For the userspace it is needed to distinguish between requests for the
control or streaming interface. The userspace would have to parse the
configfs to know which interface index it has to compare the ctrl
requests against. Since the interface numbers are not fixed, e.g. for
composite gadgets, the interface offset depends on the setup.
The kernel has this information when handing over the ctrl request to
the userspace. This patch removes the offset from the interface numbers
and expose the default interface defines in the uapi g_uvc.h.
Change-Id: Idb6845c962d3da6d2a96c5d5e0083b39e5bba8af
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Link: https://lore.kernel.org/r/20221011075348.1786897-1-m.grzeschik@pengutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: William Wu <william.wu@rock-chips.com>
(cherry picked from commit d182bf156c)
In the specification documents for the Uncompressed and MJPEG USB
Video Payloads, the field name is bmInterlaceFlags - it has been
misnamed within the kernel.
Although renaming the field does break the kernel's interface to
userspace it should be low-risk in this instance. The field is read
only and hardcoded to 0, so there was never any value in anyone
reading it. A search of the uvc-gadget application and all the
forks that I could find for it did not reveal any users either.
Change-Id: I9d9903cebd796443387a40664a753498a10d6e6a
Fixes: cdda479f15 ("USB gadget: video class function driver")
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Signed-off-by: Daniel Scally <dan.scally@ideasonboard.com>
Link: https://lore.kernel.org/r/20221206161203.1562827-1-dan.scally@ideasonboard.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: William Wu <william.wu@rock-chips.com>
(cherry picked from commit 81c25247a2)
This is the 6.1.115 stable release
* tag 'v6.1.115': (2780 commits)
Linux 6.1.115
xfrm: validate new SA's prefixlen using SA family when sel.family is unset
arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning
ACPI: PRM: Clean up guid type in struct prm_handler_info
platform/x86: dell-wmi: Ignore suspend notifications
ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()
net: phy: dp83822: Fix reset pin definitions
serial: protect uart_port_dtr_rts() in uart_shutdown() too
selinux: improve error checking in sel_write_load()
drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too
hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event
xfrm: fix one more kernel-infoleak in algo dumping
LoongArch: Get correct cores_per_package for SMT systems
ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
KVM: arm64: Don't eagerly teardown the vgic on init error
KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
openat2: explicitly return -E2BIG for (usize > PAGE_SIZE)
nilfs2: fix kernel bug due to missing clearing of buffer delay flag
ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue
ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context
...
Change-Id: Iee600c49a5c914b79141c62cda38e787e429a167
Conflicts:
arch/arm64/boot/dts/rockchip/rk356x.dtsi
drivers/gpio/gpio-rockchip.c
drivers/gpu/drm/bridge/analogix/analogix_dp_reg.c
drivers/gpu/drm/rockchip/rockchip_drm_vop.c
drivers/gpu/drm/rockchip/rockchip_drm_vop.h
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
drivers/gpu/drm/rockchip/rockchip_vop_reg.c
drivers/media/i2c/imx335.c
drivers/pci/controller/dwc/pcie-dw-rockchip.c
drivers/spi/spi-rockchip.c
drivers/spi/spidev.c
drivers/usb/dwc3/gadget.c
drivers/usb/host/xhci.h
Merge from kernel-5.10
media: rockchip: isp: fix isp33 unite error for fastboot
media: rockchip: isp: fix unite mode for fast
media: rockchip: isp: output stream burst 16 for isp33
media: rockchip: isp: write burst adjust to 8 for isp33
media: rockchip: isp: fix free bay3d buf fd to get again fail
media: rockchip: isp: wait aiq params for isp33 fast
media: rockchip: isp: fix multi switch to online no work for fast
media: rockchip: isp: isp33 change input to 4 align
media: rockchip: isp: fix isp33 multi online resume
media: rockchip: isp: drop 2 frame if rockit switch resolution
media: rockchip: isp: disable isp33 dma write gather
media: rockchip: isp: fix isp33 multi sensor resume
media: rockchip: isp: isp33 add api to get params
media: rockchip: isp: fix isp33 unite switch online for fast
media: rockchip: isp: w3a overflow check for isp33
media: rockchip: isp: fix isp33 params sram config
media: rockchip: isp: fix memory leak
media: rockchip: isp: add sync for multi online mode
media: rockchip: isp: limit bp crop and scl for isp33
