The navigation controller is a DS3 (sixaxis) with fewer physical
axes and buttons. It utilizes the same HID report as the DS3 and
thus reports axes/buttons which aren't physically present.
Currently many non-existing buttons and axes are reported, which
we are now removing.

For the axes/buttons which do exist, we make the axis/button mapping
similar to the DS3.
Signed-off-by: NRoderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

The DS3 MAC address is reported as a unique identified when
using Bluetooth. For USB there is no unique identifier reported
yet, so use the MAC address.
Signed-off-by: NRoderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

Game controllers can be connected twice through USB and BT. Only
one connection is allowed. Currently we perform a check for duplicate
controllers halfway through device initialization. To prevent
'transient' devices, we should do this check as early as we can.
Signed-off-by: NRoderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

This patch adds a separate evdev node for the DS3 its motion
sensors. We only expose the accelerometers as the gyroscope
is extremely difficult to manage and behavior varies a lot
between hardware revisions.
Signed-off-by: NRoderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

This patch adds printing when we failed to activate DS3 / Nagivation
controllers and checks the return value for these failures earlier
in sony_input_configured. This paves the way for other configuration
logic for these devices, which we don't want to call if for example
the activation failed.
Signed-off-by: NRoderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

The axis and button mapping for the DS3 is strange. This is mostly
due to the device reporting many axes as for every digital button
it also has an analog button. Due to amount of analog values it
is even leaking well into the MT axes range.

We felt it is best to remove the many analog buttons and just report
digital and comply to the Linux gamepad spec. The analog buttons are
rarely used on the official platform, let alone on Linux.

This patch does remove motion sensor support (added back in another
patch).
Signed-off-by: NRoderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

Currently the DS4 touchpad device is neither classified as a direct
input device nor as a pointer device. It makes most sense to mark
it as a pointer device.
Signed-off-by: NRoderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

The DualShock 4 dongle isn't connected to a real DualShock 4 at
time of driver loading. When a DualShock 4 is plugged in, we
need to obtain calibration data (the dongle would have zeros).

This patch adds calibration logic, which we schedule on a hotplug
from sony_raw_event. In addition this patch adds dongle state
handling.
Signed-off-by: NRoderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

The driver currently uses sony_schedule_work to submit output
reports for the different devices for LEDs or rumble.

This patch adds a new parameter to sony_schedule_work to allow
scheduling for other types of work. The next patch in this series
will utilize this functionality. Considering the driver structure
and all error handling it felt best to reuse sony_schedule_work
and sony_cancel_work. The idea was inspired by the wacom driver
which does something similar.
Signed-off-by: NRoderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

This patch adds a new quirk, which allows us to differentiate
between the DualShock 4 USB and the dongle. So far they have
been treated the same, but handling of calibration data differs
as the dongle behaves like Bluetooth, for other requests it
behaves like USB.

In addition this patches changes usb/dongle/bt handling in
sony_raw_event, which makes the code cleaner to read. In addition
another patch in this series will add more dongle logic, so this
change paves the road for that.
Signed-off-by: NRoderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

The DS4 in BT mode sends initial input reports through report 1, which
is described in the HID report descriptors. When activated after sending
a certain feature report, the device uses report 17.

Currently the hid-sony driver fixes up the BT HID report descriptors,
so the HID layer can manage input reports for report 17.

We think it is best to eliminate this fixup and do the handling ourselves,
which is what this patch does. The main motivation is that there are
various users of DS4 through hidraw, including various cross-platform
applications/games, which have their own HID parsing across Linux/Win/OSX.
Due to the fixup the descriptors differ, which is causing pain for many
developers including major game publishers (who reached out privately).
Without the fixup, the Windows titles also have a fighting chance for
working on Wine, which provides HID support now. Overall it felt
best because of these reasons to remove the fixup.
Signed-off-by: NRoderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

Report the hardware timestamp inside each HID report through
MSC_TIMESTAMP for motion sensor values.
Signed-off-by: NRoderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

The DS4 motion sensors require calibration for accurate operation.
This patch adds calibration for both the accelerometer and the
gyroscope. Calibration requires reading device specific scaling
factors and offsets. For precision reasons we store these values
as a numerator and denominator and apply the values when processing
the data.
Signed-off-by: NRoderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

The DS4 motion sensors are currently mapped by the hid-core driver
to non-existing axes in between ABS_MISC and ABS_MT_SLOT, because
the device already exhausted ABS_X-ABS_RZ. For a part the mapping
by hid-core is accomplished by a fixup in hid-sony as the motion
axes actually use vendor specific usage pages.

