Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crypto: iaa - Fix nr_cpus

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address<br /> <br /> Read from an unsafe address with copy_from_kernel_nofault() in<br /> arch_adjust_kprobe_addr() because this function is used before checking<br /> the address is in text or not. Syzcaller bot found a bug and reported<br /> the case if user specifies inaccessible data area,<br /> arch_adjust_kprobe_addr() will cause a kernel panic.<br /> <br /> [ mingo: Clarified the comment. ]

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses<br /> <br /> Since commit a4d5613c4dc6 ("arm: extend pfn_valid to take into account<br /> freed memory map alignment") changes the semantics of pfn_valid() to check<br /> presence of the memory map for a PFN. A valid page for an address which<br /> is reserved but not mapped by the kernel[1], the system crashed during<br /> some uio test with the following memory layout:<br /> <br /> node 0: [mem 0x00000000c0a00000-0x00000000cc8fffff]<br /> node 0: [mem 0x00000000d0000000-0x00000000da1fffff]<br /> the uio layout is：0xc0900000, 0x100000<br /> <br /> the crash backtrace like:<br /> <br /> Unable to handle kernel paging request at virtual address bff00000<br /> [...]<br /> CPU: 1 PID: 465 Comm: startapp.bin Tainted: G O 5.10.0 #1<br /> Hardware name: Generic DT based system<br /> PC is at b15_flush_kern_dcache_area+0x24/0x3c<br /> LR is at __sync_icache_dcache+0x6c/0x98<br /> [...]<br /> (b15_flush_kern_dcache_area) from (__sync_icache_dcache+0x6c/0x98)<br /> (__sync_icache_dcache) from (set_pte_at+0x28/0x54)<br /> (set_pte_at) from (remap_pfn_range+0x1a0/0x274)<br /> (remap_pfn_range) from (uio_mmap+0x184/0x1b8 [uio])<br /> (uio_mmap [uio]) from (__mmap_region+0x264/0x5f4)<br /> (__mmap_region) from (__do_mmap_mm+0x3ec/0x440)<br /> (__do_mmap_mm) from (do_mmap+0x50/0x58)<br /> (do_mmap) from (vm_mmap_pgoff+0xfc/0x188)<br /> (vm_mmap_pgoff) from (ksys_mmap_pgoff+0xac/0xc4)<br /> (ksys_mmap_pgoff) from (ret_fast_syscall+0x0/0x5c)<br /> Code: e0801001 e2423001 e1c00003 f57ff04f (ee070f3e)<br /> ---[ end trace 09cf0734c3805d52 ]---<br /> Kernel panic - not syncing: Fatal exception<br /> <br /> So check if PG_reserved was set to solve this issue.<br /> <br /> [1]: https://lore.kernel.org/lkml/Zbtdue57RO0QScJM@linux.ibm.com/

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Add a dc_state NULL check in dc_state_release<br /> <br /> [How]<br /> Check wheather state is NULL before releasing it.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu/pm: Fix NULL pointer dereference when get power limit<br /> <br /> Because powerplay_table initialization is skipped under<br /> sriov case, We check and set default lower and upper OD<br /> value if powerplay_table is NULL.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: zoned: fix use-after-free in do_zone_finish()<br /> <br /> Shinichiro reported the following use-after-free triggered by the device<br /> replace operation in fstests btrfs/070.<br /> <br /> BTRFS info (device nullb1): scrub: finished on devid 1 with status: 0<br /> ==================================================================<br /> BUG: KASAN: slab-use-after-free in do_zone_finish+0x91a/0xb90 [btrfs]<br /> Read of size 8 at addr ffff8881543c8060 by task btrfs-cleaner/3494007<br /> <br /> CPU: 0 PID: 3494007 Comm: btrfs-cleaner Tainted: G W 6.8.0-rc5-kts #1<br /> Hardware name: Supermicro Super Server/X11SPi-TF, BIOS 3.3 02/21/2020<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x5b/0x90<br /> print_report+0xcf/0x670<br /> ? __virt_addr_valid+0x200/0x3e0<br /> kasan_report+0xd8/0x110<br /> ? do_zone_finish+0x91a/0xb90 [btrfs]<br /> ? do_zone_finish+0x91a/0xb90 [btrfs]<br /> do_zone_finish+0x91a/0xb90 [btrfs]<br /> btrfs_delete_unused_bgs+0x5e1/0x1750 [btrfs]<br /> ? __pfx_btrfs_delete_unused_bgs+0x10/0x10 [btrfs]<br /> ? btrfs_put_root+0x2d/0x220 [btrfs]<br /> ? btrfs_clean_one_deleted_snapshot+0x299/0x430 [btrfs]<br /> cleaner_kthread+0x21e/0x380 [btrfs]<br /> ? __pfx_cleaner_kthread+0x10/0x10 [btrfs]<br /> kthread+0x2e3/0x3c0<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork+0x31/0x70<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork_asm+0x1b/0x30<br /> <br /> <br /> Allocated by task 3493983:<br /> kasan_save_stack+0x33/0x60<br /> kasan_save_track+0x14/0x30<br /> __kasan_kmalloc+0xaa/0xb0<br /> btrfs_alloc_device+0xb3/0x4e0 [btrfs]<br /> device_list_add.constprop.0+0x993/0x1630 [btrfs]<br /> btrfs_scan_one_device+0x219/0x3d0 [btrfs]<br /> btrfs_control_ioctl+0x26e/0x310 [btrfs]<br /> __x64_sys_ioctl+0x134/0x1b0<br /> do_syscall_64+0x99/0x190<br /> entry_SYSCALL_64_after_hwframe+0x6e/0x76<br /> <br /> Freed by task 3494056:<br /> kasan_save_stack+0x33/0x60<br /> kasan_save_track+0x14/0x30<br /> kasan_save_free_info+0x3f/0x60<br /> poison_slab_object+0x102/0x170<br /> __kasan_slab_free+0x32/0x70<br /> kfree+0x11b/0x320<br /> btrfs_rm_dev_replace_free_srcdev+0xca/0x280 [btrfs]<br /> btrfs_dev_replace_finishing+0xd7e/0x14f0 [btrfs]<br /> btrfs_dev_replace_by_ioctl+0x1286/0x25a0 [btrfs]<br /> btrfs_ioctl+0xb27/0x57d0 [btrfs]<br /> __x64_sys_ioctl+0x134/0x1b0<br /> do_syscall_64+0x99/0x190<br /> entry_SYSCALL_64_after_hwframe+0x6e/0x76<br /> <br /> The buggy address belongs to the object at ffff8881543c8000<br /> which belongs to the cache kmalloc-1k of size 1024<br /> The buggy address is located 96 bytes inside of<br /> freed 1024-byte region [ffff8881543c8000, ffff8881543c8400)<br /> <br /> The buggy address belongs to the physical page:<br /> page:00000000fe2c1285 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1543c8<br /> head:00000000fe2c1285 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0<br /> flags: 0x17ffffc0000840(slab|head|node=0|zone=2|lastcpupid=0x1fffff)<br /> page_type: 0xffffffff()<br /> raw: 0017ffffc0000840 ffff888100042dc0 ffffea0019e8f200 dead000000000002<br /> raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000<br /> page dumped because: kasan: bad access detected<br /> <br /> Memory state around the buggy address:<br /> ffff8881543c7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br /> ffff8881543c7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br /> &gt;ffff8881543c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb<br /> ^<br /> ffff8881543c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb<br /> ffff8881543c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb<br /> <br /> This UAF happens because we&amp;#39;re accessing stale zone information of a<br /> already removed btrfs_device in do_zone_finish().<br /> <br /> The sequence of events is as follows:<br /> <br /> btrfs_dev_replace_start<br /> btrfs_scrub_dev<br /> btrfs_dev_replace_finishing<br /> btrfs_dev_replace_update_device_in_mapping_tree

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/i915/vma: Fix UAF on destroy against retire race<br /> <br /> Object debugging tools were sporadically reporting illegal attempts to<br /> free a still active i915 VMA object when parking a GT believed to be idle.<br /> <br /> [161.359441] ODEBUG: free active (active state 0) object: ffff88811643b958 object type: i915_active hint: __i915_vma_active+0x0/0x50 [i915]<br /> [161.360082] WARNING: CPU: 5 PID: 276 at lib/debugobjects.c:514 debug_print_object+0x80/0xb0<br /> ...<br /> [161.360304] CPU: 5 PID: 276 Comm: kworker/5:2 Not tainted 6.5.0-rc1-CI_DRM_13375-g003f860e5577+ #1<br /> [161.360314] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022<br /> [161.360322] Workqueue: i915-unordered __intel_wakeref_put_work [i915]<br /> [161.360592] RIP: 0010:debug_print_object+0x80/0xb0<br /> ...