- Fix for a stable patch: Fix failure attaching when vid_hdr offset equals to (sub)page size
- Fix for a deadlock in UBI's worker thread
-----BEGIN PGP SIGNATURE-----
iQJKBAABCAA0FiEEdgfidid8lnn52cLTZvlZhesYu8EFAmQ66wwWHHJpY2hhcmRA
c2lnbWEtc3Rhci5hdAAKCRBm+VmF6xi7wUEdD/4j9N9vWsufIixVezlFZM60XAFK
JmJZ+407gPlbDsmrBAu7u99UF9I6CYEthyKPeVIDwoMis+bR1f189WGGgWz7ImT5
my3Uuq1WCklzJRdYxjCznaHa6XPCu/RnXYvbqPBFvgIK4fu2Lkem01uhw+7gaw/S
tU8rwGfTfM8pNhv3LnwyJ8uAZ41uRv1Yaa3irfTZYbapmnCZeQ+XrXPntdOXfOyg
nR2EdLP7JcnXM7Xemd47gx1AxsJk6Lzl/RTeA7zO+1JWLcz5Lprk0o/5aokz5HUO
JXUaejhcvrtnDlXAWKhw4FGddGsJRmH3iM536J9It1UZgX5/XNHfYq9MtXhWdhjj
pDlyEszrYn8LJR3f+uL/jjtc8CjUD0vqGfgCh//6yL3K7OoPRzC6oAxYob5Zxp7D
xZv+FzWcgXbtqyirQivcY8Z82VAVoIDRPRkjPHzaMg4+8+0gCJ/fvT5nxD/t0t12
UR9+7VHJ376KCWvYbAXKopOTe93sfWBdezX4z7sOcGRE9UnP35zwB/2cSQgkAXtq
wtV5fJBTKxFXzG5LvnZVFdQJxe1cAtMBl+ochcRsGIbLy9sTZ7rVggiiGLmeYGEX
NOxbVuupQHlffVYQ+XTXSQ6C/PCU4NmLmQap/rD5N+PjSMKfiPhnuklt9IWoKfzH
HW6gFDuAMVUu/aWQmg==
=s5M1
-----END PGP SIGNATURE-----
Merge tag 'ubifs-for-linus-6.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs
Pull UBI fixes from Richard Weinberger:
- Fix failure to attach when vid_hdr offset equals the (sub)page size
- Fix for a deadlock in UBI's worker thread
* tag 'ubifs-for-linus-6.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs:
ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
ubi: Fix deadlock caused by recursively holding work_sem
Valid mask is 0x3FFF, without this patch the following problems were
found:
1) [ 0.938914] Could not find a valid ONFI parameter page, trying
bit-wise majority to recover it
[ 0.947384] ONFI parameter recovery failed, aborting
2) Read with disabled ECC mode was broken.
Fixes: 8fae856c53 ("mtd: rawnand: meson: add support for Amlogic NAND flash controller")
Cc: <Stable@vger.kernel.org>
Signed-off-by: Arseniy Krasnov <AVKrasnov@sberdevices.ru>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/3794ffbf-dfea-e96f-1f97-fe235b005e19@sberdevices.ru
mtd_read() may return -EUCLEAN in case of corrected bit-flips.This
particular condition should not be treated like an error.
Signed-off-by: Bang Li <libang.linuxer@gmail.com>
Fixes: e47f68587b ("mtd: check for max_bitflips in mtd_read_oob()")
Cc: <stable@vger.kernel.org> # v3.7
Acked-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230328163012.4264-1-libang.linuxer@gmail.com
Remove the EDO mode support from as the FMC2 controller does not
support the feature.
Signed-off-by: Christophe Kerello <christophe.kerello@foss.st.com>
Fixes: 2cd457f328 ("mtd: rawnand: stm32_fmc2: add STM32 FMC2 NAND flash controller driver")
Cc: stable@vger.kernel.org #v5.4+
Reviewed-by: Tudor Ambarus <tudor.ambarus@linaro.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230328155819.225521-2-christophe.kerello@foss.st.com
Here are 3 small changes for 6.3-rc5 semi-related to driver core stuff:
- documentation update where we move the security_bugs file to a more
relevant location.
- mdt/spi-nor debugfs memory leak fix that's been floating around for
a long time and acked by the maintainer
- cacheinfo bugfix for a regression in 6.3-rc1
All have been in linux-next with no reported problems.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCZCmVyg8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ylq2ACgl6+JkJU4g8mZb1wUel8w8n9u8J8AmQE+DhVz
ER9zOe+7njI+ZAsyUVZl
=d5f4
-----END PGP SIGNATURE-----
Merge tag 'driver-core-6.3-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
Pull driver core fixes from Greg KH:
"Here are three small changes for 6.3-rc5 semi-related to driver core
stuff:
- documentation update where we move the security_bugs file to a more
relevant location.
- mdt/spi-nor debugfs memory leak fix that's been floating around for
a long time and acked by the maintainer
- cacheinfo bugfix for a regression in 6.3-rc1
All have been in linux-next with no reported problems"
* tag 'driver-core-6.3-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
cacheinfo: Fix LLC is not exported through sysfs
Documentation/security-bugs: move from admin-guide/ to process/
mtd: spi-nor: fix memory leak when using debugfs_lookup()
Following process will make ubi attaching failed since commit
1b42b1a36f ("ubi: ensure that VID header offset ... size"):
ID="0xec,0xa1,0x00,0x15" # 128M 128KB 2KB
modprobe nandsim id_bytes=$ID
flash_eraseall /dev/mtd0
modprobe ubi mtd="0,2048" # set vid_hdr offset as 2048 (one page)
(dmesg):
ubi0 error: ubi_attach_mtd_dev [ubi]: VID header offset 2048 too large.
UBI error: cannot attach mtd0
UBI error: cannot initialize UBI, error -22
Rework original solution, the key point is making sure
'vid_hdr_shift + UBI_VID_HDR_SIZE < ubi->vid_hdr_alsize',
so we should check vid_hdr_shift rather not vid_hdr_offset.
Then, ubi still support (sub)page aligined VID header offset.
Fixes: 1b42b1a36f ("ubi: ensure that VID header offset ... size")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Tested-by: Nicolas Schichan <nschichan@freebox.fr>
Tested-by: Miquel Raynal <miquel.raynal@bootlin.com> # v5.10, v4.19
Signed-off-by: Richard Weinberger <richard@nod.at>
'info_buf' memory is cached and driver polls ECC bit in it. This bit
is set by the NAND controller. If 'usleep_range()' returns before device
sets this bit, 'info_buf' will be cached and driver won't see update of
this bit and will loop forever.
Fixes: 8fae856c53 ("mtd: rawnand: meson: add support for Amlogic NAND flash controller")
Signed-off-by: Arseniy Krasnov <AVKrasnov@sberdevices.ru>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/d4ef0bd6-816e-f6fa-9385-f05f775f0ae2@sberdevices.ru
The continuous read support added recently makes nandsim
unhappy. Indeed, all the supported commands should be re-encoded into
internal commands, so of course there is currently no support for the
commands and patterns needed for continuous reads to work.
I tried to add support for them but nandsim (which is more a tool to
develop/debug upper layers rather than the raw NAND core) suffers from a
big limitation: it's internal parser needs to know what exact operation
is happening when the address cycles are performed. The research is then
sequential from the start up to the address cycles, but does not check
what's coming next even though the information is available. This is a
limitation which is related to the old API used by the core which kind
of forced the controllers to guess what operation was being performed
rather early. Today the core uses a more transparent API called
->exec_op() which no longer requires controller drivers to do any more
guessing, but despite being updated to ->exec_op(), nandsim is still a
bit constrained on this regard and thus cannot handle sequential page
reads because the start sequence beginning is identical to a regular
page read.
