- 09 2月, 2019 1 次提交
-
-
由 Linus Walleij 提交于
This adds a driver for Gateworks PLD GPIO, that exist in two instances on the Gateworks Cambria GW2358-4 router platform at least. Cc: Imre Kaloz <kaloz@openwrt.org> Cc: Tim Harvey <tharvey@gateworks.com> Reviewed-by: NBartosz Golaszewski <bgolaszewski@baylibre.com> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
- 08 2月, 2019 2 次提交
-
-
由 Linus Walleij 提交于
This adds device tree bindings for the Gateworks PLD GPIO chip, a simple I2C GPIO controller. Cc: devicetree@vger.kernel.org Cc: Imre Kaloz <kaloz@openwrt.org> Cc: Tim Harvey <tharvey@gateworks.com> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Linus Walleij 提交于
As I am adding a PLD GPIO driver for Gateworks, we need their prefix among the vendors. Cc: Imre Kaloz <kaloz@openwrt.org> Cc: Tim Harvey <tharvey@gateworks.com> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
- 04 2月, 2019 2 次提交
-
-
由 Brian Masney 提交于
Select IRQ_DOMAIN_HIERARCHY for spmi-gpio in Kconfig since this driver is now setup as a hierarchical IRQ chip. Signed-off-by: NBrian Masney <masneyb@onstation.org> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Brian Masney 提交于
Export the irq_chip_set_wake_parent symbol so that drivers with hierarchical IRQ chips can be built as a module. Signed-off-by: NBrian Masney <masneyb@onstation.org> Reported-by: NMark Brown <broonie@kernel.org> Acked-by: NMarc Zyngier <marc.zyngier@arm.com> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
- 28 1月, 2019 3 次提交
-
-
由 Andy Shevchenko 提交于
The checker complains during build gpiolib-acpi.c:45: warning: Function parameter or member 'irq_requested' not described in 'acpi_gpio_event' because the typo in the field description. Fix the name to have documentation up-to-date. Signed-off-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com> Acked-by: NMika Westerberg <mika.westerberg@linux.intel.com> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Andrew Lunn 提交于
Some TQ-Systems ComExpress modules contain an IO controller with 8 GPIO lines. Signed-off-by: NAndrew Lunn <andrew@lunn.ch> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Phil Reid 提交于
Add missing '*' char to the start of the comment lines. Signed-off-by: NPhil Reid <preid@electromag.com.au> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
- 24 1月, 2019 13 次提交
-
-
由 Linus Walleij 提交于
-
由 Brian Masney 提交于
Now that spmi-gpio is a proper hierarchical IRQ chip, and all in-tree users of device tree have been updated, we can now drop the hack that was introduced to disassociate the old Linux virq if a hwirq mapping already exists. That patch was introduced to not break git bisect for any existing boards. Driver was tested using gpio-keys and iadc/vadc on the LG Nexus 5 (hammerhead) phone. Signed-off-by: NBrian Masney <masneyb@onstation.org> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Brian Masney 提交于
qpnpint_irq_domain_map did not validate the IRQ type and this can cause IRQs to not work as expected if an unsupported type (such as IRQ_TYPE_NONE) is passed in. Now that spmi-gpio is a hierarchical IRQ controller, and all device tree bindings have been updated, add additional validation to the type field. Signed-off-by: NBrian Masney <masneyb@onstation.org> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Brian Masney 提交于
Add interrupt controller properties now that spmi-gpio is a proper hierarchical IRQ chip. The interrupts property is no longer needed so remove it. This change was not tested on any hardware but the same change was tested on qcom-pm8941.dtsi using a LG Nexus 5 (hammerhead) phone with no issues. Signed-off-by: NBrian Masney <masneyb@onstation.org> Reviewed-by: NStephen Boyd <sboyd@kernel.org> Reviewed-by: NBjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Brian Masney 提交于
Add interrupt controller properties now that spmi-gpio is a proper hierarchical IRQ chip. The interrupts property is no longer needed so remove it. This change was not tested on any hardware but the same change was tested on qcom-pm8941.dtsi using a LG Nexus 5 (hammerhead) phone with no issues. Signed-off-by: NBrian Masney <masneyb@onstation.org> Reviewed-by: NStephen Boyd <sboyd@kernel.org> Reviewed-by: NBjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Brian Masney 提交于
