This is just sample code. We forget to set the error codes in a couple
places.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reported-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
A simple fix for reading only lower 32-bit sensor values on pre-1.0 SCPI
firmwares so that upper 32-bit (garbage) value is discarded properly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCAAGBQJYZn+PAAoJEABBurwxfuKYiewQAIL4rD18VSZ/5HyPFMUVGiT4
xqaaXMpk16Osf6WTXx6aGm+359iblE+TGtve3vwTOMi+6/+lHaYaf5UcW51yk8sd
RgHnte9weiIYR7kSGpoksBzgFYV8B8C72lxY+WNNaszbKgE7RTir5HK2MgNdipQM
ayHnDpbHaSSZbC+Pp8jES9Of7fV8bc4i0uxUZ+QeVTb7REEL0vS/TiOWfRugrfH7
+v2Rfg2KmhXcyew9I1fKS8dw/fzNVNMbLzN+nHvQF4u6NQsHsrMtjmqJ6bVNxj9I
FnYJgPnNGpAjSLRNTksiW0d7Zqg9JZhjcE+vVJSE4xe4IYlZtBMOe9yMtE0USl1n
IirATPiqUOecH3VdPITKQ3WPseNH550VpeTsk+36goEZroSqfmkJ2Bn6j+dlhlke
xcLrzdt1f+h2jywD1IWt5Hly6+l1gfsAhqPMrnUj4dEL6SpIgHUCx3VO1GDKYGjI
sbp1d1t8MVXVtzt90ssh0hwUo2fc7Ugh7/rfpcVMHMygj9jSutXlgyfBFJUmyiKw
T3vR6luKG7NWc23v7mv0ol5U/sUlCbYHfkpHzDnY7ldd51qNvqHLOdokHnsdu8bI
fyFhPn9OGFf9JYhMkw4XmbqskSVQ0F1cWJmYlMU5xM+LmR6XKMj5XdN7f4bydwW8
1nZHb7TDOCgzCHjBlWki
=Wy0/
-----END PGP SIGNATURE-----
Merge tag 'scpi-fixes-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux into fixes
Pull "SCPI fix for v4.10" from Sudeep Holla:
A simple fix for reading only lower 32-bit sensor values on pre-1.0 SCPI
firmwares so that upper 32-bit (garbage) value is discarded properly.
* tag 'scpi-fixes-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux:
firmware: arm_scpi: fix reading sensor values on pre-1.0 SCPI firmwares
- A format fix for vf610-zii-dev-rev-b.dts, which has a very odd line
due to misses a newline.
- A fix to imx-weim bus error seen on board which doesn't actually use
the bus.
- A fix for imx6qdl-nitrogen6x board which has conflicting usage of
pad NANDF_CS2.
- A cleanup on i.MX1 machine to remove .map_io callback, which also
fixes a compiling error for NOMMU build.
- Fix AVIC base address in i.MX31 device tree source. The problem was
shadowed by the AVIC driver, which takes the correct base address
from a SoC specific header file.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJYa159AAoJEFBXWFqHsHzOPyoIAKTnMpuzSxg0685wusE3F/t2
wQBMi4ZkHmEYOMvNx5r+7XyjuCNWhU8Wnl3S8Dz9pgpHN+1otC9NbhjSlOVNtNI0
3pIb8UXNRbBLweE4L5FdIAsm8u+cjeHxxuuww/CaKg9g2mSiskRis2V3wRqk/0ch
1/W+bk4fAzITO9GsPGTD/pT7eRQcxZ8yW4fowjTm8/PJ5TSwpcsD24nXHVgLhQHf
1VS/HwxdrWVC2WweWY32ENToNCVeMxLLVmMjOu7W4iGDeO7QyES7E4f/lMD446Wy
SYu223pMCa5xNEzTpj22acY+BB3dnqU/s07ILaGjXxvdUN2ioN+IN0wVIgYvOt8=
=a44g
-----END PGP SIGNATURE-----
Merge tag 'imx-fixes-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into fixes
Pull "i.MX fixes for 4.10" from Shawn Guo:
- A format fix for vf610-zii-dev-rev-b.dts, which has a very odd line
due to misses a newline.
