1. 31 5月, 2019 40 次提交
    • G
      sh: sh7786: Add explicit I/O cast to sh7786_mm_sel() · 256f63c6
      Geert Uytterhoeven 提交于
      [ Upstream commit 8440bb9b944c02222c7a840d406141ed42e945cd ]
      
      When compile-testing on arm:
      
          arch/sh/include/cpu-sh4/cpu/sh7786.h: In function ‘sh7786_mm_sel’:
          arch/sh/include/cpu-sh4/cpu/sh7786.h:135:21: warning: passing argument 1 of ‘__raw_readl’ makes pointer from integer without a cast [-Wint-conversion]
            return __raw_readl(0xFC400020) & 0x7;
      			 ^~~~~~~~~~
          In file included from include/linux/io.h:25:0,
      		     from arch/sh/include/cpu-sh4/cpu/sh7786.h:14,
      		     from drivers/pinctrl/sh-pfc/pfc-sh7786.c:15:
          arch/arm/include/asm/io.h:113:21: note: expected ‘const volatile void *’ but argument is of type ‘unsigned int’
           #define __raw_readl __raw_readl
      			 ^
          arch/arm/include/asm/io.h:114:19: note: in expansion of macro ‘__raw_readl’
           static inline u32 __raw_readl(const volatile void __iomem *addr)
      		       ^~~~~~~~~~~
      
      __raw_readl() on SuperH is a macro that casts the passed I/O address to
      the correct type, while the implementations on most other architectures
      expect to be passed the correct pointer type.
      
      Add an explicit cast to fix this.
      
      Note that this also gets rid of a sparse warning on SuperH:
      
          arch/sh/include/cpu-sh4/cpu/sh7786.h:135:16: warning: incorrect type in argument 1 (different base types)
          arch/sh/include/cpu-sh4/cpu/sh7786.h:135:16:    expected void const volatile [noderef] <asn:2>*<noident>
          arch/sh/include/cpu-sh4/cpu/sh7786.h:135:16:    got unsigned int
      Signed-off-by: NGeert Uytterhoeven <geert+renesas@glider.be>
      Reviewed-by: NSimon Horman <horms+renesas@verge.net.au>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      256f63c6
    • L
      RDMA/hns: Fix bad endianess of port_pd variable · 8ea27918
      Leon Romanovsky 提交于
      [ Upstream commit 6734b2973565e36659e97e12ab0d0faf1d9f3fbe ]
      
      port_pd is treated as le32 in declaration and read, fix assignment to be
      in le32 too. This change fixes the following compilation warnings.
      
      drivers/infiniband/hw/hns/hns_roce_ah.c:67:24: warning: incorrect type
      in assignment (different base types)
      drivers/infiniband/hw/hns/hns_roce_ah.c:67:24: expected restricted __le32 [usertype] port_pd
      drivers/infiniband/hw/hns/hns_roce_ah.c:67:24: got restricted __be32 [usertype]
      
      Fixes: 9a443537 ("IB/hns: Add driver files for hns RoCE driver")
      Signed-off-by: NLeon Romanovsky <leonro@mellanox.com>
      Reviewed-by: NGal Pressman <galpress@amazon.com>
      Reviewed-by: NLijun Ou <ouliun@huawei.com>
      Signed-off-by: NJason Gunthorpe <jgg@mellanox.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      8ea27918
    • C
      chardev: add additional check for minor range overlap · 65ec64f2
      Chengguang Xu 提交于
      [ Upstream commit de36e16d1557a0b6eb328bc3516359a12ba5c25c ]
      
      Current overlap checking cannot correctly handle
      a case which is baseminor < existing baseminor &&
      baseminor + minorct > existing baseminor + minorct.
      Signed-off-by: NChengguang Xu <cgxu519@gmx.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      65ec64f2
    • P
      x86/uaccess: Fix up the fixup · fc242af8
      Peter Zijlstra 提交于
      [ Upstream commit b69656fa7ea2f75e47d7bd5b9430359fa46488af ]
      
      New tooling got confused about this:
      
        arch/x86/lib/memcpy_64.o: warning: objtool: .fixup+0x7: return with UACCESS enabled
      
      While the code isn't wrong, it is tedious (if at all possible) to
      figure out what function a particular chunk of .fixup belongs to.
      
      This then confuses the objtool uaccess validation. Instead of
      returning directly from the .fixup, jump back into the right function.
      Signed-off-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      fc242af8
    • P
      x86/ia32: Fix ia32_restore_sigcontext() AC leak · 5007453c
      Peter Zijlstra 提交于
      [ Upstream commit 67a0514afdbb8b2fc70b771b8c77661a9cb9d3a9 ]
      
      Objtool spotted that we call native_load_gs_index() with AC set.
      Re-arrange the code to avoid that.
      Signed-off-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      5007453c
    • P
      x86/uaccess, signal: Fix AC=1 bloat · 4614b0bb
      Peter Zijlstra 提交于
      [ Upstream commit 88e4718275c1bddca6f61f300688b4553dc8584b ]
      
      Occasionally GCC is less agressive with inlining and the following is
      observed:
      
        arch/x86/kernel/signal.o: warning: objtool: restore_sigcontext()+0x3cc: call to force_valid_ss.isra.5() with UACCESS enabled
        arch/x86/kernel/signal.o: warning: objtool: do_signal()+0x384: call to frame_uc_flags.isra.0() with UACCESS enabled
      
      Cure this by moving this code out of the AC=1 region, since it really
      isn't needed for the user access.
      Signed-off-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
      Reviewed-by: NAndy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      4614b0bb
    • P
      x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP · 1a3188d7
      Peter Zijlstra 提交于
      [ Upstream commit 4a6c91fbdef846ec7250b82f2eeeb87ac5f18cf9 ]
      
      For CONFIG_TRACE_BRANCH_PROFILING=y the likely/unlikely things get
      overloaded and generate callouts to this code, and thus also when
      AC=1.
      
      Make it safe.
      Signed-off-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Steven Rostedt <rostedt@goodmis.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      1a3188d7
    • L
      wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext · da30c277
      Lior David 提交于
      [ Upstream commit 49122ec42634f73babb1dc96f170023e5228d080 ]
      
      The functions that send management TX frame have 3 possible
      results: success and other side acknowledged receive (ACK=1),
      success and other side did not acknowledge receive(ACK=0) and
      failure to send the frame. The current implementation
      incorrectly reports the ACK=0 case as failure.
      Signed-off-by: NLior David <liord@codeaurora.org>
      Signed-off-by: NMaya Erez <merez@codeaurora.org>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      da30c277
    • W
      arm64: cpu_ops: fix a leaked reference by adding missing of_node_put · e667aef5
      Wen Yang 提交于
      [ Upstream commit 92606ec9285fb84cd9b5943df23f07d741384bfc ]
      
      The call to of_get_next_child returns a node pointer with refcount
      incremented thus it must be explicitly decremented after the last
      usage.
      