Add interrupt controller properties now that spmi-gpio is a proper hierarchical IRQ chip. The interrupts property is no longer needed so remove it. This change was not tested on any hardware but the same change was tested on qcom-pm8941.dtsi using a LG Nexus 5 (hammerhead) phone with no issues. Signed-off-by: NBrian Masney <masneyb@onstation.org> Reviewed-by: NStephen Boyd <sboyd@kernel.org> Reviewed-by: NBjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Brian Masney 提交于
Add interrupt controller properties now that spmi-gpio is a proper hierarchical IRQ chip. The interrupts property is no longer needed so remove it. This change was not tested on any hardware but the same change was tested on qcom-pm8941.dtsi using a LG Nexus 5 (hammerhead) phone with no issues. Signed-off-by: NBrian Masney <masneyb@onstation.org> Reviewed-by: NStephen Boyd <sboyd@kernel.org> Reviewed-by: NBjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Brian Masney 提交于
Add interrupt controller properties now that spmi-gpio is a proper hierarchical IRQ chip. The interrupts property is no longer needed so remove it. This change was not tested on any hardware but the same change was tested on qcom-pm8941.dtsi using a LG Nexus 5 (hammerhead) phone with no issues. Signed-off-by: NBrian Masney <masneyb@onstation.org> Reviewed-by: NStephen Boyd <sboyd@kernel.org> Reviewed-by: NBjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Brian Masney 提交于
Add interrupt controller properties now that spmi-gpio is a proper hierarchical IRQ chip. The interrupts property is no longer needed so remove it. Code was tested on the LG Nexus 5 (hammerhead) phone. Signed-off-by: NBrian Masney <masneyb@onstation.org> Reviewed-by: NStephen Boyd <sboyd@kernel.org> Reviewed-by: NBjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Brian Masney 提交于
spmi-gpio did not have any irqchip support so consumers of this in device tree would need to call gpio[d]_to_irq() in order to get the proper IRQ on the underlying PMIC. IRQ chips in device tree should be usable from the start without the consumer having to make an additional call to get the proper IRQ on the parent. This patch adds hierarchical IRQ chip support to the spmi-gpio code to correct this issue. Driver was tested using the volume buttons (via gpio-keys) on the LG Nexus 5 (hammerhead) phone with the following two configurations. volume-up { interrupts-extended = <&pm8941_gpios 2 IRQ_TYPE_EDGE_BOTH>; ... }; volume-up { gpios = <&pm8941_gpios 2 GPIO_ACTIVE_LOW>; ... }; Both configurations now show that spmi-gpio is the IRQ domain and that the IRQ is setup in a hierarchy. $ grep volume_up /proc/interrupts 72: 6 0 spmi-gpio 1 Edge volume_up $ cat /sys/kernel/debug/irq/irqs/72 handler: handle_edge_irq device: (null) status: 0x00000403 _IRQ_NOPROBE istate: 0x00000000 ddepth: 0 wdepth: 0 dstate: 0x02400203 IRQ_TYPE_EDGE_RISING IRQ_TYPE_EDGE_FALLING IRQD_ACTIVATED IRQD_IRQ_STARTED node: 0 affinity: 0-3 effectiv: domain: :soc:spmi@fc4cf000:pm8941@0:gpios@c000 hwirq: 0x1 chip: spmi-gpio flags: 0x4 IRQCHIP_MASK_ON_SUSPEND parent: domain: :soc:spmi@fc4cf000 hwirq: 0xc100057 chip: pmic_arb flags: 0x4 IRQCHIP_MASK_ON_SUSPEND Signed-off-by: NBrian Masney <masneyb@onstation.org> Reviewed-by: NStephen Boyd <sboyd@kernel.org> Reviewed-by: NMarc Zyngier <marc.zyngier@arm.com> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Brian Masney 提交于