- A fix to imx-weim bus error seen on board which doesn't actually use
the bus.
- A fix for imx6qdl-nitrogen6x board which has conflicting usage of
pad NANDF_CS2.
- A cleanup on i.MX1 machine to remove .map_io callback, which also
fixes a compiling error for NOMMU build.
- Fix AVIC base address in i.MX31 device tree source. The problem was
shadowed by the AVIC driver, which takes the correct base address
from a SoC specific header file.
* tag 'imx-fixes-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
ARM: dts: imx6: Disable "weim" node in the dtsi files
ARM: i.MX: remove map_io callback
ARM: dts: vf610-zii-dev-rev-b: Add missing newline
ARM: dts: imx6qdl-nitrogen6x: remove duplicate iomux entry
ARM: dts: imx31: fix AVIC base address
to deal with various regressions noticed during the merge
window and to fix various device tree configurations for
boards. Also included is removal of mach-omap2/gpio.c that
is now dead code with device tree based booting that should
be OK for the early -rc cycle:
- A series of fixes to add empty chosen node to fix regressions
caused for bootloaders that don't create chosen node as the
decompressor needs the chosen node to merge command line and
ATAGs into it
- Fix missing logicpd-som-lv-37xx-devkit.dtb entry in Makefile
- Fix regression for am437x timers
- Fix wrong strcat for non-NULL terminated string
- A series of changes to fix tps65217 interrupts to not use
defines as we don't do that for interrupts
- Two patches to fix USB VBUS detection on am57xx-idk and force it
to peripheral mode until dwc3 role detection is working
- Add missing dra72-evm-tps65917 missing voltage supplies
accidentally left out of an earlier patch
- Fix n900 eMMC detection when booted on qemu
- Remove unwanted pr_err on failed memory allocation for
prm_common.c
- Remove legacy mach-omap2/gpio.c that now is dead code
since we boot mach-omap2 in device tree only mode
- Fix am572x-idk pcie1 by adding the missing gpio reset pin
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEEkgNvrZJU/QSQYIcQG9Q+yVyrpXMFAlhmsscRHHRvbnlAYXRv
bWlkZS5jb20ACgkQG9Q+yVyrpXNiYA/+IA8G8Ik93lmVQfdvVtnPcgVsNbWZvQVW
Nhgs+Q0dbcK7ZVYSNyymjUlNtFMwHljRuJQOqv/XMK1xcTLFX1PGuZyBDZeEjwlt
PAFh1SwpNc/gn/ePx5T6fhnfxlHyiD0M1MFgqe169ndj2VFjQvNGyey4kxW5KMKB
f9rWeM7EbLC4FaLs69UDR5XRmgmoeTmAfA+NNJFWfcbBJpzSQiFLoUISQlcXWuVf
gv+/dvWEX0o0xGVoIuaK8zxqGveNWKkETlUylSi7q64PsGWu1LXxaeblvK5fCcE0
/fYWFFHS/LFa2+wh79d3Anh693TBT9n/UvnFkDDNUWNTNrYWyppeQ79hLTvoF0ha
GVp0AEfrhcnlXHD4QO+VMMsJPll1Xm7r7oiSJh8MzDbHbuPC81BrbHcyssQ9ujzf
WVTnEE9wv3sriwTrCspXOdZn4DdyAzAABV9W17A0HabUEfnhggHxhXKK5awtNqoh
YQvVj4VnY2DRFFmIUUOazIs0Sp+jSonhdv/UQ8TZRTfHwE42C9LMuKYIDzQ9+xcc
PY4edJ1ynIPLeiTZN8sVrorpCZASOoWFkGGgoP/wyPc3zG/9FdDnRSqcVFQpnfWR
uSV5WibLr2ifBlIRXWH7meb9dHH2t+CY2NnDkH8Oa7/6HUvzx2rs+04fZ8MV+jCK