If the internal algorithm is updated some day, it should be possible to
make it support sequential page reads by adding something like:
/* Large page devices continuous read page start */
{OPT_LARGEPAGE, {STATE_CMD_READ0, STATE_ADDR_PAGE, STATE_CMD_READSTART,
STATE_CMD_READCACHESEQ | ACTION_CPY, STATE_DATAOUT,
STATE_READY}},
/* Large page devices continuous read page continue */
{OPT_LARGEPAGE, {STATE_CMD_READCACHESEQ | ACTION_CPY_NEXT, STATE_DATAOUT,
STATE_READY}},
/* Large page devices continuous read page end */
{OPT_LARGEPAGE, {STATE_CMD_READCACHEEND | ACTION_CPY_NEXT, STATE_DATAOUT,
STATE_READY}},
For now, we just return -EOPNOTSUPP when the core asks controller
drivers if they support the feature in order to prevent any further use
of these opcodes.
Note: This is a hack, ->exec_op() is not supposed to check against the
COMMAND opcodes unless _really_ needed.
Fixes: 003fe4b954 ("mtd: rawnand: Support for sequential cache reads")
Reported-by: Zhihao Cheng <chengzhihao1@huawei.com>
Link: https://lore.kernel.org/linux-mtd/fd34fe55-7f4a-030d-8653-9bb9cf08410d@huawei.com/
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Tested-by: Zhihao Cheng <chengzhihao1@huawei.com>
Acked-by: Richard Weinberger <richard@nod.at>
Link: https://lore.kernel.org/linux-mtd/20230310085452.1368716-1-miquel.raynal@bootlin.com
* final coversions of drivers away from deprecated .probe
* make .probe_new the standard probe and convert I2C core to use it
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEOZGx6rniZ1Gk92RdFA3kzBSgKbYFAmQMKqcACgkQFA3kzBSg
KbYXLg/9GuZdcLgodr+h1xckLPYLP8+AL4RKr0O7Cm9M4z4h8eIAkFIumuDaL5sd
fe/zEbvA9ldP2t0tAp5JPsrYJNOr4RAoYyeOz05Ijdy5cLgWrldwD9JFVtsDECyU
sKHQZyrhTmQUUOmgleu5WKFnlDJLGe/HGv3XPsuKldXCyBii2yKZ4FG3Z0h25lPX
/SPWYS3VXGNBDIYv6U63dm/Hd2YiuDR6r+4+DyuoDkI3Wmg97X+N4nwzOBO7iJLe
PXNX9oN3hbZipTrXut3fm13+PL3XBauqtdr3i/Fkm5UO45rTW21vK+6NO1relylh
TvaV2wcE9Wobrua1CS7f1BJ9C7PdQ6wphhSE3EQav6oBWTYHsFbkrbsKoOpBJjyW
DxyC+y8DhwQDfQksQH+ifF4tVNNF6MXLehXGQtAMjTKa+tRTnQbC4WhPVXVFi2PK
8eloIH3xuSxBB24n6O7TThqGOV/IY3mIIhEJtKanDKT5s7MXuvx4B6ehYtPy2JrS
W5M8Swe5syWlPkJLC/gCZdID89YPhLd0UaJ1i0HuLZt6ZOgr7mYkFu8EPaEHPoLz
mxa0Qm+TGpfwCIj+t0mksXfnoDiSOpMjB1wEpBo4D14AKcbyJGHDN5OVw3I3OOHj
1wr5x31HOBUobpcUt8wWKMF+7nw7l4O4LJ0oNLFzsnmZ23mEKJQ=
=jm/G
-----END PGP SIGNATURE-----
Merge tag 'i2c-for-6.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c updates from Wolfram Sang:
"This marks the end of a transition to let I2C have the same probe
semantics as other subsystems. Uwe took care that no drivers in the
current tree nor in -next use the deprecated .probe call. So, it is a
good time to switch to the new, standard semantics now.
There is also a regression fix:
- regression fix for the notifier handling of the I2C core
- final coversions of drivers away from deprecated .probe
- make .probe_new the standard probe and convert I2C core to use it
* tag 'i2c-for-6.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
i2c: dev: Fix bus callback return values
i2c: Convert drivers to new .probe() callback
i2c: mux: Convert all drivers to new .probe() callback
i2c: Switch .probe() to not take an id parameter
media: i2c: ov2685: convert to i2c's .probe_new()
media: i2c: ov5695: convert to i2c's .probe_new()
w1: ds2482: Convert to i2c's .probe_new()
serial: sc16is7xx: Convert to i2c's .probe_new()
mtd: maps: pismo: Convert to i2c's .probe_new()
misc: ad525x_dpot-i2c: Convert to i2c's .probe_new()
Switching to BLK_MQ_F_BLOCKING wrongly removed the call to
blk_mq_end_request(). Add it back to have our IOs finished
Fixes: 91cc8fbcc8 ("ubi: block: set BLK_MQ_F_BLOCKING")
Analyzed-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Daniel Palmer <daniel@0x0f.com>
Link: https://lore.kernel.org/linux-mtd/CAHk-=wi29bbBNh3RqJKu3PxzpjDN5D5K17gEVtXrb7-6bfrnMQ@mail.gmail.com/
Signed-off-by: Richard Weinberger <richard@nod.at>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Tested-by: Daniel Palmer <daniel@0x0f.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The probe function doesn't make use of the i2c_device_id * parameter so it
can be trivially converted.
Acked-by: Richard Weinberger <richard@nod.at>
Link: https://lore.kernel.org/lkml/20221118224540.619276-497-uwe@kleine-koenig.org
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
wait_for_completion_timeout() and readl_poll_timeout() don't handle their
return value the same way.
wait_for_completion_timeout() returns 0 on time out (and >0 in all other
cases)
readl_poll_timeout() returns 0 on success and -ETIMEDOUT upon a timeout.
In order for the error handling path to work in both cases, the logic
against wait_for_completion_timeout() needs to be inverted.
Fixes: 48e6633a9f ("mtd: nand: mxic-ecc: Add Macronix external ECC engine support")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/beddbc374557e44ceec897e68c4a5d12764ddbb9.1676459308.git.christophe.jaillet@wanadoo.fr
This structure must be zeroed, because it's field 'hw->core' is used as
'parent' in 'clk_core_fill_parent_index()', but it will be uninitialized.
This happens, because when this struct is not zeroed, pointer 'hw' is
"initialized" by garbage, which is valid pointer, but points to some
garbage. So 'hw' will be dereferenced, but 'core' contains some random
data which will be interpreted as a pointer. The following backtrace is
result of dereference of such pointer:
[ 1.081319] __clk_register+0x414/0x820
[ 1.085113] devm_clk_register+0x64/0xd0
[ 1.088995] meson_nfc_probe+0x258/0x6ec
[ 1.092875] platform_probe+0x70/0xf0
[ 1.096498] really_probe+0xc8/0x3e0
[ 1.100034] __driver_probe_device+0x84/0x190
[ 1.104346] driver_probe_device+0x44/0x120
[ 1.108487] __driver_attach+0xb4/0x220
[ 1.112282] bus_for_each_dev+0x78/0xd0
[ 1.116077] driver_attach+0x2c/0x40
[ 1.119613] bus_add_driver+0x184/0x240
[ 1.123408] driver_register+0x80/0x140
[ 1.127203] __platform_driver_register+0x30/0x40
[ 1.131860] meson_nfc_driver_init+0x24/0x30
Fixes: 1e4d3ba668 ("mtd: rawnand: meson: fix the clock")
Signed-off-by: Arseniy Krasnov <AVKrasnov@sberdevices.ru>
Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230227102425.793841-1-AVKrasnov@sberdevices.ru
When calling debugfs_lookup() the result must have dput() called on it,
otherwise the memory will leak over time. To solve this, remove the
lookup and create the directory on the first device found, and then
remove it when the module is unloaded.