Check to see if the hwirq is already associated with another virq on this IRQ domain. If so, then disassociate it before associating the hwirq with the new virq. This is a temporary hack that is needed in order to not break git bisect for existing boards. The next patch in this series converts spmi-gpio to be a hierarchical IRQ chip, then there are several patches to update all of the device tree files, and finally this patch will be reverted within the same patch series. IRQs for spmi-gpio are all initially setup without an IRQ hierarchy on pmic-arb when mfd/qcom-spmi-pmic.c is probed (via the devm_of_platform_populate call) due to the interrupts property in device tree. Once spmi-gpio is converted to be a hierarchical IRQ chip in the next patch, existing users of gpio[d]_to_irq() will call pmic_gpio_to_irq(), and that will use the new IRQ chip code in spmi-gpio that sets up the IRQ in an IRQ hierarchy. The hwirq is now associated with two Linux virqs and interrupts will not work as expected. This patch corrects that issue. Driver was tested using gpio-keys and iadc/vadc on the LG Nexus 5 (hammerhead) phone. Signed-off-by: NBrian Masney <masneyb@onstation.org> Reviewed-by: NStephen Boyd <sboyd@kernel.org> Acked-by: NBjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Brian Masney 提交于
This adds the two new functions gpiochip_irq_domain_activate and gpiochip_irq_domain_deactivate that can be used as the activate and deactivate functions in the struct irq_domain_ops. This is for situations where only gpiochip_{lock,unlock}_as_irq needs to be called. SPMI and SSBI GPIO are two users that will initially use these functions. Signed-off-by: NBrian Masney <masneyb@onstation.org> Suggested-by: NStephen Boyd <sboyd@kernel.org> Reviewed-by: NStephen Boyd <sboyd@kernel.org> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Brian Masney 提交于
Convert the spmi-pmic-arb IRQ code to use the version 2 IRQ interface in order to support hierarchical IRQ chips. This is necessary so that spmi-gpio can be setup as a hierarchical IRQ chip with pmic-arb as the parent. IRQ chips in device tree should be usable from the start without the consumer having to make an additional call to gpio[d]_to_irq() to get the proper IRQ on the parent. The old qpnpint_irq_domain_map function would hardcode the handler as handle_level_irq, however qpnpint_irq_set_type would later override the handler. Properly set the handler when the IRQ is mapped. This new code doesn't return an error for IRQ_TYPE_NONE and preserves the existing behavior of using handle_level_irq since there are some broken device tree bindings that need to be corrected first. Driver was tested on a LG Nexus 5 (hammerhead) phone. Signed-off-by: NBrian Masney <masneyb@onstation.org> Reviewed-by: NMarc Zyngier <marc.zyngier@arm.com> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
- 22 1月, 2019 1 次提交
-
-
由 Steffen Kothe 提交于
Basic implementation of driver is used to support Fintek F81804 & F81966 gpios with custom register set. Signed-off-by: NSteffen Kothe <steffen.kothe.gc1993@googlemail.com> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
- 21 1月, 2019 10 次提交
-
-
由 Vladimir Zapolskiy 提交于
R-Car GPIO controller provides two interfaces to set GPIO line output signal state, and for a particular GPIO line the selected interface is determined by OUTDTSEL bit value. At the moment the driver supports only one of two interfaces, namely OUTDT General Output Register is used to control the output signal. While this selection is the default one on reset, it is not explicitly configured on probe, thus it might be possible that kernel and userspace consumers of a GPIO won't be able to set the wanted GPIO output signal. Below is a simple test case to reproduce the described problem and verify this fix in the kernel on H3 ULCB by setting non-default OUTDTSEL configuration from a bootloader: u-boot > mw.l 0xe6055440 0x3000 1 ... userspace > echo default-on > /sys/devices/platform/leds/leds/led5/trigger userspace > echo default-on > /sys/devices/platform/leds/leds/led6/trigger Signed-off-by: NVladimir Zapolskiy <vladimir_zapolskiy@mentor.com> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Souptick Joarder 提交于
Remove linux/gpio/machine.h which is included more than once. Signed-off-by: NSouptick Joarder <jrdr.linux@gmail.com> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Jonathan Neuschäfer 提交于
Like the Spreadtrum EIC driver[1], this driver needs to emulate edge triggered interrupts to support the generic gpio-keys driver. [1]: https://www.spinics.net/lists/kernel/msg2764576.htmlSigned-off-by: NJonathan Neuschäfer <j.neuschaefer@gmx.net> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Jonathan Neuschäfer 提交于