nY1kFeJu1Go=
=UNWK
-----END PGP SIGNATURE-----
Merge tag 'omap-for-v4.10/fixes-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes
Pull "omap fixes for v4.10-rc cycle" from Tony Lindgren:
Fist set of fixes for omaps for v4.10-rc cycle, mostly
to deal with various regressions noticed during the merge
window and to fix various device tree configurations for
boards. Also included is removal of mach-omap2/gpio.c that
is now dead code with device tree based booting that should
be OK for the early -rc cycle:
- A series of fixes to add empty chosen node to fix regressions
caused for bootloaders that don't create chosen node as the
decompressor needs the chosen node to merge command line and
ATAGs into it
- Fix missing logicpd-som-lv-37xx-devkit.dtb entry in Makefile
- Fix regression for am437x timers
- Fix wrong strcat for non-NULL terminated string
- A series of changes to fix tps65217 interrupts to not use
defines as we don't do that for interrupts
- Two patches to fix USB VBUS detection on am57xx-idk and force it
to peripheral mode until dwc3 role detection is working
- Add missing dra72-evm-tps65917 missing voltage supplies
accidentally left out of an earlier patch
- Fix n900 eMMC detection when booted on qemu
- Remove unwanted pr_err on failed memory allocation for
prm_common.c
- Remove legacy mach-omap2/gpio.c that now is dead code
since we boot mach-omap2 in device tree only mode
- Fix am572x-idk pcie1 by adding the missing gpio reset pin
* tag 'omap-for-v4.10/fixes-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: (23 commits)
ARM: dts: am572x-idk: Add gpios property to control PCIE_RESETn
ARM: OMAP2+: PRM: Delete an error message for a failed memory allocation
ARM: dts: n900: Mark eMMC slot with no-sdio and no-sd flags
ARM: dts: dra72-evm-tps65917: Add voltage supplies to usb_phy, mmc, dss
ARM: dts: am57xx-idk: Put USB2 port in peripheral mode
ARM: dts: am57xx-idk: Support VBUS detection on USB2 port
dt-bindings: input: Specify the interrupt number of TPS65217 power button
dt-bindings: power/supply: Update TPS65217 properties
dt-bindings: mfd: Remove TPS65217 interrupts
ARM: dts: am335x: Fix the interrupt name of TPS65217
ARM: omap2+: fixing wrong strcat for Non-NULL terminated string
ARM: omap2+: am437x: rollback to use omap3_gptimer_timer_init()
ARM: dts: omap3: Add DTS for Logic PD SOM-LV 37xx Dev Kit
ARM: dts: dra7: Add an empty chosen node to top level DTSI
ARM: dts: dm816x: Add an empty chosen node to top level DTSI
ARM: dts: dm814x: Add an empty chosen node to top level DTSI
ARM: dts: am4372: Add an empty chosen node to top level DTSI
ARM: dts: am33xx: Add an empty chosen node to top level DTSI
ARM: dts: omap5: Add an empty chosen node to top level DTSI
ARM: dts: omap4: Add an empty chosen node to top level DTSI
...
