From cc6a78e1ff0af0771f212188e1b0b9812f2760c5 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 8 Jul 2025 17:15:51 +0200 Subject: [PATCH] 6.12-stable patches added patches: cifs-all-initializations-for-tcon-should-happen-in-tcon_info_alloc.patch dma-buf-fix-timeout-handling-in-dma_resv_wait_timeout-v2.patch i2c-designware-fix-an-initialization-issue.patch iommu-rockchip-prevent-iommus-dead-loop-when-two-masters-share-one-iommu.patch logitech-c-270-even-more-broken.patch optee-ffa-fix-sleep-in-atomic-context.patch powercap-intel_rapl-do-not-change-clamping-bit-if-enable-bit-cannot-be-changed.patch riscv-cpu_ops_sbi-use-static-array-for-boot_data.patch smb-client-fix-readdir-returning-wrong-type-with-posix-extensions.patch --- ...con-should-happen-in-tcon_info_alloc.patch | 82 ++++++++++ ...handling-in-dma_resv_wait_timeout-v2.patch | 56 +++++++ ...signware-fix-an-initialization-issue.patch | 39 +++++ ...oop-when-two-masters-share-one-iommu.patch | 46 ++++++ .../logitech-c-270-even-more-broken.patch | 32 ++++ ...ptee-ffa-fix-sleep-in-atomic-context.patch | 151 ++++++++++++++++++ ...-bit-if-enable-bit-cannot-be-changed.patch | 68 ++++++++ ...s_sbi-use-static-array-for-boot_data.patch | 115 +++++++++++++ queue-6.12/series | 9 ++ ...ing-wrong-type-with-posix-extensions.patch | 43 +++++ 10 files changed, 641 insertions(+) create mode 100644 queue-6.12/cifs-all-initializations-for-tcon-should-happen-in-tcon_info_alloc.patch create mode 100644 queue-6.12/dma-buf-fix-timeout-handling-in-dma_resv_wait_timeout-v2.patch create mode 100644 queue-6.12/i2c-designware-fix-an-initialization-issue.patch create mode 100644 queue-6.12/iommu-rockchip-prevent-iommus-dead-loop-when-two-masters-share-one-iommu.patch create mode 100644 queue-6.12/logitech-c-270-even-more-broken.patch create mode 100644 queue-6.12/optee-ffa-fix-sleep-in-atomic-context.patch create mode 100644 queue-6.12/powercap-intel_rapl-do-not-change-clamping-bit-if-enable-bit-cannot-be-changed.patch create mode 100644 queue-6.12/riscv-cpu_ops_sbi-use-static-array-for-boot_data.patch create mode 100644 queue-6.12/smb-client-fix-readdir-returning-wrong-type-with-posix-extensions.patch diff --git a/queue-6.12/cifs-all-initializations-for-tcon-should-happen-in-tcon_info_alloc.patch b/queue-6.12/cifs-all-initializations-for-tcon-should-happen-in-tcon_info_alloc.patch new file mode 100644 index 0000000000..450c7ab796 --- /dev/null +++ b/queue-6.12/cifs-all-initializations-for-tcon-should-happen-in-tcon_info_alloc.patch @@ -0,0 +1,82 @@ +From 74ebd02163fde05baa23129e06dde4b8f0f2377a Mon Sep 17 00:00:00 2001 +From: Shyam Prasad N +Date: Mon, 30 Jun 2025 23:09:34 +0530 +Subject: cifs: all initializations for tcon should happen in tcon_info_alloc + +From: Shyam Prasad N + +commit 74ebd02163fde05baa23129e06dde4b8f0f2377a upstream. + +Today, a few work structs inside tcon are initialized inside +cifs_get_tcon and not in tcon_info_alloc. As a result, if a tcon +is obtained from tcon_info_alloc, but not called as a part of +cifs_get_tcon, we may trip over. + +Cc: +Signed-off-by: Shyam Prasad N +Reviewed-by: Paulo Alcantara (Red Hat) +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/smb/client/cifsproto.h | 1 + + fs/smb/client/connect.c | 8 +------- + fs/smb/client/misc.c | 6 ++++++ + 3 files changed, 8 insertions(+), 7 deletions(-) + +--- a/fs/smb/client/cifsproto.h ++++ b/fs/smb/client/cifsproto.h +@@ -136,6 +136,7 @@ extern int SendReceiveBlockingLock(const + struct smb_hdr *out_buf, + int *bytes_returned); + ++void