<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/accel, branch v6.5.7</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>accel/ivpu: Use cached buffers for FW loading</title>
<updated>2023-10-06T11:16:06+00:00</updated>
<author>
<name>Karol Wachowski</name>
<email>karol.wachowski@linux.intel.com</email>
</author>
<published>2023-09-26T12:09:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c4648be6b9b3e7564cb36502b4ab67703ab08b51'/>
<id>c4648be6b9b3e7564cb36502b4ab67703ab08b51</id>
<content type='text'>
[ Upstream commit 645d694559cab36fe6a57c717efcfa27d9321396 ]

Create buffers with cache coherency on the CPU side (write-back) while
disabling snooping on the VPU side. These buffers require an explicit
cache flush after each CPU-side modification.

Configuring pages as write-combined may introduce significant delays,
potentially taking hundreds of milliseconds for 64 MB buffers.

Added internal DRM_IVPU_BO_NOSNOOP mask which disables snooping on the
VPU side. Allocate FW runtime memory buffer (64 MB) as cached with
snooping-disabled.

This fixes random long FW loading times and boot params memory
corruption on warmboot (due to missed wmb).

Fixes: 02d5b0aacd05 ("accel/ivpu: Implement firmware parsing and booting")
Signed-off-by: Karol Wachowski &lt;karol.wachowski@linux.intel.com&gt;
Reviewed-by: Stanislaw Gruszka &lt;stanislaw.gruszka@linux.intel.com&gt;
Reviewed-by: Jeffrey Hugo &lt;quic_jhugo@quicinc.com&gt;
Signed-off-by: Stanislaw Gruszka &lt;stanislaw.gruszka@linux.intel.com&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/20230926120943.GD846747@linux.intel.com
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 645d694559cab36fe6a57c717efcfa27d9321396 ]

Create buffers with cache coherency on the CPU side (write-back) while
disabling snooping on the VPU side. These buffers require an explicit
cache flush after each CPU-side modification.

Configuring pages as write-combined may introduce significant delays,
potentially taking hundreds of milliseconds for 64 MB buffers.

Added internal DRM_IVPU_BO_NOSNOOP mask which disables snooping on the
VPU side. Allocate FW runtime memory buffer (64 MB) as cached with
snooping-disabled.

This fixes random long FW loading times and boot params memory
corruption on warmboot (due to missed wmb).

Fixes: 02d5b0aacd05 ("accel/ivpu: Implement firmware parsing and booting")
Signed-off-by: Karol Wachowski &lt;karol.wachowski@linux.intel.com&gt;
Reviewed-by: Stanislaw Gruszka &lt;stanislaw.gruszka@linux.intel.com&gt;
Reviewed-by: Jeffrey Hugo &lt;quic_jhugo@quicinc.com&gt;
Signed-off-by: Stanislaw Gruszka &lt;stanislaw.gruszka@linux.intel.com&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/20230926120943.GD846747@linux.intel.com
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>accel/ivpu: Do not use wait event interruptible</title>
<updated>2023-10-06T11:16:06+00:00</updated>
<author>
<name>Stanislaw Gruszka</name>
<email>stanislaw.gruszka@linux.intel.com</email>
</author>
<published>2023-09-25T12:11:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=59908c76cef7d60498d8d1b55048b78a277a48ed'/>
<id>59908c76cef7d60498d8d1b55048b78a277a48ed</id>
<content type='text'>
[ Upstream commit b0873eead1d1eadf13b5c80ad5d8f88b91e4910a ]

If we receive signal when waiting for IPC message response in
ivpu_ipc_receive() we return error and continue to operate.
Then the driver can send another IPC messages and re-use occupied
slot of the message still processed by the firmware. This can result
in corrupting firmware memory and following FW crash with messages:

[ 3698.569719] intel_vpu 0000:00:0b.0: [drm] ivpu_ipc_send_receive_internal(): IPC receive failed: type 0x1103, ret -512
[ 3698.569747] intel_vpu 0000:00:0b.0: [drm] ivpu_jsm_unregister_db(): Failed to unregister doorbell 3: -512
[ 3698.569756] intel_vpu 0000:00:0b.0: [drm] ivpu_ipc_tx_prepare(): IPC message vpu:0x88980000 not released by firmware
[ 3698.569763] intel_vpu 0000:00:0b.0: [drm] ivpu_ipc_tx_prepare(): JSM message vpu:0x88980040 not released by firmware
[ 3698.570234] intel_vpu 0000:00:0b.0: [drm] ivpu_ipc_send_receive_internal(): IPC receive failed: type 0x110e, ret -512
[ 3698.570318] intel_vpu 0000:00:0b.0: [drm] *ERROR* ivpu_mmu_dump_event(): MMU EVTQ: 0x10 (Translation fault) SSID: 0 SID: 3, e[2] 00000000, e[3] 00000208, in addr: 0x88988000, fetch addr: 0x0

To fix the issue don't use interruptible variant of wait event to
allow firmware to finish IPC processing.

