1. 01 12月, 2018 26 次提交
    • R
      brcmfmac: fix reporting support for 160 MHz channels · 54923bc7
      Rafał Miłecki 提交于
      commit d1fe6ad6 upstream.
      
      Driver can report IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ so it's
      important to provide valid & complete info about supported bands for
      each channel. By default no support for 160 MHz should be assumed unless
      firmware reports it for a given channel later.
      
      This fixes info passed to the userspace. Without that change userspace
      could try to use invalid channel and fail to start an interface.
      Signed-off-by: NRafał Miłecki <rafal@milecki.pl>
      Cc: stable@vger.kernel.org
      Signed-off-by: NKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      54923bc7
    • L
      iwlwifi: mvm: don't use SAR Geo if basic SAR is not used · c74c926f
      Luca Coelho 提交于
      commit 5d041c46ccb9b48acc110e214beff5e2789311df upstream.
      
      We can't use SAR Geo if basic SAR is not enabled, since the SAR Geo
      tables define offsets in relation to the basic SAR table in use.
      
      To fix this, make iwl_mvm_sar_init() return one in case WRDS is not
      available, so we can skip reading WGDS entirely.
      
      Fixes: a6bff3cb ("iwlwifi: mvm: add GEO_TX_POWER_LIMIT cmd for geographic tx power table")
      Cc: stable@vger.kernel.org # 4.12+
      Signed-off-by: NLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      c74c926f
    • E
      iwlwifi: mvm: fix regulatory domain update when the firmware starts · 49697515
      Emmanuel Grumbach 提交于
      commit 82715ac71e6b94a2c2136e31f3a8e6748e33aa8c upstream.
      
      When the firmware starts, it doesn't have any regulatory
      information, hence it uses the world wide limitations. The
      driver can feed the firmware with previous knowledge that
      was kept in the driver, but the firmware may still not
      update its internal tables.
      
      This happens when we start a BSS interface, and then the
      firmware can change the regulatory tables based on our
      location and it'll use more lenient, location specific
      rules. Then, if the firmware is shut down (when the
      interface is brought down), and then an AP interface is
      created, the firmware will forget the country specific
      rules.
      
      The host will think that we are in a certain country that
      may allow channels and will try to teach the firmware about
      our location, but the firmware may still not allow to drop
      the world wide limitations and apply country specific rules
      because it was just re-started.
      
      In this case, the firmware will reply with MCC_RESP_ILLEGAL
      to the MCC_UPDATE_CMD. In that case, iwlwifi needs to let
      the upper layers (cfg80211 / hostapd) know that the channel
      list they know about has been updated.
      
      This fixes https://bugzilla.kernel.org/show_bug.cgi?id=201105
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      Signed-off-by: NLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      49697515
    • E
      iwlwifi: mvm: support sta_statistics() even on older firmware · b643d705
      Emmanuel Grumbach 提交于
      commit ec484d03ef0df8d34086b95710e355a259cbe1f2 upstream.
      
      The oldest firmware supported by iwlmvm do support getting
      the average beacon RSSI. Enable the sta_statistics() call
      from mac80211 even on older firmware versions.
      
      Fixes: 33cef925 ("iwlwifi: mvm: support beacon statistics for BSS client")
      Cc: stable@vger.kernel.org # 4.2+
      Signed-off-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      Signed-off-by: NLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b643d705
    • M
      iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE · 29d920ba
      Matt Chen 提交于
      commit 66e839030fd698586734e017fd55c4f2a89dba0b upstream.
      
