1. 14 11月, 2018 40 次提交
    • H
      media: cec: make cec_get_edid_spa_location() an inline function · c1a4102e
      Hans Verkuil 提交于
      commit b915bf575d5b7774d0f22d57d6c143e07dcaade2 upstream.
      
      This function is needed by both V4L2 and CEC, so move this to
      cec.h as a static inline since there are no obvious shared
      modules between the two subsystems.
      
      This patch, together with the following ones, fixes a
      dependency bug: if CEC_CORE is disabled, then building adv7604
      (and other HDMI receivers) will fail because an essential
      function is now stubbed out.
      Signed-off-by: NHans Verkuil <hans.verkuil@cisco.com>
      Cc: <stable@vger.kernel.org>      # for v4.17 and up
      Signed-off-by: NMauro Carvalho Chehab <mchehab+samsung@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      c1a4102e
    • B
      remoteproc: qcom: q6v5: Propagate EPROBE_DEFER · a91394b2
      Bjorn Andersson 提交于
      commit d5269c4553a64b6882f2c019ae21b783a0984a83 upstream.
      
      In the case that the interrupts fail to result because of the
      interrupt-controller not yet being registered the
      platform_get_irq_byname() call will fail with -EPROBE_DEFER, but passing
      this into devm_request_threaded_irq() will result in -EINVAL being
      returned, the driver is therefor not reprobed later.
      
      Fixes: 3b415c8f ("remoteproc: q6v5: Extract common resource handling")
      Cc: stable@vger.kernel.org
      Reviewed-by: NSibi Sankar <sibis@codeaurora.org>
      Signed-off-by: NBjorn Andersson <bjorn.andersson@linaro.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a91394b2
    • H
      kgdboc: Passing ekgdboc to command line causes panic · df7ada33
      He Zhe 提交于
      commit 1bd54d851f50dea6af30c3e6ff4f3e9aab5558f9 upstream.
      
      kgdboc_option_setup does not check input argument before passing it
      to strlen. The argument would be a NULL pointer if "ekgdboc", without
      its value, is set in command line and thus cause the following panic.
      
      PANIC: early exception 0xe3 IP 10:ffffffff8fbbb620 error 0 cr2 0x0
      [    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.18-rc8+ #1
      [    0.000000] RIP: 0010:strlen+0x0/0x20
      ...
      [    0.000000] Call Trace
      [    0.000000]  ? kgdboc_option_setup+0x9/0xa0
      [    0.000000]  ? kgdboc_early_init+0x6/0x1b
      [    0.000000]  ? do_early_param+0x4d/0x82
      [    0.000000]  ? parse_args+0x212/0x330
      [    0.000000]  ? rdinit_setup+0x26/0x26
      [    0.000000]  ? parse_early_options+0x20/0x23
      [    0.000000]  ? rdinit_setup+0x26/0x26
      [    0.000000]  ? parse_early_param+0x2d/0x39
      [    0.000000]  ? setup_arch+0x2f7/0xbf4
      [    0.000000]  ? start_kernel+0x5e/0x4c2
      [    0.000000]  ? load_ucode_bsp+0x113/0x12f
      [    0.000000]  ? secondary_startup_64+0xa5/0xb0
      
      This patch adds a check to prevent the panic.
      
      Cc: stable@vger.kernel.org
      Cc: jason.wessel@windriver.com
      Cc: gregkh@linuxfoundation.org
      Cc: jslaby@suse.com
      Signed-off-by: NHe Zhe <zhe.he@windriver.com>
      Reviewed-by: NDaniel Thompson <daniel.thompson@linaro.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      df7ada33
    • M
      Revert "media: dvbsky: use just one mutex for serializing device R/W ops" · 43cdccfe
      Mauro Carvalho Chehab 提交于
      commit 9afc82194de9a1ce298f0d77d7d779d585bf962c upstream.
      
      As pointed at:
      	https://bugzilla.kernel.org/show_bug.cgi?id=199323
      
      This patch causes a bad effect on RPi. I suspect that the root
      cause is at the USB out of tree RPi driver, with uses high priority
      interrupts instead of normal ones. Anyway, as this patch
      is mostly a cleanup, better to revert it.
      
      This reverts commit 7d95fb74.
      
      Cc: stable@vger.kernel.org # For Kernel 4.18
      Signed-off-by: NMauro Carvalho Chehab <mchehab+samsung@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      43cdccfe
    • H
      media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD · 04feb58d
      Hans Verkuil 提交于
      commit 250854eed5d45a73d81e4137dfd85180af6f2ec3 upstream.
      
      When the OSD is on (i.e. vivid displays text on top of the test pattern), and
      you enable hflip, then the driver crashes.
      
      The cause turned out to be a division of a negative number by an unsigned value.
      You expect that -8 / 2U would be -4, but in reality it is 2147483644 :-(
      
      Fixes: 3e14e7a8 ("vivid-tpg: add hor/vert downsampling support to tpg_gen_text")
      Signed-off-by: NHans Verkuil <hans.verkuil@cisco.com>
      Reported-by: NMauro Carvalho Chehab <mchehab+samsung@kernel.org>
      Cc: <stable@vger.kernel.org>      # for v4.1 and up
      Signed-off-by: NMauro Carvalho Chehab <mchehab+samsung@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      04feb58d
    • J
      net: bcmgenet: fix OF child-node lookup · 90bedf4a
      Johan Hovold 提交于
      commit d397dbe606120a1ea1b11b0020c3f7a3852da5ac upstream.
      
      Use the new of_get_compatible_child() helper to lookup the mdio child
      node instead of using of_find_compatible_node(), which searches the
      entire tree from a given start node and thus can return an unrelated
      (i.e. non-child) node.
      