Fixes: 5d7422cfb498 ("accel/ivpu: Add IPC driver and JSM messages")
Reviewed-by: Karol Wachowski &lt;karol.wachowski@linux.intel.com&gt;
Reviewed-by: Jeffrey Hugo &lt;quic_jhugo@quicinc.com&gt;
Signed-off-by: Stanislaw Gruszka &lt;stanislaw.gruszka@linux.intel.com&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/20230925121137.872158-2-stanislaw.gruszka@linux.intel.com
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit b0873eead1d1eadf13b5c80ad5d8f88b91e4910a ]

If we receive signal when waiting for IPC message response in
ivpu_ipc_receive() we return error and continue to operate.
Then the driver can send another IPC messages and re-use occupied
slot of the message still processed by the firmware. This can result
in corrupting firmware memory and following FW crash with messages:

[ 3698.569719] intel_vpu 0000:00:0b.0: [drm] ivpu_ipc_send_receive_internal(): IPC receive failed: type 0x1103, ret -512
[ 3698.569747] intel_vpu 0000:00:0b.0: [drm] ivpu_jsm_unregister_db(): Failed to unregister doorbell 3: -512
[ 3698.569756] intel_vpu 0000:00:0b.0: [drm] ivpu_ipc_tx_prepare(): IPC message vpu:0x88980000 not released by firmware
[ 3698.569763] intel_vpu 0000:00:0b.0: [drm] ivpu_ipc_tx_prepare(): JSM message vpu:0x88980040 not released by firmware
[ 3698.570234] intel_vpu 0000:00:0b.0: [drm] ivpu_ipc_send_receive_internal(): IPC receive failed: type 0x110e, ret -512
[ 3698.570318] intel_vpu 0000:00:0b.0: [drm] *ERROR* ivpu_mmu_dump_event(): MMU EVTQ: 0x10 (Translation fault) SSID: 0 SID: 3, e[2] 00000000, e[3] 00000208, in addr: 0x88988000, fetch addr: 0x0

To fix the issue don't use interruptible variant of wait event to
allow firmware to finish IPC processing.

Fixes: 5d7422cfb498 ("accel/ivpu: Add IPC driver and JSM messages")
Reviewed-by: Karol Wachowski &lt;karol.wachowski@linux.intel.com&gt;
Reviewed-by: Jeffrey Hugo &lt;quic_jhugo@quicinc.com&gt;
Signed-off-by: Stanislaw Gruszka &lt;stanislaw.gruszka@linux.intel.com&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/20230925121137.872158-2-stanislaw.gruszka@linux.intel.com
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>accel/ivpu: refactor deprecated strncpy</title>
<updated>2023-09-19T10:30:15+00:00</updated>
<author>
<name>Justin Stitt</name>
<email>justinstitt@google.com</email>
</author>
<published>2023-08-24T21:20:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4f314ab4a5e78b6c5853c2633d15dc58e9323a88'/>
<id>4f314ab4a5e78b6c5853c2633d15dc58e9323a88</id>
<content type='text'>
[ Upstream commit 4b2fd81f2af7147e844ecec0c5c07a16bca6b86e ]

`strncpy` is deprecated for use on NUL-terminated destination strings [1].

A suitable replacement is `strscpy` [2] due to the fact that it
guarantees NUL-termination on its destination buffer argument which is
_not_ the case for `strncpy`!

Also remove extraneous if-statement as it can never be entered. The
return value from `strncpy` is it's first argument. In this case,
`...dyndbg_cmd` is an array:
| 	char dyndbg_cmd[VPU_DYNDBG_CMD_MAX_LEN];
             ^^^^^^^^^^
This can never be NULL which means `strncpy`'s return value cannot be
NULL here. Just use `strscpy` which is more robust and results in
simpler and less ambiguous code.

Moreover, remove needless `... - 1` as `strscpy`'s implementation
ensures NUL-termination and we do not need to carefully dance around
ending boundaries with a "- 1" anymore.