      From coreboot/BIOS:
      Name ("WGDS", Package() {
       Revision,
       Package() {
           DomainType,                         // 0x7:WiFi ==> We miss this one.
           WgdsWiFiSarDeltaGroup1PowerMax1,    // Group 1 FCC 2400 Max
           WgdsWiFiSarDeltaGroup1PowerChainA1, // Group 1 FCC 2400 A Offset
           WgdsWiFiSarDeltaGroup1PowerChainB1, // Group 1 FCC 2400 B Offset
           WgdsWiFiSarDeltaGroup1PowerMax2,    // Group 1 FCC 5200 Max
           WgdsWiFiSarDeltaGroup1PowerChainA2, // Group 1 FCC 5200 A Offset
           WgdsWiFiSarDeltaGroup1PowerChainB2, // Group 1 FCC 5200 B Offset
           WgdsWiFiSarDeltaGroup2PowerMax1,    // Group 2 EC Jap 2400 Max
           WgdsWiFiSarDeltaGroup2PowerChainA1, // Group 2 EC Jap 2400 A Offset
           WgdsWiFiSarDeltaGroup2PowerChainB1, // Group 2 EC Jap 2400 B Offset
           WgdsWiFiSarDeltaGroup2PowerMax2,    // Group 2 EC Jap 5200 Max
           WgdsWiFiSarDeltaGroup2PowerChainA2, // Group 2 EC Jap 5200 A Offset
           WgdsWiFiSarDeltaGroup2PowerChainB2, // Group 2 EC Jap 5200 B Offset
           WgdsWiFiSarDeltaGroup3PowerMax1,    // Group 3 ROW 2400 Max
           WgdsWiFiSarDeltaGroup3PowerChainA1, // Group 3 ROW 2400 A Offset
           WgdsWiFiSarDeltaGroup3PowerChainB1, // Group 3 ROW 2400 B Offset
           WgdsWiFiSarDeltaGroup3PowerMax2,    // Group 3 ROW 5200 Max
           WgdsWiFiSarDeltaGroup3PowerChainA2, // Group 3 ROW 5200 A Offset
           WgdsWiFiSarDeltaGroup3PowerChainB2, // Group 3 ROW 5200 B Offset
       }
      })
      
      When read the ACPI data to find out the WGDS, the DATA_SIZE is never
      matched.
      From the above format, it gives 19 numbers, but our driver is hardcode
      as 18.
      Fix it to pass then can parse the data into our wgds table.
      Then we will see:
      iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init Sending GEO_TX_POWER_LIMIT
      iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init SAR geographic profile[0]
      Band[0]: chain A = 68 chain B = 69 max_tx_power = 54
      iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init SAR geographic profile[0]
      Band[1]: chain A = 48 chain B = 49 max_tx_power = 70
      iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init SAR geographic profile[1]
      Band[0]: chain A = 51 chain B = 67 max_tx_power = 50
      iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init SAR geographic profile[1]
      Band[1]: chain A = 69 chain B = 70 max_tx_power = 68
      iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init SAR geographic profile[2]
      Band[0]: chain A = 49 chain B = 50 max_tx_power = 48
      iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init SAR geographic profile[2]
      Band[1]: chain A = 52 chain B = 53 max_tx_power = 51
      
      Cc: stable@vger.kernel.org # 4.12+
      Fixes: a6bff3cb ("iwlwifi: mvm: add GEO_TX_POWER_LIMIT cmd for geographic tx power table")
      Signed-off-by: NMatt Chen <matt.chen@intel.com>
      Signed-off-by: NLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      29d920ba
    • V
      gpio: don't free unallocated ida on gpiochip_add_data_with_key() error path · 602162dc
      Vladimir Zapolskiy 提交于
      commit a05a14049999598a3bb6fab12db6b768a0215522 upstream.
      
      The change corrects the error path in gpiochip_add_data_with_key()
      by avoiding to call ida_simple_remove(), if ida_simple_get() returns
      an error.
      
      Note that ida_simple_remove()/ida_free() throws a BUG(), if id argument
      is negative, it allows to easily check the correctness of the fix by
      fuzzing the return value from ida_simple_get().
      
      Fixes: ff2b1359 ("gpio: make the gpiochip a real device")
      Cc: stable@vger.kernel.org # v4.6+
      Signed-off-by: NVladimir Zapolskiy <vz@mleia.com>
      Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      602162dc
    • A
      mmc: sdhci-pci: Workaround GLK firmware failing to restore the tuning value · 6d24302a
      Adrian Hunter 提交于
      commit 5305ec6a27b2dc7398a689e661a4a2e951026f09 upstream.
      
      GLK firmware can indicate that the tuning value will be restored after
      runtime suspend, but not actually do that. Add a workaround that detects
      such cases, and lets the driver do re-tuning instead.
      Reported-by: NAnisse Astier <anisse@astier.eu>
      Tested-by: NAnisse Astier <anisse@astier.eu>
      Signed-off-by: NAdrian Hunter <adrian.hunter@intel.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: NUlf Hansson <ulf.hansson@linaro.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      6d24302a
    • R
      mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL · 52f40362
      Rajat Jain 提交于
      commit cdcefe6bd9df754f528ffc339d3cc143cea4ddf6 upstream.
      