This patch implements level-triggered IRQs in the Hollywood GPIO driver. Edge triggered interrupts are not supported in this GPIO controller, so I moved their emulation into a separate patch. Signed-off-by: NJonathan Neuschäfer <j.neuschaefer@gmx.net> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Thomas Petazzoni 提交于
When a system has two PCA953x GPIO expanders, the kernel complains with: gpio gpiochip2: (0-0021): detected irqchip that is shared with multiple gpiochips: please fix the driver. Indeed, there is a single instance of "struct irq_chip" that gets re-used for both PCA953x instance. This commit moves the "struct irq_chip" to be part of the "struct pca953x_chip", so that we have one "struct irq_chip" per PCA953X instance. As part of this, the name of the irq_chip is also made different on a per-instance basis, now using the dev_name() of the I2C device. This changes what is visible in /proc/interrupts. Before: 47: 0 0 pca953x 10 Edge e0100000.sdhci cd 48: 0 0 pca953x 6 Edge e0101000.sdhci cd After: 47: 0 0 0-0020 10 Edge e0100000.sdhci cd 48: 2 0 0-0020 6 Edge e0101000.sdhci cd Signed-off-by: NThomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Thomas Petazzoni 提交于
The current design of pca953x_irq_setup() is: if (all conditions to support IRQ are met) { lots of code to support IRQs, which goes to a serious indentation level. } return 0; It makes more sense to handle this like this: if (!all conditions to support IRQ are met) return 0; handle IRQ support This commit does just this change, reducing by one tab the indentation level of the IRQ setup code. Thanks to this reduced indentation level, we are less restricted by the 80-column limit, and we can have more function arguments on the same line. Signed-off-by: NThomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Brian Masney 提交于
The probing of this driver calls platform_irq_count, which will setup all of the IRQs that are configured in device tree. In preparation for converting this driver to be a hierarchical IRQ chip, hardcode the IRQ count based on the hardware type so that all the IRQs are not configured immediately and are configured on an as-needed basis later in the boot process. This change will also allow for the removal of the interrupts property later in this patch series once the hierarchical IRQ chip support is in. This patch also removes the generic qcom,spmi-gpio OF match since we don't know the number of pins. All of the existing upstream bindings already include the more-specific binding. The pm8941 code was tested on a LG Nexus 5 (hammerhead) phone. Signed-off-by: NBrian Masney <masneyb@onstation.org> Reviewed-by: NStephen Boyd <sboyd@kernel.org> Reviewed-by: NBjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Brian Masney 提交于
Add support for qcom,pm8005-gpio, qcom,pm8998-gpio, and qcom,pmi8998-gpio. These three variants are already in use in some arm64 dtsi files. Those boards work since the generic binding qcom,spmi-gpio is also specified. Signed-off-by: NBrian Masney <masneyb@onstation.org> Reviewed-by: NStephen Boyd <sboyd@kernel.org> Reviewed-by: NBjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Brian Masney 提交于
Add support for the PMI8998 GPIO variant to the Qualcomm PMIC GPIO binding document. Signed-off-by: NBrian Masney <masneyb@onstation.org> Reviewed-by: NStephen Boyd <sboyd@kernel.org> Reviewed-by: NBjorn Andersson <bjorn.andersson@linaro.org> Reviewed-by: NRob Herring <robh@kernel.org> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Baolin Wang 提交于
The Spreadtrum PMIC interrupt controller has no registers to set irq trigger type, since it is always high level trigger. That means the PMIC EIC controller as a child device of PMIC INTC does not need to set the trigger type, so remove it. Signed-off-by: NBaolin Wang <baolin.wang@linaro.org> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
- 11 1月, 2019 1 次提交
-
-
由 Axel Lin 提交于
Set proper output level base on the argument of direction_output. Also remove sama5d2_piobu_set_direction() as there is only one caller now. Signed-off-by: NAxel Lin <axel.lin@ingics.com> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