Fixes: 5d7422cfb498 ("accel/ivpu: Add IPC driver and JSM messages")
Link: www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt &lt;justinstitt@google.com&gt;
Reviewed-by: Stanislaw Gruszka &lt;stanislaw.gruszka@linux.intel.com&gt;
Signed-off-by: Stanislaw Gruszka &lt;stanislaw.gruszka@linux.intel.com&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/20230824-strncpy-drivers-accel-ivpu-ivpu_jsm_msg-c-v1-1-12d9b52d2dff@google.com
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 4b2fd81f2af7147e844ecec0c5c07a16bca6b86e ]

`strncpy` is deprecated for use on NUL-terminated destination strings [1].

A suitable replacement is `strscpy` [2] due to the fact that it
guarantees NUL-termination on its destination buffer argument which is
_not_ the case for `strncpy`!

Also remove extraneous if-statement as it can never be entered. The
return value from `strncpy` is it's first argument. In this case,
`...dyndbg_cmd` is an array:
| 	char dyndbg_cmd[VPU_DYNDBG_CMD_MAX_LEN];
             ^^^^^^^^^^
This can never be NULL which means `strncpy`'s return value cannot be
NULL here. Just use `strscpy` which is more robust and results in
simpler and less ambiguous code.

Moreover, remove needless `... - 1` as `strscpy`'s implementation
ensures NUL-termination and we do not need to carefully dance around
ending boundaries with a "- 1" anymore.

Fixes: 5d7422cfb498 ("accel/ivpu: Add IPC driver and JSM messages")
Link: www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Justin Stitt &lt;justinstitt@google.com&gt;
Reviewed-by: Stanislaw Gruszka &lt;stanislaw.gruszka@linux.intel.com&gt;
Signed-off-by: Stanislaw Gruszka &lt;stanislaw.gruszka@linux.intel.com&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/20230824-strncpy-drivers-accel-ivpu-ivpu_jsm_msg-c-v1-1-12d9b52d2dff@google.com
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'drm-misc-fixes-2023-08-17' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes</title>
<updated>2023-08-17T20:08:58+00:00</updated>
<author>
<name>Dave Airlie</name>
<email>airlied@redhat.com</email>
</author>
<published>2023-08-17T20:08:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=be48306f764dc84906a5054e60e6cfa9889fb44d'/>
<id>be48306f764dc84906a5054e60e6cfa9889fb44d</id>
<content type='text'>
One EPROBE_DEFER handling fix for the JDI LT070ME05000, a timing fix for
the AUO G121EAN01 panel, an integer overflow and a memory leak fixes for
the qaic accel, a use-after-free fix for nouveau and a revert for an
alleged fix in EDID parsing.

Signed-off-by: Dave Airlie &lt;airlied@redhat.com&gt;

From: Maxime Ripard &lt;mripard@redhat.com&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/3olqt33em5uhxzjbqghwcwnvmw73h7bxkbdxookmnkecymd4vc@7ogm6gewpprq
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
One EPROBE_DEFER handling fix for the JDI LT070ME05000, a timing fix for
the AUO G121EAN01 panel, an integer overflow and a memory leak fixes for
the qaic accel, a use-after-free fix for nouveau and a revert for an
alleged fix in EDID parsing.

Signed-off-by: Dave Airlie &lt;airlied@redhat.com&gt;

From: Maxime Ripard &lt;mripard@redhat.com&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/3olqt33em5uhxzjbqghwcwnvmw73h7bxkbdxookmnkecymd4vc@7ogm6gewpprq
</pre>
</div>
</content>
</entry>
<entry>
<title>accel/qaic: Clean up integer overflow checking in map_user_pages()</title>
<updated>2023-08-15T15:51:13+00:00</updated>
<author>
<name>Dan Carpenter</name>
<email>dan.carpenter@linaro.org</email>
</author>
<published>2023-08-10T12:23:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=96d3c1cadedb6ae2e8965e19cd12caa244afbd9c'/>
<id>96d3c1cadedb6ae2e8965e19cd12caa244afbd9c</id>
<content type='text'>
The encode_dma() function has some validation on in_trans-&gt;size but it
would be more clear to move those checks to find_and_map_user_pages().

The encode_dma() had two checks:

	if (in_trans-&gt;addr + in_trans-&gt;size &lt; in_trans-&gt;addr || !in_trans-&gt;size)
		return -EINVAL;

The in_trans-&gt;addr variable is the starting address.  The in_trans-&gt;size
variable is the total size of the transfer.  The transfer can occur in
parts and the resources-&gt;xferred_dma_size tracks how many bytes we have
already transferred.