      Detected by coccinelle with the following warnings:
        ./arch/arm64/kernel/cpu_ops.c:102:1-7: ERROR: missing of_node_put;
        acquired a node pointer with refcount incremented on line 69, but
        without a corresponding object release within this function.
      Signed-off-by: NWen Yang <wen.yang99@zte.com.cn>
      Reviewed-by: NFlorian Fainelli <f.fainelli@gmail.com>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: linux-arm-kernel@lists.infradead.org
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      e667aef5
    • Y
      drm/panel: otm8009a: Add delay at the end of initialization · e3980dbe
      Yannick Fertré 提交于
      [ Upstream commit 0084c3c71126fc878c6dab8a6ab8ecc484c2be02 ]
      
      At the end of initialization, a delay is required by the panel. Without
      this delay, the panel could received a frame early & generate a crash of
      panel (black screen).
      Signed-off-by: NYannick Fertré <yannick.fertre@st.com>
      Reviewed-by: NPhilippe Cornu <philippe.cornu@st.com>
      Tested-by: NPhilippe Cornu <philippe.cornu@st.com>
      Signed-off-by: NThierry Reding <treding@nvidia.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/1553155445-13407-1-git-send-email-yannick.fertre@st.comSigned-off-by: NSasha Levin <sashal@kernel.org>
      e3980dbe
    • S
      scsi: ufs: Avoid configuring regulator with undefined voltage range · cb5946e5
      Stanley Chu 提交于
      [ Upstream commit 3b141e8cfd54ba3e5c610717295b2a02aab26a05 ]
      
      For regulators used by UFS, vcc, vccq and vccq2 will have voltage range
      initialized by ufshcd_populate_vreg(), however other regulators may have
      undefined voltage range if dt-bindings have no such definition.
      
      In above undefined case, both "min_uV" and "max_uV" fields in ufs_vreg
      struct will be zero values and these values will be configured on
      regulators in different power modes.
      
      Currently this may have no harm if both "min_uV" and "max_uV" always keep
      "zero values" because regulator_set_voltage() will always bypass such
      invalid values and return "good" results.
      
      However improper values shall be fixed to avoid potential bugs.  Simply
      bypass voltage configuration if voltage range is not defined.
      Signed-off-by: NStanley Chu <stanley.chu@mediatek.com>
      Reviewed-by: NAvri Altman <avri.altman@wdc.com>
      Acked-by: NAlim Akhtar <alim.akhtar@samsung.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      cb5946e5
    • S
      scsi: ufs: Fix regulator load and icc-level configuration · 31318d4a
      Stanley Chu 提交于
      [ Upstream commit 0487fff76632ec023d394a05b82e87a971db8c03 ]
      
      Currently if a regulator has "<name>-fixed-regulator" property in device
      tree, it will skip current limit initialization.  This lead to a zero
      "max_uA" value in struct ufs_vreg.
      
      However, "regulator_set_load" operation shall be required on regulators
      which have valid current limits, otherwise a zero "max_uA" set by
      "regulator_set_load" may cause unexpected behavior when this regulator is
      enabled or set as high power mode.
      
      Similarly, in device's icc_level configuration flow, the target icc_level
      shall be updated if regulator also has valid current limit, otherwise a
      wrong icc_level will be calculated by zero "max_uA" and thus causes
      unexpected results after it is written to device.
      Signed-off-by: NStanley Chu <stanley.chu@mediatek.com>
      Reviewed-by: NAvri Altman <avri.altman@wdc.com>
      Acked-by: NAlim Akhtar <alim.akhtar@samsung.com>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      31318d4a
    • P
      rtlwifi: fix potential NULL pointer dereference · c9e44a1a
      Ping-Ke Shih 提交于
      [ Upstream commit 60209d482b97743915883d293c8b85226d230c19 ]
      
      In case dev_alloc_skb fails, the fix safely returns to avoid
      potential NULL pointer dereference.
      Signed-off-by: NPing-Ke Shih <pkshih@realtek.com>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      c9e44a1a
    • A
      rtc: xgene: fix possible race condition · bd2ab045
      Alexandre Belloni 提交于
      [ Upstream commit a652e00ee1233e251a337c28e18a1da59224e5ce ]
      
      The IRQ is requested before the struct rtc is allocated and registered, but
      this struct is used in the IRQ handler. This may lead to a NULL pointer
      dereference.
      
      Switch to devm_rtc_allocate_device/rtc_register_device to allocate the rtc
      struct before requesting the IRQ.
      Signed-off-by: NAlexandre Belloni <alexandre.belloni@bootlin.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      bd2ab045
    • P
      brcmfmac: fix Oops when bringing up interface during USB disconnect · e29aba14
      Piotr Figiel 提交于
      [ Upstream commit 24d413a31afaee9bbbf79226052c386b01780ce2 ]
      
      Fix a race which leads to an Oops with NULL pointer dereference.  The
      dereference is in brcmf_config_dongle() when cfg_to_ndev() attempts to get
      net_device structure of interface with index 0 via if2bss mapping. This
      shouldn't fail because of check for bus being ready in brcmf_netdev_open(),
      but it's not synchronised with USB disconnect and there is a race: after
      the check the bus can be marked down and the mapping for interface 0 may be
      gone.
      
      Solve this by modifying disconnect handling so that the removal of mapping
      of ifidx to brcmf_if structure happens after netdev removal (which is
      synchronous with brcmf_netdev_open() thanks to rtln being locked in
      devinet_ioctl()). This assures brcmf_netdev_open() returns before the
      mapping is removed during disconnect.
      