1. Minor cleanup in smp_operations.
2. Another step in switching s3c24xx to new DMA API.
3. Drop fixed requirement for HZ=200 on Samsung platforms.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJYSD8SAAoJEME3ZuaGi4PXKFgP/3l698JKsG9N+beGKVPhpVWR
D+EZuJu05IVv4d7p8SXCQr/B200ZNBhEznSnydPh/966RMKBr3ImfZdnPcgjP+/R
qoyIuNNsZsaaESn/sDFDw4fZXTfkCuv9ovzQYrFk0oYoU5NI6gx4FvON6DCgKYWc
35M+uDyF2dCZ1KSZmfv3BJRJKbTTV0viCJ+ALgIA9ogN8VC5QBExxXTUOMMjDQ/h
plz2e2jP7YHefYgZzHAZcsy+GzEoJOmMc7Yinijuq/Y/iPppbR02w64WbeDZTkV/
o7PYnBIsj/rTKgkqKPF8JtkGUOMZga2xIe7GMF0l4sxsqqsUK9iNBafRygLjHYoV
iexKLCPzYCyGbuWNtioBuWeuYdE3HLPhYCpfvECxQ43L4XtthTD8pVRPs5mFsRA/
EOYUfxdmIoBszuKgnAFEpA3h4f9ex0kVoKeH3M3sfZ8qFnWS2XgfiecrwX507+w5
yQeNb0yoquutSmqvPdz48/JSUvu5VtQXbJFBTfQQwZiHrm1LMgVJTKa7twWqPTNv
TrZhUp2x0DdmIR4UxkDa2pBV9qv7FP624KkGkQHxsO85Tkjs8aHFwYwqim7z96d8
tj7OsQnwe8HdC66MazxKqzfMcOwiJMNW2FF4panEwgx3IyDKba6SLN3Zy+IABcxQ
5GbRJ92Nq2LbOIi6Nfsv
=TAfi
-----END PGP SIGNATURE-----
Merge tag 'samsung-soc-4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux into fixes
Samsung mach/soc update for v4.10:
1. Minor cleanup in smp_operations.
2. Another step in switching s3c24xx to new DMA API.
3. Drop fixed requirement for HZ=200 on Samsung platforms.
* tag 'samsung-soc-4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux:
ARM: Drop fixed 200 Hz timer requirement from Samsung platforms
ARM: S3C24XX: Add DMA slave maps for remaining s3c24xx SoCs
ARM: EXYNOS: Remove smp_init_cpus hook from platsmp.c
* Provide sd0_uhs node
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJYTl4ZAAoJENfPZGlqN0++vTQP/0hIiDC3Jeb7bkpAX+ZuzHq6
XG/TK5cHaho7Xep/eitlc8gxmO8kL/j5UJIExb0WoBW31QmPhymZnrBiKGHand3Q
OjpmVhK9FeWXcQs4QvL9Lp82Z7qWMaTMhaYDucpd2b4P4GUfpAd3zccsbvqP156k
tG71mYAPIRmXFZgJ+ih57ytwNklSlEm4/84/7oklmNU4Pi0EMyC2eB9DJInMUeyq
QH+8KEx5TBaimHBeGvgYnihIyk3WwoB1ULrZlaOQ/FfjnnK7TZdWhWt4gZUys7qi
GCmbhWR6qoovKxEg9j3cBO1wgWg6AXLrNxs/F1IUBDRViVUFzxJS/14/eW5SfRG3
b7VWm0xpC8RkOaA8yHD4nkpuqXlROVHr0EUkZ9ny6QflEDL8/Pg2SUJCZr7xCFUN
vVyWM1Do/R1ogSmR+Z1RO8omgJEoztFnzNc7d4q9fRAB4o8512oJ1xJFHpv6y3XW
wYRA/SiksEFoYnDXcSkBd2ZMZTiKNvhPWv3yPbP6nJxOpEF6/OWS7VBpGRisLjVk
EksoLn+WliC+1nRrc/S0Nf1YmY8tc62Pg1FwwniS8uTYQFrPNEbc/V/mNU2Sfv/y
ZPnhv6Km33q9xwB0Q94vHLIXMXuaaM90XCT9fSemIoUiDj8lcjE+WYQLxn6WG8ii
a0JlaFlvVkfqYqQFC/cX
=XZkS
-----END PGP SIGNATURE-----
Merge tag 'renesas-fixes-for-v4.10' of https://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas into fixes
Renesas ARM Based SoC Fixes for v4.10
* Provide sd0_uhs node
* tag 'renesas-fixes-for-v4.10' of https://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas:
arm64: dts: h3ulcb: Provide sd0_uhs node
The generic command buffer entry is 128 bits (16 bytes), so the offset
of tail and head pointer should be 16 bytes aligned and increased with
0x10 per command.
When cmd buf is full, head = (tail + 0x10) % CMD_BUFFER_SIZE.