      This also addresses a potential use-after-free (e.g. after probe
      deferral) as the tree-wide helper drops a reference to its first
      argument (i.e. the node of the device being probed).
      
      Fixes: aa09677c ("net: bcmgenet: add MDIO routines")
      Cc: stable <stable@vger.kernel.org>     # 3.15
      Cc: David S. Miller <davem@davemloft.net>
      Reviewed-by: NFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: NJohan Hovold <johan@kernel.org>
      Signed-off-by: NRob Herring <robh@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      90bedf4a
    • M
      TC: Set DMA masks for devices · b0b62843
      Maciej W. Rozycki 提交于
      commit 3f2aa244ee1a0d17ed5b6c86564d2c1b24d1c96b upstream.
      
      Fix a TURBOchannel support regression with commit 205e1b7f
      ("dma-mapping: warn when there is no coherent_dma_mask") that caused
      coherent DMA allocations to produce a warning such as:
      
      defxx: v1.11 2014/07/01  Lawrence V. Stefani and others
      tc1: DEFTA at MMIO addr = 0x1e900000, IRQ = 20, Hardware addr = 08-00-2b-a3-a3-29
      ------------[ cut here ]------------
      WARNING: CPU: 0 PID: 1 at ./include/linux/dma-mapping.h:516 dfx_dev_register+0x670/0x678
      Modules linked in:
      CPU: 0 PID: 1 Comm: swapper Not tainted 4.19.0-rc6 #2
      Stack : ffffffff8009ffc0 fffffffffffffec0 0000000000000000 ffffffff80647650
              0000000000000000 0000000000000000 ffffffff806f5f80 ffffffffffffffff
              0000000000000000 0000000000000000 0000000000000001 ffffffff8065d4e8
              98000000031b6300 ffffffff80563478 ffffffff805685b0 ffffffffffffffff
              0000000000000000 ffffffff805d6720 0000000000000204 ffffffff80388df8
              0000000000000000 0000000000000009 ffffffff8053efd0 ffffffff806657d0
              0000000000000000 ffffffff803177f8 0000000000000000 ffffffff806d0000
              9800000003078000 980000000307b9e0 000000001e900000 ffffffff80067940
              0000000000000000 ffffffff805d6720 0000000000000204 ffffffff80388df8
              ffffffff805176c0 ffffffff8004dc78 0000000000000000 ffffffff80067940
              ...
      Call Trace:
      [<ffffffff8004dc78>] show_stack+0xa0/0x130
      [<ffffffff80067940>] __warn+0x128/0x170
      ---[ end trace b1d1e094f67f3bb2 ]---
      
      This is because the TURBOchannel bus driver fails to set the coherent
      DMA mask for devices enumerated.
      
      Set the regular and coherent DMA masks for TURBOchannel devices then,
      observing that the bus protocol supports a 34-bit (16GiB) DMA address
      space, by interpreting the value presented in the address cycle across
      the 32 `ad' lines as a 32-bit word rather than byte address[1].  The
      architectural size of the TURBOchannel DMA address space exceeds the
      maximum amount of RAM any actual TURBOchannel system in existence may
      have, hence both masks are the same.
      
      This removes the warning shown above.
      
      References:
      
      [1] "TURBOchannel Hardware Specification", EK-369AA-OD-007B, Digital
          Equipment Corporation, January 1993, Section "DMA", pp. 1-15 -- 1-17
      Signed-off-by: NMaciej W. Rozycki <macro@linux-mips.org>
      Signed-off-by: NPaul Burton <paul.burton@mips.com>
      Patchwork: https://patchwork.linux-mips.org/patch/20835/
      Fixes: 205e1b7f ("dma-mapping: warn when there is no coherent_dma_mask")
      Cc: stable@vger.kernel.org # 4.16+
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b0b62843
    • W
      iommu/arm-smmu: Ensure that page-table updates are visible before TLBI · 14dd2a14
      Will Deacon 提交于
      commit 7d321bd3542500caf125249f44dc37cb4e738013 upstream.
      
      The IO-pgtable code relies on the driver TLB invalidation callbacks to
      ensure that all page-table updates are visible to the IOMMU page-table
      walker.
      
      In the case that the page-table walker is cache-coherent, we cannot rely
      on an implicit DSB from the DMA-mapping code, so we must ensure that we
      execute a DSB in our tlb_add_flush() callback prior to triggering the
      invalidation.
      
      Cc: <stable@vger.kernel.org>
      Cc: Robin Murphy <robin.murphy@arm.com>
      Fixes: 2df7a25c ("iommu/arm-smmu: Clean up DMA API usage")
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      14dd2a14
    • C
      ocxl: Fix access to the AFU Descriptor Data · 32396672
      Christophe Lombard 提交于
      commit 6f8e45f7eb1bee5efdbe4a9cfe4a45627403c5fb upstream.
      
      The AFU Information DVSEC capability is a means to extract common,
      general information about all of the AFUs associated with a Function
      independent of the specific functionality that each AFU provides.
      Write in the AFU Index field allows to access to the descriptor data
      for each AFU.
      
      With the current code, we are not able to access to these specific data
      when the index >= 1 because we are writing to the wrong location.
      All requests to the data of each AFU are pointing to those of the AFU 0,
      which could have impacts when using a card with more than one AFU per
      function.
      
      This patch fixes the access to the AFU Descriptor Data indexed by the
      AFU Info Index field.
      
      Fixes: 5ef3166e ("ocxl: Driver code for 'generic' opencapi devices")
      Cc: stable <stable@vger.kernel.org>     # 4.16
      Signed-off-by: NChristophe Lombard <clombard@linux.vnet.ibm.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Acked-by: NFrederic Barrat <fbarrat@linux.vnet.ibm.com>
      Acked-by: NAndrew Donnellan <andrew.donnellan@au1.ibm.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      32396672
    • J
      power: supply: twl4030-charger: fix OF sibling-node lookup · 168945fe
      Johan Hovold 提交于
      commit 9844fb2e351311210e6660a9a1c62d17424a6145 upstream.
      
