1. 05 12月, 2019 21 次提交
    • X
      x86/resctrl: Prevent NULL pointer dereference when reading mondata · 1677a0e5
      Xiaochen Shen 提交于
      [ Upstream commit 26467b0f8407cbd628fa5b7bcfd156e772004155 ]
      
      When a mon group is being deleted, rdtgrp->flags is set to RDT_DELETED
      in rdtgroup_rmdir_mon() firstly. The structure of rdtgrp will be freed
      until rdtgrp->waitcount is dropped to 0 in rdtgroup_kn_unlock() later.
      
      During the window of deleting a mon group, if an application calls
      rdtgroup_mondata_show() to read mondata under this mon group,
      'rdtgrp' returned from rdtgroup_kn_lock_live() is a NULL pointer when
      rdtgrp->flags is RDT_DELETED. And then 'rdtgrp' is passed in this path:
      rdtgroup_mondata_show() --> mon_event_read() --> mon_event_count().
      Thus it results in NULL pointer dereference in mon_event_count().
      
      Check 'rdtgrp' in rdtgroup_mondata_show(), and return -ENOENT
      immediately when reading mondata during the window of deleting a mon
      group.
      
      Fixes: d89b7379 ("x86/intel_rdt/cqm: Add mon_data")
      Signed-off-by: NXiaochen Shen <xiaochen.shen@intel.com>
      Signed-off-by: NBorislav Petkov <bp@suse.de>
      Reviewed-by: NFenghua Yu <fenghua.yu@intel.com>
      Reviewed-by: NTony Luck <tony.luck@intel.com>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: pei.p.jia@intel.com
      Cc: Reinette Chatre <reinette.chatre@intel.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: x86-ml <x86@kernel.org>
      Link: https://lkml.kernel.org/r/1572326702-27577-1-git-send-email-xiaochen.shen@intel.comSigned-off-by: NSasha Levin <sashal@kernel.org>
      1677a0e5
    • M
      idr: Fix idr_alloc_u32 on 32-bit systems · 8ef58b82
      Matthew Wilcox (Oracle) 提交于
      [ Upstream commit b7e9728f3d7fc5c5c8508d99f1675212af5cfd49 ]
      
      Attempting to allocate an entry at 0xffffffff when one is already
      present would succeed in allocating one at 2^32, which would confuse
      everything.  Return -ENOSPC in this case, as expected.
      Signed-off-by: NMatthew Wilcox (Oracle) <willy@infradead.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      8ef58b82
    • M
      idr: Fix integer overflow in idr_for_each_entry · 88358c76
      Matthew Wilcox (Oracle) 提交于
      [ Upstream commit f6341c5af4e6e15041be39976d16deca789555fa ]
      
      If there is an entry at INT_MAX then idr_for_each_entry() will increment
      id after handling it.  This is undefined behaviour, and is caught by
      UBSAN.  Adding 1U to id forces the operation to be carried out as an
      unsigned addition which (when assigned to id) will result in INT_MIN.
      Since there is never an entry stored at INT_MIN, idr_get_next() will
      return NULL, ending the loop as expected.
      Signed-off-by: NMatthew Wilcox (Oracle) <willy@infradead.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      88358c76
    • E
      powerpc/bpf: Fix tail call implementation · a6359d5e
      Eric Dumazet 提交于
      [ Upstream commit 7de086909365cd60a5619a45af3f4152516fd75c ]
      
      We have seen many crashes on powerpc hosts while loading bpf programs.
      
      The problem here is that bpf_int_jit_compile() does a first pass
      to compute the program length.
      
      Then it allocates memory to store the generated program and
      calls bpf_jit_build_body() a second time (and a third time
      later)
      
      What I have observed is that the second bpf_jit_build_body()
      could end up using few more words than expected.
      
      If bpf_jit_binary_alloc() put the space for the program
      at the end of the allocated page, we then write on
      a non mapped memory.
      
      It appears that bpf_jit_emit_tail_call() calls
      bpf_jit_emit_common_epilogue() while ctx->seen might not
      be stable.
      
      Only after the second pass we can be sure ctx->seen wont be changed.
      
      Trying to avoid a second pass seems quite complex and probably
      not worth it.
      
      Fixes: ce076141 ("powerpc/bpf: Implement support for tail calls")
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      Cc: Naveen N. Rao <naveen.n.rao@linux.ibm.com>
      Cc: Sandipan Das <sandipan@linux.ibm.com>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Michael Ellerman <mpe@ellerman.id.au>
      Cc: Martin KaFai Lau <kafai@fb.com>
      Cc: Song Liu <songliubraving@fb.com>
      Cc: Yonghong Song <yhs@fb.com>
      Link: https://lore.kernel.org/bpf/20191101033444.143741-1-edumazet@google.comSigned-off-by: NSasha Levin <sashal@kernel.org>
      a6359d5e
    • B
      samples/bpf: fix build by setting HAVE_ATTR_TEST to zero · 4665759a
      Björn Töpel 提交于
      [ Upstream commit 04ec044b7d30800296824783df7d9728d16d7567 ]
      
      To remove that test_attr__{enabled/open} are used by perf-sys.h, we
      set HAVE_ATTR_TEST to zero.
      Signed-off-by: NBjörn Töpel <bjorn.topel@intel.com>
      Tested-by: NKP Singh <kpsingh@google.com>
      Acked-by: NSong Liu <songliubraving@fb.com>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Alexei Starovoitov <ast@kernel.org>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: bpf@vger.kernel.org
      Cc: netdev@vger.kernel.org
      Signed-off-by: NArnaldo Carvalho de Melo <acme@redhat.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      Link: http://lore.kernel.org/bpf/20191001113307.27796-3-bjorn.topel@gmail.comSigned-off-by: NSasha Levin <sashal@kernel.org>
      4665759a
    • O
      ARM: dts: sun8i-a83t-tbs-a711: Fix WiFi resume from suspend · 40c3b8fc
      Ondrej Jirman 提交于
      [ Upstream commit e614f341253f8541baf0230a8dc6a016b544b1e2 ]
      
      Without enabling keep-power-in-suspend, we can't wake the device
      up using WOL packet, and the log is flooded with these messages
      on resume:
      
      sunxi-mmc 1c10000.mmc: send stop command failed
      sunxi-mmc 1c10000.mmc: data error, sending stop command
      sunxi-mmc 1c10000.mmc: send stop command failed
      sunxi-mmc 1c10000.mmc: data error, sending stop command
      
      So to make the WiFi really a wakeup-source, we need to keep it powered
      during suspend.
      