smb2_query_server_interfaces(struct work_struct *work); + void + cifs_signal_cifsd_for_reconnect(struct TCP_Server_Info *server, + bool all_channels); +--- a/fs/smb/client/connect.c ++++ b/fs/smb/client/connect.c +@@ -113,7 +113,7 @@ static int reconn_set_ipaddr_from_hostna + return rc; + } + +-static void smb2_query_server_interfaces(struct work_struct *work) ++void smb2_query_server_interfaces(struct work_struct *work) + { + int rc; + int xid; +@@ -2819,20 +2819,14 @@ cifs_get_tcon(struct cifs_ses *ses, stru + tcon->max_cached_dirs = ctx->max_cached_dirs; + tcon->nodelete = ctx->nodelete; + tcon->local_lease = ctx->local_lease; +- INIT_LIST_HEAD(&tcon->pending_opens); + tcon->status = TID_GOOD; + +- INIT_DELAYED_WORK(&tcon->query_interfaces, +- smb2_query_server_interfaces); + if (ses->server->dialect >= SMB30_PROT_ID && + (ses->server->capabilities & SMB2_GLOBAL_CAP_MULTI_CHANNEL)) { + /* schedule query interfaces poll */ + queue_delayed_work(cifsiod_wq, &tcon->query_interfaces, + (SMB_INTERFACE_POLL_INTERVAL * HZ)); + } +-#ifdef CONFIG_CIFS_DFS_UPCALL +- INIT_DELAYED_WORK(&tcon->dfs_cache_work, dfs_cache_refresh); +-#endif + spin_lock(&cifs_tcp_ses_lock); + list_add(&tcon->tcon_list, &ses->tcon_list); + spin_unlock(&cifs_tcp_ses_lock); +--- a/fs/smb/client/misc.c ++++ b/fs/smb/client/misc.c +@@ -148,6 +148,12 @@ tcon_info_alloc(bool dir_leases_enabled, + #ifdef CONFIG_CIFS_DFS_UPCALL + INIT_LIST_HEAD(&ret_buf->dfs_ses_list); + #endif ++ INIT_LIST_HEAD(&ret_buf->pending_opens); ++ INIT_DELAYED_WORK(&ret_buf->query_interfaces, ++ smb2_query_server_interfaces); ++#ifdef CONFIG_CIFS_DFS_UPCALL ++ INIT_DELAYED_WORK(&ret_buf->dfs_cache_work, dfs_cache_refresh); ++#endif + + return ret_buf; + } diff --git a/queue-6.12/dma-buf-fix-timeout-handling-in-dma_resv_wait_timeout-v2.patch b/queue-6.12/dma-buf-fix-timeout-handling-in-dma_resv_wait_timeout-v2.patch new file mode 100644 index 0000000000..e358397f5d --- /dev/null +++ b/queue-6.12/dma-buf-fix-timeout-handling-in-dma_resv_wait_timeout-v2.patch @@ -0,0 +1,56 @@ +From 2b95a7db6e0f75587bffddbb490399cbb87e4985 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20K=C3=B6nig?= +Date: Tue, 28 Jan 2025 10:47:48 +0100 +Subject: dma-buf: fix timeout handling in dma_resv_wait_timeout v2 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Christian König + +commit 2b95a7db6e0f75587bffddbb490399cbb87e4985 upstream. + +Even the kerneldoc says that with a zero timeout the function should not +wait for anything, but still return 1 to indicate that the fences are +signaled now. + +Unfortunately that isn't what was implemented, instead of only returning +1 we also waited for at least one jiffies. + +Fix that by adjusting the handling to what the function is actually +documented to do. + +v2: improve code readability + +Reported-by: Marek Olšák +Reported-by: Lucas Stach +Signed-off-by: Christian König +Reviewed-by: Lucas Stach +Cc: +Link: https://lore.kernel.org/r/20250129105841.1806-1-christian.koenig@amd.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/dma-buf/dma-resv.