      Use the new of_get_compatible_child() helper to lookup the usb sibling
      node instead of using of_find_compatible_node(), which searches the
      entire tree from a given start node and thus can return an unrelated
      (non-sibling) node.
      
      This also addresses a potential use-after-free (e.g. after probe
      deferral) as the tree-wide helper drops a reference to its first
      argument (i.e. the parent device node).
      
      While at it, also fix the related phy-node reference leak.
      
      Fixes: f5e4edb8 ("power: twl4030_charger: find associated phy by more reliable means.")
      Cc: stable <stable@vger.kernel.org>     # 4.2
      Cc: NeilBrown <neilb@suse.de>
      Cc: Felipe Balbi <felipe.balbi@linux.intel.com>
      Cc: Sebastian Reichel <sre@kernel.org>
      Reviewed-by: NSebastian Reichel <sre@kernel.org>
      Signed-off-by: NJohan Hovold <johan@kernel.org>
      Signed-off-by: NRob Herring <robh@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      168945fe
    • M
      rtc: cmos: Remove the `use_acpi_alarm' module parameter for !ACPI · 65635b7d
      Maciej W. Rozycki 提交于
      commit bc51098cdd9573bfdecfd02fc8ed474419d73ea0 upstream.
      
      Fix a problem with commit 311ee9c1 ("rtc: cmos: allow using ACPI for
      RTC alarm instead of HPET") defining `use_acpi_alarm' module parameter
      even for non-ACPI platforms, which ignore it.  Wrap the definition into
      #ifdef CONFIG_ACPI and use a static inline wrapper function, hardcoded
      to return 0 and consequently optimized away for !ACPI, following the
      existing pattern with HPET handling functions.
      Signed-off-by: NMaciej W. Rozycki <macro@linux-mips.org>
      Fixes: 311ee9c1 ("rtc: cmos: allow using ACPI for RTC alarm instead of HPET")
      Cc: stable@vger.kernel.org # 4.18+
      Signed-off-by: NAlexandre Belloni <alexandre.belloni@bootlin.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      65635b7d
    • M
      rtc: cmos: Fix non-ACPI undefined reference to `hpet_rtc_interrupt' · 65a060ca
      Maciej W. Rozycki 提交于
      commit d197a253855d2d8e507a003880aab35c4e2473db upstream.
      
      Fix a commit 311ee9c1 ("rtc: cmos: allow using ACPI for RTC alarm
      instead of HPET") `rtc-cmos' regression causing a link error:
      
      drivers/rtc/rtc-cmos.o: In function `cmos_platform_probe':
      rtc-cmos.c:(.init.text+0x33c): undefined reference to `hpet_rtc_interrupt'
      rtc-cmos.c:(.init.text+0x3f4): undefined reference to `hpet_rtc_interrupt'
      
      with non-ACPI platforms using this driver.  The cause is the change of
      the condition guarding the use of `hpet_rtc_interrupt'.
      
      Previously it was a call to `is_hpet_enabled'.  That function is static
      inline and has a hardcoded 0 result for non-ACPI platforms, which imply
      !HPET_EMULATE_RTC.  Consequently the compiler optimized the whole block
      away including the reference to `hpet_rtc_interrupt', which never made
      it to the link stage.
      
      Now the guarding condition is a call to `use_hpet_alarm', which is not
      static inline and therefore the compiler may not be able to prove that
      it actually always returns 0 for non-ACPI platforms.  Consequently the
      build breaks with an unsatisfied reference, because `hpet_rtc_interrupt'
      is nowhere defined at link time.
      
      Fix the problem by marking `use_hpet_alarm' inline.  As the `inline'
      keyword serves as an optimization hint rather than a requirement the
      compiler is still free to choose whether inlining will be beneficial or
      not for ACPI platforms.
      Signed-off-by: NMaciej W. Rozycki <macro@linux-mips.org>
      Fixes: 311ee9c1 ("rtc: cmos: allow using ACPI for RTC alarm instead of HPET")
      Cc: stable@vger.kernel.org # 4.18+
      Signed-off-by: NAlexandre Belloni <alexandre.belloni@bootlin.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      65a060ca
    • S
      rtc: ds1307: fix ds1339 wakealarm support · f3e57308
      Soeren Moch 提交于
      commit 7dceef78f310f5351735060d78a1777c69606016 upstream.
      
      Commit 51ed73eb ("rtc: ds1340: Add support
      for trickle charger.") breaks ds1339 wakealarm support by limiting
      accessible registers. Fix this.
      
      Fixes: 51ed73eb ("rtc: ds1340: Add support for trickle charger.")
      Cc: stable@vger.kernel.org
      Signed-off-by: NSoeren Moch <smoch@web.de>
      Signed-off-by: NAlexandre Belloni <alexandre.belloni@bootlin.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f3e57308
    • A
      MIPS: OCTEON: fix out of bounds array access on CN68XX · 7d9f3a26
      Aaro Koskinen 提交于
      commit c0fae7e2452b90c31edd2d25eb3baf0c76b400ca upstream.
      
      The maximum number of interfaces is returned by
      cvmx_helper_get_number_of_interfaces(), and the value is used to access
      interface_port_count[]. When CN68XX support was added, we forgot
      to increase the array size. Fix that.
      
