media: imx8-isi-cap: workaround of v4l2_subdev_format bad initialization#17
Open
Scott31393 wants to merge 1 commit intonxp-imx:lf-6.6.yfrom
Open
media: imx8-isi-cap: workaround of v4l2_subdev_format bad initialization#17Scott31393 wants to merge 1 commit intonxp-imx:lf-6.6.yfrom
Scott31393 wants to merge 1 commit intonxp-imx:lf-6.6.yfrom
Conversation
struct v4l2_subdev_format change from kernel 6.1.22 with a new stream field. This is not initialized into the imx8-isi-cap nxp driver and once you try to stream something check_state() of drivers/media/v4l2-core/v4l2-subdev.c return -EINVAL into the following statement: if (stream != 0) return -EINVAL; Let's initialize also this missing field into mxc_isi_source_fmt_init() to avoid the following error that prevent user to stream on ISI path: mxc_isi.0: set remote fmt fail! Signed-off-by: Tommaso Merciai <tomm.merciai@gmail.com> Signed-off-by: Tommaso Merciai <tommaso.merciai@avnet.eu>
Overdr0ne
pushed a commit
to Overdr0ne/linux-imx
that referenced
this pull request
Jul 28, 2025
ossaleem
pushed a commit
to AirLinkOS/linux-imx
that referenced
this pull request
Apr 27, 2026
[ Upstream commit a154f5f ] The following call trace shows a deadlock issue due to recursive locking of mutex "device_mutex". First lock acquire is in target_for_each_device() and second in target_free_device(). PID: 148266 TASK: ffff8be21ffb5d00 CPU: 10 COMMAND: "iscsi_ttx" #0 [ffffa2bfc9ec3b18] __schedule at ffffffffa8060e7f #1 [ffffa2bfc9ec3ba0] schedule at ffffffffa8061224 nxp-imx#2 [ffffa2bfc9ec3bb8] schedule_preempt_disabled at ffffffffa80615ee nxp-imx#3 [ffffa2bfc9ec3bc8] __mutex_lock at ffffffffa8062fd7 nxp-imx#4 [ffffa2bfc9ec3c40] __mutex_lock_slowpath at ffffffffa80631d3 nxp-imx#5 [ffffa2bfc9ec3c50] mutex_lock at ffffffffa806320c nxp-imx#6 [ffffa2bfc9ec3c68] target_free_device at ffffffffc0935998 [target_core_mod] nxp-imx#7 [ffffa2bfc9ec3c90] target_core_dev_release at ffffffffc092f975 [target_core_mod] nxp-imx#8 [ffffa2bfc9ec3ca0] config_item_put at ffffffffa79d250f nxp-imx#9 [ffffa2bfc9ec3cd0] config_item_put at ffffffffa79d2583 nxp-imx#10 [ffffa2bfc9ec3ce0] target_devices_idr_iter at ffffffffc0933f3a [target_core_mod] nxp-imx#11 [ffffa2bfc9ec3d00] idr_for_each at ffffffffa803f6fc nxp-imx#12 [ffffa2bfc9ec3d60] target_for_each_device at ffffffffc0935670 [target_core_mod] nxp-imx#13 [ffffa2bfc9ec3d98] transport_deregister_session at ffffffffc0946408 [target_core_mod] nxp-imx#14 [ffffa2bfc9ec3dc8] iscsit_close_session at ffffffffc09a44a6 [iscsi_target_mod] nxp-imx#15 [ffffa2bfc9ec3df0] iscsit_close_connection at ffffffffc09a4a88 [iscsi_target_mod] nxp-imx#16 [ffffa2bfc9ec3df8] finish_task_switch at ffffffffa76e5d07 nxp-imx#17 [ffffa2bfc9ec3e78] iscsit_take_action_for_connection_exit at ffffffffc0991c23 [iscsi_target_mod] nxp-imx#18 [ffffa2bfc9ec3ea0] iscsi_target_tx_thread at ffffffffc09a403b [iscsi_target_mod] nxp-imx#19 [ffffa2bfc9ec3f08] kthread at ffffffffa76d8080 nxp-imx#20 [ffffa2bfc9ec3f50] ret_from_fork at ffffffffa8200364 Fixes: 36d4cb4 ("scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion") Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com> Link: https://lore.kernel.org/r/20230918225848.66463-1-junxiao.bi@oracle.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
ossaleem
pushed a commit
to AirLinkOS/linux-imx
that referenced
this pull request
Apr 28, 2026