- 10 1月, 2019 2 次提交
-
-
由 Hans de Goede 提交于
__acpi_gpio_update_gpiod_flags purpose is to make the gpiod_flags used when requesting a GPIO match the restrictions from the ACPI resource, as stored in acpi_gpio_info.flags. But acpi_gpio_info.flags only contains direction info, and the requester may have passed in special non-direction flags like GPIOD_FLAGS_BIT_NONEXCLUSIVE, which we currently clobber. This commit modifies __acpi_gpio_update_gpiod_flags to preserve these special flags, so that a requested of an ACPI GPIO can e.g. pass GPIOD_FLAGS_BIT_NONEXCLUSIV and have it work as intended. Acked-by: NMika Westerberg <mika.westerberg@linux.intel.com> Reviewed-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: NHans de Goede <hdegoede@redhat.com> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
由 Baruch Siach 提交于
struct gpio_chip documentation recommends to always implement this callback function. A more concrete motivation is to be able (in combination with GPIOD_ASIS) to detect whether the bootloader has changed the state of a GPIO signal. Signed-off-by: NBaruch Siach <baruch@tkos.co.il> Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>
-
- 07 1月, 2019 5 次提交
-
-
由 Linus Torvalds 提交于
-
git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild由 Linus Torvalds 提交于
Pull more Kbuild updates from Masahiro Yamada: - improve boolinit.cocci and use_after_iter.cocci semantic patches - fix alignment for kallsyms - move 'asm goto' compiler test to Kconfig and clean up jump_label CONFIG option - generate asm-generic wrappers automatically if arch does not implement mandatory UAPI headers - remove redundant generic-y defines - misc cleanups * tag 'kbuild-v4.21-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kconfig: rename generated .*conf-cfg to *conf-cfg kbuild: remove unnecessary stubs for archheader and archscripts kbuild: use assignment instead of define ... endef for filechk_* rules arch: remove redundant UAPI generic-y defines kbuild: generate asm-generic wrappers if mandatory headers are missing arch: remove stale comments "UAPI Header export list" riscv: remove redundant kernel-space generic-y kbuild: change filechk to surround the given command with { } kbuild: remove redundant target cleaning on failure kbuild: clean up rule_dtc_dt_yaml kbuild: remove UIMAGE_IN and UIMAGE_OUT jump_label: move 'asm goto' support test to Kconfig kallsyms: lower alignment on ARM scripts: coccinelle: boolinit: drop warnings on named constants scripts: coccinelle: check for redeclaration kconfig: remove unused "file" field of yylval union nds32: remove redundant kernel-space generic-y nios2: remove unneeded HAS_DMA define
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip由 Linus Torvalds 提交于
Pull perf tooling updates form Ingo Molnar: "A final batch of perf tooling changes: mostly fixes and small improvements" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (29 commits) perf session: Add comment for perf_session__register_idle_thread() perf thread-stack: Fix thread stack processing for the idle task perf thread-stack: Allocate an array of thread stacks perf thread-stack: Factor out thread_stack__init() perf thread-stack: Allow for a thread stack array perf thread-stack: Avoid direct reference to the thread's stack perf thread-stack: Tidy thread_stack__bottom() usage perf thread-stack: Simplify some code in thread_stack__process() tools gpio: Allow overriding CFLAGS tools power turbostat: Override CFLAGS assignments and add LDFLAGS to build command tools thermal tmon: Allow overriding CFLAGS assignments tools power x86_energy_perf_policy: Override CFLAGS assignments and add LDFLAGS to build command perf c2c: Increase the HITM ratio limit for displayed cachelines perf c2c: Change the default coalesce setup perf trace beauty ioctl: Beautify USBDEVFS_ commands perf trace beauty: Export function to get the files for a thread perf trace: Wire up ioctl's USBDEBFS_ cmd table generator perf beauty ioctl: Add generator for USBDEVFS_ ioctl commands tools headers uapi: Grab a copy of usbdevice_fs.h perf trace: Store the major number for a file when storing its pathname ...