      Unable to handle kernel NULL pointer dereference at virtual address 00000008
      pgd = bcae2612
      [00000008] *pgd=8be73831
      Internal error: Oops: 17 [#1] PREEMPT SMP ARM
      Modules linked in: brcmfmac brcmutil nf_log_ipv4 nf_log_common xt_LOG xt_limit
      iptable_mangle xt_connmark xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6
      nf_defrag_ipv4 iptable_filter ip_tables x_tables usb_f_mass_storage usb_f_rndis
      u_ether usb_serial_simple usbserial cdc_acm smsc95xx usbnet ci_hdrc_imx ci_hdrc
      usbmisc_imx ulpi 8250_exar 8250_pci 8250 8250_base libcomposite configfs
      udc_core [last unloaded: brcmutil]
      CPU: 2 PID: 24478 Comm: ifconfig Not tainted 4.19.23-00078-ga62866d-dirty #115
      Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
      PC is at brcmf_cfg80211_up+0x94/0x29c [brcmfmac]
      LR is at brcmf_cfg80211_up+0x8c/0x29c [brcmfmac]
      pc : [<7f26a91c>]    lr : [<7f26a914>]    psr: a0070013
      sp : eca99d28  ip : 00000000  fp : ee9c6c00
      r10: 00000036  r9 : 00000000  r8 : ece4002c
      r7 : edb5b800  r6 : 00000000  r5 : 80f08448  r4 : edb5b968
      r3 : ffffffff  r2 : 00000000  r1 : 00000002  r0 : 00000000
      Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
      Control: 10c5387d  Table: 7ca0c04a  DAC: 00000051
      Process ifconfig (pid: 24478, stack limit = 0xd9e85a0e)
      Stack: (0xeca99d28 to 0xeca9a000)
      9d20:                   00000000 80f873b0 0000000d 80f08448 eca99d68 50d45f32
      9d40: 7f27de94 ece40000 80f08448 80f08448 7f27de94 ece4002c 00000000 00000036
      9d60: ee9c6c00 7f27262c 00001002 50d45f32 ece40000 00000000 80f08448 80772008
      9d80: 00000001 00001043 00001002 ece40000 00000000 50d45f32 ece40000 00000001
      9da0: 80f08448 00001043 00001002 807723d0 00000000 50d45f32 80f08448 eca99e58
      9dc0: 80f87113 50d45f32 80f08448 ece40000 ece40138 00001002 80f08448 00000000
      9de0: 00000000 80772434 edbd5380 eca99e58 edbd5380 80f08448 ee9c6c0c 80805f70
      9e00: 00000000 ede08e00 00008914 ece40000 00000014 ee9c6c0c 600c0013 00001043
      9e20: 0208a8c0 ffffffff 00000000 50d45f32 eca98000 80f08448 7ee9fc38 00008914
      9e40: 80f68e40 00000051 eca98000 00000036 00000003 80808b9c 6e616c77 00000030
      9e60: 00000000 00000000 00001043 0208a8c0 ffffffff 00000000 80f08448 00000000
      9e80: 00000000 816d8b20 600c0013 00000001 ede09320 801763d4 00000000 50d45f32
      9ea0: eca98000 80f08448 7ee9fc38 50d45f32 00008914 80f08448 7ee9fc38 80f68e40
      9ec0: ed531540 8074721c 00000800 00000001 00000000 6e616c77 00000030 00000000
      9ee0: 00000000 00001002 0208a8c0 ffffffff 00000000 50d45f32 80f08448 7ee9fc38
      9f00: ed531560 ec8fc900 80285a6c 80285138 edb910c0 00000000 ecd91008 ede08e00
      9f20: 80f08448 00000000 00000000 816d8b20 600c0013 00000001 ede09320 801763d4
      9f40: 00000000 50d45f32 00021000 edb91118 edb910c0 80f08448 01b29000 edb91118
      9f60: eca99f7c 50d45f32 00021000 ec8fc900 00000003 ec8fc900 00008914 7ee9fc38
      9f80: eca98000 00000036 00000003 80285a6c 00086364 7ee9fe1c 000000c3 00000036
      9fa0: 801011c4 80101000 00086364 7ee9fe1c 00000003 00008914 7ee9fc38 00086364
      9fc0: 00086364 7ee9fe1c 000000c3 00000036 0008630c 7ee9fe1c 7ee9fc38 00000003
      9fe0: 000a42b8 7ee9fbd4 00019914 76e09acc 600c0010 00000003 00000000 00000000
      [<7f26a91c>] (brcmf_cfg80211_up [brcmfmac]) from [<7f27262c>] (brcmf_netdev_open+0x74/0xe8 [brcmfmac])
      [<7f27262c>] (brcmf_netdev_open [brcmfmac]) from [<80772008>] (__dev_open+0xcc/0x150)
      [<80772008>] (__dev_open) from [<807723d0>] (__dev_change_flags+0x168/0x1b4)
      [<807723d0>] (__dev_change_flags) from [<80772434>] (dev_change_flags+0x18/0x48)
      [<80772434>] (dev_change_flags) from [<80805f70>] (devinet_ioctl+0x67c/0x79c)
      [<80805f70>] (devinet_ioctl) from [<80808b9c>] (inet_ioctl+0x210/0x3d4)
      [<80808b9c>] (inet_ioctl) from [<8074721c>] (sock_ioctl+0x350/0x524)
      [<8074721c>] (sock_ioctl) from [<80285138>] (do_vfs_ioctl+0xb0/0x9b0)
      [<80285138>] (do_vfs_ioctl) from [<80285a6c>] (ksys_ioctl+0x34/0x5c)
      [<80285a6c>] (ksys_ioctl) from [<80101000>] (ret_fast_syscall+0x0/0x28)
      Exception stack(0xeca99fa8 to 0xeca99ff0)
      9fa0:                   00086364 7ee9fe1c 00000003 00008914 7ee9fc38 00086364
      9fc0: 00086364 7ee9fe1c 000000c3 00000036 0008630c 7ee9fe1c 7ee9fc38 00000003
      9fe0: 000a42b8 7ee9fbd4 00019914 76e09acc
      Code: e5970328 eb002021 e1a02006 e3a01002 (e5909008)
      ---[ end trace 5cbac2333f3ac5df ]---
      Signed-off-by: NPiotr Figiel <p.figiel@camlintechnologies.com>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      e29aba14
    • P
      brcmfmac: fix race during disconnect when USB completion is in progress · 8a412ed9
      Piotr Figiel 提交于
      [ Upstream commit db3b9e2e1d58080d0754bdf9293dabf8c6491b67 ]
      
      It was observed that rarely during USB disconnect happening shortly after
      connect (before full initialization completes) usb_hub_wq would wait
      forever for the dev_init_lock to be unlocked. dev_init_lock would remain
      locked though because of infinite wait during usb_kill_urb:
      
      [ 2730.656472] kworker/0:2     D    0   260      2 0x00000000
      [ 2730.660700] Workqueue: events request_firmware_work_func
      [ 2730.664807] [<809dca20>] (__schedule) from [<809dd164>] (schedule+0x4c/0xac)
      [ 2730.670587] [<809dd164>] (schedule) from [<8069af44>] (usb_kill_urb+0xdc/0x114)
      [ 2730.676815] [<8069af44>] (usb_kill_urb) from [<7f258b50>] (brcmf_usb_free_q+0x34/0xa8 [brcmfmac])
      [ 2730.684833] [<7f258b50>] (brcmf_usb_free_q [brcmfmac]) from [<7f2517d4>] (brcmf_detach+0xa0/0xb8 [brcmfmac])
      [ 2730.693557] [<7f2517d4>] (brcmf_detach [brcmfmac]) from [<7f251a34>] (brcmf_attach+0xac/0x3d8 [brcmfmac])
      [ 2730.702094] [<7f251a34>] (brcmf_attach [brcmfmac]) from [<7f2587ac>] (brcmf_usb_probe_phase2+0x468/0x4a0 [brcmfmac])
      [ 2730.711601] [<7f2587ac>] (brcmf_usb_probe_phase2 [brcmfmac]) from [<7f252888>] (brcmf_fw_request_done+0x194/0x220 [brcmfmac])
      [ 2730.721795] [<7f252888>] (brcmf_fw_request_done [brcmfmac]) from [<805748e4>] (request_firmware_work_func+0x4c/0x88)
      [ 2730.731125] [<805748e4>] (request_firmware_work_func) from [<80141474>] (process_one_work+0x228/0x808)
      [ 2730.739223] [<80141474>] (process_one_work) from [<80141a80>] (worker_thread+0x2c/0x564)
      [ 2730.746105] [<80141a80>] (worker_thread) from [<80147bcc>] (kthread+0x13c/0x16c)
      [ 2730.752227] [<80147bcc>] (kthread) from [<801010b4>] (ret_from_fork+0x14/0x20)
      