      Fixes: 0e233720 ("arm: dts: sun8i: Add the TBS A711 tablet devicetree")
      Signed-off-by: NOndrej Jirman <megous@megous.com>
      Signed-off-by: NMaxime Ripard <mripard@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      40c3b8fc
    • C
      clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 · 40017db2
      Colin Ian King 提交于
      [ Upstream commit cdfc2e2086bf9c465f44e2db25561373b084a113 ]
      
      The zero'ing of bits 16 and 18 is incorrect. Currently the code
      is masking with the bitwise-and of BIT(16) & BIT(18) which is
      0, so the updated value for val is always zero. Fix this by bitwise
      and-ing value with the correct mask that will zero bits 16 and 18.
      
      Addresses-Coverity: (" Suspicious &= or |= constant expression")
      Fixes: b8eb71dc ("clk: sunxi-ng: Add A80 CCU")
      Signed-off-by: NColin Ian King <colin.king@canonical.com>
      Signed-off-by: NMaxime Ripard <mripard@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      40017db2
    • N
      clk: sunxi: Fix operator precedence in sunxi_divs_clk_setup · 49ade064
      Nathan Chancellor 提交于
      [ Upstream commit afdc74ed2d57e86c10b1d6831339770a802bab9a ]
      
      r375326 in Clang exposes an issue with operator precedence in
      sunxi_div_clk_setup:
      
      drivers/clk/sunxi/clk-sunxi.c:1083:30: warning: operator '?:' has lower
      precedence than '|'; '|' will be evaluated first
      [-Wbitwise-conditional-parentheses]
                                                       data->div[i].critical ?
                                                       ~~~~~~~~~~~~~~~~~~~~~ ^
      drivers/clk/sunxi/clk-sunxi.c:1083:30: note: place parentheses around
      the '|' expression to silence this warning
                                                       data->div[i].critical ?
                                                                             ^
                                                                            )
      drivers/clk/sunxi/clk-sunxi.c:1083:30: note: place parentheses around
      the '?:' expression to evaluate it first
                                                       data->div[i].critical ?
                                                                             ^
                                                       (
      1 warning generated.
      
      It appears that the intention was for ?: to be evaluated first so that
      CLK_IS_CRITICAL could be added to clkflags if the critical boolean was
      set; right now, | is being evaluated first. Add parentheses around the
      ?: block to have it be evaluated first.
      
      Fixes: 9919d44f ("clk: sunxi: Use CLK_IS_CRITICAL flag for critical clks")
      Link: https://github.com/ClangBuiltLinux/linux/issues/745Signed-off-by: NNathan Chancellor <natechancellor@gmail.com>
      Signed-off-by: NMaxime Ripard <mripard@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      49ade064
    • A
      clk: at91: avoid sleeping early · 15fc2f3c
      Alexandre Belloni 提交于
      [ Upstream commit 658fd65cf0b0d511de1718e48d9a28844c385ae0 ]
      
      It is not allowed to sleep to early in the boot process and this may lead
      to kernel issues if the bootloader didn't prepare the slow clock and main
      clock.
      
      This results in the following error and dump stack on the AriettaG25:
         bad: scheduling from the idle thread!
      
      Ensure it is possible to sleep, else simply have a delay.
      Reported-by: NUwe Kleine-König <u.kleine-koenig@pengutronix.de>
      Signed-off-by: NAlexandre Belloni <alexandre.belloni@bootlin.com>
      Link: https://lkml.kernel.org/r/20190920153906.20887-1-alexandre.belloni@bootlin.com
      Fixes: 80eded6c ("clk: at91: add slow clks driver")
      Tested-by: NUwe Kleine-König <u.kleine-koenig@pengutronix.de>
      Signed-off-by: NStephen Boyd <sboyd@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      15fc2f3c
    • R
      reset: fix reset_control_ops kerneldoc comment · 8885552a
      Randy Dunlap 提交于
      [ Upstream commit f430c7ed8bc22992ed528b518da465b060b9223f ]
      
      Add a missing short description to the reset_control_ops documentation.
      Signed-off-by: NRandy Dunlap <rdunlap@infradead.org>
      [p.zabel@pengutronix.de: rebased and updated commit message]
      Signed-off-by: NPhilipp Zabel <p.zabel@pengutronix.de>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      8885552a
    • F
      ARM: dts: imx6qdl-sabreauto: Fix storm of accelerometer interrupts · a94913c0
      Fabio Estevam 提交于
      [ Upstream commit 7e5d0bf6afcc7bd72f78e7f33570e2e0945624f0 ]
      
      Since commit a211b8c5 ("ARM: dts: imx6qdl-sabreauto: Add sensors")
      a storm of accelerometer interrupts is seen:
      
      [  114.211283] irq 260: nobody cared (try booting with the "irqpoll" option)
      [  114.218108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.3.4 #1
      [  114.223960] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
      [  114.230531] [<c0112858>] (unwind_backtrace) from [<c010cdc8>] (show_stack+0x10/0x14)
      [  114.238301] [<c010cdc8>] (show_stack) from [<c0c1aa1c>] (dump_stack+0xd8/0x110)
      [  114.245644] [<c0c1aa1c>] (dump_stack) from [<c0193594>] (__report_bad_irq+0x30/0xc0)
      [  114.253417] [<c0193594>] (__report_bad_irq) from [<c01933ac>] (note_interrupt+0x108/0x298)
      [  114.261707] [<c01933ac>] (note_interrupt) from [<c018ffe4>] (handle_irq_event_percpu+0x70/0x80)
      [  114.270433] [<c018ffe4>] (handle_irq_event_percpu) from [<c019002c>] (handle_irq_event+0x38/0x5c)
      [  114.279326] [<c019002c>] (handle_irq_event) from [<c019438c>] (handle_level_irq+0xc8/0x154)
      [  114.287701] [<c019438c>] (handle_level_irq) from [<c018eda0>] (generic_handle_irq+0x20/0x34)
      [  114.296166] [<c018eda0>] (generic_handle_irq) from [<c0534214>] (mxc_gpio_irq_handler+0x30/0xf0)
      [  114.304975] [<c0534214>] (mxc_gpio_irq_handler) from [<c0534334>] (mx3_gpio_irq_handler+0x60/0xb0)
      [  114.313955] [<c0534334>] (mx3_gpio_irq_handler) from [<c018eda0>] (generic_handle_irq+0x20/0x34)
      [  114.322762] [<c018eda0>] (generic_handle_irq) from [<c018f3ac>] (__handle_domain_irq+0x64/0xe0)
      [  114.331485] [<c018f3ac>] (__handle_domain_irq) from [<c05215a8>] (gic_handle_irq+0x4c/0xa8)
      [  114.339862] [<c05215a8>] (gic_handle_irq) from [<c0101a70>] (__irq_svc+0x70/0x98)
      [  114.347361] Exception stack(0xc1301ec0 to 0xc1301f08)
      [  114.352435] 1ec0: 00000001 00000006 00000000 c130c340 00000001 c130f688 9785636d c13ea2e8
      [  114.360635] 1ee0: 9784907d 0000001a eaf99d78 0000001a 00000000 c1301f10 c0182b00 c0878de4
      [  114.368830] 1f00: 20000013 ffffffff
      [  114.372349] [<c0101a70>] (__irq_svc) from [<c0878de4>] (cpuidle_enter_state+0x168/0x5f4)
      [  114.380464] [<c0878de4>] (cpuidle_enter_state) from [<c08792ac>] (cpuidle_enter+0x28/0x38)
      [  114.388751] [<c08792ac>] (cpuidle_enter) from [<c015ef9c>] (do_idle+0x224/0x2a8)
      [  114.396168] [<c015ef9c>] (do_idle) from [<c015f3b8>] (cpu_startup_entry+0x18/0x20)
      [  114.403765] [<c015f3b8>] (cpu_startup_entry) from [<c1200e54>] (start_kernel+0x43c/0x500)
      [  114.411958] handlers:
      [  114.414302] [<a01028b8>] irq_default_primary_handler threaded [<fd7a3b08>] mma8452_interrupt
      [  114.422974] Disabling IRQ #260
      