      Problem:
      
      The card detect IRQ does not work with modern BIOS (that want
      to use _DSD to provide the card detect GPIO to the driver).
      
      Details:
      
      The mmc core provides the mmc_gpiod_request_cd() API to let host drivers
      request the gpio descriptor for the "card detect" pin.
      This pin is specified in the ACPI for the SDHC device:
      
       * Either as a resource using _CRS. This is a method used by legacy BIOS.
         (The driver needs to tell which resource index).
      
       * Or as a named property ("cd-gpios"/"cd-gpio") in _DSD (which internally
         points to an entry in _CRS). This way, the driver can lookup using a
         string. This is what modern BIOS prefer to use.
      
      This API finally results in a call to the following code:
      
      struct gpio_desc *acpi_find_gpio(..., const char *con_id,...)
      {
      ...
         /* Lookup gpio (using "<con_id>-gpio") in the _DSD */
      ...
         if (!acpi_can_fallback_to_crs(adev, con_id))
                return ERR_PTR(-ENOENT);
      ...
         /* Falling back to _CRS is allowed, Lookup gpio in the _CRS */
      ...
      }
      
      Note that this means that if the ACPI has _DSD properties, the kernel
      will never use _CRS for the lookup (Because acpi_can_fallback_to_crs()
      will always be false for any device hat has _DSD entries).
      
      The SDHCI driver is thus currently broken on a modern BIOS, even if
      BIOS provides both _CRS (for index based lookup) and _DSD entries (for
      string based lookup). Ironically, none of these will be used for the
      lookup currently because:
      
      * Since the con_id is NULL, acpi_find_gpio() does not find a matching
        entry in DSDT. (The _DSDT entry has the property name = "cd-gpios")
      
      * Because ACPI contains DSDT entries, thus acpi_can_fallback_to_crs()
        returns false (because device properties have been populated from
        _DSD), thus the _CRS is never used for the lookup.
      
      Fix:
      
      Try "cd" for lookup in the _DSD before falling back to using NULL so
      as to try looking up in the _CRS.
      
      I've tested this patch successfully with both Legacy BIOS (that
      provide only _CRS method) as well as modern BIOS (that provide both
      _CRS and _DSD). Also the use of "cd" appears to be fairly consistent
      across other users of this API (other MMC host controller drivers).
      
      Link: https://lkml.org/lkml/2018/9/25/1113Signed-off-by: NRajat Jain <rajatja@google.com>
      Acked-by: NAdrian Hunter <adrian.hunter@intel.com>
      Fixes: f10e4bf6 ("gpio: acpi: Even more tighten up ACPI GPIO lookups")
      Cc: stable@vger.kernel.org
      Signed-off-by: NUlf Hansson <ulf.hansson@linaro.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      52f40362
    • W
      Documentation/security-bugs: Postpone fix publication in exceptional cases · bcec3b85
      Will Deacon 提交于
      commit 544b03da39e2d7b4961d3163976ed4bfb1fac509 upstream.
      
      At the request of the reporter, the Linux kernel security team offers to
      postpone the publishing of a fix for up to 5 business days from the date
      of a report.
      
      While it is generally undesirable to keep a fix private after it has
      been developed, this short window is intended to allow distributions to
      package the fix into their kernel builds and permits early inclusion of
      the security team in the case of a co-ordinated disclosure with other
      parties. Unfortunately, discussions with major Linux distributions and
      cloud providers has revealed that 5 business days is not sufficient to
      achieve either of these two goals.
      
      As an example, cloud providers need to roll out KVM security fixes to a
      global fleet of hosts with sufficient early ramp-up and monitoring. An
      end-to-end timeline of less than two weeks dramatically cuts into the
      amount of early validation and increases the chance of guest-visible
      regressions.
      
      The consequence of this timeline mismatch is that security issues are
      commonly fixed without the involvement of the Linux kernel security team
      and are instead analysed and addressed by an ad-hoc group of developers
      across companies contributing to Linux. In some cases, mainline (and
      therefore the official stable kernels) can be left to languish for
      extended periods of time. This undermines the Linux kernel security
      process and puts upstream developers in a difficult position should they
      find themselves involved with an undisclosed security problem that they
      are unable to report due to restrictions from their employer.
      