      [ 2733.099695] kworker/0:3     D    0  1065      2 0x00000000
      [ 2733.103926] Workqueue: usb_hub_wq hub_event
      [ 2733.106914] [<809dca20>] (__schedule) from [<809dd164>] (schedule+0x4c/0xac)
      [ 2733.112693] [<809dd164>] (schedule) from [<809e2a8c>] (schedule_timeout+0x214/0x3e4)
      [ 2733.119621] [<809e2a8c>] (schedule_timeout) from [<809dde2c>] (wait_for_common+0xc4/0x1c0)
      [ 2733.126810] [<809dde2c>] (wait_for_common) from [<7f258d00>] (brcmf_usb_disconnect+0x1c/0x4c [brcmfmac])
      [ 2733.135206] [<7f258d00>] (brcmf_usb_disconnect [brcmfmac]) from [<8069e0c8>] (usb_unbind_interface+0x5c/0x1e4)
      [ 2733.143943] [<8069e0c8>] (usb_unbind_interface) from [<8056d3e8>] (device_release_driver_internal+0x164/0x1fc)
      [ 2733.152769] [<8056d3e8>] (device_release_driver_internal) from [<8056c078>] (bus_remove_device+0xd0/0xfc)
      [ 2733.161138] [<8056c078>] (bus_remove_device) from [<8056977c>] (device_del+0x11c/0x310)
      [ 2733.167939] [<8056977c>] (device_del) from [<8069cba8>] (usb_disable_device+0xa0/0x1cc)
      [ 2733.174743] [<8069cba8>] (usb_disable_device) from [<8069507c>] (usb_disconnect+0x74/0x1dc)
      [ 2733.181823] [<8069507c>] (usb_disconnect) from [<80695e88>] (hub_event+0x478/0xf88)
      [ 2733.188278] [<80695e88>] (hub_event) from [<80141474>] (process_one_work+0x228/0x808)
      [ 2733.194905] [<80141474>] (process_one_work) from [<80141a80>] (worker_thread+0x2c/0x564)
      [ 2733.201724] [<80141a80>] (worker_thread) from [<80147bcc>] (kthread+0x13c/0x16c)
      [ 2733.207913] [<80147bcc>] (kthread) from [<801010b4>] (ret_from_fork+0x14/0x20)
      
      It was traced down to a case where usb_kill_urb would be called on an URB
      structure containing more or less random data, including large number in
      its use_count. During the debugging it appeared that in brcmf_usb_free_q()
      the traversal over URBs' lists is not synchronized with operations on those
      lists in brcmf_usb_rx_complete() leading to handling
      brcmf_usbdev_info structure (holding lists' head) as lists' element and in
      result causing above problem.
      
      Fix it by walking through all URBs during brcmf_cancel_all_urbs using the
      arrays of requests instead of linked lists.
      Signed-off-by: NPiotr Figiel <p.figiel@camlintechnologies.com>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      8a412ed9
    • P
      brcmfmac: fix WARNING during USB disconnect in case of unempty psq · ce55a594
      Piotr Figiel 提交于
      [ Upstream commit c80d26e81ef1802f30364b4ad1955c1443a592b9 ]
      
      brcmu_pkt_buf_free_skb emits WARNING when attempting to free a sk_buff
      which is part of any queue. After USB disconnect this may have happened
      when brcmf_fws_hanger_cleanup() is called as per-interface psq was never
      cleaned when removing the interface.
      Change brcmf_fws_macdesc_cleanup() in a way that it removes the
      corresponding packets from hanger table (to avoid double-free when
      brcmf_fws_hanger_cleanup() is called) and add a call to clean-up the
      interface specific packet queue.
      
      Below is a WARNING during USB disconnect with Raspberry Pi WiFi dongle
      running in AP mode. This was reproducible when the interface was
      transmitting during the disconnect and is fixed with this commit.
      
      ------------[ cut here ]------------
      WARNING: CPU: 0 PID: 1171 at drivers/net/wireless/broadcom/brcm80211/brcmutil/utils.c:49 brcmu_pkt_buf_free_skb+0x3c/0x40
      Modules linked in: nf_log_ipv4 nf_log_common xt_LOG xt_limit iptable_mangle xt_connmark xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter ip_tables x_tables usb_f_mass_storage usb_f_rndis u_ether cdc_acm smsc95xx usbnet ci_hdrc_imx ci_hdrc ulpi usbmisc_imx 8250_exar 8250_pci 8250 8250_base libcomposite configfs udc_core
      CPU: 0 PID: 1171 Comm: kworker/0:0 Not tainted 4.19.23-00075-gde33ed8 #99
      Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
      Workqueue: usb_hub_wq hub_event
      [<8010ff84>] (unwind_backtrace) from [<8010bb64>] (show_stack+0x10/0x14)
      [<8010bb64>] (show_stack) from [<80840278>] (dump_stack+0x88/0x9c)
      [<80840278>] (dump_stack) from [<8011f5ec>] (__warn+0xfc/0x114)
      [<8011f5ec>] (__warn) from [<8011f71c>] (warn_slowpath_null+0x40/0x48)
      [<8011f71c>] (warn_slowpath_null) from [<805a476c>] (brcmu_pkt_buf_free_skb+0x3c/0x40)
      [<805a476c>] (brcmu_pkt_buf_free_skb) from [<805bb6c4>] (brcmf_fws_cleanup+0x1e4/0x22c)
      [<805bb6c4>] (brcmf_fws_cleanup) from [<805bc854>] (brcmf_fws_del_interface+0x58/0x68)
      [<805bc854>] (brcmf_fws_del_interface) from [<805b66ac>] (brcmf_remove_interface+0x40/0x150)
      [<805b66ac>] (brcmf_remove_interface) from [<805b6870>] (brcmf_detach+0x6c/0xb0)
      [<805b6870>] (brcmf_detach) from [<805bdbb8>] (brcmf_usb_disconnect+0x30/0x4c)
      [<805bdbb8>] (brcmf_usb_disconnect) from [<805e5d64>] (usb_unbind_interface+0x5c/0x1e0)
      [<805e5d64>] (usb_unbind_interface) from [<804aab10>] (device_release_driver_internal+0x154/0x1ec)
      [<804aab10>] (device_release_driver_internal) from [<804a97f4>] (bus_remove_device+0xcc/0xf8)
      [<804a97f4>] (bus_remove_device) from [<804a6fc0>] (device_del+0x118/0x308)
      [<804a6fc0>] (device_del) from [<805e488c>] (usb_disable_device+0xa0/0x1c8)
      [<805e488c>] (usb_disable_device) from [<805dcf98>] (usb_disconnect+0x70/0x1d8)
      [<805dcf98>] (usb_disconnect) from [<805ddd84>] (hub_event+0x464/0xf50)
      [<805ddd84>] (hub_event) from [<80135a70>] (process_one_work+0x138/0x3f8)
      [<80135a70>] (process_one_work) from [<80135d5c>] (worker_thread+0x2c/0x554)
      [<80135d5c>] (worker_thread) from [<8013b1a0>] (kthread+0x124/0x154)
      [<8013b1a0>] (kthread) from [<801010e8>] (ret_from_fork+0x14/0x2c)
      Exception stack(0xecf8dfb0 to 0xecf8dff8)
      dfa0:                                     00000000 00000000 00000000 00000000
      dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
      dfe0: 00000000 00000000 00000000 00000000 00000013 00000000
      ---[ end trace 38d234018e9e2a90 ]---
      ------------[ cut here ]------------
      Signed-off-by: NPiotr Figiel <p.figiel@camlintechnologies.com>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      ce55a594
    • P
      brcmfmac: convert dev_init_lock mutex to completion · 4b2f0ebc
      Piotr Figiel 提交于
      [ Upstream commit a9fd0953fa4a62887306be28641b4b0809f3b2fd ]
      
      Leaving dev_init_lock mutex locked in probe causes BUG and a WARNING when
      kernel is compiled with CONFIG_PROVE_LOCKING. Convert mutex to completion
      which silences those warnings and improves code readability.
      