Cc: Tudor Ambarus <tudor.ambarus@microchip.com>
Cc: Pratyush Yadav <pratyush@kernel.org>
Cc: Miquel Raynal <miquel.raynal@bootlin.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Vignesh Raghavendra <vigneshr@ti.com>
Cc: linux-mtd@lists.infradead.org
Reviewed-by: Michael Walle <michael@walle.cc>
Link: https://lore.kernel.org/r/20230208160230.2179905-1-gregkh@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
During the processing of the bgt, if the sync_erase() return -EBUSY
or some other error code in __erase_worker(),schedule_erase() called
again lead to the down_read(ubi->work_sem) hold twice and may get
block by down_write(ubi->work_sem) in ubi_update_fastmap(),
which cause deadlock.
ubi bgt other task
do_work
down_read(&ubi->work_sem) ubi_update_fastmap
erase_worker # Blocked by down_read
__erase_worker down_write(&ubi->work_sem)
schedule_erase
schedule_ubi_work
down_read(&ubi->work_sem)
Fix this by changing input parameter @nested of the schedule_erase() to
'true' to avoid recursively acquiring the down_read(&ubi->work_sem).
Also, fix the incorrect comment about @nested parameter of the
schedule_erase() because when down_write(ubi->work_sem) is held, the
@nested is also need be true.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=217093
Fixes: 2e8f08deab ("ubi: Fix races around ubi_refill_pools()")
Signed-off-by: ZhaoLong Wang <wangzhaolong1@huawei.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
JFFS2:
- Fix memory corruption in error path
- Spelling and coding style fixes
UBI:
- Switch to BLK_MQ_F_BLOCKING in ubiblock
- Wire up partent device (for sysfs)
- Multiple UAF bugfixes
- Fix for an infinite loop in WL error path
UBIFS:
- Fix for multiple memory leaks in error paths
- Fixes for wrong space accounting
- Minor cleanups
- Spelling and coding style fixes
-----BEGIN PGP SIGNATURE-----
iQJKBAABCAA0FiEEdgfidid8lnn52cLTZvlZhesYu8EFAmP/BSMWHHJpY2hhcmRA
c2lnbWEtc3Rhci5hdAAKCRBm+VmF6xi7wX5QEADnPsAW87AIi44UlkbAsJEjkEqU
yQrI9UPsdqfE7K5OR7Vb2tOti3MLfaiJ5MTG64xNaTEgmrbcqo4GgENk4Pe6zJ9q
azO/xWTr6r8G4aE70KhsUBc9Vc/99Ok48rxLHJS+u7s+FvOJ//WirGXjyNZEVDyx
TgvH80rhUlfj1ExqEXLcUfQ53WUnR3PefOw+zIi29ldtgaI/TFmnWObl2A/XtsGr
0ExIdqDnoTfSsYecfGP71jVbYH8u2mLFe2zNOYW1pvrHYhcet6Q6e+69fgnyNRf9
5s5dbDPmmWN2Qdz63AWwHfC4mncoQdc7HbnnKIk6bTm3v6gqXQSrgy/hZEX3LmWr
G41j7RLhBMZ2mljRfFQH97V71n9TL010T6jZ5zurvqErXtVdFImmInGmqY3AR13I
fzUWnJf81xKgcMv6My2/nEVGDtrGLFdILoT8j6VIXQO6teqtF7Vip7UfamrwL399
57fy0Iwbx2aume/IdwI3TZYacBQ2d8GvQxTZshJ+qx+gCvhb6EyiSIn3AOgtrbAo
srXMy+6xXJecKNHR7Bl1C5BLei/25HDIYjk/yiAH/IhhV20c5eiySSvA+q720Gcz
reBLFh7EtcP51B2GXMdSCOgYY8wGaMl5zlbiLYzY79ptgnnBJ7luuYjc3c02MGB9
25qVLnpvC/ZREzZqLg==
=fTYq
-----END PGP SIGNATURE-----
Merge tag 'ubifs-for-linus-6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs
Pull jffs2, ubi and ubifs updates from Richard Weinberger:
"JFFS2:
- Fix memory corruption in error path
- Spelling and coding style fixes
UBI:
- Switch to BLK_MQ_F_BLOCKING in ubiblock
- Wire up partent device (for sysfs)
- Multiple UAF bugfixes
- Fix for an infinite loop in WL error path
UBIFS:
- Fix for multiple memory leaks in error paths
- Fixes for wrong space accounting
- Minor cleanups
- Spelling and coding style fixes"
* tag 'ubifs-for-linus-6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs: (36 commits)
ubi: block: Fix a possible use-after-free bug in ubiblock_create()
ubifs: make kobj_type structures constant
mtd: ubi: block: wire-up device parent
mtd: ubi: wire-up parent MTD device
ubi: use correct names in function kernel-doc comments
ubi: block: set BLK_MQ_F_BLOCKING
jffs2: Fix list_del corruption if compressors initialized failed
jffs2: Use function instead of macro when initialize compressors
jffs2: fix spelling mistake "neccecary"->"necessary"
ubifs: Fix kernel-doc
ubifs: Fix some kernel-doc comments
UBI: Fastmap: Fix kernel-doc
ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
ubi: fastmap: Fix missed fm_anchor PEB in wear-leveling after disabling fastmap
ubifs: ubifs_releasepage: Remove ubifs_assert(0) to valid this process
ubifs: ubifs_writepage: Mark page dirty after writing inode failed
ubifs: dirty_cow_znode: Fix memleak in error handling path
ubifs: Re-statistic cleaned znode count if commit failed
ubi: Fix permission display of the debugfs files
...
As usual, there are lots of minor driver changes across SoC platforms
from NXP, Amlogic, AMD Zynq, Mediatek, Qualcomm, Apple and Samsung.
These usually add support for additional chip variations in existing
drivers, but also add features or bugfixes.
The SCMI firmware subsystem gains a unified raw userspace interface
through debugfs, which can be used for validation purposes.
Newly added drivers include:
- New power management drivers for StarFive JH7110, Allwinner D1 and
Renesas RZ/V2M
- A driver for Qualcomm battery and power supply status
- A SoC device driver for identifying Nuvoton WPCM450 chips
- A regulator coupler driver for Mediatek MT81xxv
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmPtSN8ACgkQmmx57+YA
GNkOSw/+JS5tElm/ZP7c3uWYp6uwvcb0jUlKW/U3aCtPiPEcYDLEqIEXwcNdaDMh
m4rW3GYlW0IRL3FsyuYkSLx+EIIUIfs40wldYXJOqRDj0XasndiloIwltOQJGfd9
C/UVM0FpJdxMJrcBMFgwLLQCIbAVnhHP34i6ppDRgxW/MfTeiCaaG6fnS70iv6mC
oh2N7FoZSKDtTrFtlR5TqFiK5v/W1CgNJVuglkFB0ceFpjyBpp/8AT0FGS887xCz
IYSTqm4Q/79vaZXI1Y2oog257cgdwsVqgPrnK5CuSFhTnAcJMCekiFelHq8Yhyuk
Rw7j/B3KO3AOaxmR75c6SZdeZ+VHgUMRC/RKe3fay0sm3Zea2kAIPXA6Zn+r/cxb
8M94V59qBz+f8XmpXRTK1UR3s3EbwFIuNyuDIkeorMtpSKtvqJXmZxGDwNIfXr2F
/voo++MKjzdtdxdW/D/5Tc9DC0Pyb4HLi0EYj2QCzA03njmfLDF1w73NfzMec+GD
R1zAd3FEbiJQx8Hin0PSPjYXpfMnkjkGAEcE9N9Ralg4ewNWAxfOFsAhHKTZNssL
pitTAvHR/+dXtvkX7FUi2l/6fqn8nJUrg/xRazPPp3scRbpuk8m6P4MNr3/lsaHk
HTQ/hYwDdecWLvKXjw5y9yIr3yhLmPPcloTVIIFFjsM0t8b+d9E=
=p6Xp
-----END PGP SIGNATURE-----
Merge tag 'soc-drivers-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Pull ARM SoC driver updates from Arnd Bergmann:
"As usual, there are lots of minor driver changes across SoC platforms
from NXP, Amlogic, AMD Zynq, Mediatek, Qualcomm, Apple and Samsung.