      To accommodate the needs of these users of the Linux kernel and
      encourage them to engage with the Linux security team when security
      issues are first uncovered, extend the maximum period for which fixes
      may be delayed to 7 calendar days, or 14 calendar days in exceptional
      cases, where the logistics of QA and large scale rollouts specifically
      need to be accommodated. This brings parity with the linux-distros@
      maximum embargo period of 14 calendar days.
      
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: David Woodhouse <dwmw@amazon.co.uk>
      Cc: Amit Shah <aams@amazon.com>
      Cc: Laura Abbott <labbott@redhat.com>
      Acked-by: NKees Cook <keescook@chromium.org>
      Co-developed-by: NThomas Gleixner <tglx@linutronix.de>
      Co-developed-by: NDavid Woodhouse <dwmw@amazon.co.uk>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NDavid Woodhouse <dwmw@amazon.co.uk>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      Reviewed-by: NTyler Hicks <tyhicks@canonical.com>
      Acked-by: NPeter Zijlstra <peterz@infradead.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      bcec3b85
    • W
      Documentation/security-bugs: Clarify treatment of embargoed information · 160a390a
      Will Deacon 提交于
      commit 14fdc2c5318ae420e68496975f48dc1dbef52649 upstream.
      
      The Linux kernel security team has been accused of rejecting the idea of
      security embargoes. This is incorrect, and could dissuade people from
      reporting security issues to us under the false assumption that the
      issue would leak prematurely.
      
      Clarify the handling of embargoed information in our process
      documentation.
      Co-developed-by: NIngo Molnar <mingo@kernel.org>
      Acked-by: NKees Cook <keescook@chromium.org>
      Acked-by: NPeter Zijlstra <peterz@infradead.org>
      Acked-by: NLaura Abbott <labbott@redhat.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      160a390a
    • G
      MAINTAINERS: Add Sasha as a stable branch maintainer · fc0f9084
      Greg Kroah-Hartman 提交于
      commit cb5d21946d2a2f4687c482ab4604af1d29dac35a upstream.
      
      Sasha has somehow been convinced into helping me with the stable kernel
      maintenance.  Codify this slip in good judgement before he realizes what
      he really signed up for :)
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Acked-by: NSasha Levin <sashal@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      fc0f9084
    • T
      ALSA: oss: Use kvzalloc() for local buffer allocations · 27d6abfb
      Takashi Iwai 提交于
      commit 65766ee0bf7fe8b3be80e2e1c3ef54ad59b29476 upstream.
      
      PCM OSS layer may allocate a few temporary buffers, one for the core
      read/write and another for the conversions via plugins.  Currently
      both are allocated via vmalloc().  But as the allocation size is
      equivalent with the PCM period size, the required size might be quite
      small, depending on the application.
      
      This patch replaces these vmalloc() calls with kvzalloc() for covering
      small period sizes better.  Also, we use "z"-alloc variant here for
      addressing the possible uninitialized access reported by syzkaller.
      
      Reported-by: syzbot+1cb36954e127c98dd037@syzkaller.appspotmail.com
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      27d6abfb
    • M
      usb: xhci: Prevent bus suspend if a port connect change or polling state is detected · cc8b329f
      Mathias Nyman 提交于
      commit 2f31a67f01a8beb22cae754c53522cb61a005750 upstream.
      
      USB3 roothub might autosuspend before a plugged USB3 device is detected,
      causing USB3 device enumeration failure.
      
      USB3 devices don't show up as connected and enabled until USB3 link trainig
      completes. On a fast booting platform with a slow USB3 link training the
      link might reach the connected enabled state just as the bus is suspending.
      
      If this device is discovered first time by the xhci_bus_suspend() routine
      it will be put to U3 suspended state like the other ports which failed to
      suspend earlier.
      
      The hub thread will notice the connect change and resume the bus,
      moving the port back to U0
      
      This U0 -> U3 -> U0 transition right after being connected seems to be
      too much for some devices, causing them to first go to SS.Inactive state,
      and finally end up stuck in a polling state with reset asserted
      
      Fix this by failing the bus suspend if a port has a connect change or is
      in a polling state in xhci_bus_suspend().
      