[ Upstream commit e3e82fc ] When creating ceq_0 during probing irdma, cqp.sc_cqp will be sent as a cqp_request to cqp->sc_cqp.sq_ring. If the request is pending when removing the irdma driver or unplugging its aux device, cqp.sc_cqp will be dereferenced as wrong struct in irdma_free_pending_cqp_request(). PID: 3669 TASK: ffff88aef892c000 CPU: 28 COMMAND: "kworker/28:0" #0 [fffffe0000549e38] crash_nmi_callback at ffffffff810e3a34 #1 [fffffe0000549e40] nmi_handle at ffffffff810788b2 nxp-imx#2 [fffffe0000549ea0] default_do_nmi at ffffffff8107938f nxp-imx#3 [fffffe0000549eb8] do_nmi at ffffffff81079582 nxp-imx#4 [fffffe0000549ef0] end_repeat_nmi at ffffffff82e016b4 [exception RIP: native_queued_spin_lock_slowpath+1291] RIP: ffffffff8127e72b RSP: ffff88aa841ef778 RFLAGS: 00000046 RAX: 0000000000000000 RBX: ffff88b01f849700 RCX: ffffffff8127e47e RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff83857ec0 RBP: ffff88afe3e4efc8 R8: ffffed15fc7c9dfa R9: ffffed15fc7c9dfa R10: 0000000000000001 R11: ffffed15fc7c9df9 R12: 0000000000740000 R13: ffff88b01f849708 R14: 0000000000000003 R15: ffffed1603f092e1 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0000 -- <NMI exception stack> -- nxp-imx#5 [ffff88aa841ef778] native_queued_spin_lock_slowpath at ffffffff8127e72b nxp-imx#6 [ffff88aa841ef7b0] _raw_spin_lock_irqsave at ffffffff82c22aa4 nxp-imx#7 [ffff88aa841ef7c8] __wake_up_common_lock at ffffffff81257363 nxp-imx#8 [ffff88aa841ef888] irdma_free_pending_cqp_request at ffffffffa0ba12cc [irdma] nxp-imx#9 [ffff88aa841ef958] irdma_cleanup_pending_cqp_op at ffffffffa0ba1469 [irdma] nxp-imx#10 [ffff88aa841ef9c0] irdma_ctrl_deinit_hw at ffffffffa0b2989f [irdma] nxp-imx#11 [ffff88aa841efa28] irdma_remove at ffffffffa0b252df [irdma] nxp-imx#12 [ffff88aa841efae8] auxiliary_bus_remove at ffffffff8219afdb nxp-imx#13 [ffff88aa841efb00] device_release_driver_internal at ffffffff821882e6 nxp-imx#14 [ffff88aa841efb38] bus_remove_device at ffffffff82184278 nxp-imx#15 [ffff88aa841efb88] device_del at ffffffff82179d23 nxp-imx#16 [ffff88aa841efc48] ice_unplug_aux_dev at ffffffffa0eb1c14 [ice] nxp-imx#17 [ffff88aa841efc68] ice_service_task at ffffffffa0d88201 [ice] nxp-imx#18 [ffff88aa841efde8] process_one_work at ffffffff811c589a nxp-imx#19 [ffff88aa841efe60] worker_thread at ffffffff811c71ff nxp-imx#20 [ffff88aa841eff10] kthread at ffffffff811d87a0 nxp-imx#21 [ffff88aa841eff50] ret_from_fork at ffffffff82e0022f Fixes: 44d9e52 ("RDMA/irdma: Implement device initialization definitions") Link: https://lore.kernel.org/r/20231130081415.891006-1-lishifeng@sangfor.com.cn Suggested-by: "Ismail, Mustafa" <mustafa.ismail@intel.com> Signed-off-by: Shifeng Li <lishifeng@sangfor.com.cn> Reviewed-by: Shiraz Saleem <shiraz.saleem@intel.com> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
ossaleem
pushed a commit
to AirLinkOS/linux-imx
that referenced
this pull request
Apr 29, 2026
[ Upstream commit f8bbc07 ] vhost_worker will call tun call backs to receive packets. If too many illegal packets arrives, tun_do_read will keep dumping packet contents. When console is enabled, it will costs much more cpu time to dump packet and soft lockup will be detected. net_ratelimit mechanism can be used to limit the dumping rate. PID: 33036 TASK: ffff949da6f20000 CPU: 23 COMMAND: "vhost-32980" #0 [fffffe00003fce50] crash_nmi_callback at ffffffff89249253 #1 [fffffe00003fce58] nmi_handle at ffffffff89225fa3 nxp-imx#2 [fffffe00003fceb0] default_do_nmi at ffffffff8922642e nxp-imx#3 [fffffe00003fced0] do_nmi at ffffffff8922660d nxp-imx#4 [fffffe00003fcef0] end_repeat_nmi at ffffffff89c01663 [exception RIP: io_serial_in+20] RIP: ffffffff89792594 RSP: ffffa655314979e8 RFLAGS: 00000002 RAX: ffffffff89792500 