<br /> [161.361347] debug_object_free+0xeb/0x110<br /> [161.361362] i915_active_fini+0x14/0x130 [i915]<br /> [161.361866] release_references+0xfe/0x1f0 [i915]<br /> [161.362543] i915_vma_parked+0x1db/0x380 [i915]<br /> [161.363129] __gt_park+0x121/0x230 [i915]<br /> [161.363515] ____intel_wakeref_put_last+0x1f/0x70 [i915]<br /> <br /> That has been tracked down to be happening when another thread is<br /> deactivating the VMA inside __active_retire() helper, after the VMA&amp;#39;s<br /> active counter has been already decremented to 0, but before deactivation<br /> of the VMA&amp;#39;s object is reported to the object debugging tool.<br /> <br /> We could prevent from that race by serializing i915_active_fini() with<br /> __active_retire() via ref-&gt;tree_lock, but that wouldn&amp;#39;t stop the VMA from<br /> being used, e.g. from __i915_vma_retire() called at the end of<br /> __active_retire(), after that VMA has been already freed by a concurrent<br /> i915_vma_destroy() on return from the i915_active_fini(). Then, we should<br /> rather fix the issue at the VMA level, not in i915_active.<br /> <br /> Since __i915_vma_parked() is called from __gt_park() on last put of the<br /> GT&amp;#39;s wakeref, the issue could be addressed by holding the GT wakeref long<br /> enough for __active_retire() to complete before that wakeref is released<br /> and the GT parked.<br /> <br /> I believe the issue was introduced by commit d93939730347 ("drm/i915:<br /> Remove the vma refcount") which moved a call to i915_active_fini() from<br /> a dropped i915_vma_release(), called on last put of the removed VMA kref,<br /> to i915_vma_parked() processing path called on last put of a GT wakeref.<br /> However, its visibility to the object debugging tool was suppressed by a<br /> bug in i915_active that was fixed two weeks later with commit e92eb246feb9<br /> ("drm/i915/active: Fix missing debug object activation").<br /> <br /> A VMA associated with a request doesn&amp;#39;t acquire a GT wakeref by itself.<br /> Instead, it depends on a wakeref held directly by the request&amp;#39;s active<br /> intel_context for a GT associated with its VM, and indirectly on that<br /> intel_context&amp;#39;s engine wakeref if the engine belongs to the same GT as the<br /> VMA&amp;#39;s VM. Those wakerefs are released asynchronously to VMA deactivation.<br /> <br /> Fix the issue by getting a wakeref for the VMA&amp;#39;s GT when activating it,<br /> and putting that wakeref only after the VMA is deactivated. However,<br /> exclude global GTT from that processing path, otherwise the GPU never goes<br /> idle. Since __i915_vma_retire() may be called from atomic contexts, use<br /> async variant of wakeref put. Also, to avoid circular locking dependency,<br /> take care of acquiring the wakeref before VM mutex when both are needed.<br /> <br /> v7: Add inline comments with justifications for:<br /> - using untracked variants of intel_gt_pm_get/put() (Nirmoy),<br /> - using async variant of _put(),<br /> - not getting the wakeref in case of a global GTT,<br /> - always getting the first wakeref outside vm-&gt;mutex.<br /> v6: Since __i915_vma_active/retire() callbacks are not serialized, storing<br /> a wakeref tracking handle inside struct i915_vma is not safe, and<br /> there is no other good place for that. Use untracked variants of<br /> intel_gt_pm_get/put_async().<br /> v5: Replace "tile" with "GT" across commit description (Rodrigo),<br /> - <br /> ---truncated---