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +--- a/drivers/dma-buf/dma-resv.c ++++ b/drivers/dma-buf/dma-resv.c +@@ -685,11 +685,13 @@ long dma_resv_wait_timeout(struct dma_re + dma_resv_iter_begin(&cursor, obj, usage); + dma_resv_for_each_fence_unlocked(&cursor, fence) { + +- ret = dma_fence_wait_timeout(fence, intr, ret); +- if (ret <= 0) { +- dma_resv_iter_end(&cursor); +- return ret; +- } ++ ret = dma_fence_wait_timeout(fence, intr, timeout); ++ if (ret <= 0) ++ break; ++ ++ /* Even for zero timeout the return value is 1 */ ++ if (timeout) ++ timeout = ret; + } + dma_resv_iter_end(&cursor); + diff --git a/queue-6.12/i2c-designware-fix-an-initialization-issue.patch b/queue-6.12/i2c-designware-fix-an-initialization-issue.patch new file mode 100644 index 0000000000..34acf7076b --- /dev/null +++ b/queue-6.12/i2c-designware-fix-an-initialization-issue.patch @@ -0,0 +1,39 @@ +From 3d30048958e0d43425f6d4e76565e6249fa71050 Mon Sep 17 00:00:00 2001 +From: "Michael J. Ruhl" +Date: Fri, 27 Jun 2025 10:35:11 -0400 +Subject: i2c/designware: Fix an initialization issue + +From: Michael J. Ruhl + +commit 3d30048958e0d43425f6d4e76565e6249fa71050 upstream. + +The i2c_dw_xfer_init() function requires msgs and msg_write_idx from the +dev context to be initialized. + +amd_i2c_dw_xfer_quirk() inits msgs and msgs_num, but not msg_write_idx. + +This could allow an out of bounds access (of msgs). + +Initialize msg_write_idx before calling i2c_dw_xfer_init(). + +Reviewed-by: Andy Shevchenko +Fixes: 17631e8ca2d3 ("i2c: designware: Add driver support for AMD NAVI GPU") +Cc: # v5.13+ +Signed-off-by: Michael J. Ruhl +Signed-off-by: Andi Shyti +Link: https://lore.kernel.org/r/20250627143511.489570-1-michael.j.ruhl@intel.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/i2c/busses/i2c-designware-master.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/i2c/busses/i2c-designware-master.c ++++ b/drivers/i2c/busses/i2c-designware-master.c +@@ -346,6 +346,7 @@ static int amd_i2c_dw_xfer_quirk(struct + + dev->msgs = msgs; + dev->msgs_num = num_msgs; ++ dev->msg_write_idx = 0; + i2c_dw_xfer_init(dev); + + /* Initiate messages read/write transaction */ diff --git a/queue-6.12/iommu-rockchip-prevent-iommus-dead-loop-when-two-masters-share-one-iommu.patch b/queue-6.12/iommu-rockchip-prevent-iommus-dead-loop-when-two-masters-share-one-iommu.patch new file mode 100644 index 0000000000..14efb2b2ec --- /dev/null +++ b/queue-6.12/iommu-rockchip-prevent-iommus-dead-loop-when-two-masters-share-one-iommu.patch @@ -0,0 +1,46 @@ +From 62e062a29ad5133f67c20b333ba0a952a99161ae Mon Sep 17 00:00:00 2001 +From: Simon Xue +Date: Mon, 23 Jun 2025 10:00:18 +0800 +Subject: iommu/rockchip: prevent iommus dead loop when two masters share one IOMMU + +From: Simon Xue + +commit 62e062a29ad5133f67c20b333ba0a952a99161ae upstream. + +When two masters share an IOMMU, calling ops->of_xlate during +the second master's driver init may overwrite iommu->domain set +by the first. This causes the check if (iommu->domain == domain) +in rk_iommu_attach_device() to fail, resulting in the same +iommu->node being added twice to &rk_domain->iommus, which can +lead to an infinite loop in subsequent &rk_domain->iommus operations. + +Cc: +Fixes: 25c2325575cc ("iommu/rockchip: Add missing set_platform_dma_ops callback") +Signed-off-by: Simon Xue +Reviewed-by: Robin Murphy +Link: https://lore.kernel.org/r/20250623020018.584802-1-xxm@rock-chips.com +Signed-off-by: Joerg Roedel +Signed-off-by: Greg Kroah-Hartman +--- + drivers/iommu/rockchip-iommu.