media: rockchip: isp: fix hold at register irq if mcu still running
media: rockchip: isp: enable bay3d FST_FRAME if change bypass
media: rockchip: isp: fix 4k unite effect
media: rockchip: isp: add api for raw buf cnt and hdr wrap
media: rockchip: isp: fix resume for multi online mode
media: rockchip: isp: frame start irq to send dvbm event
media: rockchip: isp: fix hist for isp33 unite mode
media: rockchip: isp: fix buf update for multi online mode
media: rockchip: isp: resume early for isp33
media: rockchip: isp: fix rd_mode for vicap to send buf
media: rockchip: isp: fix fast stop no to clean flag
media: rockchip: isp: fix isp2enc wrap for isp33 fast
media: rockchip: isp: support online hdr wrap for isp33
media: rockchip: isp: support unite online for isp33
media: rockchip: isp: support two sensor online for isp33
media: rockchip: isp: support mirror for wrap mode
media: rockchip: isp: more mode for vicap to isp
media: rockchip: isp: add isp2enc frame count to rockit
media: rockchip: isp: add rv1103b config
media: rockchip: isp: add isp33
media: rockchip: isp: fix rockit switch resolution
media: rockchip: isp: fix params buffersize for tb case
media: rockchip: isp: fix isp32 bp no output if suspend
media: rockchip: isp: rockit buf add offset
Change-Id: I7d3720165e9fb045e88be34c2f58fe83c0f700bc
Signed-off-by: Cai YiWei <cyw@rock-chips.com>
[ Upstream commit 09d88791c7cd888d5195c84733caf9183dcfbd16 ]
The bpf_redirect_info is shared between the SKB and XDP redirect paths,
and the two paths use the same numeric flag values in the ri->flags
field (specifically, BPF_F_BROADCAST == BPF_F_NEXTHOP). This means that
if skb bpf_redirect_neigh() is used with a non-NULL params argument and,
subsequently, an XDP redirect is performed using the same
bpf_redirect_info struct, the XDP path will get confused and end up
crashing, which syzbot managed to trigger.
With the stack-allocated bpf_redirect_info, the structure is no longer
shared between the SKB and XDP paths, so the crash doesn't happen
anymore. However, different code paths using identically-numbered flag
values in the same struct field still seems like a bit of a mess, so
this patch cleans that up by moving the flag definitions together and
redefining the three flags in BPF_F_REDIRECT_INTERNAL to not overlap
with the flags used for XDP. It also adds a BUILD_BUG_ON() check to make
sure the overlap is not re-introduced by mistake.
Fixes: e624d4ed4a ("xdp: Extend xdp_redirect_map with broadcast support")
Reported-by: syzbot+cca39e6e84a367a7e6f6@syzkaller.appspotmail.com
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Closes: https://syzkaller.appspot.com/bug?extid=cca39e6e84a367a7e6f6
Link: https://lore.kernel.org/bpf/20240920125625.59465-1-toke@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
This is the 6.1.99 stable release
* tag 'v6.1.99': (1975 commits)
Linux 6.1.99
Revert "usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB"
Linux 6.1.98
nilfs2: fix incorrect inode allocation from reserved inodes
null_blk: Do not allow runt zone with zone capacity smaller then zone size
spi: cadence: Ensure data lines set to low during dummy-cycle period
nfc/nci: Add the inconsistency check between the input data length and count
kbuild: fix short log for AS in link-vmlinux.sh
nvmet: fix a possible leak when destroy a ctrl during qp establishment
platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro
platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet
regmap-i2c: Subtract reg size from max_write
nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset
dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails
nvme-multipath: find NUMA path only for online numa-node
ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897
fs/ntfs3: Mark volume as dirty if xattr is broken
i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr
clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg
clk: mediatek: clk-mtk: Register MFG notifier in mtk_clk_simple_probe()
...
Change-Id: Ibf9c2caa3bbffb7a960e82ec6c2b0b497753778c
Conflicts:
arch/arm64/boot/dts/rockchip/rk3328.dtsi
drivers/gpu/drm/rockchip/rockchip_drm_vop2.c
drivers/phy/rockchip/phy-rockchip-snps-pcie3.c
drivers/pinctrl/pinctrl-rockchip.c
drivers/usb/gadget/function/u_audio.c
include/linux/usb/quirks.h
mm/cma.c
sound/soc/rockchip/rockchip_i2s_tdm.c
commit 599f6899051cb70c4e0aa9fd591b9ee220cb6f14 upstream.
The cec_msg_set_reply_to() helper function never zeroed the
struct cec_msg flags field, this can cause unexpected behavior
if flags was uninitialized to begin with.