RBX: ffffffff8af428a0 RCX: 0000000000000000 RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8af428a0 RBP: 0000000000002710 R8: 0000000000000004 R9: 000000000000000f R10: 0000000000000000 R11: ffffffff8acbf64f R12: 0000000000000020 R13: ffffffff8acbf698 R14: 0000000000000058 R15: 0000000000000000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 nxp-imx#5 [ffffa655314979e8] io_serial_in at ffffffff89792594 nxp-imx#6 [ffffa655314979e8] wait_for_xmitr at ffffffff89793470 nxp-imx#7 [ffffa65531497a08] serial8250_console_putchar at ffffffff897934f6 nxp-imx#8 [ffffa65531497a20] uart_console_write at ffffffff8978b605 nxp-imx#9 [ffffa65531497a48] serial8250_console_write at ffffffff89796558 nxp-imx#10 [ffffa65531497ac8] console_unlock at ffffffff89316124 nxp-imx#11 [ffffa65531497b10] vprintk_emit at ffffffff89317c07 nxp-imx#12 [ffffa65531497b68] printk at ffffffff89318306 nxp-imx#13 [ffffa65531497bc8] print_hex_dump at ffffffff89650765 nxp-imx#14 [ffffa65531497ca8] tun_do_read at ffffffffc0b06c27 [tun] nxp-imx#15 [ffffa65531497d38] tun_recvmsg at ffffffffc0b06e34 [tun] nxp-imx#16 [ffffa65531497d68] handle_rx at ffffffffc0c5d682 [vhost_net] nxp-imx#17 [ffffa65531497ed0] vhost_worker at ffffffffc0c644dc [vhost] nxp-imx#18 [ffffa65531497f10] kthread at ffffffff892d2e72 nxp-imx#19 [ffffa65531497f50] ret_from_fork at ffffffff89c0022f Fixes: ef3db4a ("tun: avoid BUG, dump packet on GSO errors") Signed-off-by: Lei Chen <lei.chen@smartx.com> Reviewed-by: Willem de Bruijn <willemb@google.com> Acked-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Link: https://lore.kernel.org/r/20240415020247.2207781-1-lei.chen@smartx.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
ossaleem
pushed a commit
to AirLinkOS/linux-imx
that referenced
this pull request
Apr 29, 2026
[ Upstream commit 769e6a1 ] ui_browser__show() is capturing the input title that is stack allocated memory in hist_browser__run(). Avoid a use after return by strdup-ing the string. Committer notes: Further explanation from Ian Rogers: My command line using tui is: $ sudo bash -c 'rm /tmp/asan.log*; export ASAN_OPTIONS="log_path=/tmp/asan.log"; /tmp/perf/perf mem record -a sleep 1; /tmp/perf/perf mem report' I then go to the perf annotate view and quit. This triggers the asan error (from the log file): ``` ==1254591==ERROR: AddressSanitizer: stack-use-after-return on address 0x7f2813331920 at pc 0x7f28180 65991 bp 0x7fff0a21c750 sp 0x7fff0a21bf10 READ of size 80 at 0x7f2813331920 thread T0 #0 0x7f2818065990 in __interceptor_strlen ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:461 #1 0x7f2817698251 in SLsmg_write_wrapped_string (/lib/x86_64-linux-gnu/libslang.so.2+0x98251) nxp-imx#2 0x7f28176984b9 in SLsmg_write_nstring (/lib/x86_64-linux-gnu/libslang.so.2+0x984b9) nxp-imx#3 0x55c94045b365 in ui_browser__write_nstring ui/browser.c:60 nxp-imx#4 0x55c94045c558 in __ui_browser__show_title ui/browser.c:266 nxp-imx#5 0x55c94045c776 in ui_browser__show ui/browser.c:288 nxp-imx#6 0x55c94045c06d in ui_browser__handle_resize ui/browser.c:206 nxp-imx#7 0x55c94047979b in do_annotate ui/browsers/hists.c:2458 nxp-imx#8 0x55c94047fb17 in evsel__hists_browse ui/browsers/hists.c:3412 nxp-imx#9 0x55c940480a0c in perf_evsel_menu__run ui/browsers/hists.c:3527 nxp-imx#10 0x55c940481108 in __evlist__tui_browse_hists ui/browsers/hists.c:3613 nxp-imx#11 0x55c9404813f7 in evlist__tui_browse_hists ui/browsers/hists.c:3661 nxp-imx#12 0x55c93ffa253f in report__browse_hists tools/perf/builtin-report.c:671 nxp-imx#13 0x55c93ffa58ca in __cmd_report tools/perf/builtin-report.c:1141 nxp-imx#14 0x55c93ffaf159 in cmd_report tools/perf/builtin-report.c:1805 nxp-imx#15 0x55c94000c05c in report_events tools/perf/builtin-mem.c:374 nxp-imx#16 0x55c94000d96d in cmd_mem tools/perf/builtin-mem.c:516 nxp-imx#17 0x55c9400e44ee in run_builtin tools/perf/perf.c:350 nxp-imx#18 0x55c9400e4a5a in handle_internal_command tools/perf/perf.c:403 nxp-imx#19 0x55c9400e4e22 in run_argv tools/perf/perf.c:447 nxp-imx#20 0x55c9400e53ad in main tools/perf/perf.c:561 nxp-imx#21 0x7f28170456c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 nxp-imx#22 0x7f2817045784 in __libc_start_main_impl ../csu/libc-start.c:360 nxp-imx#23 0x55c93ff544c0 in _start (/tmp/perf/perf+0x19a4c0) (BuildId: 84899b0e8c7d3a3eaa67b2eb35e3d8b2f8cd4c93) Address 0x7f2813331920 is located in stack of thread T0 at offset 32 in frame #0 0x55c94046e85e in hist_browser__run ui/browsers/hists.c:746 This frame has 1 object(s): [32, 192) 'title' (line 747) <== Memory access at offset 32 is inside this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork ``` hist_browser__run isn't on the stack so the asan error looks legit. There's no clean init/exit on struct ui_browser so I may be trading a use-after-return for a memory leak, but that seems look a good trade anyway. Fixes: 05e8b08 ("perf ui browser: Stop using 'self'") Signed-off-by: Ian Rogers <irogers@google.com> Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Andi Kleen <ak@linux.intel.com> Cc: Athira Rajeev <atrajeev@linux.vnet.ibm.com> Cc: Ben Gainey <ben.gainey@arm.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: James Clark <james.clark@arm.com> Cc: Jiri Olsa <jolsa@kernel.org> Cc: Kajol Jain <kjain@linux.ibm.com> Cc: Kan Liang <kan.liang@linux.intel.com> Cc: K Prateek Nayak <kprateek.nayak@amd.com> Cc: Li Dong <lidong@vivo.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Namhyung Kim <namhyung@kernel.org> Cc: Oliver Upton <oliver.upton@linux.dev> Cc: Paran Lee <p4ranlee@gmail.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Ravi Bangoria <ravi.bangoria@amd.com> Cc: Sun Haiyong <sunhaiyong@loongson.cn> Cc: Tim Chen <tim.c.chen@linux.intel.com> Cc: Yanteng Si <siyanteng@loongson.cn> Cc: Yicong Yang <yangyicong@hisilicon.com> Link: https://lore.kernel.org/r/20240507183545.1236093-2-irogers@google.com Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
ossaleem
pushed a commit
to AirLinkOS/linux-imx
that referenced
this pull request
Apr 29, 2026
commit be346c1 upstream. The code in ocfs2_dio_end_io_write() estimates number of necessary transaction credits using ocfs2_calc_extend_credits(). This however does not take into account that the IO could be arbitrarily large and can contain arbitrary number of extents. Extent tree manipulations do often extend the current transaction but not in all of the cases. For example if we have only single block extents in the tree, ocfs2_mark_extent_written() will end up calling ocfs2_replace_extent_rec() all the time and we will never extend the current transaction and eventually exhaust all the transaction credits if the IO contains many single block extents. Once that happens a WARN_ON(jbd2_handle_buffer_credits(handle) <= 0) is triggered in jbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to this error. This was actually triggered by one of our customers on a heavily fragmented OCFS2 filesystem. To fix the issue make sure the transaction always has enough credits for one extent insert before each call of ocfs2_mark_extent_written(). Heming Zhao said: ------ PANIC: "Kernel panic - not syncing: OCFS2: (device dm-1): panic forced after error" PID: xxx TASK: xxxx CPU: 5 COMMAND: "SubmitThread-CA" #0 machine_kexec at ffffffff8c069932 #1 __crash_kexec at ffffffff8c1338fa nxp-imx#2 panic at ffffffff8c1d69b9 nxp-imx#3 ocfs2_handle_error at ffffffffc0c86c0c [ocfs2] nxp-imx#4 __ocfs2_abort at ffffffffc0c88387 [ocfs2] nxp-imx#5 ocfs2_journal_dirty at ffffffffc0c51e98 [ocfs2] nxp-imx#6 ocfs2_split_extent at ffffffffc0c27ea3 [ocfs2] nxp-imx#7 ocfs2_change_extent_flag at ffffffffc0c28053 [ocfs2] nxp-imx#8 ocfs2_mark_extent_written at ffffffffc0c28347 [ocfs2] nxp-imx#9 ocfs2_dio_end_io_write at ffffffffc0c2bef9 [ocfs2] nxp-imx#10 ocfs2_dio_end_io at ffffffffc0c2c0f5 [ocfs2] nxp-imx#11 dio_complete at ffffffff8c2b9fa7 nxp-imx#12 do_blockdev_direct_IO at ffffffff8c2bc09f nxp-imx#13 ocfs2_direct_IO at ffffffffc0c2b653 [ocfs2] nxp-imx#14 generic_file_direct_write at ffffffff8c1dcf14 nxp-imx#15 __generic_file_write_iter at ffffffff8c1dd07b nxp-imx#16 ocfs2_file_write_iter at ffffffffc0c49f1f [ocfs2] nxp-imx#17 aio_write at ffffffff8c2cc72e nxp-imx#18 kmem_cache_alloc at ffffffff8c248dde nxp-imx#19 do_io_submit at ffffffff8c2ccada nxp-imx#20 do_syscall_64 at ffffffff8c004984 nxp-imx#21 entry_SYSCALL_64_after_hwframe at ffffffff8c8000ba Link: https://lkml.kernel.org/r/20240617095543.6971-1-jack@suse.cz Link: https://lkml.kernel.org/r/20240614145243.8837-1-jack@suse.cz Fixes: c15471f ("ocfs2: fix sparse file & data ordering issue in direct io") Signed-off-by: Jan Kara <jack@suse.cz> Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com> Reviewed-by: Heming Zhao <heming.zhao@suse.com> Cc: Mark Fasheh <mark@fasheh.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Changwei Ge <gechangwei@live.cn> Cc: Gang He <ghe@suse.com> Cc: Jun Piao <piaojun@huawei.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
ossaleem
pushed a commit
to AirLinkOS/linux-imx
that referenced
this pull request
May 2, 2026
[ Upstream commit a699781 ] A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: [exception RIP: qed_get_current_link+17] nxp-imx#8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede] nxp-imx#9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3 nxp-imx#10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4 nxp-imx#11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300 nxp-imx#12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c nxp-imx#13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b nxp-imx#14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3 nxp-imx#15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1 nxp-imx#16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f nxp-imx#17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb crash> struct net_device.state ffff9a9d21336000 state = 5, state 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100). The device is not present, note lack of __LINK_STATE_PRESENT (0b10). This is the same sort of panic as observed in commit 4224cfd ("net-sysfs: add check for netdevice being present to speed_show"). There are many other callers of __ethtool_get_link_ksettings() which don't have a device presence check. Move this check into ethtool to protect all callers. Fixes: d519e17 ("net: export device speed and duplex via sysfs") Fixes: 4224cfd ("net-sysfs: add check for netdevice being present to speed_show") Signed-off-by: Jamie Bainbridge <jamie.bainbridge@gmail.com> Link: https://patch.msgid.link/8bae218864beaa44ed01628140475b9bf641c5b0.1724393671.git.jamie.bainbridge@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