      Fix below errors when connecting the USB WiFi dongle:
      
      brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43143 for chip BCM43143/2
      BUG: workqueue leaked lock or atomic: kworker/0:2/0x00000000/434
           last function: hub_event
      1 lock held by kworker/0:2/434:
       #0: 18d5dcdf (&devinfo->dev_init_lock){+.+.}, at: brcmf_usb_probe+0x78/0x550 [brcmfmac]
      CPU: 0 PID: 434 Comm: kworker/0:2 Not tainted 4.19.23-00084-g454a789-dirty #123
      Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
      Workqueue: usb_hub_wq hub_event
      [<8011237c>] (unwind_backtrace) from [<8010d74c>] (show_stack+0x10/0x14)
      [<8010d74c>] (show_stack) from [<809c4324>] (dump_stack+0xa8/0xd4)
      [<809c4324>] (dump_stack) from [<8014195c>] (process_one_work+0x710/0x808)
      [<8014195c>] (process_one_work) from [<80141a80>] (worker_thread+0x2c/0x564)
      [<80141a80>] (worker_thread) from [<80147bcc>] (kthread+0x13c/0x16c)
      [<80147bcc>] (kthread) from [<801010b4>] (ret_from_fork+0x14/0x20)
      Exception stack(0xed1d9fb0 to 0xed1d9ff8)
      9fa0:                                     00000000 00000000 00000000 00000000
      9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
      9fe0: 00000000 00000000 00000000 00000000 00000013 00000000
      
      ======================================================
      WARNING: possible circular locking dependency detected
      4.19.23-00084-g454a789-dirty #123 Not tainted
      ------------------------------------------------------
      kworker/0:2/434 is trying to acquire lock:
      e29cf799 ((wq_completion)"events"){+.+.}, at: process_one_work+0x174/0x808
      
      but task is already holding lock:
      18d5dcdf (&devinfo->dev_init_lock){+.+.}, at: brcmf_usb_probe+0x78/0x550 [brcmfmac]
      
      which lock already depends on the new lock.
      
      the existing dependency chain (in reverse order) is:
      
      -> #2 (&devinfo->dev_init_lock){+.+.}:
             mutex_lock_nested+0x1c/0x24
             brcmf_usb_probe+0x78/0x550 [brcmfmac]
             usb_probe_interface+0xc0/0x1bc
             really_probe+0x228/0x2c0
             __driver_attach+0xe4/0xe8
             bus_for_each_dev+0x68/0xb4
             bus_add_driver+0x19c/0x214
             driver_register+0x78/0x110
             usb_register_driver+0x84/0x148
             process_one_work+0x228/0x808
             worker_thread+0x2c/0x564
             kthread+0x13c/0x16c
             ret_from_fork+0x14/0x20
               (null)
      
      -> #1 (brcmf_driver_work){+.+.}:
             worker_thread+0x2c/0x564
             kthread+0x13c/0x16c
             ret_from_fork+0x14/0x20
               (null)
      
      -> #0 ((wq_completion)"events"){+.+.}:
             process_one_work+0x1b8/0x808
             worker_thread+0x2c/0x564
             kthread+0x13c/0x16c
             ret_from_fork+0x14/0x20
               (null)
      
      other info that might help us debug this:
      
      Chain exists of:
        (wq_completion)"events" --> brcmf_driver_work --> &devinfo->dev_init_lock
      
       Possible unsafe locking scenario:
      
             CPU0                    CPU1
             ----                    ----
        lock(&devinfo->dev_init_lock);
                                     lock(brcmf_driver_work);
                                     lock(&devinfo->dev_init_lock);
        lock((wq_completion)"events");
      
       *** DEADLOCK ***
      
      1 lock held by kworker/0:2/434:
       #0: 18d5dcdf (&devinfo->dev_init_lock){+.+.}, at: brcmf_usb_probe+0x78/0x550 [brcmfmac]
      
      stack backtrace:
      CPU: 0 PID: 434 Comm: kworker/0:2 Not tainted 4.19.23-00084-g454a789-dirty #123
      Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
      Workqueue: events request_firmware_work_func
      [<8011237c>] (unwind_backtrace) from [<8010d74c>] (show_stack+0x10/0x14)
      [<8010d74c>] (show_stack) from [<809c4324>] (dump_stack+0xa8/0xd4)
      [<809c4324>] (dump_stack) from [<80172838>] (print_circular_bug+0x210/0x330)
      [<80172838>] (print_circular_bug) from [<80175940>] (__lock_acquire+0x160c/0x1a30)
      [<80175940>] (__lock_acquire) from [<8017671c>] (lock_acquire+0xe0/0x268)
      [<8017671c>] (lock_acquire) from [<80141404>] (process_one_work+0x1b8/0x808)
      [<80141404>] (process_one_work) from [<80141a80>] (worker_thread+0x2c/0x564)
      [<80141a80>] (worker_thread) from [<80147bcc>] (kthread+0x13c/0x16c)
      [<80147bcc>] (kthread) from [<801010b4>] (ret_from_fork+0x14/0x20)
      Exception stack(0xed1d9fb0 to 0xed1d9ff8)
      9fa0:                                     00000000 00000000 00000000 00000000
      9fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
      9fe0: 00000000 00000000 00000000 00000000 00000013 00000000
      Signed-off-by: NPiotr Figiel <p.figiel@camlintechnologies.com>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      4b2f0ebc
    • A
      b43: shut up clang -Wuninitialized variable warning · 59ec3ad3
      Arnd Bergmann 提交于
      [ Upstream commit d825db346270dbceef83b7b750dbc29f1d7dcc0e ]
      
      Clang warns about what is clearly a case of passing an uninitalized
      variable into a static function:
      
      drivers/net/wireless/broadcom/b43/phy_lp.c:1852:23: error: variable 'gains' is uninitialized when used here
            [-Werror,-Wuninitialized]
                      lpphy_papd_cal(dev, gains, 0, 1, 30);
                                          ^~~~~
      drivers/net/wireless/broadcom/b43/phy_lp.c:1838:2: note: variable 'gains' is declared here
              struct lpphy_tx_gains gains, oldgains;
              ^
      1 error generated.
      
      However, this function is empty, and its arguments are never evaluated,
      so gcc in contrast does not warn here. Both compilers behave in a
      reasonable way as far as I can tell, so we should change the code
      to avoid the warning everywhere.
      
      We could just eliminate the lpphy_papd_cal() function entirely,
      given that it has had the TODO comment in it for 10 years now
      and is rather unlikely to ever get done. I'm doing a simpler
      change here, and just pass the 'oldgains' variable in that has
      been initialized, based on the guess that this is what was
      originally meant.
      
