Use the calc_num_ports rather than probe callback to determine which
interface to bind to.

This allows us to remove some duplicate code.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Implement the "horrible endpoint hack" for some legacy devices as a
quirk and clean up the code somewhat.

Note that the bulk-endpoint check can be removed as core will already
have verified this.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Some pl2303 devices require the use of the interrupt endpoint of an
unrelated interface. This has so far been dealt with in usb-serial core,
but can now be moved to a driver calc_num_ports callback.

Note that we relax the endpoint requirements checked by core and instead
verify that we have an interrupt-in endpoint in calc_num_ports for all
devices so that the hack can first be applied.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Relax the generic driver bulk-endpoint requirement. The driver handles
devices without bulk-out endpoints just fine these days.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Add a calc_num_ports callback to the generic driver and verify that the
device has the required endpoints there instead of in core.

Note that the generic driver num_ports field was never used.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Add a probe callback to the generic driver and print the
only-for-testing message there.

This is a first step in getting rid of the CONFIG_USB_SERIAL_GENERIC
ifdef from usb-serial core.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Allow subdrivers to modify the port-endpoint mapping by passing the
endpoint descriptors to calc_num_ports.

The callback can now also be used to verify that the required endpoints
exists and abort probing otherwise.

This will allow us to get rid of a few hacks in subdrivers that are
already modifying the port-endpoint mapping (or aborting probe due to
missing endpoints), but only after the port structures have been setup.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Simplify the endpoint sanity check by letting core verify that the
required endpoints are present.

Note that the driver registers four ports but uses five bulk-endpoint
pairs.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Simplify the endpoint sanity check by letting core verify that the
required endpoints are present.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Simplify the endpoint sanity check by letting core verify that the
required endpoints are present.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Simplify the endpoint sanity check by letting core verify that the
required endpoints are present.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Simplify the endpoint sanity check by letting core verify that the
required endpoints are present.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Simplify the endpoint sanity check by letting core verify that the
required endpoints are present.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Simplify the endpoint sanity check by letting core verify that the
required endpoints are present.

Note that the driver uses the second bulk-out endpoint for writing.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Simplify the endpoint sanity check by letting core verify that the
required endpoints are present.

Note that the driver expects two bulk-endpoint pairs also for mcs7715
devices for which only one serial port is registered.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Simplify the endpoint sanity check by letting core verify that the
required endpoints are present.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Simplify the endpoint sanity check by letting core verify that the
required endpoints are present.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Simplify the endpoint sanity check by letting core verify that the
required endpoints are present.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Simplify the endpoint sanity check by letting core verify that the
required endpoints are present.

Also require the presence of a bulk-out endpoint, something which
prevents the driver from trying to send bulk messages over the control
pipe should a bulk-out endpoint be missing.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Simplify the endpoint sanity check by letting core verify that the
required endpoints are present.

Note that this driver uses an additional bulk-endpoint pair as an
out-of-band port.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Simplify the endpoint sanity check by letting core verify that the
required endpoints are present.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Simplify the endpoint sanity check by letting core verify that the
required endpoints are present.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Allow drivers to specify a minimum number of endpoints per type, which
USB serial core will verify after subdriver probe has returned (where
the current alternate setting may have been changed).
Signed-off-by: NJohan Hovold <johan@kernel.org>

Since commit 0a8fd134 ("USB: fix problems with duplicate endpoint
addresses") USB core guarantees that there are no more than 15 endpoint
descriptors per type (and altsetting) so the corresponding overflow
checks can now be replaced with a compile-time check on the array sizes
(and indirectly the maximum number of ports).
Signed-off-by: NJohan Hovold <johan@kernel.org>

Raise the arbitrary limit of how many ports a single device can claim
from eight to 16.

This specifically enables the upper eight ports of some mxuport devices.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Refactor and clean up endpoint handling.

This specifically moves the endpoint-descriptor arrays of the stack.

Note that an err_free_epds label is not yet added to avoid a compilation
warning when neither CONFIG_USB_SERIAL_PL2303 or
CONFIG_USB_SERIAL_GENERIC is selected.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Use unsigned-char type for the endpoint and port counters.
Signed-off-by: NJohan Hovold <johan@kernel.org>

Clean up the probe error paths by adding a couple of new error labels.
Signed-off-by: NJohan Hovold <johan@kernel.org>

The 'store' function for the "event_char" device attribute currently
expects a base 10 value.  The value is composed of an enable bit in bit
8 and an 8-bit "event character" code in bits 7 to 0.  It seems
reasonable to allow hexadecimal and octal numbers to be written to the
device attribute in addition to decimal.  Make it so.

Change the debug message to show the value in hexadecimal, rather than
decimal.
Signed-off-by: NIan Abbott <abbotti@mev.co.uk>
Signed-off-by: NJohan Hovold <johan@kernel.org>

The "event_char" device attribute value, when written, is interpreted as
an enable bit in bit 8, and an "event character" in bits 7 to 0.