      Don't do any port changes until all ports are checked, buffer all port
      changes and only write them in the end if suspend can proceed
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NMathias Nyman <mathias.nyman@linux.intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      cc8b329f
    • C
      xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc · b6cc7f9c
      Cherian, George 提交于
      commit 11644a7659529730eaf2f166efaabe7c3dc7af8c upstream.
      
      Implement workaround for ThunderX2 Errata-129 (documented in
      CN99XX Known Issues" available at Cavium support site).
      As per ThunderX2errata-129, USB 2 device may come up as USB 1
      if a connection to a USB 1 device is followed by another connection to
      a USB 2 device, the link will come up as USB 1 for the USB 2 device.
      
      Resolution: Reset the PHY after the USB 1 device is disconnected.
      The PHY reset sequence is done using private registers in XHCI register
      space. After the PHY is reset we check for the PLL lock status and retry
      the operation if it fails. From our tests, retrying 4 times is sufficient.
      
      Add a new quirk flag XHCI_RESET_PLL_ON_DISCONNECT to invoke the workaround
      in handle_xhci_port_status().
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NGeorge Cherian <george.cherian@cavium.com>
      Signed-off-by: NMathias Nyman <mathias.nyman@linux.intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b6cc7f9c
    • A
      usb: xhci: fix timeout for transition from RExit to U0 · cad3876c
      Aaron Ma 提交于
      commit a5baeaeabcca3244782a9b6382ebab6f8a58f583 upstream.
      
      This definition is used by msecs_to_jiffies in milliseconds.
      According to the comments, max rexit timeout should be 20ms.
      Align with the comments to properly calculate the delay.
      
      Verified on Sunrise Point-LP and Cannon Lake.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NAaron Ma <aaron.ma@canonical.com>
      Signed-off-by: NMathias Nyman <mathias.nyman@linux.intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      cad3876c
    • A
      usb: xhci: fix uninitialized completion when USB3 port got wrong status · 60ac01c6
      Aaron Ma 提交于
      commit 958c0bd86075d4ef1c936998deefe1947e539240 upstream.
      
      Realtek USB3.0 Card Reader [0bda:0328] reports wrong port status on
      Cannon lake PCH USB3.1 xHCI [8086:a36d] after resume from S3,
      after clear port reset it works fine.
      
      Since this device is registered on USB3 roothub at boot,
      when port status reports not superspeed, xhci_get_port_status will call
      an uninitialized completion in bus_state[0].
      Kernel will hang because of NULL pointer.
      
      Restrict the USB2 resume status check in USB2 roothub to fix hang issue.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NAaron Ma <aaron.ma@canonical.com>
      Signed-off-by: NMathias Nyman <mathias.nyman@linux.intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      60ac01c6
    • S
      xhci: Add check for invalid byte size error when UAS devices are connected. · 3e8886bd
      Sandeep Singh 提交于
      commit d9193efba84fe4c4aa22a569fade5e6ca971f8af upstream.
      
      Observed "TRB completion code (27)" error which corresponds to Stopped -
      Length Invalid error(xhci spec section 4.17.4) while connecting USB to
      SATA bridge.
      
      Looks like this case was not considered when the following patch[1] was
      committed. Hence adding this new check which can prevent
      the invalid byte size error.
      
      [1] ade2e3a1 xhci: handle transfer events without TRB pointer
      
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NSandeep Singh <sandeep.singh@amd.com>
      cc: Nehal Shah <Nehal-bakulchandra.Shah@amd.com>
      cc: Shyam Sundar S K <Shyam-sundar.S-k@amd.com>
      Signed-off-by: NMathias Nyman <mathias.nyman@linux.intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      3e8886bd
    • M
      xhci: handle port status events for removed USB3 hcd · a237717d
      Mathias Nyman 提交于
      commit 1245374e9b8340fc255fd51b2015173a83050d03 upstream.
      
      At xhci removal the USB3 hcd (shared_hcd) is removed before the primary
      USB2 hcd. Interrupts for port status changes may still occur for USB3
      ports after the shared_hcd is freed, causing  NULL pointer dereference.
      
