
+be hung or crashed or killed in the middle of processing an OP-TEE
+RPC call. It becomes more complicated when there is incorrect shutdown
+ordering of the supplicant process vs the OP-TEE client application which
+can eventually lead to system hang-up waiting for the closure of the
+client application.
+
+Allow the client process waiting in kernel for supplicant response to
+be killed rather than indefinitely waiting in an unkillable state. Also,
+a normal uninterruptible wait should not have resulted in the hung-task
+watchdog getting triggered, but the endless loop would.
+
+This fixes issues observed during system reboot/shutdown when supplicant
+got hung for some reason or gets crashed/killed which lead to client
+getting hung in an unkillable state. It in turn lead to system being in
+hung up state requiring hard power off/on to recover.
+
+Fixes: 4fb0a5eb364d ("tee: add OP-TEE driver")
+Suggested-by: Arnd Bergmann <arnd@arndb.de>
+Cc: stable@vger.kernel.org
+Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
+Reviewed-by: Arnd Bergmann <arnd@arndb.de>
+Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/tee/optee/supp.c |   35 ++++++++---------------------------
+ 1 file changed, 8 insertions(+), 27 deletions(-)
+
+--- a/drivers/tee/optee/supp.c
++++ b/drivers/tee/optee/supp.c
+@@ -80,7 +80,6 @@ u32 optee_supp_thrd_req(struct tee_conte
+       struct optee *optee = tee_get_drvdata(ctx->teedev);
+       struct optee_supp *supp = &optee->supp;
+       struct optee_supp_req *req;
+-      bool interruptable;
+       u32 ret;
+ 
+       /*
+@@ -111,36 +110,18 @@ u32 optee_supp_thrd_req(struct tee_conte
+       /*
+        * Wait for supplicant to process and return result, once we've
+        * returned from wait_for_completion(&req->c) successfully we have
+-       * exclusive access again.
++       * exclusive access again. Allow the wait to be killable such that
++       * the wait doesn't turn into an indefinite state if the supplicant
++       * gets hung for some reason.
+        */
+-      while (wait_for_completion_interruptible(&req->c)) {
++      if (wait_for_completion_killable(&req->c)) {
+               mutex_lock(&supp->mutex);
+-              interruptable = !supp->ctx;
+-              if (interruptable) {
+-                      /*
+-                       * There's no supplicant available and since the
+-                       * supp->mutex currently is held none can
+-                       * become available until the mutex released
+-                       * again.
+-                       *
+-                       * Interrupting an RPC to supplicant is only
+-                       * allowed as a way of slightly improving the user
+-                       * experience in case the supplicant hasn't been
+-                       * started yet. During normal operation the supplicant
+-                       * will serve all requests in a timely manner and
+-                       * interrupting then wouldn't make sense.
+-                       */
+-                      if (req->in_queue) {
+-                              list_del(&req->link);
+-                              req->in_queue = false;
+-                      }
++              if (req->in_queue) {
++                      list_del(&req->link);
++                      req->in_queue = false;
+               }
+               mutex_unlock(&supp->mutex);
+-
+-              if (interruptable) {
+-                      req->ret = TEEC_ERROR_COMMUNICATION;
+-                      break;
+-              }
++              req->ret = TEEC_ERROR_COMMUNICATION;
+       }
+ 
+       ret = req->ret;