      Fixes: 2c0d6100 ("b43: LP-PHY: Begin implementing calibration & software RFKILL support")
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Acked-by: NLarry Finger <Larry.Finger@lwfinger.net>
      Reviewed-by: NNathan Chancellor <natechancellor@gmail.com>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      59ec3ad3
    • K
      brcmfmac: fix missing checks for kmemdup · 7c9d97f3
      Kangjie Lu 提交于
      [ Upstream commit 46953f97224d56a12ccbe9c6acaa84ca0dab2780 ]
      
      In case kmemdup fails, the fix sets conn_info->req_ie_len and
      conn_info->resp_ie_len to zero to avoid buffer overflows.
      Signed-off-by: NKangjie Lu <kjlu@umn.edu>
      Acked-by: NArend van Spriel <arend.vanspriel@broadcom.com>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      7c9d97f3
    • Y
      mwifiex: Fix mem leak in mwifiex_tm_cmd · a27ce484
      YueHaibing 提交于
      [ Upstream commit 003b686ace820ce2d635a83f10f2d7f9c147dabc ]
      
      'hostcmd' is alloced by kzalloc, should be freed before
      leaving from the error handling cases, otherwise it will
      cause mem leak.
      
      Fixes: 3935ccc1 ("mwifiex: add cfg80211 testmode support")
      Signed-off-by: NYueHaibing <yuehaibing@huawei.com>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      a27ce484
    • K
      rtlwifi: fix a potential NULL pointer dereference · 7be8d425
      Kangjie Lu 提交于
      [ Upstream commit 765976285a8c8db3f0eb7f033829a899d0c2786e ]
      
      In case alloc_workqueue fails, the fix reports the error and
      returns to avoid NULL pointer dereference.
      Signed-off-by: NKangjie Lu <kjlu@umn.edu>
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      7be8d425
    • D
      selftests/bpf: ksym_search won't check symbols exists · f8f54929
      Daniel T. Lee 提交于
      [ Upstream commit 0979ff7992fb6f4eb837995b12f4071dcafebd2d ]
      
      Currently, ksym_search located at trace_helpers won't check symbols are
      existing or not.
      
      In ksym_search, when symbol is not found, it will return &syms[0](_stext).
      But when the kernel symbols are not loaded, it will return NULL, which is
      not a desired action.
      
      This commit will add verification logic whether symbols are loaded prior
      to the symbol search.
      Signed-off-by: NDaniel T. Lee <danieltimlee@gmail.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      f8f54929
    • J
      iio: adc: ti-ads7950: Fix improper use of mlock · ef8e5a78
      Justin Chen 提交于
      [ Upstream commit abbde2792999c9ad3514dd25d7f8d9a96034fe16 ]
      
      Indio->mlock is used for protecting the different iio device modes.
      It is currently not being used in this way. Replace the lock with
      an internal lock specifically used for protecting the SPI transfer
      buffer.
      Signed-off-by: NJustin Chen <justinpopo6@gmail.com>
      Signed-off-by: NJonathan Cameron <Jonathan.Cameron@huawei.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      ef8e5a78
    • N
      iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data · 36a59a03
      Nathan Chancellor 提交于
      [ Upstream commit 6f9ca1d3eb74b81f811a87002de2d51640d135b1 ]
      
      When building with -Wsometimes-uninitialized, Clang warns:
      
      drivers/iio/common/ssp_sensors/ssp_iio.c:95:6: warning: variable
      'calculated_time' is used uninitialized whenever 'if' condition is false
      [-Wsometimes-uninitialized]
      
      While it isn't wrong, this will never be a problem because
      iio_push_to_buffers_with_timestamp only uses calculated_time
      on the same condition that it is assigned (when scan_timestamp
      is not zero). While iio_push_to_buffers_with_timestamp is marked
      as inline, Clang does inlining in the optimization stage, which
      happens after the semantic analysis phase (plus inline is merely
      a hint to the compiler).
      
      Fix this by just zero initializing calculated_time.
      
      Link: https://github.com/ClangBuiltLinux/linux/issues/394Signed-off-by: NNathan Chancellor <natechancellor@gmail.com>
      Reviewed-by: NNick Desaulniers <ndesaulniers@google.com>
      Signed-off-by: NJonathan Cameron <Jonathan.Cameron@huawei.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      36a59a03
    • K
      iio: hmc5843: fix potential NULL pointer dereferences · dd106d19
      Kangjie Lu 提交于
      [ Upstream commit 536cc27deade8f1ec3c1beefa60d5fbe0f6fcb28 ]
      
      devm_regmap_init_i2c may fail and return NULL. The fix returns
      the error when it fails.
      Signed-off-by: NKangjie Lu <kjlu@umn.edu>
      Signed-off-by: NJonathan Cameron <Jonathan.Cameron@huawei.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      dd106d19
    • L
      iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion · d7c77341
      Lars-Peter Clausen 提交于
      [ Upstream commit df1d80aee963480c5c2938c64ec0ac3e4a0df2e0 ]
      
      For devices from the SigmaDelta family we need to keep CS low when doing a
      conversion, since the device will use the MISO line as a interrupt to
      indicate that the conversion is complete.
      
      This is why the driver locks the SPI bus and when the SPI bus is locked
      keeps as long as a conversion is going on. The current implementation gets
      one small detail wrong though. CS is only de-asserted after the SPI bus is
      unlocked. This means it is possible for a different SPI device on the same
      bus to send a message which would be wrongfully be addressed to the
      SigmaDelta device as well. Make sure that the last SPI transfer that is
      done while holding the SPI bus lock de-asserts the CS signal.
      Signed-off-by: NLars-Peter Clausen <lars@metafoo.de>
      Signed-off-by: NAlexandru Ardelean <Alexandru.Ardelean@analog.com>
      Signed-off-by: NJonathan Cameron <Jonathan.Cameron@huawei.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      d7c77341
    • W
      drm/pl111: fix possible object reference leak · ce59174d
      Wen Yang 提交于
      [ Upstream commit bc29d3a69d4c1bd1a103e8b3c1ed81b807c1870b ]
      
      The call to of_find_matching_node_and_match returns a node pointer with
      refcount incremented thus it must be explicitly decremented after the
      last usage.
      
      Detected by coccinelle with the following warnings:
      drivers/gpu/drm/pl111/pl111_versatile.c:333:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 317, but without a corresponding object release within this function.
      drivers/gpu/drm/pl111/pl111_versatile.c:340:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 317, but without a corresponding object release within this function.
      drivers/gpu/drm/pl111/pl111_versatile.c:346:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 317, but without a corresponding object release within this function.
      drivers/gpu/drm/pl111/pl111_versatile.c:354:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 317, but without a corresponding object release within this function.
      drivers/gpu/drm/pl111/pl111_versatile.c:395:3-9: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 317, but without a corresponding object release within this function.
      drivers/gpu/drm/pl111/pl111_versatile.c:402:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 317, but without a corresponding object release within this function.
      Signed-off-by: NWen Yang <wen.yang99@zte.com.cn>
      Cc: Eric Anholt <eric@anholt.net> (supporter:DRM DRIVER FOR ARM PL111 CLCD)
      Cc: David Airlie <airlied@linux.ie> (maintainer:DRM DRIVERS)
      Cc: Daniel Vetter <daniel@ffwll.ch> (maintainer:DRM DRIVERS)
      Cc: dri-devel@lists.freedesktop.org (open list:DRM DRIVERS)
      Cc: linux-kernel@vger.kernel.org (open list)
      Signed-off-by: NEric Anholt <eric@anholt.net>
      Link: https://patchwork.freedesktop.org/patch/msgid/1554307455-40361-6-git-send-email-wen.yang99@zte.com.cnSigned-off-by: NSasha Levin <sashal@kernel.org>
      ce59174d
    • K
      x86/build: Keep local relocations with ld.lld · e758471b
      Kees Cook 提交于
      [ Upstream commit 7c21383f3429dd70da39c0c7f1efa12377a47ab6 ]
      