This patch introduces a new variable "remaining" which represents the
amount we want to transfer (in_trans-&gt;size) minus the amount we have
already transferred (resources-&gt;xferred_dma_size).

I have modified the check for if in_trans-&gt;size is zero to instead check
if in_trans-&gt;size is less than resources-&gt;xferred_dma_size.  If we have
already transferred more bytes than in_trans-&gt;size then there are negative
bytes remaining which doesn't make sense.  If there are zero bytes
remaining to be copied, just return success.

The check in encode_dma() checked that "addr + size" could not overflow
and barring a driver bug that should work, but it's easier to check if
we do this in parts.  First check that "in_trans-&gt;addr +
resources-&gt;xferred_dma_size" is safe.  Then check that "xfer_start_addr +
remaining" is safe.

My final concern was that we are dealing with u64 values but on 32bit
systems the kmalloc() function will truncate the sizes to 32 bits.  So
I calculated "total = in_trans-&gt;size + offset_in_page(xfer_start_addr);"
and returned -EINVAL if it were &gt;= SIZE_MAX.  This will not affect 64bit
systems.

Fixes: 129776ac2e38 ("accel/qaic: Add control path")
Signed-off-by: Dan Carpenter &lt;dan.carpenter@linaro.org&gt;
Reviewed-by: Jeffrey Hugo &lt;quic_jhugo@quicinc.com&gt;
Reviewed-by: Carl Vanderlip &lt;quic_carlv@quicinc.com&gt;
Signed-off-by: Jeffrey Hugo &lt;quic_jhugo@quicinc.com&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/24d3348b-25ac-4c1b-b171-9dae7c43e4e0@moroto.mountain
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The encode_dma() function has some validation on in_trans-&gt;size but it
would be more clear to move those checks to find_and_map_user_pages().

The encode_dma() had two checks:

	if (in_trans-&gt;addr + in_trans-&gt;size &lt; in_trans-&gt;addr || !in_trans-&gt;size)
		return -EINVAL;

The in_trans-&gt;addr variable is the starting address.  The in_trans-&gt;size
variable is the total size of the transfer.  The transfer can occur in
parts and the resources-&gt;xferred_dma_size tracks how many bytes we have
already transferred.

This patch introduces a new variable "remaining" which represents the
amount we want to transfer (in_trans-&gt;size) minus the amount we have
already transferred (resources-&gt;xferred_dma_size).

I have modified the check for if in_trans-&gt;size is zero to instead check
if in_trans-&gt;size is less than resources-&gt;xferred_dma_size.  If we have
already transferred more bytes than in_trans-&gt;size then there are negative
bytes remaining which doesn't make sense.  If there are zero bytes
remaining to be copied, just return success.

The check in encode_dma() checked that "addr + size" could not overflow
and barring a driver bug that should work, but it's easier to check if
we do this in parts.  First check that "in_trans-&gt;addr +
resources-&gt;xferred_dma_size" is safe.  Then check that "xfer_start_addr +
remaining" is safe.

My final concern was that we are dealing with u64 values but on 32bit
systems the kmalloc() function will truncate the sizes to 32 bits.  So
I calculated "total = in_trans-&gt;size + offset_in_page(xfer_start_addr);"
and returned -EINVAL if it were &gt;= SIZE_MAX.  This will not affect 64bit
systems.

Fixes: 129776ac2e38 ("accel/qaic: Add control path")
Signed-off-by: Dan Carpenter &lt;dan.carpenter@linaro.org&gt;
Reviewed-by: Jeffrey Hugo &lt;quic_jhugo@quicinc.com&gt;
Reviewed-by: Carl Vanderlip &lt;quic_carlv@quicinc.com&gt;
Signed-off-by: Jeffrey Hugo &lt;quic_jhugo@quicinc.com&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/24d3348b-25ac-4c1b-b171-9dae7c43e4e0@moroto.mountain
</pre>
</div>
</content>
</entry>
<entry>
<title>accel/qaic: Fix slicing memory leak</title>
<updated>2023-08-15T15:50:07+00:00</updated>
<author>
<name>Pranjal Ramajor Asha Kanojiya</name>
<email>quic_pkanojiy@quicinc.com</email>
</author>
<published>2023-08-02T14:59:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=2d956177b7c96e62fac762a3b7da4318cde27a73'/>
<id>2d956177b7c96e62fac762a3b7da4318cde27a73</id>
<content type='text'>
The temporary buffer storing slicing configuration data from user is only
freed on error.  This is a memory leak.  Free the buffer unconditionally.