ossaleem
pushed a commit
to AirLinkOS/linux-imx
that referenced
this pull request
May 2, 2026
[ Upstream commit dc09f00 ] During noirq suspend phase the Raspberry Pi power driver suffer of firmware property timeouts. The reason is that the IRQ of the underlying BCM2835 mailbox is disabled and rpi_firmware_property_list() will always run into a timeout [1]. Since the VideoCore side isn't consider as a wakeup source, set the IRQF_NO_SUSPEND flag for the mailbox IRQ in order to keep it enabled during suspend-resume cycle. [1] PM: late suspend of devices complete after 1.754 msecs WARNING: CPU: 0 PID: 438 at drivers/firmware/raspberrypi.c:128 rpi_firmware_property_list+0x204/0x22c Firmware transaction 0x00028001 timeout Modules linked in: CPU: 0 PID: 438 Comm: bash Tainted: G C 6.9.3-dirty nxp-imx#17 Hardware name: BCM2835 Call trace: unwind_backtrace from show_stack+0x18/0x1c show_stack from dump_stack_lvl+0x34/0x44 dump_stack_lvl from __warn+0x88/0xec __warn from warn_slowpath_fmt+0x7c/0xb0 warn_slowpath_fmt from rpi_firmware_property_list+0x204/0x22c rpi_firmware_property_list from rpi_firmware_property+0x68/0x8c rpi_firmware_property from rpi_firmware_set_power+0x54/0xc0 rpi_firmware_set_power from _genpd_power_off+0xe4/0x148 _genpd_power_off from genpd_sync_power_off+0x7c/0x11c genpd_sync_power_off from genpd_finish_suspend+0xcc/0xe0 genpd_finish_suspend from dpm_run_callback+0x78/0xd0 dpm_run_callback from device_suspend_noirq+0xc0/0x238 device_suspend_noirq from dpm_suspend_noirq+0xb0/0x168 dpm_suspend_noirq from suspend_devices_and_enter+0x1b8/0x5ac suspend_devices_and_enter from pm_suspend+0x254/0x2e4 pm_suspend from state_store+0xa8/0xd4 state_store from kernfs_fop_write_iter+0x154/0x1a0 kernfs_fop_write_iter from vfs_write+0x12c/0x184 vfs_write from ksys_write+0x78/0xc0 ksys_write from ret_fast_syscall+0x0/0x54 Exception stack(0xcc93dfa8 to 0xcc93dff0) [...] PM: noirq suspend of devices complete after 3095.584 msecs Link: raspberrypi/firmware#1894 Fixes: 0bae6af ("mailbox: Enable BCM2835 mailbox support") Signed-off-by: Stefan Wahren <wahrenst@gmx.net> Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com> Signed-off-by: Jassi Brar <jassisinghbrar@gmail.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
ossaleem
pushed a commit
to AirLinkOS/linux-imx
that referenced
this pull request
May 2, 2026
commit 9af2efe upstream. The fields in the hist_entry are filled on-demand which means they only have meaningful values when relevant sort keys are used. So if neither of 'dso' nor 'sym' sort keys are used, the map/symbols in the hist entry can be garbage. So it shouldn't access it unconditionally. I got a segfault, when I wanted to see cgroup profiles. $ sudo perf record -a --all-cgroups --synth=cgroup true $ sudo perf report -s cgroup Program received signal SIGSEGV, Segmentation fault. 0x00005555557a8d90 in map__dso (map=0x0) at util/map.h:48 48 return RC_CHK_ACCESS(map)->dso; (gdb) bt #0 0x00005555557a8d90 in map__dso (map=0x0) at util/map.h:48 #1 0x00005555557aa39b in map__load (map=0x0) at util/map.c:344 nxp-imx#2 0x00005555557aa592 in map__find_symbol (map=0x0, addr=140736115941088) at util/map.c:385 nxp-imx#3 0x00005555557ef000 in hists__findnew_entry (hists=0x555556039d60, entry=0x7fffffffa4c0, al=0x7fffffffa8c0, sample_self=true) at util/hist.c:644 nxp-imx#4 0x00005555557ef61c in __hists__add_entry (hists=0x555556039d60, al=0x7fffffffa8c0, sym_parent=0x0, bi=0x0, mi=0x0, ki=0x0, block_info=0x0, sample=0x7fffffffaa90, sample_self=true, ops=0x0) at