      The LLVM linker (ld.lld) defaults to removing local relocations, which
      causes KASLR boot failures. ld.bfd and ld.gold already handle this
      correctly. This adds the explicit instruction "--discard-none" during
      the link phase. There is no change in output for ld.bfd and ld.gold,
      but ld.lld now produces an image with all the needed relocations.
      Signed-off-by: NKees Cook <keescook@chromium.org>
      Signed-off-by: NBorislav Petkov <bp@suse.de>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Nick Desaulniers <ndesaulniers@google.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: clang-built-linux@googlegroups.com
      Cc: x86-ml <x86@kernel.org>
      Link: https://lkml.kernel.org/r/20190404214027.GA7324@beast
      Link: https://github.com/ClangBuiltLinux/linux/issues/404Signed-off-by: NSasha Levin <sashal@kernel.org>
      e758471b
    • D
      block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR · 2b18febc
      David Kozub 提交于
      [ Upstream commit 78bf47353b0041865564deeed257a54f047c2fdc ]
      
      The implementation of IOC_OPAL_ENABLE_DISABLE_MBR handled the value
      opal_mbr_data.enable_disable incorrectly: enable_disable is expected
      to be one of OPAL_MBR_ENABLE(0) or OPAL_MBR_DISABLE(1). enable_disable
      was passed directly to set_mbr_done and set_mbr_enable_disable where
      is was interpreted as either OPAL_TRUE(1) or OPAL_FALSE(0). The end
      result was that calling IOC_OPAL_ENABLE_DISABLE_MBR with OPAL_MBR_ENABLE
      actually disabled the shadow MBR and vice versa.
      
      This patch adds correct conversion from OPAL_MBR_DISABLE/ENABLE to
      OPAL_FALSE/TRUE. The change affects existing programs using
      IOC_OPAL_ENABLE_DISABLE_MBR but this is typically used only once when
      setting up an Opal drive.
      Acked-by: NJon Derrick <jonathan.derrick@intel.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Reviewed-by: NScott Bauer <sbauer@plzdonthack.me>
      Signed-off-by: NDavid Kozub <zub@linux.fjfi.cvut.cz>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      2b18febc
    • W
      cpufreq: kirkwood: fix possible object reference leak · 9d8b1d5d
      Wen Yang 提交于
      [ Upstream commit 7c468966f05ac9c17bb5948275283d34e6fe0660 ]
      
      The call to of_get_child_by_name returns a node pointer with refcount
      incremented thus it must be explicitly decremented after the last
      usage.
      
      Detected by coccinelle with the following warnings:
      ./drivers/cpufreq/kirkwood-cpufreq.c:127:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 118, but without a corresponding object release within this function.
      ./drivers/cpufreq/kirkwood-cpufreq.c:133:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 118, but without a corresponding object release within this function.
      
      and also do some cleanup:
      - of_node_put(np);
      - np = NULL;
      ...
      of_node_put(np);
      Signed-off-by: NWen Yang <wen.yang99@zte.com.cn>
      Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
      Cc: Viresh Kumar <viresh.kumar@linaro.org>
      Cc: linux-pm@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: NViresh Kumar <viresh.kumar@linaro.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      9d8b1d5d
    • W
      cpufreq: pmac32: fix possible object reference leak · f9ead9f4
      Wen Yang 提交于
      [ Upstream commit 8d10dc28a9ea6e8c02e825dab28699f3c72b02d9 ]
      
      The call to of_find_node_by_name returns a node pointer with refcount
      incremented thus it must be explicitly decremented after the last
      usage.
      
      Detected by coccinelle with the following warnings:
      ./drivers/cpufreq/pmac32-cpufreq.c:557:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 552, but without a corresponding object release within this function.
      ./drivers/cpufreq/pmac32-cpufreq.c:569:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 552, but without a corresponding object release within this function.
      ./drivers/cpufreq/pmac32-cpufreq.c:598:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 587, but without a corresponding object release within this function.
      Signed-off-by: NWen Yang <wen.yang99@zte.com.cn>
      Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
      Cc: Viresh Kumar <viresh.kumar@linaro.org>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Paul Mackerras <paulus@samba.org>
      Cc: Michael Ellerman <mpe@ellerman.id.au>
      Cc: linux-pm@vger.kernel.org
      Cc: linuxppc-dev@lists.ozlabs.org
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: NViresh Kumar <viresh.kumar@linaro.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      f9ead9f4
    • W
      cpufreq/pasemi: fix possible object reference leak · 513a7f8e
      Wen Yang 提交于
      [ Upstream commit a9acc26b75f652f697e02a9febe2ab0da648a571 ]
      
      The call to of_get_cpu_node returns a node pointer with refcount
      incremented thus it must be explicitly decremented after the last
      usage.
      
      Detected by coccinelle with the following warnings:
      ./drivers/cpufreq/pasemi-cpufreq.c:212:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 147, but without a corresponding object release within this function.
      ./drivers/cpufreq/pasemi-cpufreq.c:220:1-7: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 147, but without a corresponding object release within this function.
      Signed-off-by: NWen Yang <wen.yang99@zte.com.cn>
      Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
      Cc: Viresh Kumar <viresh.kumar@linaro.org>
      Cc: linuxppc-dev@lists.ozlabs.org
      Cc: linux-pm@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: NViresh Kumar <viresh.kumar@linaro.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      513a7f8e
    • W
      cpufreq: ppc_cbe: fix possible object reference leak · 9612f404
      Wen Yang 提交于
      [ Upstream commit 233298032803f2802fe99892d0de4ab653bfece4 ]
      
      The call to of_get_cpu_node returns a node pointer with refcount
      incremented thus it must be explicitly decremented after the last
      usage.
      
      Detected by coccinelle with the following warnings:
      ./drivers/cpufreq/ppc_cbe_cpufreq.c:89:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 76, but without a corresponding object release within this function.
      ./drivers/cpufreq/ppc_cbe_cpufreq.c:89:2-8: ERROR: missing of_node_put; acquired a node pointer with refcount incremented on line 76, but without a corresponding object release within this function.
      Signed-off-by: NWen Yang <wen.yang99@zte.com.cn>
      Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
      Cc: Viresh Kumar <viresh.kumar@linaro.org>
      Cc: linux-pm@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: NViresh Kumar <viresh.kumar@linaro.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      9612f404
    • K
      qmi_wwan: Add quirk for Quectel dynamic config · f8a91441
      Kristian Evensen 提交于
      [ Upstream commit e4bf63482c309287ca84d91770ffa7dcc18e37eb ]
      
      Most, if not all, Quectel devices use dynamic interface numbers, and
      users are able to change the USB configuration at will. Matching on for
      example interface number is therefore not possible.
      
      Instead, the QMI device can be identified by looking at the interface
      class, subclass and protocol (all 0xff), as well as the number of
      endpoints. The reason we need to look at the number of endpoints, is
      that the diagnostic port interface has the same class, subclass and
      protocol as QMI. However, the diagnostic port only has two endpoints,
      while QMI has three.
      