So when left space of cmd buf should be able to store only two
command, we should be issued one COMPLETE_WAIT additionally to wait
all older commands completed. Then the left space should be increased
after IOMMU fetching from cmd buf.
So left check value should be left <= 0x20 (two commands).
Signed-off-by: Huang Rui <ray.huang@amd.com>
Fixes: ac0ea6e92b ('x86/amd-iommu: Improve handling of full command buffer')
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Different encodings are used to represent supported PASID bits
and number of PASID table entries.
The current code assigns ecap_pss directly to extended context
table entry PTS which is wrong and could result in writing
non-zero bits to the reserved fields. IOMMU fault reason
11 will be reported when reserved bits are nonzero.
This patch converts ecap_pss to extend context entry pts encoding
based on VT-d spec. Chapter 9.4 as follows:
- number of PASID bits = ecap_pss + 1
- number of PASID table entries = 2^(pts + 5)
Software assigned limit of pasid_max value is also respected to
match the allocation limitation of PASID table.
cc: Mika Kuoppala <mika.kuoppala@linux.intel.com>
cc: Ashok Raj <ashok.raj@intel.com>
Signed-off-by: Jacob Pan <jacob.jun.pan@linux.intel.com>
Tested-by: Mika Kuoppala <mika.kuoppala@intel.com>
Fixes: 2f26e0a9c9 ('iommu/vt-d: Add basic SVM PASID support')
Signed-off-by: Joerg Roedel <jroedel@suse.de>
We met the DMAR fault both on hpsa P420i and P421 SmartArray controllers
under kdump, it can be steadily reproduced on several different machines,
the dmesg log is like:
HP HPSA Driver (v 3.4.16-0)
hpsa 0000:02:00.0: using doorbell to reset controller
hpsa 0000:02:00.0: board ready after hard reset.
hpsa 0000:02:00.0: Waiting for controller to respond to no-op
DMAR: Setting identity map for device 0000:02:00.0 [0xe8000 - 0xe8fff]
DMAR: Setting identity map for device 0000:02:00.0 [0xf4000 - 0xf4fff]
DMAR: Setting identity map for device 0000:02:00.0 [0xbdf6e000 - 0xbdf6efff]
DMAR: Setting identity map for device 0000:02:00.0 [0xbdf6f000 - 0xbdf7efff]
DMAR: Setting identity map for device 0000:02:00.0 [0xbdf7f000 - 0xbdf82fff]
DMAR: Setting identity map for device 0000:02:00.0 [0xbdf83000 - 0xbdf84fff]
DMAR: DRHD: handling fault status reg 2
DMAR: [DMA Read] Request device [02:00.0] fault addr fffff000 [fault reason 06] PTE Read access is not set
hpsa 0000:02:00.0: controller message 03:00 timed out
hpsa 0000:02:00.0: no-op failed; re-trying
After some debugging, we found that the fault addr is from DMA initiated at
the driver probe stage after reset(not in-flight DMA), and the corresponding
pte entry value is correct, the fault is likely due to the old iommu caches
of the in-flight DMA before it.
Thus we need to flush the old cache after context mapping is setup for the
device, where the device is supposed to finish reset at its driver probe
stage and no in-flight DMA exists hereafter.
I'm not sure if the hardware is responsible for invalidating all the related
caches allocated in the iommu hardware before, but seems not the case for hpsa,
actually many device drivers have problems in properly resetting the hardware.
Anyway flushing (again) by software in kdump kernel when the device gets context
mapped which is a quite infrequent operation does little harm.
With this patch, the problematic machine can survive the kdump tests.
CC: Myron Stowe <myron.stowe@gmail.com>
CC: Joseph Szczypek <jszczype@redhat.com>
CC: Don Brace <don.brace@microsemi.com>
CC: Baoquan He <bhe@redhat.com>
CC: Dave Young <dyoung@redhat.com>
Fixes: 091d42e43d ("iommu/vt-d: Copy translation tables from old kernel")
Fixes: dbcd861f25 ("iommu/vt-d: Do not re-use domain-ids from the old kernel")
Fixes: cf484d0e69 ("iommu/vt-d: Mark copied context entries")
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
Tested-by: Don Brace <don.brace@microsemi.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Here, If devm_ioremap will fail. It will return NULL.