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/iommu/rockchip-iommu.c ++++ b/drivers/iommu/rockchip-iommu.c +@@ -1154,7 +1154,6 @@ static int rk_iommu_of_xlate(struct devi + iommu_dev = of_find_device_by_node(args->np); + + data->iommu = platform_get_drvdata(iommu_dev); +- data->iommu->domain = &rk_identity_domain; + dev_iommu_priv_set(dev, data); + + platform_device_put(iommu_dev); +@@ -1192,6 +1191,8 @@ static int rk_iommu_probe(struct platfor + if (!iommu) + return -ENOMEM; + ++ iommu->domain = &rk_identity_domain; ++ + platform_set_drvdata(pdev, iommu); + iommu->dev = dev; + iommu->num_mmu = 0; diff --git a/queue-6.12/logitech-c-270-even-more-broken.patch b/queue-6.12/logitech-c-270-even-more-broken.patch new file mode 100644 index 0000000000..b1ed04e6ac --- /dev/null +++ b/queue-6.12/logitech-c-270-even-more-broken.patch @@ -0,0 +1,32 @@ +From cee4392a57e14a799fbdee193bc4c0de65b29521 Mon Sep 17 00:00:00 2001 +From: Oliver Neukum +Date: Thu, 5 Jun 2025 14:28:45 +0200 +Subject: Logitech C-270 even more broken + +From: Oliver Neukum + +commit cee4392a57e14a799fbdee193bc4c0de65b29521 upstream. + +Some varieties of this device don't work with +RESET_RESUME alone. + +Signed-off-by: Oliver Neukum +Cc: stable +Link: https://lore.kernel.org/r/20250605122852.1440382-1-oneukum@suse.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/core/quirks.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/usb/core/quirks.c ++++ b/drivers/usb/core/quirks.c +@@ -227,7 +227,8 @@ static const struct usb_device_id usb_qu + { USB_DEVICE(0x046a, 0x0023), .driver_info = USB_QUIRK_RESET_RESUME }, + + /* Logitech HD Webcam C270 */ +- { USB_DEVICE(0x046d, 0x0825), .driver_info = USB_QUIRK_RESET_RESUME }, ++ { USB_DEVICE(0x046d, 0x0825), .driver_info = USB_QUIRK_RESET_RESUME | ++ USB_QUIRK_NO_LPM}, + + /* Logitech HD Pro Webcams C920, C920-C, C922, C925e and C930e */ + { USB_DEVICE(0x046d, 0x082d), .driver_info = USB_QUIRK_DELAY_INIT }, diff --git a/queue-6.12/optee-ffa-fix-sleep-in-atomic-context.patch b/queue-6.12/optee-ffa-fix-sleep-in-atomic-context.patch new file mode 100644 index 0000000000..810e998a1a --- /dev/null +++ b/queue-6.12/optee-ffa-fix-sleep-in-atomic-context.patch @@ -0,0 +1,151 @@ +From 312d02adb959ea199372f375ada06e0186f651e4 Mon Sep 17 00:00:00 2001 +From: Jens Wiklander +Date: Mon, 2 Jun 2025 14:04:35 +0200 +Subject: optee: ffa: fix sleep in atomic context + +From: Jens Wiklander + +commit 312d02adb959ea199372f375ada06e0186f651e4 upstream. + +The OP-TEE driver registers the function notif_callback() for FF-A +notifications. However, this function is called in an atomic context +leading to errors like this when processing asynchronous notifications: + + | BUG: sleeping function called from invalid context at kernel/locking/mutex.c:258 + | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 9, name: kworker/0:0 + | preempt_count: 1, expected: 0 + | RCU nest depth: 0, expected: 0 + | CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.14.0-00019-g657536ebe0aa #13 + | Hardware name: linux,dummy-virt (DT) + | Workqueue: ffa_pcpu_irq_notification notif_pcpu_irq_work_fn + | Call trace: + | show_stack+0x18/0x24 (C) + | dump_stack_lvl+0x78/0x90 + | dump_stack+0x18/0x24 + | __might_resched+0x114/0x170 + | __might_sleep+0x48/0x98 + | mutex_lock+0x24/0x80 + | optee_get_msg_arg+0x7c/0x21c + | simple_call_with_arg+0x50/0xc0 + | optee_do_bottom_half+0x14/0x20 + | notif_callback+0x3c/0x48 + | handle_notif_callbacks+0x9c/0xe0 + | notif_get_and_handle+0x40/0x88 + | generic_exec_single+0x80/0xc0 + | smp_call_function_single+0xfc/0x1a0 + | notif_pcpu_irq_work_fn+0x2c/0x38 + | process_one_work+0x14c/0x2b4 + | worker_thread+0x2e4/0x3e0 + | kthread+0x13c/0x210 + | ret_from_fork+0x10/0x20 + +Fix this by adding work queue to process the notification in a +non-atomic context. + +Fixes: d0476a59de06 ("optee: ffa_abi: add asynchronous notifications") +Cc: stable@vger.kernel.org +Reviewed-by: Sumit Garg +Tested-by: Sudeep Holla +Link: https://lore.kernel.org/r/20250602120452.2507084-1-jens.wiklander@linaro.org +Signed-off-by: Jens Wiklander +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tee/optee/ffa_abi.c | 41 +++++++++++++++++++++++++++++--------- + drivers/tee/optee/optee_private.h | 2 + + 2 files changed, 34 insertions(+), 9 deletions(-) + +--- a/drivers/tee/optee/ffa_abi.c ++++ b/drivers/tee/optee/ffa_abi.c +@@ -728,12 +728,21 @@ static bool optee_ffa_exchange_caps(stru + return true; + } + ++static void notif_work_fn(struct work_struct *work) ++{ ++ struct optee_ffa *optee_ffa = container_of(work, struct optee_ffa, ++ notif_work); ++ struct optee *optee = container_of(optee_ffa, struct optee, ffa); ++ ++ optee_do_bottom_half(optee->ctx); ++} ++ + static void notif_callback(int notify_id, void *cb_data) + { + struct optee *optee = cb_data; + + if (notify_id == optee->ffa.bottom_half_value) +- optee_do_bottom_half(optee->ctx); ++ queue_work(optee->ffa.notif_wq, &optee->ffa.notif_work); + else + optee_notif_send(optee, notify_id); + } +@@ -817,9 +826,11 @@ static void optee_ffa_remove(struct ffa_ + struct optee *optee = ffa_dev_get_drvdata(ffa_dev); + u32 bottom_half_id = optee->ffa.bottom_half_value; + +- if (bottom_half_id != U32_MAX) ++ if (bottom_half_id != U32_MAX) { + ffa_dev->ops->notifier_ops->notify_relinquish(ffa_dev, + bottom_half_id); ++ destroy_workqueue(optee->ffa.notif_wq); ++ } + optee_remove_common(optee); + + mutex_destroy(&optee->ffa.mutex); +@@ -835,6 +846,13 @@ static int optee_ffa_async_notif_init(st + u32 notif_id = 0; + int rc; + ++ INIT_WORK(&optee->ffa.notif_work, notif_work_fn); ++ optee->ffa.notif_wq = create_workqueue("optee_notification"); ++ if (!optee->ffa.notif_wq) { ++ rc = -EINVAL; ++ goto err; ++ } ++ + while (true) { + rc = ffa_dev->ops->notifier_ops->notify_request(ffa_dev, + is_per_vcpu, +@@ -851,19 +869,24 @@ static int optee_ffa_async_notif_init(st + * notifications in that case. + */ + if (rc != -EACCES) +- return rc; ++ goto err_wq; + notif_id++; + if (notif_id >= OPTEE_FFA_MAX_ASYNC_NOTIF_VALUE) +- return rc; ++ goto err_wq; + } + optee->ffa.bottom_half_value = notif_id; + + rc = enable_async_notif(optee); +- if (rc < 0) { +- ffa_dev->ops->notifier_ops->notify_relinquish(ffa_dev, +- notif_id); +- optee->ffa.bottom_half_value = U32_MAX; +- } ++ if (rc < 0) ++ goto err_rel; ++ ++ return 0; ++err_rel: ++ ffa_dev->ops->notifier_ops->notify_relinquish(ffa_dev, notif_id); ++err_wq: ++ destroy_workqueue(optee->ffa.notif_wq); ++err: ++ optee->ffa.bottom_half_value = U32_MAX; + + return rc; + } +--- a/drivers/tee/optee/optee_private.h ++++ b/drivers/tee/optee/optee_private.h +@@ -165,6 +165,8 @@ struct optee_ffa { + /* Serializes access to @global_ids */ + struct mutex mutex; + struct rhashtable global_ids; ++ struct workqueue_struct *notif_wq; ++ struct work_struct notif_work; + }; + + struct optee; diff --git a/queue-6.12/powercap-intel_rapl-do-not-change-clamping-bit-if-enable-bit-cannot-be-changed.patch b/queue-6.12/powercap-intel_rapl-do-not-change-clamping-bit-if-enable-bit-cannot-be-changed.patch new file mode 100644 index 0000000000..20702294f5 --- /dev/null +++ b/queue-6.12/powercap-intel_rapl-do-not-change-clamping-bit-if-enable-bit-cannot-be-changed.patch @@ -0,0 +1,68 @@ +From 964209202ebe1569c858337441e87ef0f9d71416 Mon Sep 17 00:00:00 2001 +From: Zhang Rui +Date: Thu, 19 Jun 2025 15:13:40 +0800 +Subject: powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed + +From: Zhang Rui + +commit 964209202ebe1569c858337441e87ef0f9d71416 upstream. + +PL1 cannot