Fixes: ff13be830333 ("accel/qaic: Add datapath")
Signed-off-by: Pranjal Ramajor Asha Kanojiya &lt;quic_pkanojiy@quicinc.com&gt;
Reviewed-by: Carl Vanderlip &lt;quic_carlv@quicinc.com&gt;
Reviewed-by: Jeffrey Hugo &lt;quic_jhugo@quicinc.com&gt;
Signed-off-by: Jeffrey Hugo &lt;quic_jhugo@quicinc.com&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/20230802145937.14827-1-quic_jhugo@quicinc.com
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The temporary buffer storing slicing configuration data from user is only
freed on error.  This is a memory leak.  Free the buffer unconditionally.

Fixes: ff13be830333 ("accel/qaic: Add datapath")
Signed-off-by: Pranjal Ramajor Asha Kanojiya &lt;quic_pkanojiy@quicinc.com&gt;
Reviewed-by: Carl Vanderlip &lt;quic_carlv@quicinc.com&gt;
Reviewed-by: Jeffrey Hugo &lt;quic_jhugo@quicinc.com&gt;
Signed-off-by: Jeffrey Hugo &lt;quic_jhugo@quicinc.com&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/20230802145937.14827-1-quic_jhugo@quicinc.com
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'drm-misc-fixes-2023-08-10' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes</title>
<updated>2023-08-11T03:56:27+00:00</updated>
<author>
<name>Dave Airlie</name>
<email>airlied@redhat.com</email>
</author>
<published>2023-08-11T03:56:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=8ba371c778cbb3f0399b8ba8919bf89e462cdda3'/>
<id>8ba371c778cbb3f0399b8ba8919bf89e462cdda3</id>
<content type='text'>
Multiple fixes for nouveau around memory safety and DisplayPort, one fix
to reduce the log level of rockchip, a power state fix for the it6505
bridge, a timing fix for the lt9611 bridge, a cache maintenance fix for
ivpu and one to reset vma-&gt;vm_ops on mmap for shmem-helper.

Signed-off-by: Dave Airlie &lt;airlied@redhat.com&gt;

From: Maxime Ripard &lt;mripard@redhat.com&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/fwed6gzdtkse5ocrgd37elhyw7qirfptsvfp5mqqverdzifhxj@4da3vesxcqp2
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Multiple fixes for nouveau around memory safety and DisplayPort, one fix
to reduce the log level of rockchip, a power state fix for the it6505
bridge, a timing fix for the lt9611 bridge, a cache maintenance fix for
ivpu and one to reset vma-&gt;vm_ops on mmap for shmem-helper.

Signed-off-by: Dave Airlie &lt;airlied@redhat.com&gt;

From: Maxime Ripard &lt;mripard@redhat.com&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/fwed6gzdtkse5ocrgd37elhyw7qirfptsvfp5mqqverdzifhxj@4da3vesxcqp2
</pre>
</div>
</content>
</entry>
<entry>
<title>accel/ivpu: Add set_pages_array_wc/uc for internal buffers</title>
<updated>2023-08-08T15:07:32+00:00</updated>
<author>
<name>Karol Wachowski</name>
<email>karol.wachowski@linux.intel.com</email>
</author>
<published>2023-08-02T06:37:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=1963546390ed8b649f529993a755eba0fdeb7aaa'/>
<id>1963546390ed8b649f529993a755eba0fdeb7aaa</id>
<content type='text'>
Buffers mapped with pgprot_writecombined() are not correctly
flushed. This triggers issues on VPU access using random
memory content such as MMU translation faults, invalid context
descriptors being fetched and can lead to VPU FW crashes.

Fixes: 647371a6609d ("accel/ivpu: Add GEM buffer object management")
Cc: stable@vger.kernel.org # 6.3+
Signed-off-by: Karol Wachowski &lt;karol.wachowski@linux.intel.com&gt;
Reviewed-by: Stanislaw Gruszka &lt;stanislaw.gruszka@linux.intel.com&gt;
Signed-off-by: Stanislaw Gruszka &lt;stanislaw.gruszka@linux.intel.com&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/20230802063735.3005291-1-stanislaw.gruszka@linux.intel.com
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Buffers mapped with pgprot_writecombined() are not correctly
flushed. This triggers issues on VPU access using random
memory content such as MMU translation faults, invalid context
descriptors being fetched and can lead to VPU FW crashes.