      Fixes: 2c8c3f02 ("MIPS: Octeon: Support additional interfaces on CN68XX")
      Signed-off-by: NAaro Koskinen <aaro.koskinen@iki.fi>
      Signed-off-by: NPaul Burton <paul.burton@mips.com>
      Patchwork: https://patchwork.linux-mips.org/patch/20949/
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Cc: stable@vger.kernel.org # v4.3+
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7d9f3a26
    • N
      powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 · 66eb08ae
      Nicholas Piggin 提交于
      commit bc276ecba132caccb1fda5863a652c15def2b8c6 upstream.
      
      PPC_INVALIDATE_ERAT is slbia IH=7 which is a new variant introduced
      with POWER9, and the result is undefined on earlier CPUs.
      
      Commits 7b9f71f9 ("powerpc/64s: POWER9 machine check handler") and
      d4748276 ("powerpc/64s: Improve local TLB flush for boot and MCE on
      POWER9") caused POWER7/8 code to use this instruction. Remove it. An
      ERAT flush can be made by invalidatig the SLB, but before POWER9 that
      requires a flush and rebolt.
      
      Fixes: 7b9f71f9 ("powerpc/64s: POWER9 machine check handler")
      Fixes: d4748276 ("powerpc/64s: Improve local TLB flush for boot and MCE on POWER9")
      Cc: stable@vger.kernel.org # v4.11+
      Signed-off-by: NNicholas Piggin <npiggin@gmail.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      66eb08ae
    • M
      powerpc/tm: Fix HFSCR bit for no suspend case · e0f5f1c8
      Michael Neuling 提交于
      commit dd9a8c5a87395b6f05552c3b44e42fdc95760552 upstream.
      
      Currently on P9N DD2.1 we end up taking infinite TM facility
      unavailable exceptions on the first TM usage by userspace.
      
      In the special case of TM no suspend (P9N DD2.1), Linux is told TM is
      off via CPU dt-ftrs but told to (partially) use it via
      OPAL_REINIT_CPUS_TM_SUSPEND_DISABLED. So HFSCR[TM] will be off from
      dt-ftrs but we need to turn it on for the no suspend case.
      
      This patch fixes this by enabling HFSCR TM in this case.
      
      Cc: stable@vger.kernel.org # 4.15+
      Signed-off-by: NMichael Neuling <mikey@neuling.org>
      Signed-off-by: NPaul Mackerras <paulus@ozlabs.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      e0f5f1c8
    • C
      powerpc/msi: Fix compile error on mpc83xx · 7607e1da
      Christophe Leroy 提交于
      commit 0f99153def98134403c9149128e59d3e1786cf04 upstream.
      
      mpic_get_primary_version() is not defined when not using MPIC.
      The compile error log like:
      
      arch/powerpc/sysdev/built-in.o: In function `fsl_of_msi_probe':
      fsl_msi.c:(.text+0x150c): undefined reference to `fsl_mpic_primary_get_version'
      Signed-off-by: NJia Hongtao <hongtao.jia@freescale.com>
      Signed-off-by: NScott Wood <scottwood@freescale.com>
      Reported-by: NRadu Rendec <radu.rendec@gmail.com>
      Fixes: 807d38b7 ("powerpc/mpic: Add get_version API both for internal and external use")
      Cc: stable@vger.kernel.org
      Signed-off-by: NChristophe Leroy <christophe.leroy@c-s.fr>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7607e1da
    • N
      powerpc64/module elfv1: Set opd addresses after module relocation · 5f489579
      Naveen N. Rao 提交于
      commit 59fe7eaf3598a89cbcd72e645b1d08afd76f7b29 upstream.
      
      module_frob_arch_sections() is called before the module is moved to its
      final location. The function descriptor section addresses we are setting
      here are thus invalid. Fix this by processing opd section during
      module_finalize()
      
      Fixes: 5633e85b ("powerpc64: Add .opd based function descriptor dereference")
      Cc: stable@vger.kernel.org # v4.16
      Signed-off-by: NNaveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      5f489579
    • J
      fsnotify: Fix busy inodes during unmount · 778af261
      Jan Kara 提交于
      commit 721fb6fbfd2132164c2e8777cc837f9b2c1794dc upstream.
      
      Detaching of mark connector from fsnotify_put_mark() can race with
      unmounting of the filesystem like:
      
        CPU1				CPU2
      fsnotify_put_mark()
        spin_lock(&conn->lock);
        ...
        inode = fsnotify_detach_connector_from_object(conn)
        spin_unlock(&conn->lock);
      				generic_shutdown_super()
      				  fsnotify_unmount_inodes()
      				    sees connector detached for inode
      				      -> nothing to do
      				  evict_inode()
      				    barfs on pending inode reference
        iput(inode);
      
      Resulting in "Busy inodes after unmount" message and possible kernel
      oops. Make fsnotify_unmount_inodes() properly wait for outstanding inode
      references from detached connectors.
      
      Note that the accounting of outstanding inode references in the
      superblock can cause some cacheline contention on the counter. OTOH it
      happens only during deletion of the last notification mark from an inode
      (or during unlinking of watched inode) and that is not too bad. I have
      measured time to create & delete inotify watch 100000 times from 64
      processes in parallel (each process having its own inotify group and its
      own file on a shared superblock) on a 64 CPU machine. Average and
      standard deviation of 15 runs look like:
      
      	Avg		Stddev
      Vanilla	9.817400	0.276165
      Fixed	9.710467	0.228294
      
      So there's no statistically significant difference.
      
      Fixes: 6b3f05d2 ("fsnotify: Detach mark from object list when last reference is dropped")
      CC: stable@vger.kernel.org
      Signed-off-by: NJan Kara <jack@suse.cz>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      778af261
    • L
      media: ov7670: make "xclk" clock optional · a94a2e3b
      Lubomir Rintel 提交于
      commit 786fa584eda86d6598db3b87c61dc81f68808d11 upstream.
      