be disabled on some platforms. The ENABLE bit is still set +after software clears it. This behavior leads to a scenario where, upon +user request to disable the Power Limit through the powercap sysfs, the +ENABLE bit remains set while the CLAMPING bit is inadvertently cleared. + +According to the Intel Software Developer's Manual, the CLAMPING bit, +"When set, allows the processor to go below the OS requested P states in +order to maintain the power below specified Platform Power Limit value." + +Thus this means the system may operate at higher power levels than +intended on such platforms. + +Enhance the code to check ENABLE bit after writing to it, and stop +further processing if ENABLE bit cannot be changed. + +Reported-by: Srinivas Pandruvada +Fixes: 2d281d8196e3 ("PowerCap: Introduce Intel RAPL power capping driver") +Cc: All applicable +Signed-off-by: Zhang Rui +Link: https://patch.msgid.link/20250619071340.384782-1-rui.zhang@intel.com +[ rjw: Use str_enabled_disabled() instead of open-coded equivalent ] +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman +--- + drivers/powercap/intel_rapl_common.c | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +--- a/drivers/powercap/intel_rapl_common.c ++++ b/drivers/powercap/intel_rapl_common.c +@@ -340,12 +340,28 @@ static int set_domain_enable(struct powe + { + struct rapl_domain *rd = power_zone_to_rapl_domain(power_zone); + struct rapl_defaults *defaults = get_defaults(rd->rp); ++ u64 val; + int ret; + + cpus_read_lock(); + ret = rapl_write_pl_data(rd, POWER_LIMIT1, PL_ENABLE, mode); +- if (!ret && defaults->set_floor_freq) ++ if (ret) ++ goto end; ++ ++ ret = rapl_read_pl_data(rd, POWER_LIMIT1, PL_ENABLE, false, &val); ++ if (ret) ++ goto end; ++ ++ if (mode != val) { ++ pr_debug("%s cannot be %s\n", power_zone->name, ++ str_enabled_disabled(mode)); ++ goto end; ++ } ++ ++ if (defaults->set_floor_freq) + defaults->set_floor_freq(rd, mode); ++ ++end: + cpus_read_unlock(); + + return ret; diff --git a/queue-6.12/riscv-cpu_ops_sbi-use-static-array-for-boot_data.patch b/queue-6.12/riscv-cpu_ops_sbi-use-static-array-for-boot_data.patch new file mode 100644 index 0000000000..052386da50 --- /dev/null +++ b/queue-6.12/riscv-cpu_ops_sbi-use-static-array-for-boot_data.patch @@ -0,0 +1,115 @@ +From 2b29be967ae456fc09c320d91d52278cf721be1e Mon Sep 17 00:00:00 2001 +From: Vivian Wang +Date: Tue, 24 Jun 2025 16:04:46 +0800 +Subject: riscv: cpu_ops_sbi: Use static array for boot_data + +From: Vivian Wang + +commit 2b29be967ae456fc09c320d91d52278cf721be1e upstream. + +Since commit 6b9f29b81b15 ("riscv: Enable pcpu page first chunk +allocator"), if NUMA is enabled, the page percpu allocator may be used +on very sparse configurations, or when requested on boot with +percpu_alloc=page. + +In that case, percpu data gets put in the vmalloc area. However, +sbi_hsm_hart_start() needs the physical address of a sbi_hart_boot_data, +and simply assumes that __pa() would work. This causes the just started +hart to immediately access an invalid address and hang. + +Fortunately, struct sbi_hart_boot_data is not too large, so we can +simply allocate an array for boot_data statically, putting it in the +kernel image. + +This fixes NUMA=y SMP boot on Sophgo SG2042. + +To reproduce on QEMU: Set CONFIG_NUMA=y and CONFIG_DEBUG_VIRTUAL=y, then +run with: + + qemu-system-riscv64 -M virt -smp 2 -nographic \ + -kernel arch/riscv/boot/Image \ + -append "percpu_alloc=page" + +Kernel output: + +[ 0.000000] Booting Linux on hartid 0 +[ 0.000000] Linux