Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v6.6.92 2025-03-28T20:59:54Z 2025-03-28T20:59:54Z Dan Carpenter dan.carpenter@linaro.org 2025-03-07T08:41:48Z urn:sha1:4b2a170c25862ad116bd31be6b9841646b4862e8 commit 67d15c7aa0864dfd82325c7e7e7d8548b5224c7b upstream. These are u64 variables that come from the user via qaic_attach_slice_bo_ioctl(). Use check_add_overflow() to ensure that the math doesn't have an integer wrapping bug. Cc: stable@vger.kernel.org Fixes: ff13be830333 ("accel/qaic: Add datapath") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Reviewed-by: Jeff Hugo <jeff.hugo@oss.qualcomm.com> Signed-off-by: Jeff Hugo <jeff.hugo@oss.qualcomm.com> Link: https://patchwork.freedesktop.org/patch/msgid/176388fa-40fe-4cb4-9aeb-2c91c22130bd@stanley.mountain Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2025-03-28T20:59:53Z Jeffrey Hugo quic_jhugo@quicinc.com 2025-03-06T17:19:59Z urn:sha1:3d123ec74d81a646de4faf4b3b9a0a1a061f21bd [ Upstream commit 84a833d90635e4b846333e2df0ae72f9cbecac39 ] When slicing a BO, we need to iterate through the BO's sgt to find the right pieces to construct the slice. Some of the data types chosen for this process are incorrectly too small, and can overflow. This can result in the incorrect slice construction, which can lead to data corruption in workload execution. The device can only handle 32-bit sized transfers, and the scatterlist struct only supports 32-bit buffer sizes, so our upper limit for an individual transfer is an unsigned int. Using an int is incorrect due to the reservation of the sign bit. Upgrade the length of a scatterlist entry and the offsets into a scatterlist entry to unsigned int for a correct representation. While each transfer may be limited to 32-bits, the overall BO may exceed that size. For counting the total length of the BO, we need a type that can represent the largest allocation possible on the system. That is the definition of size_t, so use it. Fixes: ff13be830333 ("accel/qaic: Add datapath") Signed-off-by: Jeffrey Hugo <quic_jhugo@quicinc.com> Signed-off-by: Jeff Hugo <jeff.hugo@oss.qualcomm.com> Reviewed-by: Lizhi Hou <lizhi.hou@amd.com> Reviewed-by: Troy Hanson <quic_thanson@quicinc.com> Reviewed-by: Youssef Samir <quic_yabdulra@quicinc.com> Link: https://patchwork.freedesktop.org/patch/msgid/20250306171959.853466-1-jeff.hugo@oss.qualcomm.com Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-11-01T00:58:21Z Pranjal Ramajor Asha Kanojiya quic_pkanojiy@quicinc.com 2024-10-04T19:32:52Z urn:sha1:1931dc14b537b5f754f4c9776a0259c5def0126c [ Upstream commit c5e8e93897b7bb0a336bf3332f82f8d9f2b33f14 ] Only for_each_sgtable_dma_sg() should be used to walk through a SG table to grab correct bus address and length pair after calling DMA MAP API on a SG table as DMA MAP APIs updates the SG table and for_each_sgtable_sg() walks through the original SG table. Fixes: ff13be830333 ("accel/qaic: Add datapath") Fixes: 129776ac2e38 ("accel/qaic: Add control path") Signed-off-by: Pranjal Ramajor Asha Kanojiya <quic_pkanojiy@quicinc.com> Reviewed-by: Jeffrey Hugo <quic_jhugo@quicinc.com> Signed-off-by: Jeffrey Hugo <quic_jhugo@quicinc.com> Reviewed-by: Jacek Lawrynowicz <jacek.lawrynowicz@linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20241004193252.3888544-1-quic_jhugo@quicinc.com Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-10-10T09:57:41Z Alexander F. Lent lx@xanderlent.com 2024-07-09T11:54:14Z urn:sha1:106f10fef0b9866d65661cd869b9bcd9a276e943 [ Upstream commit 58b5618ba80a5e5a8d531a70eae12070e5bd713f ] Modules that load firmware from various paths at runtime must declare those paths at compile time, via the MODULE_FIRMWARE macro, so that the firmware paths are included in the module's metadata. The accel/ivpu driver loads firmware but lacks this metadata, preventing dracut from correctly locating firmware files. Fix it. Fixes: 9ab43e95f922 ("accel/ivpu: Switch to generation based FW names") Fixes: 02d5b0aacd05 ("accel/ivpu: Implement firmware parsing and booting") Signed-off-by: Alexander F. Lent <lx@xanderlent.com> Reviewed-by: Jacek Lawrynowicz <jacek.lawrynowicz@linux.intel.com> Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz@linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240709-fix-ivpu-firmware-metadata-v3-1-55f70bba055b@xanderlent.com Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-09-30T14:25:13Z Michał Winiarski michal.winiarski@intel.com 2024-08-23T16:30:47Z urn:sha1:f6b589e361538285fdad8cf62143e3cf3b2c8b2a [ Upstream commit 45c4d994b82b08f0ce5eb50f8da29379c92a391e ] Accel minor management is based on DRM (and is also using struct drm_minor internally), since DRM is using XArray for minors, it makes sense to also convert accel. As the two implementations are identical (only difference being the underlying xarray), move the accel_minor_* functionality to DRM. Signed-off-by: Michał Winiarski <michal.winiarski@intel.com> Acked-by: James Zhu <James.Zhu@amd.com> Acked-by: Christian König <christian.koenig@amd.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240823163048.2676257-3-michal.winiarski@intel.com Signed-off-by: Christian König <christian.koenig@amd.com> Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-09-12T09:11:29Z Rakesh Ughreja rughreja@habana.ai 2024-03-26T06:01:02Z urn:sha1:9a173212a3180b90673635f0ec88afdc9eba17c8 [ Upstream commit 3309887c6ff8ca2ac05a74e1ee5d1c44829f63f2 ] Netowrk EDMAs uses more outstanding transfers so this needs to be programmed by EDMA firmware. Signed-off-by: Rakesh Ughreja <rughreja@habana.ai> Reviewed-by: Ofir Bitton <obitton@habana.ai> Signed-off-by: Ofir Bitton <obitton@habana.ai> Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-08-29T15:33:35Z Avri Kehat akehat@habana.ai 2024-01-16T15:54:36Z urn:sha1:533893c2e03336e54ca7bce2ed488d49efc431c0 [ Upstream commit 0b105a2a7225f2736bd07aca0538cd67f09bfa20 ] debugfs files are created with permissions that don't align with the access requirements. Signed-off-by: Avri Kehat <akehat@habana.ai> Reviewed-by: Oded Gabbay <ogabbay@kernel.org> Reviewed-by: Carl Vanderlip <quic_carlv@quicinc.com> Signed-off-by: Oded Gabbay <ogabbay@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-08-29T15:33:27Z farah kassabri fkassabri@habana.ai 2023-08-24T12:45:21Z urn:sha1:03be3489b165b1bfdc506f6be5cd2fe2b4613c59 [ Upstream commit 0165994c215f321e2d055368f89b424756e340eb ] There is a potential race between user thread seeking to re-use a timestamp record with new interrupt id, while this record is still in the middle of interrupt handling and it is about to be freed. Imagine the driver set the record in_use to 0 and only then fill the free_node information. This might lead to unpleasant scenario where the new registration thread detects the record as free to use, and change the cq buff address. That will cause the free_node to get the wrong buffer address to put refcount to. Signed-off-by: farah kassabri <fkassabri@habana.ai> Reviewed-by: Oded Gabbay <ogabbay@kernel.org> Signed-off-by: Oded Gabbay <ogabbay@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-08-29T15:33:27Z Tomer Tayar ttayar@habana.ai 2023-08-09T13:14:49Z urn:sha1:db5ba2c1ed16a236b5f2286bfcf9cbf0ad586413 [ Upstream commit 0b75cb5b240fddf181c284d415ee77ef61b418d6 ] It is currently allowed for a user to export dma-buf with size and offset that are not multiples of PAGE_SIZE. The exported memory is mapped for the importer device, and there it will be rounded to PAGE_SIZE, leading to actually exporting more than the user intended to. To make the user be aware of it, accept only size and offset which are multiple of PAGE_SIZE. Signed-off-by: Tomer Tayar <ttayar@habana.ai> Reviewed-by: Oded Gabbay <ogabbay@kernel.org> Signed-off-by: Oded Gabbay <ogabbay@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2024-08-29T15:33:27Z Ofir Bitton obitton@habana.ai 2023-06-28T11:40:46Z urn:sha1:fa8cb3102fe4baf3c60acedd47cca54b433c1973 [ Upstream commit 1e3a78270b4ec1c8c177eb310c08128d52137a69 ] As TPC kernels now must use those registers we unsecure them. Signed-off-by: Ofir Bitton <obitton@habana.ai> Reviewed-by: Oded Gabbay <ogabbay@kernel.org> Signed-off-by: Oded Gabbay <ogabbay@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>