These usually add support for additional chip variations in existing
drivers, but also add features or bugfixes.
The SCMI firmware subsystem gains a unified raw userspace interface
through debugfs, which can be used for validation purposes.
Newly added drivers include:
- New power management drivers for StarFive JH7110, Allwinner D1 and
Renesas RZ/V2M
- A driver for Qualcomm battery and power supply status
- A SoC device driver for identifying Nuvoton WPCM450 chips
- A regulator coupler driver for Mediatek MT81xxv"
* tag 'soc-drivers-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (165 commits)
power: supply: Introduce Qualcomm PMIC GLINK power supply
soc: apple: rtkit: Do not copy the reg state structure to the stack
soc: sunxi: SUN20I_PPU should depend on PM
memory: renesas-rpc-if: Remove redundant division of dummy
soc: qcom: socinfo: Add IDs for IPQ5332 and its variant
dt-bindings: arm: qcom,ids: Add IDs for IPQ5332 and its variant
dt-bindings: power: qcom,rpmpd: add RPMH_REGULATOR_LEVEL_LOW_SVS_L1
firmware: qcom_scm: Move qcom_scm.h to include/linux/firmware/qcom/
MAINTAINERS: Update qcom CPR maintainer entry
dt-bindings: firmware: document Qualcomm SM8550 SCM
dt-bindings: firmware: qcom,scm: add qcom,scm-sa8775p compatible
soc: qcom: socinfo: Add Soc IDs for IPQ8064 and variants
dt-bindings: arm: qcom,ids: Add Soc IDs for IPQ8064 and variants
soc: qcom: socinfo: Add support for new field in revision 17
soc: qcom: smd-rpm: Add IPQ9574 compatible
soc: qcom: pmic_glink: remove redundant calculation of svid
soc: qcom: stats: Populate all subsystem debugfs files
dt-bindings: soc: qcom,rpmh-rsc: Update to allow for generic nodes
soc: qcom: pmic_glink: add CONFIG_NET/CONFIG_OF dependencies
soc: qcom: pmic_glink: Introduce altmode support
...
* parsers: ofpart: add workaround for #size-cells 0
* dt-bindings: partitions: Fix partition node name pattern
* dataflash: remove duplicate SPI ID table
Raw NAND core changes:
* Check the data only read pattern only once
* Prepare the late addition of supported operation checks
* Support for sequential cache reads
* Fix nand_chip kdoc
Raw NAND driver changes:
* Fsl_elbc: Propagate HW ECC settings to HW
* Marvell: Add missing layouts
* Pasemi: Don't use static data to track per-device state
* Sunxi:
- Fix the size of the last OOB region
- Remove an unnecessary check
- Remove an unnecessary check
- Clean up chips after failed init
- Precompute the ECC_CTL register value
- Embed sunxi_nand_hw_ecc by value
- Update OOB layout to match hardware
* tmio_nand: Remove driver
* vf610_nfc: Use regular comments for functions
SPI-NAND driver changes:
* Add support for AllianceMemory AS5F34G04SND
* Macronix: use scratch buffer for DMA operation
NAND ECC changes:
* Mediatek:
- Add ECC support fot MT7986 IC
- Add compatible for MT7986
- dt-bindings: Split ECC engine with rawnand controller
SPI NOR changes:
* Misc core fixes
SPI NOR driver changes:
* Spansion: Minor fixes
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEE9HuaYnbmDhq/XIDIJWrqGEe9VoQFAmP3MqwACgkQJWrqGEe9
VoTnsQf/bfzBqf0LbMBU7c+2VUjnE2dgLRssf0WqJB2INvDIAHQ8HKE2rqF6j1G0
wBnJOMf9fRpH6M3k45siNL37HPnacUq8QFZE3B3A3pUewWNtx5ldFrzT1awlsTu8
zIG37pnd2rJ+W3wfDDnNjTqQUfm3sLI7k/B3S8aqJA8i63DFLqih7ju0mgPVT7TX
C1X0VAx8gNMHQ6WqTX53SRZ4Ef9dJAcVwcFhkjHY09Q9VEW56ZlQ7uxyhwYqXjiJ
zDDGfPFhAsfwcykdFI3DtvNRT2bVbJl7N4GvTD8N4Rf+GIuMhVJnUjp5yTkAeEHx
HjXqBSI3ykHimsW7BRtE3HLR4775bA==
=FLt2
-----END PGP SIGNATURE-----
Merge tag 'mtd/for-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux
Pull MTD updates from Miquel Raynal:
"MTD changes:
- parsers: ofpart: add workaround for #size-cells 0
- dt-bindings: partitions: Fix partition node name pattern
- dataflash: remove duplicate SPI ID table
Raw NAND core changes:
- Check the data only read pattern only once
- Prepare the late addition of supported operation checks
- Support for sequential cache reads
- Fix nand_chip kdoc
Raw NAND driver changes:
- Fsl_elbc: Propagate HW ECC settings to HW
- Marvell: Add missing layouts
- Pasemi: Don't use static data to track per-device state
- Sunxi:
- Fix the size of the last OOB region
- Remove an unnecessary check
- Remove an unnecessary check
- Clean up chips after failed init
- Precompute the ECC_CTL register value
- Embed sunxi_nand_hw_ecc by value
- Update OOB layout to match hardware
- tmio_nand: Remove driver
- vf610_nfc: Use regular comments for functions
SPI-NAND driver changes:
- Add support for AllianceMemory AS5F34G04SND
- Macronix: use scratch buffer for DMA operation
NAND ECC changes:
- Mediatek:
- Add ECC support fot MT7986 IC
- Add compatible for MT7986
- dt-bindings: Split ECC engine with rawnand controller
SPI NOR changes:
- Misc core fixes
SPI NOR driver changes:
- Spansion: Minor fixes"
* tag 'mtd/for-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux: (33 commits)
mtd: parsers: ofpart: add workaround for #size-cells 0
mtd: rawnand: sunxi: Precompute the ECC_CTL register value
mtd: rawnand: sunxi: Embed sunxi_nand_hw_ecc by value
mtd: rawnand: sunxi: Update OOB layout to match hardware
mtd: spi-nor: Sort headers alphabetically
mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type
mtd: nand: ecc-mtk: Add ECC support fot MT7986 IC
dt-bindings: mtd: mediatek,nand-ecc-engine: Add compatible for MT7986
dt-bindings: mtd: Split ECC engine with rawnand controller
mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW
mtd: spinand: Add support for AllianceMemory AS5F34G04SND
dt-bindings: mtd: partitions: Fix partition node name pattern
mtd: spi-nor: Create macros to define chip IDs and geometries
mtd: spi-nor: spansion: Make CFRx reg fields generic
mtd: spi-nor: spansion: Consider reserved bits in CFR5 register
mtd: spi-nor: core: fix implicit declaration warning
mtd: spinand: macronix: use scratch buffer for DMA operation
mtd: rawnand: Fix nand_chip kdoc
mtd: rawnand: vf610_nfc: use regular comments for functions
mtd: rawnand: Support for sequential cache reads
...