version 6.16.0-rc1 (dram@sakuya) (riscv64-unknown-linux-gnu-gcc (GCC) 14.2.1 20250322, GNU ld (GNU Binutils) 2.44) #11 SMP Tue Jun 24 14:56:22 CST 2025 +... +[ 0.000000] percpu: 28 4K pages/cpu s85784 r8192 d20712 +... +[ 0.083192] smp: Bringing up secondary CPUs ... +[ 0.086722] ------------[ cut here ]------------ +[ 0.086849] virt_to_phys used for non-linear address: (____ptrval____) (0xff2000000001d080) +[ 0.088001] WARNING: CPU: 0 PID: 1 at arch/riscv/mm/physaddr.c:14 __virt_to_phys+0xae/0xe8 +[ 0.088376] Modules linked in: +[ 0.088656] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.16.0-rc1 #11 NONE +[ 0.088833] Hardware name: riscv-virtio,qemu (DT) +[ 0.088948] epc : __virt_to_phys+0xae/0xe8 +[ 0.089001] ra : __virt_to_phys+0xae/0xe8 +[ 0.089037] epc : ffffffff80021eaa ra : ffffffff80021eaa sp : ff2000000004bbc0 +[ 0.089057] gp : ffffffff817f49c0 tp : ff60000001d60000 t0 : 5f6f745f74726976 +[ 0.089076] t1 : 0000000000000076 t2 : 705f6f745f747269 s0 : ff2000000004bbe0 +[ 0.089095] s1 : ff2000000001d080 a0 : 0000000000000000 a1 : 0000000000000000 +[ 0.089113] a2 : 0000000000000000 a3 : 0000000000000000 a4 : 0000000000000000 +[ 0.089131] a5 : 0000000000000000 a6 : 0000000000000000 a7 : 0000000000000000 +[ 0.089155] s2 : ffffffff8130dc00 s3 : 0000000000000001 s4 : 0000000000000001 +[ 0.089174] s5 : ffffffff8185eff8 s6 : ff2000007f1eb000 s7 : ffffffff8002a2ec +[ 0.089193] s8 : 0000000000000001 s9 : 0000000000000001 s10: 0000000000000000 +[ 0.089211] s11: 0000000000000000 t3 : ffffffff8180a9f7 t4 : ffffffff8180a9f7 +[ 0.089960] t5 : ffffffff8180a9f8 t6 : ff2000000004b9d8 +[ 0.089984] status: 0000000200000120 badaddr: ffffffff80021eaa cause: 0000000000000003 +[ 0.090101] [] __virt_to_phys+0xae/0xe8 +[ 0.090228] [] sbi_cpu_start+0x6e/0xe8 +[ 0.090247] [] __cpu_up+0x1e/0x8c +[ 0.090260] [] bringup_cpu+0x42/0x258 +[ 0.090277] [] cpuhp_invoke_callback+0xe0/0x40c +[ 0.090292] [] __cpuhp_invoke_callback_range+0x68/0xfc +[ 0.090320] [] _cpu_up+0x11a/0x244 +[ 0.090334] [] cpu_up+0x52/0x90 +[ 0.090384] [] bringup_nonboot_cpus+0x78/0x118 +[ 0.090411] [] smp_init+0x34/0xb8 +[ 0.090425] [] kernel_init_freeable+0x148/0x2e4 +[ 0.090442] [] kernel_init+0x1e/0x14c +[ 0.090455] [] ret_from_fork_kernel+0xe/0xf0 +[ 0.090471] [] ret_from_fork_kernel_asm+0x16/0x18 +[ 0.090560] ---[ end trace 0000000000000000 ]--- +[ 1.179875] CPU1: failed to come online +[ 1.190324] smp: Brought up 1 node, 1 CPU + +Cc: stable@vger.kernel.org +Reported-by: Han Gao +Fixes: 6b9f29b81b15 ("riscv: Enable pcpu page first chunk allocator") +Reviewed-by: Alexandre Ghiti +Tested-by: Alexandre Ghiti +Signed-off-by: Vivian Wang +Link: https://lore.kernel.org/r/20250624-riscv-hsm-boot-data-array-v1-1-50b5eeafbe61@iscas.ac.cn +Signed-off-by: Alexandre Ghiti +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/kernel/cpu_ops_sbi.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/arch/riscv/kernel/cpu_ops_sbi.c ++++ b/arch/riscv/kernel/cpu_ops_sbi.c +@@ -18,10 +18,10 @@ const struct cpu_operations cpu_ops_sbi; + + /* + * Ordered booting via HSM brings one cpu at a time. However, cpu hotplug can +- * be invoked from multiple threads in parallel. Define a per cpu data ++ * be invoked from multiple threads in parallel. Define an array of boot data + * to handle that. + */ +-static DEFINE_PER_CPU(struct sbi_hart_boot_data, boot_data); ++static struct sbi_hart_boot_data boot_data[NR_CPUS]; + + static int sbi_hsm_hart_start(unsigned long hartid, unsigned long saddr, + unsigned long priv) +@@ -67,7 +67,7 @@ static