      When the "xclk" clock was added, it was made mandatory. This broke the
      driver on an OLPC plaform which doesn't know such clock. Make it
      optional.
      
      Tested on a OLPC XO-1 laptop.
      
      Fixes: 0a024d63 ("[media] ov7670: get xclk")
      
      Cc: stable@vger.kernel.org # 4.11+
      Signed-off-by: NLubomir Rintel <lkundrak@v3.sk>
      Signed-off-by: NSakari Ailus <sakari.ailus@linux.intel.com>
      Signed-off-by: NMauro Carvalho Chehab <mchehab+samsung@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a94a2e3b
    • D
      dm zoned: fix various dmz_get_mblock() issues · 8f882a6b
      Damien Le Moal 提交于
      commit 3d4e738311327bc4ba1d55fbe2f1da3de4a475f9 upstream.
      
      dmz_fetch_mblock() called from dmz_get_mblock() has a race since the
      allocation of the new metadata block descriptor and its insertion in
      the cache rbtree with the READING state is not atomic. Two different
      contexts requesting the same block may end up each adding two different
      descriptors of the same block to the cache.
      
      Another problem for this function is that the BIO for processing the
      block read is allocated after the metadata block descriptor is inserted
      in the cache rbtree. If the BIO allocation fails, the metadata block
      descriptor is freed without first being removed from the rbtree.
      
      Fix the first problem by checking again if the requested block is not in
      the cache right before inserting the newly allocated descriptor,
      atomically under the mblk_lock spinlock. The second problem is fixed by
      simply allocating the BIO before inserting the new block in the cache.
      
      Finally, since dmz_fetch_mblock() also increments a block reference
      counter, rename the function to dmz_get_mblock_slow(). To be symmetric
      and clear, also rename dmz_lookup_mblock() to dmz_get_mblock_fast() and
      increment the block reference counter directly in that function rather
      than in dmz_get_mblock().
      
      Fixes: 3b1a94c8 ("dm zoned: drive-managed zoned block device target")
      Cc: stable@vger.kernel.org
      Signed-off-by: NDamien Le Moal <damien.lemoal@wdc.com>
      Signed-off-by: NMike Snitzer <snitzer@redhat.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      8f882a6b
    • D
      dm zoned: fix metadata block ref counting · fceb0d85
      Damien Le Moal 提交于
      commit 33c2865f8d011a2ca9f67124ddab9dc89382e9f1 upstream.
      
      Since the ref field of struct dmz_mblock is always used with the
      spinlock of struct dmz_metadata locked, there is no need to use an
      atomic_t type. Change the type of the ref field to an unsigne
      integer.
      
      Fixes: 3b1a94c8 ("dm zoned: drive-managed zoned block device target")
      Cc: stable@vger.kernel.org
      Signed-off-by: NDamien Le Moal <damien.lemoal@wdc.com>
      Signed-off-by: NMike Snitzer <snitzer@redhat.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      fceb0d85
    • W
      dm ioctl: harden copy_params()'s copy_from_user() from malicious users · b4212807
      Wenwen Wang 提交于
      commit 800a7340ab7dd667edf95e74d8e4f23a17e87076 upstream.
      
      In copy_params(), the struct 'dm_ioctl' is first copied from the user
      space buffer 'user' to 'param_kernel' and the field 'data_size' is
      checked against 'minimum_data_size' (size of 'struct dm_ioctl' payload
      up to its 'data' member).  If the check fails, an error code EINVAL will be
      returned.  Otherwise, param_kernel->data_size is used to do a second copy,
      which copies from the same user-space buffer to 'dmi'.  After the second
      copy, only 'dmi->data_size' is checked against 'param_kernel->data_size'.
      Given that the buffer 'user' resides in the user space, a malicious
      user-space process can race to change the content in the buffer between
      the two copies.  This way, the attacker can inject inconsistent data
      into 'dmi' (versus previously validated 'param_kernel').
      
      Fix redundant copying of 'minimum_data_size' from user-space buffer by
      using the first copy stored in 'param_kernel'.  Also remove the
      'data_size' check after the second copy because it is now unnecessary.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NWenwen Wang <wang6495@umn.edu>
      Signed-off-by: NMike Snitzer <snitzer@redhat.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b4212807
    • A
      lockd: fix access beyond unterminated strings in prints · 86edf562
      Amir Goldstein 提交于
      commit 93f38b6fae0ea8987e22d9e6c38f8dfdccd867ee upstream.
      
      printk format used %*s instead of %.*s, so hostname_len does not limit
      the number of bytes accessed from hostname.
      Signed-off-by: NAmir Goldstein <amir73il@gmail.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      86edf562
    • T
      nfsd: Fix an Oops in free_session() · 18c1d28f
      Trond Myklebust 提交于
      commit bb6ad5572c0022e17e846b382d7413cdcf8055be upstream.
      
      In call_xpt_users(), we delete the entry from the list, but we
      do not reinitialise it. This triggers the list poisoning when
      we later call unregister_xpt_user() in nfsd4_del_conns().
      Signed-off-by: NTrond Myklebust <trond.myklebust@hammerspace.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      18c1d28f
    • A
      nfsd: correctly decrement odstate refcount in error path · b71f9663
      Andrew Elble 提交于
      commit bd8d725078867cda250fe94b9c5a067b4a64ca74 upstream.
      
      alloc_init_deleg() both allocates an nfs4_delegation, and
      bumps the refcount on odstate. So after this point, we need to
      put_clnt_odstate() and nfs4_put_stid() to not leave the odstate
      refcount inappropriately bumped.
      Signed-off-by: NAndrew Elble <aweits@rit.edu>
      Reviewed-by: NJeff Layton <jlayton@kernel.org>
      Cc: stable@vger.kernel.org
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b71f9663
    • B
      nfs: Fix a missed page unlock after pg_doio() · d99bbbf1
      Benjamin Coddington 提交于
      commit fdbd1a2e4a71adcb1ae219fcfd964930d77a7f84 upstream.
      