Here is the large set of driver core changes for 6.3-rc1.
There's a lot of changes this development cycle, most of the work falls
into two different categories:
- fw_devlink fixes and updates. This has gone through numerous review
cycles and lots of review and testing by lots of different devices.
Hopefully all should be good now, and Saravana will be keeping a
watch for any potential regression on odd embedded systems.
- driver core changes to work to make struct bus_type able to be moved
into read-only memory (i.e. const) The recent work with Rust has
pointed out a number of areas in the driver core where we are
passing around and working with structures that really do not have
to be dynamic at all, and they should be able to be read-only making
things safer overall. This is the contuation of that work (started
last release with kobject changes) in moving struct bus_type to be
constant. We didn't quite make it for this release, but the
remaining patches will be finished up for the release after this
one, but the groundwork has been laid for this effort.
Other than that we have in here:
- debugfs memory leak fixes in some subsystems
- error path cleanups and fixes for some never-able-to-be-hit
codepaths.
- cacheinfo rework and fixes
- Other tiny fixes, full details are in the shortlog
All of these have been in linux-next for a while with no reported
problems.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCY/ipdg8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ynL3gCgwzbcWu0So3piZyLiJKxsVo9C2EsAn3sZ9gN6
6oeFOjD3JDju3cQsfGgd
=Su6W
-----END PGP SIGNATURE-----
Merge tag 'driver-core-6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
Pull driver core updates from Greg KH:
"Here is the large set of driver core changes for 6.3-rc1.
There's a lot of changes this development cycle, most of the work
falls into two different categories:
- fw_devlink fixes and updates. This has gone through numerous review
cycles and lots of review and testing by lots of different devices.
Hopefully all should be good now, and Saravana will be keeping a
watch for any potential regression on odd embedded systems.
- driver core changes to work to make struct bus_type able to be
moved into read-only memory (i.e. const) The recent work with Rust
has pointed out a number of areas in the driver core where we are
passing around and working with structures that really do not have
to be dynamic at all, and they should be able to be read-only
making things safer overall. This is the contuation of that work
(started last release with kobject changes) in moving struct
bus_type to be constant. We didn't quite make it for this release,
but the remaining patches will be finished up for the release after
this one, but the groundwork has been laid for this effort.
Other than that we have in here:
- debugfs memory leak fixes in some subsystems
- error path cleanups and fixes for some never-able-to-be-hit
codepaths.
- cacheinfo rework and fixes
- Other tiny fixes, full details are in the shortlog
All of these have been in linux-next for a while with no reported
problems"
[ Geert Uytterhoeven points out that that last sentence isn't true, and
that there's a pending report that has a fix that is queued up - Linus ]
* tag 'driver-core-6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (124 commits)
debugfs: drop inline constant formatting for ERR_PTR(-ERROR)
OPP: fix error checking in opp_migrate_dentry()
debugfs: update comment of debugfs_rename()
i3c: fix device.h kernel-doc warnings
dma-mapping: no need to pass a bus_type into get_arch_dma_ops()
driver core: class: move EXPORT_SYMBOL_GPL() lines to the correct place
Revert "driver core: add error handling for devtmpfs_create_node()"
Revert "devtmpfs: add debug info to handle()"
Revert "devtmpfs: remove return value of devtmpfs_delete_node()"
driver core: cpu: don't hand-override the uevent bus_type callback.
devtmpfs: remove return value of devtmpfs_delete_node()
devtmpfs: add debug info to handle()
driver core: add error handling for devtmpfs_create_node()
driver core: bus: update my copyright notice
driver core: bus: add bus_get_dev_root() function
driver core: bus: constify bus_unregister()
driver core: bus: constify some internal functions
driver core: bus: constify bus_get_kset()
driver core: bus: constify bus_register/unregister_notifier()
driver core: remove private pointer from struct bus_type
...
* Check the data only read pattern only once
* Prepare the late addition of supported operation checks
* Support for sequential cache reads
* Fix nand_chip kdoc
Raw NAND changes:
* Fsl_elbc: Propagate HW ECC settings to HW
* Marvell: Add missing layouts
* Pasemi: Don't use static data to track per-device state
* Sunxi:
- Fix the size of the last OOB region
- Remove an unnecessary check
- Remove an unnecessary check
- Clean up chips after failed init
- Precompute the ECC_CTL register value
- Embed sunxi_nand_hw_ecc by value
- Update OOB layout to match hardware
* tmio_nand: Remove driver
* vf610_nfc: Use regular comments for functions
SPI-NAND changes:
* Add support for AllianceMemory AS5F34G04SND
* Macronix: use scratch buffer for DMA operation
NAND ECC changes:
* Mediatek:
- Add ECC support fot MT7986 IC
- Add compatible for MT7986
- dt-bindings: Split ECC engine with rawnand controller
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEE9HuaYnbmDhq/XIDIJWrqGEe9VoQFAmP3L4MACgkQJWrqGEe9
VoSVKgf+PUOBlR6U/QaNlzavYsTOz1Hgc9MjuC32CtStED8/uKfEG9odBRw1Fp+I
fNpgVnaWrU7KpW9yzsMTLQy//6lI/Hjn4KUMqKcsBmN3dOvzca60YrbehWLlrARb
exRDFvwuw6qZ0jRYMsKC9jsKhvU69TXnAWCdC+TSWRwfXci5dfjm3HxMNpRvT+PQ
q3sWqFMGj+omLOr/R+sBzhSV0WU1FpQsG9NB6I0VbFiJGy9YMMaI2tr/TKJyYeqM
CM0T3tccjKAajJ9i9qKIPZnRYWQYx/FyJ5Uyg6DRxjeoVjsFhGom1pQbH/2eHVs6
iND3n1yQCsnPaR/D7yRZgiTERQzqdw==
=psZR
-----END PGP SIGNATURE-----
Merge tag 'nand/for-6.3' into mtd/next
NAND core changes:
* Check the data only read pattern only once
* Prepare the late addition of supported operation checks
* Support for sequential cache reads
* Fix nand_chip kdoc
Raw NAND changes:
* Fsl_elbc: Propagate HW ECC settings to HW
* Marvell: Add missing layouts
* Pasemi: Don't use static data to track per-device state
* Sunxi:
- Fix the size of the last OOB region
- Remove an unnecessary check
- Remove an unnecessary check
- Clean up chips after failed init
- Precompute the ECC_CTL register value
- Embed sunxi_nand_hw_ecc by value
- Update OOB layout to match hardware
* tmio_nand: Remove driver
* vf610_nfc: Use regular comments for functions
SPI-NAND changes:
* Add support for AllianceMemory AS5F34G04SND
* Macronix: use scratch buffer for DMA operation
NAND ECC changes:
* Mediatek:
- Add ECC support fot MT7986 IC
- Add compatible for MT7986
- dt-bindings: Split ECC engine with rawnand controller
* small fixes on core and spansion driver.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEHUIqys8OyG1eHf7fS1VPR6WNFOkFAmPgyGUACgkQS1VPR6WN
FOkv+AgAmqp68REEM7SicPy2dIy6fdLFOLjma9CSiWwGTMEJRM60ZBNFCJcAuUjD
1Sf+TCZEkBHc2crYCun5SqBErOA9oQCxI4nVtKZEQ9RyBklz/e5DsLONsVlLKrJU
lwemyeZ2tAV8023iBdjCi1nJ831eRmYipQMIEvr2xbOP/G95Ccc/wG6vKeMDi2QR
BxWdPD4XXvIVRY923nvnz9kK65QiqEQASJ8Rpf/AIYw+C/oukQFql8J3SMMs9kLH
DLagTnyhTx8qMd0V7Z6OVA3Ljf+bMd5gI7Z2fFQhErKo1mvT1Jw13sDQwxGGs+XS
9yxomEDKX+d/LdWEoZaSWFYwHVEixQ==
=fazc
-----END PGP SIGNATURE-----
Merge tag 'spi-nor/for-6.3' into mtd/next
SPI NOR changes:
* small fixes on core and spansion driver.