int sbi_cpu_start(unsigned int cp + unsigned long boot_addr = __pa_symbol(secondary_start_sbi); + unsigned long hartid = cpuid_to_hartid_map(cpuid); + unsigned long hsm_data; +- struct sbi_hart_boot_data *bdata = &per_cpu(boot_data, cpuid); ++ struct sbi_hart_boot_data *bdata = &boot_data[cpuid]; + + /* Make sure tidle is updated */ + smp_mb(); diff --git a/queue-6.12/series b/queue-6.12/series index f96e6ba849..50e1030466 100644 --- a/queue-6.12/series +++ b/queue-6.12/series @@ -210,3 +210,12 @@ usb-cdnsp-fix-issue-with-cv-bad-descriptor-test.patch usb-dwc3-abort-suspend-on-soft-disconnect-failure.patch usb-chipidea-udc-disconnect-reconnect-from-host-when-do-suspend-resume.patch usb-acpi-fix-device-link-removal.patch +smb-client-fix-readdir-returning-wrong-type-with-posix-extensions.patch +cifs-all-initializations-for-tcon-should-happen-in-tcon_info_alloc.patch +dma-buf-fix-timeout-handling-in-dma_resv_wait_timeout-v2.patch +i2c-designware-fix-an-initialization-issue.patch +logitech-c-270-even-more-broken.patch +optee-ffa-fix-sleep-in-atomic-context.patch +iommu-rockchip-prevent-iommus-dead-loop-when-two-masters-share-one-iommu.patch +powercap-intel_rapl-do-not-change-clamping-bit-if-enable-bit-cannot-be-changed.patch +riscv-cpu_ops_sbi-use-static-array-for-boot_data.patch diff --git a/queue-6.12/smb-client-fix-readdir-returning-wrong-type-with-posix-extensions.patch b/queue-6.12/smb-client-fix-readdir-returning-wrong-type-with-posix-extensions.patch new file mode 100644 index 0000000000..4c4255d8b4 --- /dev/null +++ b/queue-6.12/smb-client-fix-readdir-returning-wrong-type-with-posix-extensions.patch @@ -0,0 +1,43 @@ +From b8f89cb723b9e66f5dbd7199e4036fee34fb0de0 Mon Sep 17 00:00:00 2001 +From: Philipp Kerling +Date: Sun, 29 Jun 2025 19:05:05 +0200 +Subject: smb: client: fix readdir returning wrong type with POSIX extensions + +From: Philipp Kerling + +commit b8f89cb723b9e66f5dbd7199e4036fee34fb0de0 upstream. + +When SMB 3.1.1 POSIX Extensions are negotiated, userspace applications +using readdir() or getdents() calls without stat() on each individual file +(such as a simple "ls" or "find") would misidentify file types and exhibit +strange behavior such as not descending into directories. The reason for +this behavior is an oversight in the cifs_posix_to_fattr conversion +function. Instead of extracting the entry type for cf_dtype from the +properly converted cf_mode field, it tries to extract the type from the +PDU. While the wire representation of the entry mode is similar in +structure to POSIX stat(), the assignments of the entry types are +different. Applying the S_DT macro to cf_mode instead yields the correct +result. This is also what the equivalent function +smb311_posix_info_to_fattr in inode.c already does for stat() etc.; which +is why "ls -l" would give the correct file type but "ls" would not (as +identified by the colors). + +Cc: stable@vger.kernel.org +Signed-off-by: Philipp Kerling +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/smb/client/readdir.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/smb/client/readdir.c ++++ b/fs/smb/client/readdir.c +@@ -263,7 +263,7 @@ cifs_posix_to_fattr(struct cifs_fattr *f + /* The Mode field in the response can now include the file type as well */ + fattr->cf_mode = wire_mode_to_posix(le32_to_cpu(info->Mode), + fattr->cf_cifsattrs & ATTR_DIRECTORY); +- fattr->cf_dtype = S_DT(le32_to_cpu(info->Mode)); ++ fattr->cf_dtype = S_DT(fattr->cf_mode); + + switch (fattr->cf_mode & S_IFMT) { + case S_IFLNK: -- 2.47.2