      Check if xhci->shared_hcd is still valid before handing USB3 port events
      
      Cc: <stable@vger.kernel.org>
      Reported-by: NPeter Chen <peter.chen@nxp.com>
      Tested-by: NJack Pham <jackp@codeaurora.org>
      Signed-off-by: NMathias Nyman <mathias.nyman@linux.intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a237717d
    • M
      xhci: Fix leaking USB3 shared_hcd at xhci removal · 82c1b668
      Mathias Nyman 提交于
      commit f068090426ea8d72c408ebd42953a82a88e2282c upstream.
      
      Ensure that the shared_hcd pointer is valid when calling usb_put_hcd()
      
      The shared_hcd is removed and freed in xhci by first calling
      usb_remove_hcd(xhci->shared_hcd), and later
      usb_put_hcd(xhci->shared_hcd)
      
      Afer commit fe190ed0 ("xhci: Do not halt the host until both HCD have
      disconnected their devices.") the shared_hcd was never properly put as
      xhci->shared_hcd was set to NULL before usb_put_hcd(xhci->shared_hcd) was
      called.
      
      shared_hcd (USB3) is removed before primary hcd (USB2).
      While removing the primary hcd we might need to handle xhci interrupts
      to cleanly remove last USB2 devices, therefore we need to set
      xhci->shared_hcd to NULL before removing the primary hcd to let xhci
      interrupt handler know shared_hcd is no longer available.
      
      xhci-plat.c, xhci-histb.c and xhci-mtk first create both their hcd's before
      adding them. so to keep the correct reverse removal order use a temporary
      shared_hcd variable for them.
      For more details see commit 4ac53087 ("usb: xhci: plat: Create both
      HCDs before adding them")
      
      Fixes: fe190ed0 ("xhci: Do not halt the host until both HCD have disconnected their devices.")
      Cc: Joel Stanley <joel@jms.id.au>
      Cc: Chunfeng Yun <chunfeng.yun@mediatek.com>
      Cc: Thierry Reding <treding@nvidia.com>
      Cc: Jianguo Sun <sunjianguo1@huawei.com>
      Cc: <stable@vger.kernel.org>
      Reported-by: NJack Pham <jackp@codeaurora.org>
      Tested-by: NJack Pham <jackp@codeaurora.org>
      Tested-by: NPeter Chen <peter.chen@nxp.com>
      Signed-off-by: NMathias Nyman <mathias.nyman@linux.intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      82c1b668
    • K
      usb: dwc3: Fix NULL pointer exception in dwc3_pci_remove() · 2ff85eaf
      Kuppuswamy Sathyanarayanan 提交于
      commit 7b412b04a0c7000293008231ce8413056abb1982 upstream.
      
      In dwc3_pci_quirks() function, gpiod lookup table is only registered for
      baytrail SOC. But in dwc3_pci_remove(), we try to unregistered it
      without any checks. This leads to NULL pointer de-reference exception in
      gpiod_remove_lookup_table() when unloading the module for non baytrail
      SOCs. This patch fixes this issue.
      
      Fixes: 5741022c ("usb: dwc3: pci: Add GPIO lookup table on platforms
      without ACPI GPIO resources")
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NKuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
      Reviewed-by: NHeikki Krogerus <heikki.krogerus@linux.intel.com>
      Signed-off-by: NFelipe Balbi <felipe.balbi@linux.intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      2ff85eaf
    • A
      usb: dwc3: core: Clean up ULPI device · c4d1e71e
      Andy Shevchenko 提交于
      commit 08fd9a82fda86529bb2f2af3c2f7cb657b4d3066 upstream.
      
      If dwc3_core_init_mode() fails with deferred probe,
      next probe fails on sysfs with
      
      sysfs: cannot create duplicate filename '/devices/pci0000:00/0000:00:11.0/dwc3.0.auto/dwc3.0.auto.ulpi'
      
      To avoid this failure, clean up ULPI device.
      
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: NFelipe Balbi <felipe.balbi@linux.intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      c4d1e71e
    • T
      usb: dwc3: gadget: Properly check last unaligned/zero chain TRB · 4b977515
      Thinh Nguyen 提交于
      commit ba3a51ac32ebcf8d0a54b37f1af268ad8a31c52f upstream.
      
      Current check for the last extra TRB for zero and unaligned transfers
      does not account for isoc OUT. The last TRB of the Buffer Descriptor for
      isoc OUT transfers will be retired with HWO=0. As a result, we won't
      return early. The req->remaining will be updated to include the BUFSIZ
      count of the extra TRB, and the actual number of transferred bytes
      calculation will be wrong.
      