Return an error -EINVAL for out-of-range values.  Use kstrtouint() to
parse the integer instead of the obsolete simple_strtoul().
Signed-off-by: NIan Abbott <abbotti@mev.co.uk>
Signed-off-by: NJohan Hovold <johan@kernel.org>

Valid latency timer values are between 1 ms and 255 ms in 1 ms steps.
The store function for the "latency_timer" device attribute currently
allows any value, although only the lower 16 bits will be sent to the
device, and the device only stores the lower 8 bits.  The hardware
appears to accept the (invalid) value 0 and treats it the same as 1
(resulting in a latency of 1 ms).

Change the latency_timer_store() function to accept only the values 0 to
255, returning an error -EINVAL for out-of-range values.  Call
kstrtou8() to parse the integer instead of the obsolete
simple_strtoul().
Signed-off-by: NIan Abbott <abbotti@mev.co.uk>
Signed-off-by: NJohan Hovold <johan@kernel.org>

If a BM type chip has iSerialNumber set to 0 in its EEPROM, an incorrect
value is read from the bcdDevice field of the USB descriptor, making it
look like an AM type chip.  Attempt to correct this in
ftdi_determine_type() by attempting to read the latency timer for an AM
type chip if it has iSerialNumber set to 0.  If that succeeds, assume it
is a BM type chip.

Currently, read_latency_timer() bails out without reading the latency
timer for an AM type chip, so factor out the guts of
read_latency_timer() into a new function _read_latency_timer() that
attempts to read the latency timer regardless of chip type, and returns
either the latency timer value or a negative error number.
Signed-off-by: NIan Abbott <abbotti@mev.co.uk>
Signed-off-by: NJohan Hovold <johan@kernel.org>

The latency timer was introduced with the FT232BM and FT245BM chips.  Do
not bother attempting to read or write it for older chip versions.
Signed-off-by: NIan Abbott <abbotti@mev.co.uk>
Signed-off-by: NJohan Hovold <johan@kernel.org>

Pull s390 fixes from Martin Schwidefsky:

 - four patches to get the new cputime code in shape for s390

 - add the new statx system call

 - a few bug fixes

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390: wire up statx system call
  KVM: s390: Fix guest migration for huge guests resulting in panic
  s390/ipl: always use load normal for CCW-type re-IPL
  s390/timex: micro optimization for tod_to_ns
  s390/cputime: provide archicture specific cputime_to_nsecs
  s390/cputime: reset all accounting fields on fork
  s390/cputime: remove last traces of cputime_t
  s390: fix in-kernel program checks
  s390/crypt: fix missing unlock in ctr_paes_crypt on error path

Pull x86 fixes from Thomas Gleixner:

 - a fix for the kexec/purgatory regression which was introduced in the
   merge window via an innocent sparse fix. We could have reverted that
   commit, but on deeper inspection it turned out that the whole
   machinery is neither documented nor robust. So a proper cleanup was
   done instead

 - the fix for the TLB flush issue which was discovered recently

 - a simple typo fix for a reboot quirk

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/tlb: Fix tlb flushing when lguest clears PGE
  kexec, x86/purgatory: Unbreak it and clean it up
  x86/reboot/quirks: Fix typo in ASUS EeeBook X205TA reboot quirk

Pull irq fixes from Thomas Gleixner:

 - a workaround for a GIC erratum

 - a missing stub function for CONFIG_IRQDOMAIN=n

 - fixes for a couple of type inconsistencies

* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  irqchip/crossbar: Fix incorrect type of register size
  irqchip/gicv3-its: Add workaround for QDF2400 ITS erratum 0065
  irqdomain: Add empty irq_domain_check_msi_remap
  irqchip/crossbar: Fix incorrect type of local variables

Fengguang reported random corruptions from various locations on x86-32
after commits d2852a22 ("arch: add ARCH_HAS_SET_MEMORY config") and
9d876e79 ("bpf: fix unlocking of jited image when module ronx not set")
that uses the former. While x86-32 doesn't have a JIT like x86_64, the
bpf_prog_lock_ro() and bpf_prog_unlock_ro() got enabled due to
ARCH_HAS_SET_MEMORY, whereas Fengguang's test kernel doesn't have module
support built in and therefore never had the DEBUG_SET_MODULE_RONX setting
enabled.

After investigating the crashes further, it turned out that using
set_memory_ro() and set_memory_rw() didn't have the desired effect, for
example, setting the pages as read-only on x86-32 would still let
probe_kernel_write() succeed without error. This behavior would manifest
itself in situations where the vmalloc'ed buffer was accessed prior to
set_memory_*() such as in case of bpf_prog_alloc(). In cases where it
wasn't, the page attribute changes seemed to have taken effect, leading to
the conclusion that a TLB invalidate didn't happen. Moreover, it turned out
that this issue reproduced with qemu in "-cpu kvm64" mode, but not for
"-cpu host". When the issue occurs, change_page_attr_set_clr() did trigger
a TLB flush as expected via __flush_tlb_all() through cpa_flush_range(),
though.