                 CPU0       CPU1
      ....
      260:     100001          0  gpio-mxc  31 Level     mma8451
      
      The MMA8451 interrupt triggers as low level, so the GPIO6_IO31 pin
      needs to activate its pull up, otherwise it will stay always at low level
      generating multiple interrupts.
      
      The current device tree does not configure the IOMUX for this pin, so
      it uses whathever comes configured from the bootloader.
      
      The IOMUXC_SW_PAD_CTL_PAD_EIM_BCLK register value comes as 0x8000 from
      the bootloader, which has PKE bit cleared, hence disabling the
      pull-up.
      
      Instead of relying on a previous configuration from the bootloader,
      configure the GPIO6_IO31 pin with pull-up enabled in order to fix
      this problem.
      
      Fixes: a211b8c5 ("ARM: dts: imx6qdl-sabreauto: Add sensors")
      Signed-off-by: NFabio Estevam <festevam@gmail.com>
      Reviewed-By: NLeonard Crestez <leonard.crestez@nxp.com>
      Signed-off-by: NShawn Guo <shawnguo@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      a94913c0
    • A
      pinctrl: cherryview: Allocate IRQ chip dynamic · 5b15b1bf
      Andy Shevchenko 提交于
      [ Upstream commit 67d33aecd030226f0a577eb683aaa6853ecf8f91 ]
      
      Keeping the IRQ chip definition static shares it with multiple instances
      of the GPIO chip in the system. This is bad and now we get this warning
      from GPIO library:
      
      "detected irqchip that is shared with multiple gpiochips: please fix the driver."
      
      Hence, move the IRQ chip definition from being driver static into the struct
      intel_pinctrl. So a unique IRQ chip is used for each GPIO chip instance.
      
      This patch is heavily based on the attachment to the bug by Christoph Marz.
      
      BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=202543
      Fixes: 6e08d6bb ("pinctrl: Add Intel Cherryview/Braswell pin controller support")
      Depends-on: 83b9dc11 ("pinctrl: cherryview: Associate IRQ descriptors to irqdomain")
      Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: NMika Westerberg <mika.westerberg@linux.intel.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      5b15b1bf
    • M
      clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume · a0554203
      Marek Szyprowski 提交于
      [ Upstream commit e9323b664ce29547d996195e8a6129a351c39108 ]
      
      Properly save and restore all top PLL related configuration registers
      during suspend/resume cycle. So far driver only handled EPLL and RPLL
      clocks, all other were reset to default values after suspend/resume cycle.
      This caused for example lower G3D (MALI Panfrost) performance after system
      resume, even if performance governor has been selected.
      Reported-by: NReported-by: Marian Mihailescu <mihailescu2m@gmail.com>
      Fixes: 77342432 ("clk: samsung: exynos5420: add more registers to restore list")
      Signed-off-by: NMarek Szyprowski <m.szyprowski@samsung.com>
      Signed-off-by: NSylwester Nawrocki <s.nawrocki@samsung.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      a0554203
    • R
      ASoC: kirkwood: fix device remove ordering · 80e28fa2
      Russell King 提交于
      [ Upstream commit dc39596a906d5b604f4e64597b6e904fc14625e8 ]
      
      The devm conversion of kirkwood was incorrect; on removal, devm takes
      effect after the "remove" function has returned.  So, the effect of
      the conversion was to change the order during remove from:
      
        - snd_soc_unregister_component() (unpublishes interfaces)
        - clk_disable_unprepare()
        - cleanup resources
      
      After the conversion, this became:
      
        - clk_disable_unprepare() - while the device may still be active
        - snd_soc_unregister_component()
        - cleanup resources
      
      Hence, it introduces a bug, where the internal clock for the device
      may be shut down before the device itself has been shut down.  It is
      known that Marvell SoCs, including Dove, locks up if registers for a
      peripheral that has its clocks disabled are accessed.
      
      Fixes: f98fc0f8 ("ASoC: kirkwood: replace platform to component")
      Signed-off-by: NRussell King <rmk+kernel@armlinux.org.uk>
      Link: https://lore.kernel.org/r/E1iNGyP-0004oN-BA@rmk-PC.armlinux.org.ukSigned-off-by: NMark Brown <broonie@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      80e28fa2
    • R
      ASoC: kirkwood: fix external clock probe defer · 6a7472ad
      Russell King 提交于
      [ Upstream commit 4523817d51bc3b2ef38da768d004fda2c8bc41de ]
      
      When our call to get the external clock fails, we forget to clean up
      the enabled internal clock correctly.  Enable the clock after we have
      obtained all our resources.
      
      Fixes: 84aac6c7 ("ASoC: kirkwood: fix loss of external clock at probe time")
      Signed-off-by: NRussell King <rmk+kernel@armlinux.org.uk>
      Link: https://lore.kernel.org/r/E1iNGyK-0004oF-6A@rmk-PC.armlinux.org.ukSigned-off-by: NMark Brown <broonie@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      6a7472ad
    • M
      clk: samsung: exynos5433: Fix error paths · a2c2cf16
      Marek Szyprowski 提交于
      [ Upstream commit faac3604d05e8015567124e5ee79edc3f1568a89 ]
      
      Add checking the value returned by samsung_clk_alloc_reg_dump() and
      devm_kcalloc(). While fixing this, also release all gathered clocks.
      