      Until now, we have identified the QMI device by combining a match on
      class, subclass and protocol, with a call to the function
      quectel_diag_detect(). In quectel_diag_detect(), we check if the number
      of endpoints matches for known Quectel vendor/product ids.
      
      Adding new vendor/product ids to quectel_diag_detect() is not a good
      long-term solution. This commit replaces the function with a quirk, and
      applies the quirk to affected Quectel devices that I have been able to
      test the change with (EP06, EM12 and EC25). If the quirk is set and the
      number of endpoints equal two, we return from qmi_wwan_probe() with
      -ENODEV.
      Signed-off-by: NKristian Evensen <kristian.evensen@gmail.com>
      Acked-by: NBjørn Mork <bjorn@mork.no>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      f8a91441
    • R
      selftests: cgroup: fix cleanup path in test_memcg_subtree_control() · 1b6141cd
      Roman Gushchin 提交于
      [ Upstream commit e14d314c7a489f060d6d691866fef5f131281718 ]
      
      Dan reported, that cleanup path in test_memcg_subtree_control()
      triggers a static checker warning:
        ./tools/testing/selftests/cgroup/test_memcontrol.c:76 \
        test_memcg_subtree_control()
        error: uninitialized symbol 'child2'.
      
      Fix this by initializing child2 and parent2 variables and
      split the cleanup path into few stages.
      Signed-off-by: NRoman Gushchin <guro@fb.com>
      Fixes: 84092dbc ("selftests: cgroup: add memory controller self-tests")
      Reported-by: NDan Carpenter <dan.carpenter@oracle.com>
      Cc: Dan Carpenter <dan.carpenter@oracle.com>
      Cc: Shuah Khan (Samsung OSG) <shuah@kernel.org>
      Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
      Signed-off-by: NShuah Khan <shuah@kernel.org>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      1b6141cd
    • A
      s390: cio: fix cio_irb declaration · 9c594cae
      Arnd Bergmann 提交于
      [ Upstream commit e91012ee855ad9f5ef2ab106a3de51db93fe4d0c ]
      
      clang points out that the declaration of cio_irb does not match the
      definition exactly, it is missing the alignment attribute:
      
      ../drivers/s390/cio/cio.c:50:1: warning: section does not match previous declaration [-Wsection]
      DEFINE_PER_CPU_ALIGNED(struct irb, cio_irb);
      ^
      ../include/linux/percpu-defs.h:150:2: note: expanded from macro 'DEFINE_PER_CPU_ALIGNED'
              DEFINE_PER_CPU_SECTION(type, name, PER_CPU_ALIGNED_SECTION)     \
              ^
      ../include/linux/percpu-defs.h:93:9: note: expanded from macro 'DEFINE_PER_CPU_SECTION'
              extern __PCPU_ATTRS(sec) __typeof__(type) name;                 \
                     ^
      ../include/linux/percpu-defs.h:49:26: note: expanded from macro '__PCPU_ATTRS'
              __percpu __attribute__((section(PER_CPU_BASE_SECTION sec)))     \
                                      ^
      ../drivers/s390/cio/cio.h:118:1: note: previous attribute is here
      DECLARE_PER_CPU(struct irb, cio_irb);
      ^
      ../include/linux/percpu-defs.h:111:2: note: expanded from macro 'DECLARE_PER_CPU'
              DECLARE_PER_CPU_SECTION(type, name, "")
              ^
      ../include/linux/percpu-defs.h:87:9: note: expanded from macro 'DECLARE_PER_CPU_SECTION'
              extern __PCPU_ATTRS(sec) __typeof__(type) name
                     ^
      ../include/linux/percpu-defs.h:49:26: note: expanded from macro '__PCPU_ATTRS'
              __percpu __attribute__((section(PER_CPU_BASE_SECTION sec)))     \
                                      ^
      Use DECLARE_PER_CPU_ALIGNED() here, to make the two match.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Reviewed-by: NNathan Chancellor <natechancellor@gmail.com>
      Signed-off-by: NSebastian Ott <sebott@linux.ibm.com>
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      9c594cae
    • T
      s390/mm: silence compiler warning when compiling without CONFIG_PGSTE · c3c61438
      Thomas Huth 提交于
      [ Upstream commit 81a8f2beb32a5951ecf04385301f50879abc092b ]
      
      If CONFIG_PGSTE is not set (e.g. when compiling without KVM), GCC complains:
      
        CC      arch/s390/mm/pgtable.o
      arch/s390/mm/pgtable.c:413:15: warning: ‘pmd_alloc_map’ defined but not
       used [-Wunused-function]
       static pmd_t *pmd_alloc_map(struct mm_struct *mm, unsigned long addr)
                     ^~~~~~~~~~~~~
      
      Wrap the function with "#ifdef CONFIG_PGSTE" to silence the warning.
      Signed-off-by: NThomas Huth <thuth@redhat.com>
      Reviewed-by: NDavid Hildenbrand <david@redhat.com>
      Signed-off-by: NHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      c3c61438
    • B
      x86/microcode: Fix the ancient deprecated microcode loading method · a07de9b9
      Borislav Petkov 提交于
      [ Upstream commit 24613a04ad1c0588c10f4b5403ca60a73d164051 ]
      
      Commit
      
        2613f36e ("x86/microcode: Attempt late loading only when new microcode is present")
      
      added the new define UCODE_NEW to denote that an update should happen
      only when newer microcode (than installed on the system) has been found.
      
      But it missed adjusting that for the old /dev/cpu/microcode loading
      interface. Fix it.
      
      Fixes: 2613f36e ("x86/microcode: Attempt late loading only when new microcode is present")
      Signed-off-by: NBorislav Petkov <bp@suse.de>
      Reviewed-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: Jann Horn <jannh@google.com>
      Link: https://lkml.kernel.org/r/20190405133010.24249-3-bp@alien8.deSigned-off-by: NSasha Levin <sashal@kernel.org>
      a07de9b9
    • A
      s390: zcrypt: initialize variables before_use · a3713f2c
      Arnd Bergmann 提交于
      [ Upstream commit 913140e221567b3ecd21b4242257a7e3fa279026 ]
      
      The 'func_code' variable gets printed in debug statements without
      a prior initialization in multiple functions, as reported when building
      with clang:
      
      drivers/s390/crypto/zcrypt_api.c:659:6: warning: variable 'func_code' is used uninitialized whenever 'if' condition is true
            [-Wsometimes-uninitialized]
              if (mex->outputdatalength < mex->inputdatalength) {
                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      drivers/s390/crypto/zcrypt_api.c:725:29: note: uninitialized use occurs here
              trace_s390_zcrypt_rep(mex, func_code, rc,
                                         ^~~~~~~~~
      drivers/s390/crypto/zcrypt_api.c:659:2: note: remove the 'if' if its condition is always false
              if (mex->outputdatalength < mex->inputdatalength) {
              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      drivers/s390/crypto/zcrypt_api.c:654:24: note: initialize the variable 'func_code' to silence this warning
              unsigned int func_code;
                                    ^
      
      Add initializations to all affected code paths to shut up the warning
      and make the warning output consistent.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      Signed-off-by: NSasha Levin <sashal@kernel.org>
      a3713f2c