Kernel can run into a NULL-pointer dereference.
This error check will avoid NULL pointer dereference.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Acked-by: Yoichi Yuasa <yuasa@linux-mips.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
I would like to help with fbdev maintenance. I can dedicate some time
for reviewing and handling patches but won't have time for much more.
The subsystem will remain in maintenance mode (no new drivers will be
added to it).
Cc: Tomi Valkeinen <tomi.valkeinen@ti.com>
Cc: Daniel Vetter <daniel.vetter@intel.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
ASUS ROG Ranger VIII with ALC1150 codec requires the extra GPIO pin to
up for the front panel. Just use the existing fixup for setting up
the GPIO pins.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=189411
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Fix NULL-pointer dereference in open() should the device lack the
expected endpoints:
Unable to handle kernel NULL pointer dereference at virtual address 00000030
...
PC is at spcp8x5_open+0x30/0xd0 [spcp8x5]
Fixes: 619a6f1d14 ("USB: add usb-serial spcp8x5 driver")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
The write URB was being killed using the synchronous interface while
holding a spin lock in close().
Simply drop the lock and busy-flag update, something which would have
been taken care of by the completion handler if the URB was in flight.
Fixes: f7a33e608d ("USB: serial: add quatech2 usb to serial driver")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Fix NULL-pointer dereference in open() should a type-0 or type-1 device
lack the expected endpoints:
Unable to handle kernel NULL pointer dereference at virtual address 00000030
...
PC is at pl2303_open+0x38/0xec [pl2303]
Note that a missing interrupt-in endpoint would have caused open() to
fail.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Fix NULL-pointer dereference in open() should the device lack the
expected endpoints:
Unable to handle kernel NULL pointer dereference at virtual address 00000030
...
PC is at oti6858_open+0x30/0x1d0 [oti6858]
Note that a missing interrupt-in endpoint would have caused open() to
fail.
Fixes: 49cdee0ed0 ("USB: oti6858 usb-serial driver (in Nokia CA-42
cable)")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
The interrupt URB is killed at final port close since commit
0de9a7024e ("USB: overhaul of mos7840 driver").
Fixes: 0de9a7024e ("USB: overhaul of mos7840 driver")
Signed-off-by: Johan Hovold <johan@kernel.org>
Fix NULL-pointer dereference in open() should the device lack the
expected endpoints:
Unable to handle kernel NULL pointer dereference at virtual address 00000030
...
PC is at mos7840_open+0x88/0x8dc [mos7840]
Note that we continue to treat the interrupt-in endpoint as optional for
now.
Fixes: 3f5429746d ("USB: Moschip 7840 USB-Serial Driver")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Since commit b69578df7e ("USB: usbserial: mos7720: add support for
parallel port on moschip 7715"), the interrupt urb is no longer
submitted at first port open and the endpoint-address initialisation at
port-probe is no longer used.
Signed-off-by: Johan Hovold <johan@kernel.org>
A static usb-serial-driver structure that is used to initialise the
interrupt URB was modified during probe depending on the currently
probed device type, something which could break a parallel probe of a
device of a different type.
Fix this up by overriding the default completion callback for MCS7715
devices in attach() instead. We may want to use two usb-serial driver
instances for the two types later.
Fixes: fb088e335d ("USB: serial: add support for serial port on the
moschip 7715")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Do not submit the interrupt URB until after the parport has been
successfully registered to avoid another use-after-free in the
completion handler when accessing the freed parport private data in case
of a racing completion.
Fixes: b69578df7e ("USB: usbserial: mos7720: add support for parallel
port on moschip 7715")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
The interrupt URB was submitted on probe but never stopped on probe
errors. This can lead to use-after-free issues in the completion
handler when accessing the freed usb-serial struct:
Unable to handle kernel paging request at virtual address 6b6b6be7
...