      We must check pg_error and call error_cleanup after any call to pg_doio.
      Currently, we are skipping the unlock of a page if we encounter an error in
      nfs_pageio_complete() before handing off the work to the RPC layer.
      Signed-off-by: NBenjamin Coddington <bcodding@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: NTrond Myklebust <trond.myklebust@hammerspace.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      d99bbbf1
    • T
      NFSv4.1: Fix the r/wsize checking · 3a1c13e1
      Trond Myklebust 提交于
      commit 943cff67b842839f4f35364ba2db5c2d3f025d94 upstream.
      
      The intention of nfs4_session_set_rwsize() was to cap the r/wsize to the
      buffer sizes negotiated by the CREATE_SESSION. The initial code had a
      bug whereby we would not check the values negotiated by nfs_probe_fsinfo()
      (the assumption being that CREATE_SESSION will always negotiate buffer values
      that are sane w.r.t. the server's preferred r/wsizes) but would only check
      values set by the user in the 'mount' command.
      
      The code was changed in 4.11 to _always_ set the r/wsize, meaning that we
      now never use the server preferred r/wsizes. This is the regression that
      this patch fixes.
      Also rename the function to nfs4_session_limit_rwsize() in order to avoid
      future confusion.
      
      Fixes: 03385332 (NFSv4.1 respect server's max size in CREATE_SESSION")
      Cc: stable@vger.kernel.org # v4.11+
      Signed-off-by: NTrond Myklebust <trond.myklebust@hammerspace.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      3a1c13e1
    • J
      NFC: nfcmrvl_uart: fix OF child-node lookup · d9e1cdc8
      Johan Hovold 提交于
      commit 5bf59773aaf36dd62117dc83d50e1bbf9ef432da upstream.
      
      Use the new of_get_compatible_child() helper to lookup the nfc child
      node instead of using of_find_compatible_node(), which searches the
      entire tree from a given start node and thus can return an unrelated
      (i.e. non-child) node.
      
      This also addresses a potential use-after-free (e.g. after probe
      deferral) as the tree-wide helper drops a reference to its first
      argument (i.e. the parent node).
      
      Fixes: e097dc62 ("NFC: nfcmrvl: add UART driver")
      Fixes: d8e018c0 ("NFC: nfcmrvl: update device tree bindings for Marvell NFC")
      Cc: stable <stable@vger.kernel.org>     # 4.2
      Cc: Vincent Cuissard <cuissard@marvell.com>
      Cc: Samuel Ortiz <sameo@linux.intel.com>
      Signed-off-by: NJohan Hovold <johan@kernel.org>
      Signed-off-by: NRob Herring <robh@kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      d9e1cdc8
    • J
      tpm: fix response size validation in tpm_get_random() · c6d2e202
      Jarkko Sakkinen 提交于
      commit 84b59f6487d82d3ab4247a099aba66d4d17e8b08 upstream.
      
      When checking whether the response is large enough to be able to contain
      the received random bytes in tpm_get_random() and tpm2_get_random(),
      they fail to take account the header size, which should be added to the
      minimum size. This commit fixes this issue.
      
      Cc: stable@vger.kernel.org
      Fixes: c659af78 ("tpm: Check size of response before accessing data")
      Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      c6d2e202
    • L
      genirq: Fix race on spurious interrupt detection · e6d2f788
      Lukas Wunner 提交于
      commit 746a923b863a1065ef77324e1e43f19b1a3eab5c upstream.
      
      Commit 1e77d0a1 ("genirq: Sanitize spurious interrupt detection of
      threaded irqs") made detection of spurious interrupts work for threaded
      handlers by:
      
      a) incrementing a counter every time the thread returns IRQ_HANDLED, and
      b) checking whether that counter has increased every time the thread is
         woken.
      
      However for oneshot interrupts, the commit unmasks the interrupt before
      incrementing the counter.  If another interrupt occurs right after
      unmasking but before the counter is incremented, that interrupt is
      incorrectly considered spurious:
      
      time
       |  irq_thread()
       |    irq_thread_fn()
       |      action->thread_fn()
       |      irq_finalize_oneshot()
       |        unmask_threaded_irq()            /* interrupt is unmasked */
       |
       |                  /* interrupt fires, incorrectly deemed spurious */
       |
       |    atomic_inc(&desc->threads_handled); /* counter is incremented */
       v
      
      This is observed with a hi3110 CAN controller receiving data at high volume
      (from a separate machine sending with "cangen -g 0 -i -x"): The controller
      signals a huge number of interrupts (hundreds of millions per day) and
      every second there are about a dozen which are deemed spurious.
      
      In theory with high CPU load and the presence of higher priority tasks, the
      number of incorrectly detected spurious interrupts might increase beyond
      the 99,900 threshold and cause disablement of the interrupt.
      
      In practice it just increments the spurious interrupt count. But that can
      cause people to waste time investigating it over and over.
      
      Fix it by moving the accounting before the invocation of
      irq_finalize_oneshot().
      