This is a follow-up to the deprecation of most of the old-style board
files that was merged in linux-6.0, removing them for good.
This branch is almost exclusively dead code removal based on those
annotations. Some device driver removals went through separate subsystem
trees, but the majority is in the same branch, in order to better handle
dependencies between the patches and avoid breaking bisection.
Unfortunately that leads to merge conflicts against other changes in the
subsystem trees, but they should all be trivial to resolve by removing
the files.
See commit 7d0d3fa733 ("Merge tag 'arm-boardfiles-6.0' of
git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc") for the
description of which machines were marked unused and are now removed. The
only removals that got postponed are Terastation WXL (mv78xx0) and
Jornada720 (StrongARM1100), which turned out to still have potential
users.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmPvuCEACgkQmmx57+YA
GNm04Q//Q1W+qDOpK09BPskn7sFrpo1OOt9C+qRmAOmqZ/qY8JNfoqOLWLjS12st
qaTcODuSooGfFclWHsN5gNqT6yNfs3d2rRQEAd5ka+vt2dgV3OignNu1iEvjJmtG
sDxLHu1XYlHETz3k3pBGVv22SyuZTRowj1bdlerEBfOXgvJsxg1LkZowU+ffEau5
7LJeHwEGoi3LdfW/pVeNRU6iLwiBThVIXq94ZrOXsw1WNy4Bz6kmHfhlMis7hbhk
6X3JJCpDbtJp/4jccZFC/+Cc5DxYc1nnvkWGdUSpZWq3liWaNI0AoKm40p0vwdKa
ozflhYjM9PpB3JibwdkvkOrPj4GWOEHojKP1agN0fPBxEaWppmDpi7rbDU8Jvfxj
AwBM60fblqn6E+1HbckNpgyFx7rldcipmgQLPo5/ZhUnvad8Os0GLxmrH8Nqcycx
LktPcwOPJxd0mtaboHWc9qfeb5jeKqyEfQdhIN7H+u5HDEYA7EbcrhYAdMdmkduw
9C8sfTXQaD9/3/XBaq3elvTEVqNF1iOVwkXpbFUPjBNq9gQ2jHe5gxMuyoZ6lFz2
SnYMBo8DF+3EP5+UR6MgpbVn4zntk6o5hwbb6CZZGp9KXXic4kohh58nv8aQOOvx
Iy0Xxr38eXINAn4vsro89pFDmulpP1m7MKC1Cfw/9RZl4s/r0hg=
=WejQ
-----END PGP SIGNATURE-----
Merge tag 'arm-boardfile-remove-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Pull ARM SoC boardfile updates from Arnd Bergmann
"Unused boardfile removal for 6.3
This is a follow-up to the deprecation of most of the old-style board
files that was merged in linux-6.0, removing them for good.
This branch is almost exclusively dead code removal based on those
annotations. Some device driver removals went through separate
subsystem trees, but the majority is in the same branch, in order to
better handle dependencies between the patches and avoid breaking
bisection.
Unfortunately that leads to merge conflicts against other changes in
the subsystem trees, but they should all be trivial to resolve by
removing the files.
See commit 7d0d3fa733 ("Merge tag 'arm-boardfiles-6.0' of
git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc") for the
description of which machines were marked unused and are now removed.
The only removals that got postponed are Terastation WXL (mv78xx0) and
Jornada720 (StrongARM1100), which turned out to still have potential
users"
* tag 'arm-boardfile-remove-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (91 commits)
mmc: omap: drop TPS65010 dependency
ARM: pxa: restore mfp-pxa320.h
usb: ohci-omap: avoid unused-variable warning
ARM: debug: remove references in DEBUG_UART_8250_SHIFT to removed configs
ARM: s3c: remove obsolete s3c-cpu-freq header
MAINTAINERS: adjust SAMSUNG SOC CLOCK DRIVERS after s3c24xx support removal
MAINTAINERS: update file entries after arm multi-platform rework and mach-pxa removal
ARM: remove CONFIG_UNUSED_BOARD_FILES
mfd: remove htc-pasic3 driver
w1: remove ds1wm driver
usb: remove ohci-tmio driver
fbdev: remove w100fb driver
fbdev: remove tmiofb driver
mmc: remove tmio_mmc driver
mfd: remove ucb1400 support
mfd: remove toshiba tmio drivers
rtc: remove v3020 driver
power: remove pda_power supply driver
ASoC: pxa: remove unused board support
pcmcia: remove unused pxa/sa1100 drivers
...
Smatch warns:
drivers/mtd/ubi/block.c:438 ubiblock_create()
warn: '&dev->list' not removed from list
'dev' is freed in 'out_free_dev:, but it is still on the list.
To fix this, delete the list item before freeing.
Fixes: 91cc8fbcc8 ("ubi: block: set BLK_MQ_F_BLOCKING")
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
ubiblock devices were previously only identifyable by their name, but
not connected to their parent UBI volume device e.g. in sysfs.
Properly parent ubiblock device as descendant of a UBI volume device
to reflect device model hierachy.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Richard Weinberger <richard@nod.at>
Wire up the device parent pointer of UBI devices to their lower MTD
device, typically an MTD partition or whole-chip device.
The most noticeable change is that in sysfs, previously ubi devices
would be could in /sys/devices/virtual/ubi while after this change they
would be correctly attached to their parent MTD device, e.g.
/sys/devices/platform/1100d000.spi/spi_master/spi1/spi1.0/mtd/mtd2/ubi0.
Locating UBI devices using /sys/class/ubi/ of course still works as
well.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Richard Weinberger <richard@nod.at>
These "nvmem-cells" platform devices never get probed because there's no
platform driver for it and it's never used anywhere else. So it's a
waste of memory. These devices also cause fw_devlink to block nvmem
consumers of "nvmem-cells" partition from probing because the supplier
device never probes.
So stop creating platform devices for nvmem-cells partitions to avoid
wasting memory and to avoid blocking probing of consumers.
Reported-by: Maxim Kiselev <bigunclemax@gmail.com>
Fixes: bcdf0315a6 ("mtd: call of_platform_populate() for MTD partitions")
Signed-off-by: Saravana Kannan <saravanak@google.com>
Tested-by: Maksim Kiselev <bigunclemax@gmail.com>
Tested-by: Douglas Anderson <dianders@chromium.org>
Tested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Tested-by: Luca Weiss <luca.weiss@fairphone.com> # qcom/sm7225-fairphone-fp4
Link: https://lore.kernel.org/r/20230207014207.1678715-13-saravanak@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add a mechanism to handle the case in which partitions are present as
direct child of the nand controller node and #size-cells is set to <0>.
This could happen if the nand-controller node in the DTS is supposed to
have #size-cells set to 0, but for some historical reason/bug it was set
to 1 in the past, and the firmware (e.g. U-Boot) is adding the partition
as direct children of the nand-controller defaulting to #size-cells
being to 1.
This prevents a real boot failure on colibri-imx7 that happened during v6.1
development cycles.