-
由 Linus Torvalds 提交于
The semantics of what "in core" means for the mincore() system call are somewhat unclear, but Linux has always (since 2.3.52, which is when mincore() was initially done) treated it as "page is available in page cache" rather than "page is mapped in the mapping". The problem with that traditional semantic is that it exposes a lot of system cache state that it really probably shouldn't, and that users shouldn't really even care about. So let's try to avoid that information leak by simply changing the semantics to be that mincore() counts actual mapped pages, not pages that might be cheaply mapped if they were faulted (note the "might be" part of the old semantics: being in the cache doesn't actually guarantee that you can access them without IO anyway, since things like network filesystems may have to revalidate the cache before use). In many ways the old semantics were somewhat insane even aside from the information leak issue. From the very beginning (and that beginning is a long time ago: 2.3.52 was released in March 2000, I think), the code had a comment saying Later we can get more picky about what "in core" means precisely. and this is that "later". Admittedly it is much later than is really comfortable. NOTE! This is a real semantic change, and it is for example known to change the output of "fincore", since that program literally does a mmmap without populating it, and then doing "mincore()" on that mapping that doesn't actually have any pages in it. I'm hoping that nobody actually has any workflow that cares, and the info leak is real. We may have to do something different if it turns out that people have valid reasons to want the old semantics, and if we can limit the information leak sanely. Cc: Kevin Easton <kevin@guarana.org> Cc: Jiri Kosina <jikos@kernel.org> Cc: Masatake YAMATO <yamato@redhat.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Greg KH <gregkh@linuxfoundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Michal Hocko <mhocko@suse.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Linus Torvalds 提交于
Commit 594cc251 ("make 'user_access_begin()' do 'access_ok()'") broke both alpha and SH booting in qemu, as noticed by Guenter Roeck. It turns out that the bug wasn't actually in that commit itself (which would have been surprising: it was mostly a no-op), but in how the addition of access_ok() to the strncpy_from_user() and strnlen_user() functions now triggered the case where those functions would test the access of the very last byte of the user address space. The string functions actually did that user range test before too, but they did it manually by just comparing against user_addr_max(). But with user_access_begin() doing the check (using "access_ok()"), it now exposed problems in the architecture implementations of that function. For example, on alpha, the access_ok() helper macro looked like this: #define __access_ok(addr, size) \ ((get_fs().seg & (addr | size | (addr+size))) == 0) and what it basically tests is of any of the high bits get set (the USER_DS masking value is 0xfffffc0000000000). And that's completely wrong for the "addr+size" check. Because it's off-by-one for the case where we check to the very end of the user address space, which is exactly what the strn*_user() functions do. Why? Because "addr+size" will be exactly the size of the address space, so trying to access the last byte of the user address space will fail the __access_ok() check, even though it shouldn't. As a result, the user string accessor functions failed consistently - because they literally don't know how long the string is going to be, and the max access is going to be that last byte of the user address space. Side note: that alpha macro is buggy for another reason too - it re-uses the arguments twice. And SH has another version of almost the exact same bug: #define __addr_ok(addr) \ ((unsigned long __force)(addr) < current_thread_info()->addr_limit.seg) so far so good: yes, a user address must be below the limit. But then: #define __access_ok(addr, size) \ (__addr_ok((addr) + (size))) is wrong with the exact same off-by-one case: the case when "addr+size" is exactly _equal_ to the limit is actually perfectly fine (think "one byte access at the last address of the user address space") The SH version is actually seriously buggy in another way: it doesn't actually check for overflow, even though it did copy the _comment_ that talks about overflow. So it turns out that both SH and alpha actually have completely buggy implementations of access_ok(), but they happened to work in practice (although the SH overflow one is a serious serious security bug, not that anybody likely cares about SH security). This fixes the problems by using a similar macro on both alpha and SH. It isn't trying to be clever, the end address is based on this logic: unsigned long __ao_end = __ao_a + __ao_b - !!__ao_b; which basically says "add start and length, and then subtract one unless the length was zero". We can't subtract one for a zero length, or we'd just hit an underflow instead. For a lot of access_ok() users the length is a constant, so this isn't actually as expensive as it initially looks. Reported-and-tested-by: NGuenter Roeck <linux@roeck-us.net> Cc: Matt Turner <mattst88@gmail.com> Cc: Yoshinori Sato <ysato@users.sourceforge.jp> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-