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed<br /> <br /> The driver creates /sys/kernel/debug/dri/0/mob_ttm even when the<br /> corresponding ttm_resource_manager is not allocated.<br /> This leads to a crash when trying to read from this file.<br /> <br /> Add a check to create mob_ttm, system_mob_ttm, and gmr_ttm debug file<br /> only when the corresponding ttm_resource_manager is allocated.<br /> <br /> crash&gt; bt<br /> PID: 3133409 TASK: ffff8fe4834a5000 CPU: 3 COMMAND: "grep"<br /> #0 [ffffb954506b3b20] machine_kexec at ffffffffb2a6bec3<br /> #1 [ffffb954506b3b78] __crash_kexec at ffffffffb2bb598a<br /> #2 [ffffb954506b3c38] crash_kexec at ffffffffb2bb68c1<br /> #3 [ffffb954506b3c50] oops_end at ffffffffb2a2a9b1<br /> #4 [ffffb954506b3c70] no_context at ffffffffb2a7e913<br /> #5 [ffffb954506b3cc8] __bad_area_nosemaphore at ffffffffb2a7ec8c<br /> #6 [ffffb954506b3d10] do_page_fault at ffffffffb2a7f887<br /> #7 [ffffb954506b3d40] page_fault at ffffffffb360116e<br /> [exception RIP: ttm_resource_manager_debug+0x11]<br /> RIP: ffffffffc04afd11 RSP: ffffb954506b3df0 RFLAGS: 00010246<br /> RAX: ffff8fe41a6d1200 RBX: 0000000000000000 RCX: 0000000000000940<br /> RDX: 0000000000000000 RSI: ffffffffc04b4338 RDI: 0000000000000000<br /> RBP: ffffb954506b3e08 R8: ffff8fee3ffad000 R9: 0000000000000000<br /> R10: ffff8fe41a76a000 R11: 0000000000000001 R12: 00000000ffffffff<br /> R13: 0000000000000001 R14: ffff8fe5bb6f3900 R15: ffff8fe41a6d1200<br /> ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018<br /> #8 [ffffb954506b3e00] ttm_resource_manager_show at ffffffffc04afde7 [ttm]<br /> #9 [ffffb954506b3e30] seq_read at ffffffffb2d8f9f3<br /> RIP: 00007f4c4eda8985 RSP: 00007ffdbba9e9f8 RFLAGS: 00000246<br /> RAX: ffffffffffffffda RBX: 000000000037e000 RCX: 00007f4c4eda8985<br /> RDX: 000000000037e000 RSI: 00007f4c41573000 RDI: 0000000000000003<br /> RBP: 000000000037e000 R8: 0000000000000000 R9: 000000000037fe30<br /> R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c41573000<br /> R13: 0000000000000003 R14: 00007f4c41572010 R15: 0000000000000003<br /> ORIG_RAX: 0000000000000000 CS: 0033 SS: 002b

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/dp: Fix divide-by-zero regression on DP MST unplug with nouveau<br /> <br /> Fix a regression when using nouveau and unplugging a StarTech MSTDP122DP<br /> DisplayPort 1.2 MST hub (the same regression does not appear when using<br /> a Cable Matters DisplayPort 1.4 MST hub). Trace:<br /> <br /> divide error: 0000 [#1] PREEMPT SMP PTI<br /> CPU: 7 PID: 2962 Comm: Xorg Not tainted 6.8.0-rc3+ #744<br /> Hardware name: Razer Blade/DANA_MB, BIOS 01.01 08/31/2018<br /> RIP: 0010:drm_dp_bw_overhead+0xb4/0x110 [drm_display_helper]<br /> Code: c6 b8 01 00 00 00 75 61 01 c6 41 0f af f3 41 0f af f1 c1 e1 04 48 63 c7 31 d2 89 ff 48 8b 5d f8 c9 48 0f af f1 48 8d 44 06 ff f7 f7 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 45 31<br /> RSP: 0018:ffffb2c5c211fa30 EFLAGS: 00010206<br /> RAX: ffffffffffffffff RBX: 0000000000000000 RCX: 0000000000f59b00<br /> RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000<br /> RBP: ffffb2c5c211fa48 R08: 0000000000000001 R09: 0000000000000020<br /> R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000023b4a<br /> R13: ffff91d37d165800 R14: ffff91d36fac6d80 R15: ffff91d34a764010<br /> FS: 00007f4a1ca3fa80(0000) GS:ffff91d6edbc0000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 0000559491d49000 CR3: 000000011d180002 CR4: 00000000003706f0<br /> Call Trace:<br /> <br /> ? show_regs+0x6d/0x80<br /> ? die+0x37/0xa0<br /> ? do_trap+0xd4/0xf0<br /> ? do_error_trap+0x71/0xb0<br /> ? drm_dp_bw_overhead+0xb4/0x110 [drm_display_helper]<br /> ? exc_divide_error+0x3a/0x70<br /> ? drm_dp_bw_overhead+0xb4/0x110 [drm_display_helper]<br /> ? asm_exc_divide_error+0x1b/0x20<br /> ? drm_dp_bw_overhead+0xb4/0x110 [drm_display_helper]<br /> ? drm_dp_calc_pbn_mode+0x2e/0x70 [drm_display_helper]<br /> nv50_msto_atomic_check+0xda/0x120 [nouveau]<br /> drm_atomic_helper_check_modeset+0xa87/0xdf0 [drm_kms_helper]<br /> drm_atomic_helper_check+0x19/0xa0 [drm_kms_helper]<br /> nv50_disp_atomic_check+0x13f/0x2f0 [nouveau]<br /> drm_atomic_check_only+0x668/0xb20 [drm]<br /> ? drm_connector_list_iter_next+0x86/0xc0 [drm]<br /> drm_atomic_commit+0x58/0xd0 [drm]<br /> ? __pfx___drm_printfn_info+0x10/0x10 [drm]<br /> drm_atomic_connector_commit_dpms+0xd7/0x100 [drm]<br /> drm_mode_obj_set_property_ioctl+0x1c5/0x450 [drm]<br /> ? __pfx_drm_connector_property_set_ioctl+0x10/0x10 [drm]<br /> drm_connector_property_set_ioctl+0x3b/0x60 [drm]<br /> drm_ioctl_kernel+0xb9/0x120 [drm]<br /> drm_ioctl+0x2d0/0x550 [drm]<br /> ? __pfx_drm_connector_property_set_ioctl+0x10/0x10 [drm]<br /> nouveau_drm_ioctl+0x61/0xc0 [nouveau]<br /> __x64_sys_ioctl+0xa0/0xf0<br /> do_syscall_64+0x76/0x140<br /> ? do_syscall_64+0x85/0x140<br /> ? do_syscall_64+0x85/0x140<br /> entry_SYSCALL_64_after_hwframe+0x6e/0x76<br /> RIP: 0033:0x7f4a1cd1a94f<br /> Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 89 c0 3d 00 f0 ff ff 77 1f 48 8b 44 24 18 64 48 2b 04 25 28 00<br /> RSP: 002b:00007ffd2f1df520 EFLAGS: 00000246 ORIG_RAX: 0000000000000010<br /> RAX: ffffffffffffffda RBX: 00007ffd2f1df5b0 RCX: 00007f4a1cd1a94f<br /> RDX: 00007ffd2f1df5b0 RSI: 00000000c01064ab RDI: 000000000000000f<br /> RBP: 00000000c01064ab R08: 000056347932deb8 R09: 000056347a7d99c0<br /> R10: 0000000000000000 R11: 0000000000000246 R12: 000056347938a220<br /> R13: 000000000000000f R14: 0000563479d9f3f0 R15: 0000000000000000<br /> <br /> Modules linked in: rfcomm xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo xt_addrtype nft_compat nf_tables nfnetlink br_netfilter bridge stp llc ccm cmac algif_hash overlay algif_skcipher af_alg bnep binfmt_misc snd_sof_pci_intel_cnl snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof_intel_hda snd_sof snd_sof_utils snd_soc_acpi_intel_match snd_soc_acpi snd_soc_core snd_compress snd_sof_intel_hda_mlink snd_hda_ext_core iwlmvm intel_rapl_msr intel_rapl_common intel_tcc_cooling x86_pkg_temp_thermal intel_powerclamp mac80211 coretemp kvm_intel snd_hda_codec_hdmi kvm snd_hda_<br /> ---truncated---

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: phy: qcom: at803x: fix kernel panic with at8031_probe<br /> <br /> On reworking and splitting the at803x driver, in splitting function of<br /> at803x PHYs it was added a NULL dereference bug where priv is referenced<br /> before it&amp;#39;s actually allocated and then is tried to write to for the<br /> is_1000basex and is_fiber variables in the case of at8031, writing on<br /> the wrong address.<br /> <br /> Fix this by correctly setting priv local variable only after<br /> at803x_probe is called and actually allocates priv in the phydev struct.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nouveau/dmem: handle kcalloc() allocation failure<br /> <br /> The kcalloc() in nouveau_dmem_evict_chunk() will return null if<br /> the physical memory has run out. As a result, if we dereference<br /> src_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs<br /> will happen.<br /> <br /> Moreover, the GPU is going away. If the kcalloc() fails, we could not<br /> evict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL<br /> flag in kcalloc().<br /> <br /> Finally, as there is no need to have physically contiguous memory,<br /> this patch switches kcalloc() to kvcalloc() in order to avoid<br /> failing allocations.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()<br /> <br /> If we have no VBT, or the VBT didn&amp;#39;t declare the encoder<br /> in question, we won&amp;#39;t have the &amp;#39;devdata&amp;#39; for the encoder.<br /> Instead of oopsing just bail early.<br /> <br /> We won&amp;#39;t be able to tell whether the port is DP++ or not,<br /> but so be it.<br /> <br /> (cherry picked from commit 26410896206342c8a80d2b027923e9ee7d33b733)