      Fixes: 523d3de4 ("clk: samsung: exynos5433: Add support for runtime PM")
      Signed-off-by: NMarek Szyprowski <m.szyprowski@samsung.com>
      Reviewed-by: NKrzysztof Kozlowski <krzk@kernel.org>
      Acked-by: NChanwoo Choi <cw00.choi@samsung.com>
      [s.nawrocki: squashed patch from K. Kozlowski adding missing slab.h header]
      Reported-by: Nkbuild test robot <lkp@intel.com>
      Signed-off-by: NKrzysztof Kozlowski <krzk@kernel.org>
      Signed-off-by: NSylwester Nawrocki <s.nawrocki@samsung.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      a2c2cf16
    • K
      reset: Fix memory leak in reset_control_array_put() · 9a5933aa
      Kishon Vijay Abraham I 提交于
      [ Upstream commit 532f9cd6ee994ed10403e856ca27501428048597 ]
      
      Memory allocated for 'struct reset_control_array' in
      of_reset_control_array_get() is never freed in
      reset_control_array_put() resulting in kmemleak showing
      the following backtrace.
      
        backtrace:
          [<00000000c5f17595>] __kmalloc+0x1b0/0x2b0
          [<00000000bd499e13>] of_reset_control_array_get+0xa4/0x180
          [<000000004cc02754>] 0xffff800008c669e4
          [<0000000050a83b24>] platform_drv_probe+0x50/0xa0
          [<00000000d3a0b0bc>] really_probe+0x108/0x348
          [<000000005aa458ac>] driver_probe_device+0x58/0x100
          [<000000008853626c>] device_driver_attach+0x6c/0x90
          [<0000000085308d19>] __driver_attach+0x84/0xc8
          [<00000000080d35f2>] bus_for_each_dev+0x74/0xc8
          [<00000000dd7f015b>] driver_attach+0x20/0x28
          [<00000000923ba6e6>] bus_add_driver+0x148/0x1f0
          [<0000000061473b66>] driver_register+0x60/0x110
          [<00000000c5bec167>] __platform_driver_register+0x40/0x48
          [<000000007c764b4f>] 0xffff800008c6c020
          [<0000000047ec2e8c>] do_one_initcall+0x5c/0x1b0
          [<0000000093d4b50d>] do_init_module+0x54/0x1d0
      
      Fixes: 17c82e20 ("reset: Add APIs to manage array of resets")
      Signed-off-by: NKishon Vijay Abraham I <kishon@ti.com>
      Signed-off-by: NPhilipp Zabel <p.zabel@pengutronix.de>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      9a5933aa
    • X
      ASoC: compress: fix unsigned integer overflow check · e8eb6233
      Xiaojun Sang 提交于
      [ Upstream commit d3645b055399538415586ebaacaedebc1e5899b0 ]
      
      Parameter fragments and fragment_size are type of u32. U32_MAX is
      the correct check.
      Signed-off-by: NXiaojun Sang <xsang@codeaurora.org>
      Signed-off-by: NSrinivas Kandagatla <srinivas.kandagatla@linaro.org>
      Acked-by: NVinod Koul <vkoul@kernel.org>
      Link: https://lore.kernel.org/r/20191021095432.5639-1-srinivas.kandagatla@linaro.orgSigned-off-by: NMark Brown <broonie@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      e8eb6233
    • S
      ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX · 7971b7fd
      Stephan Gerhold 提交于
      [ Upstream commit 9110d1b0e229cebb1ffce0c04db2b22beffd513d ]
      
      According to the PM8916 Hardware Register Description,
      CDC_D_CDC_CONN_HPHR_DAC_CTL has only a single bit (RX_SEL)
      to switch between RX1 (0) and RX2 (1). It is not possible to
      disable it entirely to achieve the "ZERO" state.
      
      However, at the moment the "RDAC2 MUX" mixer defines three possible
      values ("ZERO", "RX2" and "RX1"). Setting the mixer to "ZERO"
      actually configures it to RX1. Setting the mixer to "RX1" has
      (seemingly) no effect.
      
      Remove "ZERO" and replace it with "RX1" to fix this.
      
      Fixes: 585e881e ("ASoC: codecs: Add msm8916-wcd analog codec")
      Signed-off-by: NStephan Gerhold <stephan@gerhold.net>
      Acked-by: NSrinivas Kandagatla <srinivas.kandagatla@linaro.org>
      Link: https://lore.kernel.org/r/20191020153007.206070-1-stephan@gerhold.netSigned-off-by: NMark Brown <broonie@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      7971b7fd
    • F
      clocksource/drivers/mediatek: Fix error handling · daa2c403
      Fabien Parent 提交于
      [ Upstream commit 41d49e7939de5ec532d86494185b2ca2e99c848a ]
      
      When timer_of_init fails, it cleans up after itself by undoing
      everything it did during the initialization function.
      
      mtk_syst_init and mtk_gpt_init both call timer_of_cleanup if
      timer_of_init fails. timer_of_cleanup try to release the resource
      taken.  Since these resources have already been cleaned up by
      timer_of_init, we end up getting a few warnings printed:
      