Fixes: 647371a6609d ("accel/ivpu: Add GEM buffer object management")
Cc: stable@vger.kernel.org # 6.3+
Signed-off-by: Karol Wachowski &lt;karol.wachowski@linux.intel.com&gt;
Reviewed-by: Stanislaw Gruszka &lt;stanislaw.gruszka@linux.intel.com&gt;
Signed-off-by: Stanislaw Gruszka &lt;stanislaw.gruszka@linux.intel.com&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/20230802063735.3005291-1-stanislaw.gruszka@linux.intel.com
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'drm-misc-fixes-2023-07-20' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes</title>
<updated>2023-07-21T02:14:05+00:00</updated>
<author>
<name>Dave Airlie</name>
<email>airlied@redhat.com</email>
</author>
<published>2023-07-21T02:02:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f4f19c03cfb99b587cf35ff057be97cb98c5d251'/>
<id>f4f19c03cfb99b587cf35ff057be97cb98c5d251</id>
<content type='text'>
Memory leak fixes in drm/client, memory access/leak fixes for
accel/qaic, another leak fix in dma-buf and three nouveau fixes around
hotplugging.

Signed-off-by: Dave Airlie &lt;airlied@redhat.com&gt;

From: Maxime Ripard &lt;mripard@redhat.com&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/fmj5nok7zggux2lcpdtls2iknweba54wfc6o4zxq6i6s3dgi2r@7z3eawwhyhen
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Memory leak fixes in drm/client, memory access/leak fixes for
accel/qaic, another leak fix in dma-buf and three nouveau fixes around
hotplugging.

Signed-off-by: Dave Airlie &lt;airlied@redhat.com&gt;

From: Maxime Ripard &lt;mripard@redhat.com&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/fmj5nok7zggux2lcpdtls2iknweba54wfc6o4zxq6i6s3dgi2r@7z3eawwhyhen
</pre>
</div>
</content>
</entry>
<entry>
<title>accel/habanalabs: add more debugfs stub helpers</title>
<updated>2023-07-20T10:51:59+00:00</updated>
<author>
<name>Arnd Bergmann</name>
<email>arnd@arndb.de</email>
</author>
<published>2023-06-09T12:06:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=78e9b217d78e9f69c5699ccff18794ea03be597f'/>
<id>78e9b217d78e9f69c5699ccff18794ea03be597f</id>
<content type='text'>
Two functions got added with normal prototypes for debugfs, but not
alternative when building without it:

drivers/accel/habanalabs/common/device.c: In function 'hl_device_init':
drivers/accel/habanalabs/common/device.c:2177:14: error: implicit declaration of function 'hl_debugfs_device_init'; did you mean 'hl_debugfs_init'? [-Werror=implicit-function-declaration]
drivers/accel/habanalabs/common/device.c:2305:9: error: implicit declaration of function 'hl_debugfs_device_fini'; did you mean 'hl_debugfs_remove_file'? [-Werror=implicit-function-declaration]

Add stubs for these as well.

Fixes: 3b9abb4fa642 ("accel/habanalabs: expose debugfs files later")
Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Reviewed-by: Tomer Tayar &lt;ttayar@habana.ai&gt;
Acked-by: Oded Gabbay &lt;ogabbay@kernel.org&gt;
Signed-off-by: Daniel Vetter &lt;daniel.vetter@ffwll.ch&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/20230609120636.3969045-1-arnd@kernel.org
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Two functions got added with normal prototypes for debugfs, but not
alternative when building without it:

drivers/accel/habanalabs/common/device.c: In function 'hl_device_init':
drivers/accel/habanalabs/common/device.c:2177:14: error: implicit declaration of function 'hl_debugfs_device_init'; did you mean 'hl_debugfs_init'? [-Werror=implicit-function-declaration]
drivers/accel/habanalabs/common/device.c:2305:9: error: implicit declaration of function 'hl_debugfs_device_fini'; did you mean 'hl_debugfs_remove_file'? [-Werror=implicit-function-declaration]

Add stubs for these as well.

Fixes: 3b9abb4fa642 ("accel/habanalabs: expose debugfs files later")
Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Reviewed-by: Tomer Tayar &lt;ttayar@habana.ai&gt;
Acked-by: Oded Gabbay &lt;ogabbay@kernel.org&gt;
Signed-off-by: Daniel Vetter &lt;daniel.vetter@ffwll.ch&gt;
Link: https://patchwork.freedesktop.org/patch/msgid/20230609120636.3969045-1-arnd@kernel.org
</pre>
</div>
</content>
</entry>
</feed>