      [ tglx: Folded change log update ]
      
      Fixes: 1e77d0a1 ("genirq: Sanitize spurious interrupt detection of threaded irqs")
      Signed-off-by: NLukas Wunner <lukas@wunner.de>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: Mathias Duckeck <m.duckeck@kunbus.de>
      Cc: Akshay Bhat <akshay.bhat@timesys.com>
      Cc: Casey Fitzpatrick <casey.fitzpatrick@timesys.com>
      Cc: stable@vger.kernel.org # v3.16+
      Link: https://lkml.kernel.org/r/1dfd8bbd16163940648045495e3e9698e63b50ad.1539867047.git.lukas@wunner.deSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      e6d2f788
    • H
      printk: Fix panic caused by passing log_buf_len to command line · e945325e
      He Zhe 提交于
      commit 277fcdb2cfee38ccdbe07e705dbd4896ba0c9930 upstream.
      
      log_buf_len_setup does not check input argument before passing it to
      simple_strtoull. The argument would be a NULL pointer if "log_buf_len",
      without its value, is set in command line and thus causes the following
      panic.
      
      PANIC: early exception 0xe3 IP 10:ffffffffaaeacd0d error 0 cr2 0x0
      [    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.19.0-rc4-yocto-standard+ #1
      [    0.000000] RIP: 0010:_parse_integer_fixup_radix+0xd/0x70
      ...
      [    0.000000] Call Trace:
      [    0.000000]  simple_strtoull+0x29/0x70
      [    0.000000]  memparse+0x26/0x90
      [    0.000000]  log_buf_len_setup+0x17/0x22
      [    0.000000]  do_early_param+0x57/0x8e
      [    0.000000]  parse_args+0x208/0x320
      [    0.000000]  ? rdinit_setup+0x30/0x30
      [    0.000000]  parse_early_options+0x29/0x2d
      [    0.000000]  ? rdinit_setup+0x30/0x30
      [    0.000000]  parse_early_param+0x36/0x4d
      [    0.000000]  setup_arch+0x336/0x99e
      [    0.000000]  start_kernel+0x6f/0x4ee
      [    0.000000]  x86_64_start_reservations+0x24/0x26
      [    0.000000]  x86_64_start_kernel+0x6f/0x72
      [    0.000000]  secondary_startup_64+0xa4/0xb0
      
      This patch adds a check to prevent the panic.
      
      Link: http://lkml.kernel.org/r/1538239553-81805-1-git-send-email-zhe.he@windriver.com
      Cc: stable@vger.kernel.org
      Cc: rostedt@goodmis.org
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: NHe Zhe <zhe.he@windriver.com>
      Reviewed-by: NSergey Senozhatsky <sergey.senozhatsky@gmail.com>
      Signed-off-by: NPetr Mladek <pmladek@suse.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      e945325e
    • S
      smb3: on kerberos mount if server doesn't specify auth type use krb5 · 93e2e867
      Steve French 提交于
      commit 926674de6705f0f1dbf29a62fd758d0977f535d6 upstream.
      
      Some servers (e.g. Azure) do not include a spnego blob in the SMB3
      negotiate protocol response, so on kerberos mounts ("sec=krb5")
      we can fail, as we expected the server to list its supported
      auth types (OIDs in the spnego blob in the negprot response).
      Change this so that on krb5 mounts we default to trying krb5 if the
      server doesn't list its supported protocol mechanisms.
      Signed-off-by: NSteve French <stfrench@microsoft.com>
      Reviewed-by: NRonnie Sahlberg <lsahlber@redhat.com>
      CC: Stable <stable@vger.kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      93e2e867
    • S
      smb3: do not attempt cifs operation in smb3 query info error path · 108b981d
      Steve French 提交于
      commit 1e77a8c204c9d1b655c61751b8ad0fde22421dbb upstream.
      
      If backupuid mount option is sent, we can incorrectly retry
      (on access denied on query info) with a cifs (FindFirst) operation
      on an smb3 mount which causes the server to force the session close.
      
      We set backup intent on open so no need for this fallback.
      
      See kernel bugzilla 201435
      Signed-off-by: NSteve French <stfrench@microsoft.com>
      CC: Stable <stable@vger.kernel.org>
      Reviewed-by: NRonnie Sahlberg <lsahlber@redhat.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      108b981d
    • S
      smb3: allow stats which track session and share reconnects to be reset · eb7814c3
      Steve French 提交于
      commit 2c887635cd6ab3af619dc2be94e5bf8f2e172b78 upstream.
      
      Currently, "echo 0 > /proc/fs/cifs/Stats" resets all of the stats
      except the session and share reconnect counts.  Fix it to
      reset those as well.
      
      CC: Stable <stable@vger.kernel.org>
      Signed-off-by: NSteve French <stfrench@microsoft.com>
      Reviewed-by: NAurelien Aptel <aaptel@suse.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      eb7814c3
    • A
      w1: omap-hdq: fix missing bus unregister at removal · b8e2aea1
      Andreas Kemnade 提交于
      commit a007734618fee1bf35556c04fa498d41d42c7301 upstream.
      
      The bus master was not removed after unloading the module
      or unbinding the driver. That lead to oopses like this
      