      [    0.001935] WARNING: CPU: 0 PID: 0 at __clk_put+0xe8/0x128
      [    0.002650] Modules linked in:
      [    0.003058] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.67+ #1
      [    0.003852] Hardware name: MediaTek MT8183 (DT)
      [    0.004446] pstate: 20400085 (nzCv daIf +PAN -UAO)
      [    0.005073] pc : __clk_put+0xe8/0x128
      [    0.005555] lr : clk_put+0xc/0x14
      [    0.005988] sp : ffffff80090b3ea0
      [    0.006422] x29: ffffff80090b3ea0 x28: 0000000040e20018
      [    0.007121] x27: ffffffc07bfff780 x26: 0000000000000001
      [    0.007819] x25: ffffff80090bda80 x24: ffffff8008ec5828
      [    0.008517] x23: ffffff80090bd000 x22: ffffff8008d8b2e8
      [    0.009216] x21: 0000000000000001 x20: fffffffffffffdfb
      [    0.009914] x19: ffffff8009166180 x18: 00000000002bffa8
      [    0.010612] x17: ffffffc012996980 x16: 0000000000000000
      [    0.011311] x15: ffffffbf004a6800 x14: 3536343038393334
      [    0.012009] x13: 2079726576652073 x12: 7eb9c62c5c38f100
      [    0.012707] x11: ffffff80090b3ba0 x10: ffffff80090b3ba0
      [    0.013405] x9 : 0000000000000004 x8 : 0000000000000040
      [    0.014103] x7 : ffffffc079400270 x6 : 0000000000000000
      [    0.014801] x5 : ffffffc079400248 x4 : 0000000000000000
      [    0.015499] x3 : 0000000000000000 x2 : 0000000000000000
      [    0.016197] x1 : ffffff80091661c0 x0 : fffffffffffffdfb
      [    0.016896] Call trace:
      [    0.017218]  __clk_put+0xe8/0x128
      [    0.017654]  clk_put+0xc/0x14
      [    0.018048]  timer_of_cleanup+0x60/0x7c
      [    0.018551]  mtk_syst_init+0x8c/0x9c
      [    0.019020]  timer_probe+0x6c/0xe0
      [    0.019469]  time_init+0x14/0x44
      [    0.019893]  start_kernel+0x2d0/0x46c
      [    0.020378] ---[ end trace 8c1efabea1267649 ]---
      [    0.020982] ------------[ cut here ]------------
      [    0.021586] Trying to vfree() nonexistent vm area ((____ptrval____))
      [    0.022427] WARNING: CPU: 0 PID: 0 at __vunmap+0xd0/0xd8
      [    0.023119] Modules linked in:
      [    0.023524] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G        W         4.19.67+ #1
      [    0.024498] Hardware name: MediaTek MT8183 (DT)
      [    0.025091] pstate: 60400085 (nZCv daIf +PAN -UAO)
      [    0.025718] pc : __vunmap+0xd0/0xd8
      [    0.026176] lr : __vunmap+0xd0/0xd8
      [    0.026632] sp : ffffff80090b3e90
      [    0.027066] x29: ffffff80090b3e90 x28: 0000000040e20018
      [    0.027764] x27: ffffffc07bfff780 x26: 0000000000000001
      [    0.028462] x25: ffffff80090bda80 x24: ffffff8008ec5828
      [    0.029160] x23: ffffff80090bd000 x22: ffffff8008d8b2e8
      [    0.029858] x21: 0000000000000000 x20: 0000000000000000
      [    0.030556] x19: ffffff800800d000 x18: 00000000002bffa8
      [    0.031254] x17: 0000000000000000 x16: 0000000000000000
      [    0.031952] x15: ffffffbf004a6800 x14: 3536343038393334
      [    0.032651] x13: 2079726576652073 x12: 7eb9c62c5c38f100
      [    0.033349] x11: ffffff80090b3b40 x10: ffffff80090b3b40
      [    0.034047] x9 : 0000000000000005 x8 : 5f5f6c6176727470
      [    0.034745] x7 : 5f5f5f5f28282061 x6 : ffffff80091c86ef
      [    0.035443] x5 : ffffff800852b690 x4 : 0000000000000000
      [    0.036141] x3 : 0000000000000002 x2 : 0000000000000002
      [    0.036839] x1 : 7eb9c62c5c38f100 x0 : 7eb9c62c5c38f100
      [    0.037536] Call trace:
      [    0.037859]  __vunmap+0xd0/0xd8
      [    0.038271]  vunmap+0x24/0x30
      [    0.038664]  __iounmap+0x2c/0x34
      [    0.039088]  timer_of_cleanup+0x70/0x7c
      [    0.039591]  mtk_syst_init+0x8c/0x9c
      [    0.040060]  timer_probe+0x6c/0xe0
      [    0.040507]  time_init+0x14/0x44
      [    0.040932]  start_kernel+0x2d0/0x46c
      
      This commit remove the calls to timer_of_cleanup when timer_of_init
      fails since it is unnecessary and actually cause warnings to be printed.
      
      Fixes: a0858f93 ("mediatek: Convert the driver to timer-of")
      Signed-off-by: NFabien Parent <fparent@baylibre.com>
      Signed-off-by: NDaniel Lezcano <daniel.lezcano@linaro.org>
      Link: https://lore.kernel.org/linux-arm-kernel/20190919191315.25190-1-fparent@baylibre.com/Signed-off-by: NSasha Levin <sashal@kernel.org>
      daa2c403
    • M
      clk: meson: gxbb: let sar_adc_clk_div set the parent clock rate · 9c65bb95
      Martin Blumenstingl 提交于
      [ Upstream commit 44b09b11b813b8550e6b976ea51593bc23bba8d1 ]
      
      The meson-saradc driver manually sets the input clock for
      sar_adc_clk_sel. Update the GXBB clock driver (which is used on GXBB,
      GXL and GXM) so the rate settings on sar_adc_clk_div are propagated up
      to sar_adc_clk_sel which will let the common clock framework select the
      best matching parent clock if we want that.
      
      This makes sar_adc_clk_div consistent with the axg-aoclk and g12a-aoclk
      drivers, which both also specify CLK_SET_RATE_PARENT.
      
      Fixes: 33d0fcdf ("clk: gxbb: add the SAR ADC clocks and expose them")
      Signed-off-by: NMartin Blumenstingl <martin.blumenstingl@googlemail.com>
      Signed-off-by: NJerome Brunet <jbrunet@baylibre.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      9c65bb95
  2. 01 12月, 2019 19 次提交
    • G
      Linux 4.19.87 · 174651bd
      Greg Kroah-Hartman 提交于
      174651bd
    • E
      PM / devfreq: Fix kernel oops on governor module load · 6938a9da
      Ezequiel Garcia 提交于
      commit 7544fd7f384591038646d3cd9efb311ab4509e24 upstream.
      
      A bit unexpectedly (but still documented), request_module may
      return a positive value, in case of a modprobe error.
      This is currently causing issues in the devfreq framework.
      
      When a request_module exits with a positive value, we currently
      return that via ERR_PTR. However, because the value is positive,
      it's not a ERR_VALUE proper, and is therefore treated as a
      valid struct devfreq_governor pointer, leading to a kernel oops.
      
      Fix this by returning -EINVAL if request_module returns a positive
      value.
      
      Fixes: b53b0128052ff ("PM / devfreq: Fix static checker warning in try_then_request_governor")
      Signed-off-by: NEzequiel Garcia <ezequiel@collabora.com>
      Reviewed-by: NChanwoo Choi <cw00.choi@samsung.com>
      Signed-off-by: NMyungJoo Ham <myungjoo.ham@samsung.com>
      Cc: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      6938a9da
    • M
      KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel · 345712c9
      Michael Ellerman 提交于
      commit af2e8c68b9c5403f77096969c516f742f5bb29e0 upstream.
      
      On some systems that are vulnerable to Spectre v2, it is up to
      software to flush the link stack (return address stack), in order to
      protect against Spectre-RSB.
      