[<bf052e70>] (mos7715_interrupt_callback [mos7720]) from [<c052a894>] (__usb_hcd_giveback_urb+0x80/0x140)
[<c052a894>] (__usb_hcd_giveback_urb) from [<c052a9a4>] (usb_hcd_giveback_urb+0x50/0x138)
[<c052a9a4>] (usb_hcd_giveback_urb) from [<c0550684>] (musb_giveback+0xc8/0x1cc)
Fixes: b69578df7e ("USB: usbserial: mos7720: add support for parallel
port on moschip 7715")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Fix NULL-pointer dereference at port open if a device lacks the expected
bulk in and out endpoints.
Unable to handle kernel NULL pointer dereference at virtual address 00000030
...
[<bf071c20>] (mos7720_open [mos7720]) from [<bf0490e0>] (serial_port_activate+0x68/0x98 [usbserial])
[<bf0490e0>] (serial_port_activate [usbserial]) from [<c0470ca4>] (tty_port_open+0x9c/0xe8)
[<c0470ca4>] (tty_port_open) from [<bf049d98>] (serial_open+0x48/0x6c [usbserial])
[<bf049d98>] (serial_open [usbserial]) from [<c0469178>] (tty_open+0xcc/0x5cc)
Fixes: 0f64478cbc ("USB: add USB serial mos7720 driver")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Fix NULL-pointer dereference in write() should the device lack the
expected interrupt-out endpoint:
Unable to handle kernel NULL pointer dereference at virtual address 00000054
...
PC is at kobil_write+0x144/0x2a0 [kobil_sct]
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Check for the expected endpoints in attach() and fail loudly if not
present.
Note that failing to do this appears to be benign since da280e3488
("USB: keyspan_pda: clean up write-urb busy handling") which prevents a
NULL-pointer dereference in write() by never marking a non-existent
write-urb as free.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org> # < v3.3
Signed-off-by: Johan Hovold <johan@kernel.org>
Fix NULL-pointer dereference at open should the device lack a bulk-in or
bulk-out endpoint:
Unable to handle kernel NULL pointer dereference at virtual address 00000030
...
PC is at iuu_open+0x78/0x59c [iuu_phoenix]
Fixes: 07c3b1a100 ("USB: remove broken usb-serial num_endpoints
check")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Bind to the interface, but do not register any ports, after having
downloaded the firmware. The device will still disconnect and
re-enumerate, but this way we avoid an error messages from being logged
as part of the process:
io_ti: probe of 1-1.3:1.0 failed with error -5
Signed-off-by: Johan Hovold <johan@kernel.org>
Cancel the heartbeat work on driver unbind in order to avoid I/O after
disconnect in case the port is held open.
Note that the cancel in release() is still needed to stop the heartbeat
after late probe errors.
Fixes: 26c78daade ("USB: io_ti: Add heartbeat to keep idle EP/416
ports from disconnecting")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
In case a device is left in "boot-mode" we must not register any port
devices in order to avoid a NULL-pointer dereference on open due to
missing endpoints. This could be used by a malicious device to trigger
an OOPS:
Unable to handle kernel NULL pointer dereference at virtual address 00000030
...
[<bf0caa84>] (edge_open [io_ti]) from [<bf0b0118>] (serial_port_activate+0x68/0x98 [usbserial])
[<bf0b0118>] (serial_port_activate [usbserial]) from [<c0470ca4>] (tty_port_open+0x9c/0xe8)
[<c0470ca4>] (tty_port_open) from [<bf0b0da0>] (serial_open+0x48/0x6c [usbserial])
[<bf0b0da0>] (serial_open [usbserial]) from [<c0469178>] (tty_open+0xcc/0x5cc)
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Fix NULL-pointer dereference when clearing halt at open should a
malicious device lack the expected endpoints when in download mode.
Unable to handle kernel NULL pointer dereference at virtual address 00000030
...
