CVE-2025-38042

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: ti: k3-udma-glue: Drop skipfdq argument from k3udmaglueresetrxchn

The user of k3udmaglueresetrxchn() e.g. tiam65cpswnuss can run on multiple platforms having different DMA architectures. On some platforms there can be one FDQ for all flows in the RX channel while for others there is a separate FDQ for each flow in the RX channel.

So far we have been relying on the skipfdq argument of k3udmaglueresetrxchn().

Instead of relying on the user to provide this information, infer it based on DMA architecture during k3udmagluerequestrxchn() and save it in an internal flag 'singlefdq'. Use that flag at k3udmaglueresetrx_chn() to deicide if the FDQ needs to be cleared for every flow or just for flow 0.

Fixes the below issue on tiam65cpsw_nuss driver on AM62-SK.

ip link set eth1 down ip link set eth0 down ethtool -L eth0 rx 8 ip link set eth0 up modprobe -r tiam65cpsw_nuss

[ 103.045726] ------------[ cut here ]------------ [ 103.050505] k3knavdescpool size 512000 != avail 64000 [ 103.050703] WARNING: CPU: 1 PID: 450 at drivers/net/ethernet/ti/k3-cppi-desc-pool.c:33 k3cppidescpooldestroy+0xa0/0xa8 [k3cppidescpool] [ 103.068810] Modules linked in: tiam65cpswnuss(-) k3cppidescpool sndsochdmicodec crct10difce sndsocsimplecard sndsocsimplecardutils displayconnector rtctik3 k3j72xxbandgap tidss drmclientlib sndsocdavincimcas p drmdmahelper tps6598x phylink sndsoctiudma rtiwdt drmdisplayhelper sndsoctlv320aic3xi2c typec at24 phygmiisel sndsoctiedma sndsoctlv320aic3x sii902x sndsoctisdma sa2ul omapmailbox drmkmshelper authenc cfg80211 r fkill fuse drm drmpanelorientationquirks backlight iptables xtables ipv6 [last unloaded: k3cppidescpool] [ 103.119950] CPU: 1 UID: 0 PID: 450 Comm: modprobe Not tainted 6.13.0-rc7-00001-g9c5e3435fa66 #1011 [ 103.119968] Hardware name: Texas Instruments AM625 SK (DT) [ 103.119974] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 103.119983] pc : k3cppidescpooldestroy+0xa0/0xa8 [k3cppidescpool] [ 103.148007] lr : k3cppidescpooldestroy+0xa0/0xa8 [k3cppidescpool] [ 103.154709] sp : ffff8000826ebbc0 [ 103.158015] x29: ffff8000826ebbc0 x28: ffff0000090b6300 x27: 0000000000000000 [ 103.165145] x26: 0000000000000000 x25: 0000000000000000 x24: ffff0000019df6b0 [ 103.172271] x23: ffff0000019df6b8 x22: ffff0000019df410 x21: ffff8000826ebc88 [ 103.179397] x20: 000000000007d000 x19: ffff00000a3b3000 x18: 0000000000000000 [ 103.186522] x17: 0000000000000000 x16: 0000000000000000 x15: 000001e8c35e1cde [ 103.193647] x14: 0000000000000396 x13: 000000000000035c x12: 0000000000000000 [ 103.200772] x11: 000000000000003a x10: 00000000000009c0 x9 : ffff8000826eba20 [ 103.207897] x8 : ffff0000090b6d20 x7 : ffff00007728c180 x6 : ffff00007728c100 [ 103.215022] x5 : 0000000000000001 x4 : ffff000000508a50 x3 : ffff7ffff6146000 [ 103.222147] x2 : 0000000000000000 x1 : e300b4173ee6b200 x0 : 0000000000000000 [ 103.229274] Call trace: [ 103.231714] k3cppidescpooldestroy+0xa0/0xa8 [k3cppidescpool] (P) [ 103.238408] am65cpswnussfreerxchns+0x28/0x4c [tiam65cpswnuss] [ 103.244942] devmactionrelease+0x14/0x20 [ 103.249040] releasenodes+0x3c/0x68 [ 103.252610] devresreleaseall+0x8c/0xdc [ 103.256614] deviceunbindcleanup+0x18/0x60 [ 103.260876] devicereleasedriverinternal+0xf8/0x178 [ 103.266004] driverdetach+0x50/0x9c [ 103.269571] busremovedriver+0x6c/0xbc [ 103.273485] driverunregister+0x30/0x60 [ 103.277401] platformdriverunregister+0x14/0x20 [ 103.282096] am65cpswnussdriverexit+0x18/0xff4 [tiam65cpswnuss] [ 103.288620] _arm64sysdeletemodule+0x17c/0x25c [ 103.293404] invokesyscall+0x44/0x100 [ 103.297149] el0svccommon.constprop.0+0xc0/0xe0 [ 103.301845] doel0svc+0x1c/0x28 [ 103.305155] el0_svc+0x28/0x98 ---truncated---