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Fixes: 0dbacebede ("[media] cec: move the CEC framework out of staging and to media")
Cc: <stable@vger.kernel.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit d0941130c9 upstream.
There are multiple ICMP rate limiting mechanisms:
* Global limits: net.ipv4.icmp_msgs_burst/icmp_msgs_per_sec
* v4 per-host limits: net.ipv4.icmp_ratelimit/ratemask
* v6 per-host limits: net.ipv6.icmp_ratelimit/ratemask
However, when ICMP output is limited, there is no way to tell
which limit has been hit or even if the limits are responsible
for the lack of ICMP output.
Add counters for each of the cases above. As we are within
local_bh_disable(), use the __INC stats variant.
Example output:
# nstat -sz "*RateLimit*"
IcmpOutRateLimitGlobal 134 0.0
IcmpOutRateLimitHost 770 0.0
Icmp6OutRateLimitHost 84 0.0
Signed-off-by: Jamie Bainbridge <jamie.bainbridge@gmail.com>
Suggested-by: Abhishek Rawal <rawal.abhishek92@gmail.com>
Link: https://lore.kernel.org/r/273b32241e6b7fdc5c609e6f5ebc68caf3994342.1674605770.git.jamie.bainbridge@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5cadfbd5a1 upstream.
Add an init flag idicating whether the FUSE_EXPIRE_ONLY flag of
FUSE_NOTIFY_INVAL_ENTRY is effective.
This is needed for backports of this feature, otherwise the server could
just check the protocol version.
Fixes: 4f8d37020e ("fuse: add "expire only" mode to FUSE_NOTIFY_INVAL_ENTRY")
Cc: <stable@vger.kernel.org> # v6.2
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 15d937d7ca ]
Will need to add supplementary groups to create messages, so add the
general concept of a request extension. A request extension is appended to
the end of the main request. It has a header indicating the size and type
of the extension.
The create security context (fuse_secctx_*) is similar to the generic
request extension, so include that as well in a backward compatible manner.
Add the total extension length to the request header. The offset of the
extension block within the request can be calculated by:
inh->len - inh->total_extlen * 8
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Stable-dep-of: 3002240d1649 ("fuse: fix memory leak in fuse_create_open")
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 153524053b ]
In general, as of now, in FUSE, direct writes on the same file are
serialized over inode lock i.e we hold inode lock for the full duration of
the write request. I could not find in fuse code and git history a comment
which clearly explains why this exclusive lock is taken for direct writes.
Following might be the reasons for acquiring an exclusive lock but not be
limited to
1) Our guess is some USER space fuse implementations might be relying on
this lock for serialization.
2) The lock protects against file read/write size races.
3) Ruling out any issues arising from partial write failures.
This patch relaxes the exclusive lock for direct non-extending writes only.
File size extending writes might not need the lock either, but we are not
entirely sure if there is a risk to introduce any kind of regression.
Furthermore, benchmarking with fio does not show a difference between patch
versions that take on file size extension a) an exclusive lock and b) a
shared lock.
A possible example of an issue with i_size extending writes are write error
cases. Some writes might succeed and others might fail for file system
internal reasons - for example ENOSPACE. With parallel file size extending
writes it _might_ be difficult to revert the action of the failing write,
especially to restore the right i_size.
With these changes, we allow non-extending parallel direct writes on the
same file with the help of a flag called FOPEN_PARALLEL_DIRECT_WRITES. If
this flag is set on the file (flag is passed from libfuse to fuse kernel as
part of file open/create), we do not take exclusive lock anymore, but
instead use a shared lock that allows non-extending writes to run in
parallel. FUSE implementations which rely on this inode lock for
serialization can continue to do so and serialized direct writes are still
the default. Implementations that do not do write serialization need to be
updated and need to set the FOPEN_PARALLEL_DIRECT_WRITES flag in their file
open/create reply.
On patch review there were concerns that network file systems (or vfs
multiple mounts of the same file system) might have issues with parallel
writes. We believe this is not the case, as this is just a local lock,
which network file systems could not rely on anyway. I.e. this lock is
just for local consistency.
Signed-off-by: Dharmendra Singh <dsingh@ddn.com>
Signed-off-by: Bernd Schubert <bschubert@ddn.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Stable-dep-of: 3002240d1649 ("fuse: fix memory leak in fuse_create_open")
Signed-off-by: Sasha Levin <sashal@kernel.org>