There are 3 variants for issuing a TLB flush: invpcid_flush_all() (depends
on CPU feature bits X86_FEATURE_INVPCID, X86_FEATURE_PGE), cr4 based flush
(depends on X86_FEATURE_PGE), and cr3 based flush.  For "-cpu host" case in
my setup, the flush used invpcid_flush_all() variant, whereas for "-cpu
kvm64", the flush was cr4 based. Switching the kvm64 case to cr3 manually
worked fine, and further investigating the cr4 one turned out that
X86_CR4_PGE bit was not set in cr4 register, meaning the
__native_flush_tlb_global_irq_disabled() wrote cr4 twice with the same
value instead of clearing X86_CR4_PGE in the first write to trigger the
flush.

It turned out that X86_CR4_PGE was cleared from cr4 during init from
lguest_arch_host_init() via adjust_pge(). The X86_FEATURE_PGE bit is also
cleared from there due to concerns of using PGE in guest kernel that can
lead to hard to trace bugs (see bff672e6 ("lguest: documentation V:
Host") in init()). The CPU feature bits are cleared in dynamic
boot_cpu_data, but they never propagated to __flush_tlb_all() as it uses
static_cpu_has() instead of boot_cpu_has() for testing which variant of TLB
flushing to use, meaning they still used the old setting of the host
kernel.

Clearing via setup_clear_cpu_cap(X86_FEATURE_PGE) so this would propagate
to static_cpu_has() checks is too late at this point as sections have been
patched already, so for now, it seems reasonable to switch back to
boot_cpu_has(X86_FEATURE_PGE) as it was prior to commit c109bf95
("x86/cpufeature: Remove cpu_has_pge"). This lets the TLB flush trigger via
cr3 as originally intended, properly makes the new page attributes visible
and thus fixes the crashes seen by Fengguang.

Fixes: c109bf95 ("x86/cpufeature: Remove cpu_has_pge")
Reported-by: NFengguang Wu <fengguang.wu@intel.com>
Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
Cc: bp@suse.de
Cc: Kees Cook <keescook@chromium.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: lkp@01.org
Cc: Laura Abbott <labbott@redhat.com>
Cc: stable@vger.kernel.org
Link: http://lkml.kernrl.org/r/20170301125426.l4nf65rx4wahohyl@wfg-t540p.sh.intel.com
Link: http://lkml.kernel.org/r/25c41ad9eca164be4db9ad84f768965b7eb19d9e.1489191673.git.daniel@iogearbox.netSigned-off-by: NThomas Gleixner <tglx@linutronix.de>

Pull KVM fixes from Radim Krčmář:
 "ARM updates from Marc Zyngier:
   - vgic updates:
     - Honour disabling the ITS
     - Don't deadlock when deactivating own interrupts via MMIO
     - Correctly expose the lact of IRQ/FIQ bypass on GICv3

   - I/O virtualization:
     - Make KVM_CAP_NR_MEMSLOTS big enough for large guests with many
       PCIe devices

   - General bug fixes:
     - Gracefully handle exception generated with syndroms that the host
       doesn't understand
     - Properly invalidate TLBs on VHE systems

  x86:
   - improvements in emulation of VMCLEAR, VMX MSR bitmaps, and VCPU
     reset

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: nVMX: do not warn when MSR bitmap address is not backed
  KVM: arm64: Increase number of user memslots to 512
  KVM: arm/arm64: Remove KVM_PRIVATE_MEM_SLOTS definition that are unused
  KVM: arm/arm64: Enable KVM_CAP_NR_MEMSLOTS on arm/arm64
  KVM: Add documentation for KVM_CAP_NR_MEMSLOTS
  KVM: arm/arm64: VGIC: Fix command handling while ITS being disabled
  arm64: KVM: Survive unknown traps from guests
  arm: KVM: Survive unknown traps from guests
  KVM: arm/arm64: Let vcpu thread modify its own active state
  KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset
  kvm: nVMX: VMCLEAR should not cause the vCPU to shut down
  KVM: arm/arm64: vgic-v3: Don't pretend to support IRQ/FIQ bypass
  arm64: KVM: VHE: Clear HCR_TGE when invalidating guest TLBs

Pull extable.h fix from Paul Gortmaker:
 "Fixup for arch/score after extable.h introduction.

  It seems that Guenter is the only one on the planet doing builds for
  arch/score -- we don't have compile coverage for it in linux-next or
  in the kbuild-bot either. Guenter couldn't even recall where he got
  his toolchain, but was kind enough to share it with me so I could
  validate this change and also add arch/score to my build coverage.

  I sat on this a bit in case there was any other fallout in other arch
  dirs, but since this still seems to be the only one, I might as well
  send it on its way"

* tag 'extable-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux:
  score: Fix implicit includes now failing build after extable change