      When exiting from a guest we do some house keeping and then
      potentially exit to C code which is several stack frames deep in the
      host kernel. We will then execute a series of returns without
      preceeding calls, opening up the possiblity that the guest could have
      poisoned the link stack, and direct speculative execution of the host
      to a gadget of some sort.
      
      To prevent this we add a flush of the link stack on exit from a guest.
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      [dja: straightforward backport to v4.19]
      Signed-off-by: NDaniel Axtens <dja@axtens.net>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      345712c9
    • M
      powerpc/book3s64: Fix link stack flush on context switch · 0a60d4bd
      Michael Ellerman 提交于
      commit 39e72bf96f5847ba87cc5bd7a3ce0fed813dc9ad upstream.
      
      In commit ee13cb24 ("powerpc/64s: Add support for software count
      cache flush"), I added support for software to flush the count
      cache (indirect branch cache) on context switch if firmware told us
      that was the required mitigation for Spectre v2.
      
      As part of that code we also added a software flush of the link
      stack (return address stack), which protects against Spectre-RSB
      between user processes.
      
      That is all correct for CPUs that activate that mitigation, which is
      currently Power9 Nimbus DD2.3.
      
      What I got wrong is that on older CPUs, where firmware has disabled
      the count cache, we also need to flush the link stack on context
      switch.
      
      To fix it we create a new feature bit which is not set by firmware,
      which tells us we need to flush the link stack. We set that when
      firmware tells us that either of the existing Spectre v2 mitigations
      are enabled.
      
      Then we adjust the patching code so that if we see that feature bit we
      enable the link stack flush. If we're also told to flush the count
      cache in software then we fall through and do that also.
      
      On the older CPUs we don't need to do do the software count cache
      flush, firmware has disabled it, so in that case we patch in an early
      return after the link stack flush.
      
      The naming of some of the functions is awkward after this patch,
      because they're called "count cache" but they also do link stack. But
      we'll fix that up in a later commit to ease backporting.
      
      This is the fix for CVE-2019-18660.
      Reported-by: NAnthony Steinhauser <asteinhauser@google.com>
      Fixes: ee13cb24 ("powerpc/64s: Add support for software count cache flush")
      Cc: stable@vger.kernel.org # v4.4+
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0a60d4bd
    • C
      powerpc/64s: support nospectre_v2 cmdline option · 19d98b4d
      Christopher M. Riedl 提交于
      commit d8f0e0b073e1ec52a05f0c2a56318b47387d2f10 upstream.
      
      Add support for disabling the kernel implemented spectre v2 mitigation
      (count cache flush on context switch) via the nospectre_v2 and
      mitigations=off cmdline options.
      Suggested-by: NMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: NChristopher M. Riedl <cmr@informatik.wtf>
      Reviewed-by: NAndrew Donnellan <ajd@linux.ibm.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20190524024647.381-1-cmr@informatik.wtfSigned-off-by: NDaniel Axtens <dja@axtens.net>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      19d98b4d
    • B
      staging: comedi: usbduxfast: usbduxfast_ai_cmdtest rounding error · b7e2a040
      Bernd Porr 提交于
      commit 5618332e5b955b4bff06d0b88146b971c8dd7b32 upstream.
      
      The userspace comedilib function 'get_cmd_generic_timed' fills
      the cmd structure with an informed guess and then calls the
      function 'usbduxfast_ai_cmdtest' in this driver repeatedly while
      'usbduxfast_ai_cmdtest' is modifying the cmd struct until it
      no longer changes. However, because of rounding errors this never
      converged because 'steps = (cmd->convert_arg * 30) / 1000' and then
      back to 'cmd->convert_arg = (steps * 1000) / 30' won't be the same
      because of rounding errors. 'Steps' should only be converted back to
      the 'convert_arg' if 'steps' has actually been modified. In addition
      the case of steps being 0 wasn't checked which is also now done.
      Signed-off-by: NBernd Porr <mail@berndporr.me.uk>
      Cc: <stable@vger.kernel.org> # 4.4+
      Reviewed-by: NIan Abbott <abbotti@mev.co.uk>
      Link: https://lore.kernel.org/r/20191118230759.1727-1-mail@berndporr.me.ukSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b7e2a040
    • A
      USB: serial: option: add support for Foxconn T77W968 LTE modules · 4101916e
      Aleksander Morgado 提交于
      commit f0797095423e6ea3b4be61134ee353c7f504d440 upstream.
      
      These are the Foxconn-branded variants of the Dell DW5821e modules,
      same USB layout as those. The device exposes AT, NMEA and DIAG ports
      in both USB configurations.
      
      P:  Vendor=0489 ProdID=e0b4 Rev=03.18
      S:  Manufacturer=FII
      S:  Product=T77W968 LTE
      S:  SerialNumber=0123456789ABCDEF
      C:  #Ifs= 6 Cfg#= 1 Atr=a0 MxPwr=500mA
      I:  If#=0x0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
      I:  If#=0x1 Alt= 0 #EPs= 1 Cls=03(HID  ) Sub=00 Prot=00 Driver=usbhid
      I:  If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
      I:  If#=0x3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
      I:  If#=0x4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
      I:  If#=0x5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
      
      P:  Vendor=0489 ProdID=e0b4 Rev=03.18
      S:  Manufacturer=FII
      S:  Product=T77W968 LTE
      S:  SerialNumber=0123456789ABCDEF
      C:  #Ifs= 7 Cfg#= 2 Atr=a0 MxPwr=500mA
      I:  If#=0x0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim
      I:  If#=0x1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
      I:  If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
      I:  If#=0x3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
      I:  If#=0x4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
      I:  If#=0x5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
      I:  If#=0x6 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
      Signed-off-by: NAleksander Morgado <aleksander@aleksander.es>
      [ johan: drop id defines ]
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: NJohan Hovold <johan@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4101916e
    • A
      USB: serial: option: add support for DW5821e with eSIM support · 62aca664
      Aleksander Morgado 提交于
      commit 957c31ea082e3fe5196f46d5b04018b10de47400 upstream.
      
      The device exposes AT, NMEA and DIAG ports in both USB configurations.
      Exactly same layout as the default DW5821e module, just a different
      vid/pid.
      