[<bf011ed8>] (edge_open [io_ti]) from [<bf000118>] (serial_port_activate+0x68/0x98 [usbserial])
[<bf000118>] (serial_port_activate [usbserial]) from [<c0470ca4>] (tty_port_open+0x9c/0xe8)
[<c0470ca4>] (tty_port_open) from [<bf000da0>] (serial_open+0x48/0x6c [usbserial])
[<bf000da0>] (serial_open [usbserial]) from [<c0469178>] (tty_open+0xcc/0x5cc)
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Fix NULL-pointer dereference when initialising URBs at open should a
non-EPIC device lack a bulk-in or interrupt-in endpoint.
Unable to handle kernel NULL pointer dereference at virtual address 00000028
...
PC is at edge_open+0x24c/0x3e8 [io_edgeport]
Note that the EPIC-device probe path has the required sanity checks so
this makes those checks partially redundant.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Make sure to free the URB transfer buffer in case submission fails (e.g.
due to a disconnect).
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Fix NULL-pointer dereference when clearing halt at open should the device
lack a bulk-out endpoint.
Unable to handle kernel NULL pointer dereference at virtual address 00000030
...
PC is at cyberjack_open+0x40/0x9c [cyberjack]
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
max_retries _show and _store functions should test against cfg->max_retries,
not cfg->retry_timeout
Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
There is a race window between write_cache_pages calling
clear_page_dirty_for_io and XFS calling set_page_writeback, in which
the mapping for an inode is tagged neither as dirty, nor as writeback.
If the COW shrinker hits in exactly that window we'll remove the delayed
COW extents and writepages trying to write it back, which in release
kernels will manifest as corruption of the bmap btree, and in debug
kernels will trip the ASSERT about now calling xfs_bmapi_write with the
COWFORK flag for holes. A complex customer load manages to hit this
window fairly reliably, probably by always having COW writeback in flight
while the cow shrinker runs.
This patch adds another check for having the I_DIRTY_PAGES flag set,
which is still set during this race window. While this fixes the problem
I'm still not overly happy about the way the COW shrinker works as it
still seems a bit fragile.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
We need to use the actual AG length when making per-AG reservations,
since we could otherwise end up reserving more blocks out of the last
AG than there are actual blocks.
Complained-about-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Dan Carpenter reported a double-free of rcur if _defer_finish fails
while we're recovering CUI items. Fix the error recovery to prevent
this.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
The move from rx-handler to L3 receive handler inadvertantly dropped the
rx counters. Restore them.
Fixes: 74b20582ac ("net: l3mdev: Add hook in ip and ipv6")
Reported-by: Dinesh Dutt <ddutt@cumulusnetworks.com>
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Audit tree code was happily adding new notification marks while holding
spinlocks. Since fsnotify_add_mark() acquires group->mark_mutex this can
lead to sleeping while holding a spinlock, deadlocks due to lock
inversion, and probably other fun. Fix the problem by acquiring
group->mark_mutex earlier.
CC: Paul Moore <paul@paul-moore.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This updates gcc-common.h from Emese Revfy for gcc 7. This fixes issues seen
by Kugan and Arnd. Build tested with gcc 5.4 and 7 snapshot.
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Pull parisc updates from Helge Deller:
- limit usage of processor-internal cr16 clocksource to UP systems only
- segfault info lines in syslog were too long, split those up
- drop own TIF_RESTORE_SIGMASK flag and switch to generic code
* 'parisc-4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
parisc: Add line-break when printing segfault info
parisc: Drop TIF_RESTORE_SIGMASK and switch to generic code
parisc: Mark cr16 clocksource unstable on SMP systems
Ensure all reserved fields of xatp are zero before making
hypervisor call to XEN in xen_map_device_mmio().
xenmem_add_to_physmap_one() in XEN fails the mapping request if
extra.res reserved field in xatp is not zero for XENMAPSPACE_dev_mmio
request.
Signed-off-by: Jiandi An <anjiandi@codeaurora.org>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>