util/hist.c:761 nxp-imx#5 0x00005555557ef71f in hists__add_entry (hists=0x555556039d60, al=0x7fffffffa8c0, sym_parent=0x0, bi=0x0, mi=0x0, ki=0x0, sample=0x7fffffffaa90, sample_self=true) at util/hist.c:779 nxp-imx#6 0x00005555557f00fb in iter_add_single_normal_entry (iter=0x7fffffffa900, al=0x7fffffffa8c0) at util/hist.c:1015 nxp-imx#7 0x00005555557f09a7 in hist_entry_iter__add (iter=0x7fffffffa900, al=0x7fffffffa8c0, max_stack_depth=127, arg=0x7fffffffbce0) at util/hist.c:1260 nxp-imx#8 0x00005555555ba7ce in process_sample_event (tool=0x7fffffffbce0, event=0x7ffff7c14128, sample=0x7fffffffaa90, evsel=0x555556039ad0, machine=0x5555560388e8) at builtin-report.c:334 nxp-imx#9 0x00005555557b30c8 in evlist__deliver_sample (evlist=0x555556039010, tool=0x7fffffffbce0, event=0x7ffff7c14128, sample=0x7fffffffaa90, evsel=0x555556039ad0, machine=0x5555560388e8) at util/session.c:1232 nxp-imx#10 0x00005555557b32bc in machines__deliver_event (machines=0x5555560388e8, evlist=0x555556039010, event=0x7ffff7c14128, sample=0x7fffffffaa90, tool=0x7fffffffbce0, file_offset=110888, file_path=0x555556038ff0 "perf.data") at util/session.c:1271 nxp-imx#11 0x00005555557b3848 in perf_session__deliver_event (session=0x5555560386d0, event=0x7ffff7c14128, tool=0x7fffffffbce0, file_offset=110888, file_path=0x555556038ff0 "perf.data") at util/session.c:1354 nxp-imx#12 0x00005555557affaf in ordered_events__deliver_event (oe=0x555556038e60, event=0x555556135aa0) at util/session.c:132 nxp-imx#13 0x00005555557bb605 in do_flush (oe=0x555556038e60, show_progress=false) at util/ordered-events.c:245 nxp-imx#14 0x00005555557bb95c in __ordered_events__flush (oe=0x555556038e60, how=OE_FLUSH__ROUND, timestamp=0) at util/ordered-events.c:324 nxp-imx#15 0x00005555557bba46 in ordered_events__flush (oe=0x555556038e60, how=OE_FLUSH__ROUND) at util/ordered-events.c:342 nxp-imx#16 0x00005555557b1b3b in perf_event__process_finished_round (tool=0x7fffffffbce0, event=0x7ffff7c15bb8, oe=0x555556038e60) at util/session.c:780 nxp-imx#17 0x00005555557b3b27 in perf_session__process_user_event (session=0x5555560386d0, event=0x7ffff7c15bb8, file_offset=117688, file_path=0x555556038ff0 "perf.data") at util/session.c:1406 As you can see the entry->ms.map was NULL even if he->ms.map has a value. This is because 'sym' sort key is not given, so it cannot assume whether he->ms.sym and entry->ms.sym is the same. I only checked the 'sym' sort key here as it implies 'dso' behavior (so maps are the same). Fixes: ac01c8c ("perf hist: Update hist symbol when updating maps") Signed-off-by: Namhyung Kim <namhyung@kernel.org> Cc: Adrian Hunter <adrian.hunter@intel.com> Cc: Ian Rogers <irogers@google.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Jiri Olsa <jolsa@kernel.org> Cc: Kan Liang <kan.liang@linux.intel.com> Cc: Matt Fleming <matt@readmodwrite.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Stephane Eranian <eranian@google.com> Link: https://lore.kernel.org/r/20240826221045.1202305-2-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
struct v4l2_subdev_format change from kernel 6.1.22 with a new stream field. This is not initialized into the imx8-isi-cap nxp driver and once you try to stream something check_state() of drivers/media/v4l2-core/v4l2-subdev.c return -EINVAL into the following statement:
if (stream != 0)
return -EINVAL;
Let's initialize also this missing field into mxc_isi_source_fmt_init() to avoid the following error that prevent user to stream on ISI path:
mxc_isi.0: set remote fmt fail!