      P:  Vendor=413c ProdID=81e0 Rev=03.18
      S:  Manufacturer=Dell Inc.
      S:  Product=DW5821e-eSIM Snapdragon X20 LTE
      S:  SerialNumber=0123456789ABCDEF
      C:  #Ifs= 6 Cfg#= 1 Atr=a0 MxPwr=500mA
      I:  If#=0x0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
      I:  If#=0x1 Alt= 0 #EPs= 1 Cls=03(HID  ) Sub=00 Prot=00 Driver=usbhid
      I:  If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
      I:  If#=0x3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
      I:  If#=0x4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
      I:  If#=0x5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
      
      P:  Vendor=413c ProdID=81e0 Rev=03.18
      S:  Manufacturer=Dell Inc.
      S:  Product=DW5821e-eSIM Snapdragon X20 LTE
      S:  SerialNumber=0123456789ABCDEF
      C:  #Ifs= 7 Cfg#= 2 Atr=a0 MxPwr=500mA
      I:  If#=0x0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim
      I:  If#=0x1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
      I:  If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
      I:  If#=0x3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
      I:  If#=0x4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
      I:  If#=0x5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
      I:  If#=0x6 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
      Signed-off-by: NAleksander Morgado <aleksander@aleksander.es>
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: NJohan Hovold <johan@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      62aca664
    • J
      USB: serial: mos7840: fix remote wakeup · 3349ed26
      Johan Hovold 提交于
      commit 92fe35fb9c70a00d8fbbf5bd6172c921dd9c7815 upstream.
      
      The driver was setting the device remote-wakeup feature during probe in
      violation of the USB specification (which says it should only be set
      just prior to suspending the device). This could potentially waste
      power during suspend as well as lead to spurious wakeups.
      
      Note that USB core would clear the remote-wakeup feature at first
      resume.
      
      Fixes: 3f542974 ("USB: Moschip 7840 USB-Serial Driver")
      Cc: stable <stable@vger.kernel.org>     # 2.6.19
      Reviewed-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: NJohan Hovold <johan@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      3349ed26
    • J
      USB: serial: mos7720: fix remote wakeup · abbda35d
      Johan Hovold 提交于
      commit ea422312a462696093b5db59d294439796cba4ad upstream.
      
      The driver was setting the device remote-wakeup feature during probe in
      violation of the USB specification (which says it should only be set
      just prior to suspending the device). This could potentially waste
      power during suspend as well as lead to spurious wakeups.
      
      Note that USB core would clear the remote-wakeup feature at first
      resume.
      
      Fixes: 0f64478c ("USB: add USB serial mos7720 driver")
      Cc: stable <stable@vger.kernel.org>     # 2.6.19
      Reviewed-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: NJohan Hovold <johan@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      abbda35d
    • P
      USB: serial: mos7840: add USB ID to support Moxa UPort 2210 · 84743898
      Pavel Löbl 提交于
      commit e696d00e65e81d46e911f24b12e441037bf11b38 upstream.
      
      Add USB ID for MOXA UPort 2210. This device contains mos7820 but
      it passes GPIO0 check implemented by driver and it's detected as
      mos7840. Hence product id check is added to force mos7820 mode.
      Signed-off-by: NPavel Löbl <pavel@loebl.cz>
      Cc: stable <stable@vger.kernel.org>
      [ johan: rename id defines and add vendor-id check ]
      Signed-off-by: NJohan Hovold <johan@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      84743898
    • O
      appledisplay: fix error handling in the scheduled work · 356440a7
      Oliver Neukum 提交于
      commit 91feb01596e5efc0cc922cc73f5583114dccf4d2 upstream.
      
      The work item can operate on
      
      1. stale memory left over from the last transfer
      the actual length of the data transfered needs to be checked
      2. memory already freed
      the error handling in appledisplay_probe() needs
      to cancel the work in that case
      
      Reported-and-tested-by: syzbot+495dab1f175edc9c2f13@syzkaller.appspotmail.com
      Signed-off-by: NOliver Neukum <oneukum@suse.com>
      Cc: stable <stable@vger.kernel.org>
      Link: https://lore.kernel.org/r/20191106124902.7765-1-oneukum@suse.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      356440a7
    • O
      USB: chaoskey: fix error case of a timeout · 0439d6b9
      Oliver Neukum 提交于
      commit 92aa5986f4f7b5a8bf282ca0f50967f4326559f5 upstream.
      
      In case of a timeout or if a signal aborts a read
      communication with the device needs to be ended
      lest we overwrite an active URB the next time we
      do IO to the device, as the URB may still be active.
      Signed-off-by: NOliver Neukum <oneukum@suse.de>
      Cc: stable <stable@vger.kernel.org>
      Link: https://lore.kernel.org/r/20191107142856.16774-1-oneukum@suse.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0439d6b9
    • G
      usb-serial: cp201x: support Mark-10 digital force gauge · a18675e5
      Greg Kroah-Hartman 提交于
      commit 347bc8cb26388791c5881a3775cb14a3f765a674 upstream.
      
      Add support for the Mark-10 digital force gauge device to the cp201x
      driver.
      
      Based on a report and a larger patch from Joel Jennings
      Reported-by: NJoel Jennings <joel.jennings@makeitlabs.com>
      Cc: stable <stable@vger.kernel.org>
      Acked-by: NJohan Hovold <johan@kernel.org>
      Link: https://lore.kernel.org/r/20191118092119.GA153852@kroah.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a18675e5
    • S
      usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() · 61f6a3fa
      Suwan Kim 提交于
      commit 2a9125317b247f2cf35c196f968906dcf062ae2d upstream.
      
      Smatch reported that nents is not initialized and used in
      stub_recv_cmd_submit(). nents is currently initialized by sgl_alloc()
      and used to allocate multiple URBs when host controller doesn't
      support scatter-gather DMA. The use of uninitialized nents means that
      buf_len is zero and use_sg is true. But buffer length should not be
      zero when an URB uses scatter-gather DMA.
      
      To prevent this situation, add the conditional that checks buf_len
      and use_sg. And move the use of nents right after the sgl_alloc() to
      avoid the use of uninitialized nents.
      
      If the error occurs, it adds SDEV_EVENT_ERROR_MALLOC and stub_priv
      will be released by stub event handler and connection will be shut
      down.
      
      Fixes: ea44d190764b ("usbip: Implement SG support to vhci-hcd and stub driver")
      Reported-by: Nkbuild test robot <lkp@intel.com>
      Reported-by: NDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: NSuwan Kim <suwan.kim027@gmail.com>
      Acked-by: NShuah Khan <skhan@linuxfoundation.org>
      Cc: stable <stable@vger.kernel.org>
      Link: https://lore.kernel.org/r/20191111141035.27788-1-suwan.kim027@gmail.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      61f6a3fa
    • H
      usbip: tools: fix fd leakage in the function of read_attr_usbip_status · 375b26a8
      Hewenliang 提交于
      commit 26a4d4c00f85cb844dd11dd35e848b079c2f5e8f upstream.
      
      We should close the fd before the return of read_attr_usbip_status.
      