      [  127.842987] Unable to handle kernel paging request at virtual address bf01d04c
      [  127.850646] pgd = 70e3cd9a
      [  127.853698] [bf01d04c] *pgd=8f908811, *pte=00000000, *ppte=00000000
      [  127.860412] Internal error: Oops: 80000007 [#1] PREEMPT SMP ARM
      [  127.866668] Modules linked in: bq27xxx_battery overlay [last unloaded: omap_hdq]
      [  127.874542] CPU: 0 PID: 1022 Comm: w1_bus_master1 Not tainted 4.19.0-rc4-00001-g2d51da718324 #12
      [  127.883819] Hardware name: Generic OMAP36xx (Flattened Device Tree)
      [  127.890441] PC is at 0xbf01d04c
      [  127.893798] LR is at w1_search_process_cb+0x4c/0xfc
      [  127.898956] pc : [<bf01d04c>]    lr : [<c05f9580>]    psr: a0070013
      [  127.905609] sp : cf885f48  ip : bf01d04c  fp : ddf1e11c
      [  127.911132] r10: cf8fe040  r9 : c05f8d00  r8 : cf8fe040
      [  127.916656] r7 : 000000f0  r6 : cf8fe02c  r5 : cf8fe000  r4 : cf8fe01c
      [  127.923553] r3 : c05f8d00  r2 : 000000f0  r1 : cf8fe000  r0 : dde1ef10
      [  127.930450] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
      [  127.938018] Control: 10c5387d  Table: 8f8f0019  DAC: 00000051
      [  127.944091] Process w1_bus_master1 (pid: 1022, stack limit = 0x9135699f)
      [  127.951171] Stack: (0xcf885f48 to 0xcf886000)
      [  127.955810] 5f40:                   cf8fe000 00000000 cf884000 cf8fe090 000003e8 c05f8d00
      [  127.964477] 5f60: dde5fc34 c05f9700 ddf1e100 ddf1e540 cf884000 cf8fe000 c05f9694 00000000
      [  127.973114] 5f80: dde5fc34 c01499a4 00000000 ddf1e540 c0149874 00000000 00000000 00000000
      [  127.981781] 5fa0: 00000000 00000000 00000000 c01010e8 00000000 00000000 00000000 00000000
      [  127.990447] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
      [  127.999114] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
      [  128.007781] [<c05f9580>] (w1_search_process_cb) from [<c05f9700>] (w1_process+0x6c/0x118)
      [  128.016479] [<c05f9700>] (w1_process) from [<c01499a4>] (kthread+0x130/0x148)
      [  128.024047] [<c01499a4>] (kthread) from [<c01010e8>] (ret_from_fork+0x14/0x2c)
      [  128.031677] Exception stack(0xcf885fb0 to 0xcf885ff8)
      [  128.037017] 5fa0:                                     00000000 00000000 00000000 00000000
      [  128.045684] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
      [  128.054351] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000
      [  128.061340] Code: bad PC value
      [  128.064697] ---[ end trace af066e33c0e14119 ]---
      
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndreas Kemnade <andreas@kemnade.info>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b8e2aea1
    • E
      iio: adc: at91: fix wrong channel number in triggered buffer mode · cf6ab943
      Eugen Hristev 提交于
      commit aea835f2dc8a682942b859179c49ad1841a6c8b9 upstream.
      
      When channels are registered, the hardware channel number is not the
      actual iio channel number.
      This is because the driver is probed with a certain number of accessible
      channels. Some pins are routed and some not, depending on the description of
      the board in the DT.
      Because of that, channels 0,1,2,3 can correspond to hardware channels
      2,3,4,5 for example.
      In the buffered triggered case, we need to do the translation accordingly.
      Fixed the channel number to stop reading the wrong channel.
      
      Fixes: 0e589d5f ("ARM: AT91: IIO: Add AT91 ADC driver.")
      Cc: Maxime Ripard <maxime.ripard@bootlin.com>
      Signed-off-by: NEugen Hristev <eugen.hristev@microchip.com>
      Acked-by: NLudovic Desroches <ludovic.desroches@microchip.com>
      Cc: <Stable@vger.kernel.org>
      Signed-off-by: NJonathan Cameron <Jonathan.Cameron@huawei.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      cf6ab943
    • E
      iio: adc: at91: fix acking DRDY irq on simple conversions · b7e95f41
      Eugen Hristev 提交于
      commit bc1b45326223e7e890053cf6266357adfa61942d upstream.
      
      When doing simple conversions, the driver did not acknowledge the DRDY irq.
      If this irq status is not acked, it will be left pending, and as soon as a
      trigger is enabled, the irq handler will be called, it doesn't know why
      this status has occurred because no channel is pending, and then it will go
      int a irq loop and board will hang.
      To avoid this situation, read the LCDR after a raw conversion is done.
      
      Fixes: 0e589d5f ("ARM: AT91: IIO: Add AT91 ADC driver.")
      Cc: Maxime Ripard <maxime.ripard@bootlin.com>
      Signed-off-by: NEugen Hristev <eugen.hristev@microchip.com>
      Acked-by: NLudovic Desroches <ludovic.desroches@microchip.com>
      Cc: <Stable@vger.kernel.org>
      Signed-off-by: NJonathan Cameron <Jonathan.Cameron@huawei.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b7e95f41
    • A
      iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() · f809deba
      Alexey Khoroshilov 提交于
      commit d3fa21c73c391975488818b085b894c2980ea052 upstream.
      
      Leaving for_each_child_of_node loop we should release child device node,
      if it is not stored for future use.
      
      Found by Linux Driver Verification project (linuxtesting.org).
      
      JC: I'm not sending this as a quick fix as it's been wrong for years,
      but good to pick up for stable after the merge window.
      Signed-off-by: NAlexey Khoroshilov <khoroshilov@ispras.ru>
      Fixes: 6df2e98c ("iio: adc: Add imx25-gcq ADC driver")
      Cc: <Stable@vger.kernel.org>
      Signed-off-by: NJonathan Cameron <Jonathan.Cameron@huawei.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f809deba
    • L
      iio: ad5064: Fix regulator handling · 57629351
      Lars-Peter Clausen 提交于
      commit 8911a43bc198877fad9f4b0246a866b26bb547ab upstream.
      
      The correct way to handle errors returned by regualtor_get() and friends is
      to propagate the error since that means that an regulator was specified,
      but something went wrong when requesting it.
      
      For handling optional regulators, e.g. when the device has an internal
      vref, regulator_get_optional() should be used to avoid getting the dummy
      regulator that the regulator core otherwise provides.
      Signed-off-by: NLars-Peter Clausen <lars@metafoo.de>
      Cc: <Stable@vger.kernel.org>
      Signed-off-by: NJonathan Cameron <Jonathan.Cameron@huawei.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      57629351