      To fix this, check whether it's a short or zero packet and the last TRB
      chain bit to return early.
      
      Fixes: c6267a51 ("usb: dwc3: gadget: align transfers to wMaxPacketSize")
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NThinh Nguyen <thinhn@synopsys.com>
      Signed-off-by: NFelipe Balbi <felipe.balbi@linux.intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4b977515
    • F
      usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers · 47cb2719
      Felipe Balbi 提交于
      commit 2fc6d4be35fb1e262f209758e25bfe2b7a113a7f upstream.
      
      When chaining ISOC TRBs together, only the first ISOC TRB should be of
      type ISOC_FIRST, all others should be of type ISOC. This patch fixes
      that.
      
      Fixes: c6267a51 ("usb: dwc3: gadget: align transfers to wMaxPacketSize")
      Cc: <stable@vger.kernel.org> # v4.11+
      Signed-off-by: NFelipe Balbi <felipe.balbi@linux.intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      47cb2719
    • D
      usb: core: Fix hub port connection events lost · 269c01eb
      Dennis Wassenberg 提交于
      commit 22454b79e6de05fa61a2a72d00d2eed798abbb75 upstream.
      
      This will clear the USB_PORT_FEAT_C_CONNECTION bit in case of a hub port reset
      only if a device is was attached to the hub port before resetting the hub port.
      
      Using a Lenovo T480s attached to the ultra dock it was not possible to detect
      some usb-c devices at the dock usb-c ports because the hub_port_reset code
      will clear the USB_PORT_FEAT_C_CONNECTION bit after the actual hub port reset.
      Using this device combo the USB_PORT_FEAT_C_CONNECTION bit was set between the
      actual hub port reset and the clear of the USB_PORT_FEAT_C_CONNECTION bit.
      This ends up with clearing the USB_PORT_FEAT_C_CONNECTION bit after the
      new device was attached such that it was not detected.
      
      This patch will not clear the USB_PORT_FEAT_C_CONNECTION bit if there is
      currently no device attached to the port before the hub port reset.
      This will avoid clearing the connection bit for new attached devices.
      Signed-off-by: NDennis Wassenberg <dennis.wassenberg@secunet.com>
      Acked-by: NMathias Nyman <mathias.nyman@linux.intel.com>
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      269c01eb
    • A
      efi/libstub: arm: support building with clang · 711bd5d2
      Alistair Strachan 提交于
      commit 41f1c48420709470c51ee0e54b6fb28b956bb4e0 upstream.
      
      When building with CONFIG_EFI and CONFIG_EFI_STUB on ARM, the libstub
      Makefile would use -mno-single-pic-base without checking it was
      supported by the compiler. As the ARM (32-bit) clang backend does not
      support this flag, the build would fail.
      
      This changes the Makefile to check the compiler's support for
      -mno-single-pic-base before using it, similar to c1c38668 ("ARM:
      8767/1: add support for building ARM kernel with clang").
      Signed-off-by: NAlistair Strachan <astrachan@google.com>
      Reviewed-by: NStefan Agner <stefan@agner.ch>
      Signed-off-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Nick Desaulniers <ndesaulniers@google.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      711bd5d2
    • R
      HID: steam: remove input device when a hid client is running. · fb87a92b
      Rodrigo Rivas Costa 提交于
      commit 385a4886778f6d6e61eff1d4d295af332d7130e1 upstream.
      
      Previously, when a HID client such as the Steam Client was running, this
      driver disabled its input device to avoid doubling the input events.
      
      While it worked mostly fine, some games got confused by the idle gamepad,
      and switched to two player mode, or asked the user to choose which gamepad
      to use. Other games just crashed, probably a bug in Unity [1].
      
      With this commit, when a HID client starts, the input device is removed;
      when the HID client ends the input device is recreated.
      
      [1]: https://github.com/ValveSoftware/steam-for-linux/issues/5645Signed-off-by: NRodrigo Rivas Costa <rodrigorivascosta@gmail.com>
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      Cc: Pierre-Loup Griffais <pgriffais@valvesoftware.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      fb87a92b
  2. 27 11月, 2018 14 次提交