      Fixes: 3391ba0e ("usbip: tools: Extract generic code to be shared with vudc backend")
      Signed-off-by: NHewenliang <hewenliang4@huawei.com>
      Cc: stable <stable@vger.kernel.org>
      Link: https://lore.kernel.org/r/20191025043515.20053-1-hewenliang4@huawei.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      375b26a8
    • O
      USBIP: add config dependency for SGL_ALLOC · e70448b9
      Oliver Neukum 提交于
      commit 1ec13abac58b6f24e32f0d3081ef4e7456e62ed8 upstream.
      
      USBIP uses lib/scatterlist.h
      Hence it needs to set CONFIG_SGL_ALLOC
      Signed-off-by: NOliver Neukum <oneukum@suse.com>
      Cc: stable <stable@vger.kernel.org>
      Acked-by: NShuah Khan <skhan@linuxfoundation.org>
      Link: https://lore.kernel.org/r/20191112154939.21217-1-oneukum@suse.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      e70448b9
    • H
      virtio_ring: fix return code on DMA mapping fails · 5d0b56f6
      Halil Pasic 提交于
      [ Upstream commit f7728002c1c7bfa787b276a31c3ef458739b8e7c ]
      
      Commit 780bc790 ("virtio_ring: Support DMA APIs")  makes
      virtqueue_add() return -EIO when we fail to map our I/O buffers. This is
      a very realistic scenario for guests with encrypted memory, as swiotlb
      may run out of space, depending on it's size and the I/O load.
      
      The virtio-blk driver interprets -EIO form virtqueue_add() as an IO
      error, despite the fact that swiotlb full is in absence of bugs a
      recoverable condition.
      
      Let us change the return code to -ENOMEM, and make the block layer
      recover form these failures when virtio-blk encounters the condition
      described above.
      
      Cc: stable@vger.kernel.org
      Fixes: 780bc790 ("virtio_ring: Support DMA APIs")
      Signed-off-by: NHalil Pasic <pasic@linux.ibm.com>
      Tested-by: NMichael Mueller <mimu@linux.ibm.com>
      Signed-off-by: NMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      5d0b56f6
    • S
      media: imon: invalid dereference in imon_touch_event · 78260a29
      Sean Young 提交于
      commit f3f5ba42c58d56d50f539854d8cc188944e96087 upstream.
      
      The touch timer is set up in intf1. If the second interface does not exist,
      the timer and touch input device are not setup and we get the following
      error, when touch events are reported via intf0.
      
      kernel BUG at kernel/time/timer.c:956!
      invalid opcode: 0000 [#1] SMP KASAN
      CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.4.0-rc1+ #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      RIP: 0010:__mod_timer kernel/time/timer.c:956 [inline]
      RIP: 0010:__mod_timer kernel/time/timer.c:949 [inline]
      RIP: 0010:mod_timer+0x5a2/0xb50 kernel/time/timer.c:1100
      Code: 45 10 c7 44 24 14 ff ff ff ff 48 89 44 24 08 48 8d 45 20 48 c7 44 24 18 00 00 00 00 48 89 04 24 e9 5a fc ff ff e8 ae ce 0e 00 <0f> 0b e8 a7 ce 0e 00 4c 89 74 24 20 e9 37 fe ff ff e8 98 ce 0e 00
      RSP: 0018:ffff8881db209930 EFLAGS: 00010006
      RAX: ffffffff86c2b200 RBX: 00000000ffffa688 RCX: ffffffff83efc583
      RDX: 0000000000000100 RSI: ffffffff812f4d82 RDI: ffff8881d2356200
      RBP: ffff8881d23561e8 R08: ffffffff86c2b200 R09: ffffed103a46abeb
      R10: ffffed103a46abea R11: ffff8881d2355f53 R12: dffffc0000000000
      R13: 1ffff1103b64132d R14: ffff8881d2355f50 R15: 0000000000000006
      FS:  0000000000000000(0000) GS:ffff8881db200000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00007f75e2799000 CR3: 00000001d3b07000 CR4: 00000000001406f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       <IRQ>
       imon_touch_event drivers/media/rc/imon.c:1348 [inline]
       imon_incoming_packet.isra.0+0x2546/0x2f10 drivers/media/rc/imon.c:1603
       usb_rx_callback_intf0+0x151/0x1e0 drivers/media/rc/imon.c:1734
       __usb_hcd_giveback_urb+0x1f2/0x470 drivers/usb/core/hcd.c:1654
       usb_hcd_giveback_urb+0x368/0x420 drivers/usb/core/hcd.c:1719
       dummy_timer+0x120f/0x2fa2 drivers/usb/gadget/udc/dummy_hcd.c:1965
       call_timer_fn+0x179/0x650 kernel/time/timer.c:1404
       expire_timers kernel/time/timer.c:1449 [inline]
       __run_timers kernel/time/timer.c:1773 [inline]
       __run_timers kernel/time/timer.c:1740 [inline]
       run_timer_softirq+0x5e3/0x1490 kernel/time/timer.c:1786
       __do_softirq+0x221/0x912 kernel/softirq.c:292
       invoke_softirq kernel/softirq.c:373 [inline]
       irq_exit+0x178/0x1a0 kernel/softirq.c:413
       exiting_irq arch/x86/include/asm/apic.h:536 [inline]
       smp_apic_timer_interrupt+0x12f/0x500 arch/x86/kernel/apic/apic.c:1137
       apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:830
       </IRQ>
      RIP: 0010:default_idle+0x28/0x2e0 arch/x86/kernel/process.c:581
      Code: 90 90 41 56 41 55 65 44 8b 2d 44 3a 8f 7a 41 54 55 53 0f 1f 44 00 00 e8 36 ee d0 fb e9 07 00 00 00 0f 00 2d fa dd 4f 00 fb f4 <65> 44 8b 2d 20 3a 8f 7a 0f 1f 44 00 00 5b 5d 41 5c 41 5d 41 5e c3
      RSP: 0018:ffffffff86c07da8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
      RAX: 0000000000000007 RBX: ffffffff86c2b200 RCX: 0000000000000000
      RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffffffff86c2ba4c
      RBP: fffffbfff0d85640 R08: ffffffff86c2b200 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
      R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
       cpuidle_idle_call kernel/sched/idle.c:154 [inline]
       do_idle+0x3b6/0x500 kernel/sched/idle.c:263
       cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:355
       start_kernel+0x82a/0x864 init/main.c:784
       secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:241
      Modules linked in:
      
      Reported-by: syzbot+f49d12d34f2321cf4df2@syzkaller.appspotmail.com
      Signed-off-by: NSean Young <sean@mess.org>
      Signed-off-by: NMauro Carvalho Chehab <mchehab+samsung@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      78260a29