Link: https://lore.kernel.org/all/Y4dgBTGNWpM6SQXI@francesco-nb.int.toradex.com/
Link: https://lore.kernel.org/all/20221202071900.1143950-1-francesco@dolcini.it/
Signed-off-by: Francesco Dolcini <francesco.dolcini@toradex.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230124104444.330913-1-francesco@dolcini.it
The value computed by this function never changes for a given chip.
Compute the whole register value once up front, instead of every time
the ECC engine is enabled.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230204143520.9682-4-samuel@sholland.org
The sunxi_nand_hw_ecc object is not shared, and it has the same lifetime
as the sunxi_nand_chip which points to it, so we can embed it in the
outer structure instead of using a pointer. This removes an unnecessary
memory allocation and simplifies the error handling code.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230204143520.9682-3-samuel@sholland.org
When using the hardware ECC engine, the OOB data is made available in
the NFC_REG_USER_DATA registers, as one 32-bit word per ECC step. Any
additional bytes are only accessible through raw reads and software
descrambling. For efficiency, and to match the vendor driver, ignore
these extra bytes when using hardware ECC.
Note that until commit 34569d8695 ("mtd: rawnand: sunxi: Fix the size
of the last OOB region"), this extra free area was reported with length
zero, so this is not a functional change for any stable kernel user.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230204143520.9682-2-samuel@sholland.org
Sort headers alphabetically - it helps locating duplicates, and makes it
easier to figure out where to insert new headers. Alphabetic order should
also prove that each header is self-contained, i.e. can be included without
prerequisites.
Link: https://lore.kernel.org/r/20230202144628.14443-1-tudor.ambarus@linaro.org
Signed-off-by: Tudor Ambarus <tudor.ambarus@linaro.org>
spi_nor_set_erase_type() was used either to set or to mask out an erase
type. When we used it to mask out an erase type a shift-out-of-bounds
was hit:
UBSAN: shift-out-of-bounds in drivers/mtd/spi-nor/core.c:2237:24
shift exponent 4294967295 is too large for 32-bit type 'int'
The setting of the size_{shift, mask} and of the opcode are unnecessary
when the erase size is zero, as throughout the code just the erase size
is considered to determine whether an erase type is supported or not.
Setting the opcode to 0xFF was wrong too as nobody guarantees that 0xFF
is an unused opcode. Thus when masking out an erase type, just set the
erase size to zero. This will fix the shift-out-of-bounds.
Fixes: 5390a8df76 ("mtd: spi-nor: add support to non-uniform SFDP SPI NOR flash memories")
Cc: stable@vger.kernel.org
Reported-by: Alexander Stein <Alexander.Stein@tq-group.com>
Signed-off-by: Louis Rannou <lrannou@baylibre.com>
Tested-by: Alexander Stein <Alexander.Stein@tq-group.com>
Link: https://lore.kernel.org/r/20230203070754.50677-1-tudor.ambarus@linaro.org
[ta: refine changes, new commit message, fix compilation error]
Signed-off-by: Tudor Ambarus <tudor.ambarus@linaro.org>
Fix kernel-doc warnings by using the correct function names in
their kernel-doc notation:
drivers/mtd/ubi/eba.c:72: warning: expecting prototype for next_sqnum(). Prototype was for ubi_next_sqnum() instead
drivers/mtd/ubi/wl.c:176: warning: expecting prototype for wl_tree_destroy(). Prototype was for wl_entry_destroy() instead
drivers/mtd/ubi/misc.c:24: warning: expecting prototype for calc_data_len(). Prototype was for ubi_calc_data_len() instead
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Richard Weinberger <richard@nod.at>
Cc: Miquel Raynal <miquel.raynal@bootlin.com>
Cc: Vignesh Raghavendra <vigneshr@ti.com>
Cc: linux-mtd@lists.infradead.org
Signed-off-by: Richard Weinberger <richard@nod.at>
Set BLK_MQ_F_BLOCKING so that the block layer always calls ->queue_rq
from process context and drop the driver internal workqueue.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
Following process will trigger an infinite loop in ubi_wl_put_peb():
ubifs_bgt ubi_bgt
ubifs_leb_unmap
ubi_leb_unmap
ubi_eba_unmap_leb
ubi_wl_put_peb wear_leveling_worker
e1 = rb_entry(rb_first(&ubi->used)
e2 = get_peb_for_wl(ubi)
ubi_io_read_vid_hdr // return err (flash fault)
out_error:
ubi->move_from = ubi->move_to = NULL
wl_entry_destroy(ubi, e1)
ubi->lookuptbl[e->pnum] = NULL
retry:
e = ubi->lookuptbl[pnum]; // return NULL
if (e == ubi->move_from) { // NULL == NULL gets true
goto retry; // infinite loop !!!
$ top
PID USER PR NI VIRT RES SHR S %CPU %MEM COMMAND
7676 root 20 0 0 0 0 R 100.0 0.0 ubifs_bgt0_0
Fix it by:
1) Letting ubi_wl_put_peb() returns directly if wearl leveling entry has
been removed from 'ubi->lookuptbl'.
2) Using 'ubi->wl_lock' protecting wl entry deletion to preventing an
use-after-free problem for wl entry in ubi_wl_put_peb().
Fetch a reproducer in [Link].
Fixes: 43f9b25a9c ("UBI: bugfix: protect from volume removal")
Fixes: ee59ba8b06 ("UBI: Fix stale pointers in ubi->lookuptbl")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216111
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Wear-leveling entry could be freed in error path, which may be accessed
again in eraseblk_count_seq_show(), for example:
__erase_worker eraseblk_count_seq_show
wl = ubi->lookuptbl[*block_number]
if (wl)
wl_entry_destroy
ubi->lookuptbl[e->pnum] = NULL
kmem_cache_free(ubi_wl_entry_slab, e)
erase_count = wl->ec // UAF!
Wear-leveling entry updating/accessing in ubi->lookuptbl should be
protected by ubi->wl_lock, fix it by adding ubi->wl_lock to serialize
wl entry accessing between wl_entry_destroy() and
eraseblk_count_seq_show().
Fetch a reproducer in [Link].
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216305
Fixes: 7bccd12d27 ("ubi: Add debugfs file for tracking PEB state")
Fixes: 801c135ce7 ("UBI: Unsorted Block Images")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
After disabling fastmap(ubi->fm_disabled = 1), fastmap won't be updated,
fm_anchor PEB is missed being scheduled for erasing. Besides, fm_anchor
PEB may have smallest erase count, it doesn't participate wear-leveling.
The difference of erase count between fm_anchor PEB and other PEBs will
be larger and larger later on.
In which situation fastmap can be disabled? Initially, we have an UBI
image with fastmap. Then the image will be atttached without module
parameter 'fm_autoconvert', ubi turns to full scanning mode in one
random attaching process(eg. bad fastmap caused by powercut), ubi
fastmap is disabled since then.
Fix it by not getting fm_anchor if fastmap is disabled in
ubi_refill_pools().
Fetch a reproducer in [Link].
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216341
Fixes: 4b68bf9a69 ("ubi: Select fastmap anchor PEBs considering ...")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Some interface files in debugfs support the read method
dfs_file_read(), but their rwx permissions is shown as
unreadable.
In the user mode, the following problem can be clearly seen:
# ls -l /sys/kernel/debug/ubi/ubi0/
total 0
--w------- 1 root root 0 Oct 22 16:26 chk_fastmap
--w------- 1 root root 0 Oct 22 16:26 chk_gen
--w------- 1 root root 0 Oct 22 16:26 chk_io
-r-------- 1 root root 0 Oct 22 16:26 detailed_erase_block_info
--w------- 1 root root 0 Oct 22 16:26 tst_disable_bgt
--w------- 1 root root 0 Oct 22 16:26 tst_emulate_bitflips
--w------- 1 root root 0 Oct 22 16:26 tst_emulate_io_failures
--w------- 1 root root 0 Oct 22 16:26 tst_emulate_power_cut
--w------- 1 root root 0 Oct 22 16:26 tst_emulate_power_cut_max
--w------- 1 root root 0 Oct 22 16:26 tst_emulate_power_cut_min
It shows that these files do not have read permission 'r',
but we can actually read their contents.
# echo 1 > /sys/kernel/debug/ubi/ubi0/chk_io
# cat /sys/kernel/debug/ubi/ubi0/chk_io
1
User's permission access is determined by capabilities.
Of course, the root user is not restricted from reading
these files.
When reading a debugfs file, the process is as follows:
ksys_read()
vfs_read()
if (file->f_op->read)
file->f_op->read()
full_proxy_open()
real_fops->read()
dfs_file_read() -- Read method of debugfs file.
else if (file->f_op->read_iter)
new_sync_read()
else
ret = -EINVAL -- Return -EINVAL if no read method.
This indicates that the debugfs file can be read as long as the read
method of the debugfs file is registered. This patch adds the read
permission display for file that support the read method.
Signed-off-by: ZhaoLong Wang <wangzhaolong1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
It willl cause null-ptr-deref in the following case:
uif_init()
ubi_add_volume()
cdev_add() -> if it fails, call kill_volumes()
device_register()
kill_volumes() -> if ubi_add_volume() fails call this function
ubi_free_volume()
cdev_del()
device_unregister() -> trying to delete a not added device,
it causes null-ptr-deref
So in ubi_free_volume(), it delete devices whether they are added
or not, it will causes null-ptr-deref.
Handle the error case whlie calling ubi_add_volume() to fix this
problem. If add volume fails, set the corresponding vol to null,
so it can not be accessed in kill_volumes() and release the
resource in ubi_add_volume() error path.
Fixes: 801c135ce7 ("UBI: Unsorted Block Images")
Suggested-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
The UBI driver can use the IOCTL to disable the fastmap after the
mainline 669d204469 ("ubi: fastmap: Add fastmap control support
for 'UBI_IOCATT' ioctl"). To destroy the fastmap on a old image,
we need to reattach the device in user space.
However, if the UBI driver build in kernel and the UBI volume is
the root partition, the UBI device cannot be reattached in user
space. To disable fastmap in this case, the UBI must provide the
kernel cmdline parameters to disable fastmap during attach.
This patch add 'enable_fm' as 5th module init parameter of mtd=xx to
control fastmap enable or not. When the value is 0, fastmap will not
create and existed fastmap will destroyed for the given ubi device.
Default value is 0.
To enable or disable fastmap during module loading, fm_autoconvert
must be set to non-zero.
+-----------------+---------------+---------------------------+
| \ | enable_fm=0 | enable_fm=1 |
+-----------------+---------------+---------------------------+
|fm_autoconvert=Y | disable fm | enable fm |
+---------------------------------+---------------------------+
|fm_autoconvert=N | disable fm | Enable fastmap if fastmap |
| | | exists on the old image |
+-------------------------------------------------------------+
Example:
# - Attach mtd1 to ubi1, disable fastmap, mtd2 to ubi2, enable
fastmap.
# modprobe ubi mtd=1,0,0,1,0 mtd=2,0,0,2,1 fm_autoconvert=1
# - If 5th parameter is not specified, the value is 0, fastmap is
disable
# modprobe ubi mtd=1 fm_autoconvert=1
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216623
Signed-off-by: ZhaoLong Wang <wangzhaolong1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
There is a memory leaks problem reported by kmemleak:
unreferenced object 0xffff888102007a00 (size 128):
comm "ubirsvol", pid 32090, jiffies 4298464136 (age 2361.231s)
hex dump (first 32 bytes):
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
backtrace:
[<ffffffff8176cecd>] __kmalloc+0x4d/0x150
[<ffffffffa02a9a36>] ubi_eba_create_table+0x76/0x170 [ubi]
[<ffffffffa029764e>] ubi_resize_volume+0x1be/0xbc0 [ubi]
[<ffffffffa02a3321>] ubi_cdev_ioctl+0x701/0x1850 [ubi]
[<ffffffff81975d2d>] __x64_sys_ioctl+0x11d/0x170
[<ffffffff83c142a5>] do_syscall_64+0x35/0x80
[<ffffffff83e0006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
This is due to a mismatch between create and destroy interfaces, and
in detail that "new_eba_tbl" created by ubi_eba_create_table() but
destroyed by kfree(), while will causing "new_eba_tbl->entries" not
freed.
Fix it by replacing kfree(new_eba_tbl) with
ubi_eba_destroy_table(new_eba_tbl)
Fixes: 799dca34ac ("UBI: hide EBA internals")
Signed-off-by: Li Zetao <lizetao1@huawei.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
There is an use-after-free problem reported by KASAN:
==================================================================
BUG: KASAN: use-after-free in ubi_eba_copy_table+0x11f/0x1c0 [ubi]
Read of size 8 at addr ffff888101eec008 by task ubirsvol/4735
CPU: 2 PID: 4735 Comm: ubirsvol
Not tainted 6.1.0-rc1-00003-g84fa3304a7fc-dirty #14
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.14.0-1.fc33 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x34/0x44
print_report+0x171/0x472
kasan_report+0xad/0x130
ubi_eba_copy_table+0x11f/0x1c0 [ubi]
ubi_resize_volume+0x4f9/0xbc0 [ubi]
ubi_cdev_ioctl+0x701/0x1850 [ubi]
__x64_sys_ioctl+0x11d/0x170
do_syscall_64+0x35/0x80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
</TASK>
When ubi_change_vtbl_record() returns an error in ubi_resize_volume(),
"new_eba_tbl" will be freed on error handing path, but it is holded
by "vol->eba_tbl" in ubi_eba_replace_table(). It means that the liftcycle
of "vol->eba_tbl" and "vol" are different, so when resizing volume in
next time, it causing an use-after-free fault.
Fix it by not freeing "new_eba_tbl" after it replaced in
ubi_eba_replace_table(), while will be freed in next volume resizing.
Fixes: 801c135ce7 ("UBI: Unsorted Block Images")
Signed-off-by: Li Zetao <lizetao1@huawei.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
If volume size is not multiple of the sector size 512 a warning is
printed saying that the last non-sector aligned bytes will be ignored.
This should be valid for resizable volumes, but when creating static
volumes which are read only this will always be printed even if the
unaligned data is deliberate.
The message is still valid but the severity should be lowered for static
volumes.
Signed-off-by: Mårten Lindahl <marten.lindahl@axis.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
It is possible that current chip->ecc.engine_type value does not match to
configured HW value (if HW ECC checking and generating is enabled or not).
This can happen with old U-Boot bootloader version which either does not
initialize NAND (and let it in some default unusable state) or initialize
NAND with different parameters than what is specified in kernel DTS file.
So if kernel chose to use some chip->ecc.engine_type settings (e.g. from
DTS file) then do not depend on bootloader HW configuration and configures
HW ECC settings according to chip->ecc.engine_type value.
BR_DECC must be set to BR_DECC_CHK_GEN when HW is doing ECC (both
generating and checking), or to BR_DECC_OFF when HW is not doing ECC.
This change fixes usage of SW ECC support in case bootloader explicitly
enabled HW ECC support and kernel DTS file has specified to use SW ECC.
(Of course this works only in case when NAND is not a boot device and both
bootloader and kernel are loaded from different location, e.g. FLASH NOR.)
Fixes: f6424c22aa ("mtd: rawnand: fsl_elbc: Make SW ECC work")
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20230128134111.32559-1-pali@kernel.org