This patch makes the DS4 use a separate input device for the motion
sensors and reports acceleration data through ABS_X-ABS_Z and
gyroscope data through ABS_RX-ABS_RZ. In addition it extends the
event spec to allow gyroscope data through ABS_RX-ABS_RZ when
INPUT_PROP_ACCELEROMETER is set. This change was suggested by
Peter Hutterer during a discussion on linux-input.

[jkosina@suse.cz: rebase onto slightly newer codebase]
Signed-off-by: NRoderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

The LED subsystem provides the LED_CORE_SUSPENDRESUME flag to handle
automatically turning off and restoring the state of device LEDs during
suspend/resume.  Use this flag instead of saving and restoring the state
locally.
Signed-off-by: NFrank Praznik <frank.praznik@gmail.com>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

Commit 279967a6 ("HID: rmi: Handle all Synaptics touchpads using hid-rmi")
unconditionally switches over handling of all Synaptics touchpads to hid-rmi
(to make use of extended features of the HW); in case CONFIG_HID_RMI is
disabled though this renders the touchpad unusable, as the

	HID_DEVICE(HID_BUS_ANY, HID_GROUP_RMI, HID_ANY_ID, HID_ANY_ID)

match doesn't exist and generic/multitouch doesn't bind to it either (due
to hid group mismatch).

Fix this by switching over to hid-rmi only if it has been actually built.

Fixes: 279967a6 ("HID: rmi: Handle all Synaptics touchpads using hid-rmi")
Reported-by: NLinus Torvalds <torvalds@linux-foundation.org>
Acked-by: NBenjamin Tissoires <benjamin.tissoires@redhat.com>
Tested-by: NAndrew Duggan <aduggan@synaptics.com>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>

There's no need to export tpm2_get_pcr_alloation() because it is only
a helper function for tpm2_auto_startup(). For the same reason it does
not make much sense to maintain documentation for it.
Signed-off-by: NJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

What happens is that a write to /dev/sg is given a request with non-zero
->iovec_count combined with zero ->dxfer_len.  Or with ->dxferp pointing
to an array full of empty iovecs.

Having write permission to /dev/sg shouldn't be equivalent to the
ability to trigger BUG_ON() while holding spinlocks...

Found by Dmitry Vyukov and syzkaller.

[ The BUG_ON() got changed to a WARN_ON_ONCE(), but this fixes the
  underlying issue.  - Linus ]
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
Reported-by: NDmitry Vyukov <dvyukov@google.com>
Reviewed-by: NChristoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Don't crash the machine just because of an empty transfer. Use WARN_ON()
combined with returning an error.

Found by Dmitry Vyukov and syzkaller.

[ Changed to "WARN_ON_ONCE()". Al has a patch that should fix the root
  cause, but a BUG_ON() is not acceptable in any case, and a WARN_ON()
  might still be a cause of excessive log spamming.

  NOTE! If this warning ever triggers, we may end up leaking resources,
  since this doesn't bother to try to clean the command up. So this
  WARN_ON_ONCE() triggering does imply real problems. But BUG_ON() is
  much worse.

  People really need to stop using BUG_ON() for "this shouldn't ever
  happen". It makes pretty much any bug worse.     - Linus ]
Signed-off-by: NJohannes Thumshirn <jthumshirn@suse.de>
Reported-by: NDmitry Vyukov <dvyukov@google.com>
Cc: James Bottomley <jejb@linux.vnet.ibm.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: stable@kernel.org
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

'dma_request_chan_by_mask()' can not return NULL.
Try to keep the logic in 'no_dma:' by resetting 'qspi->rx_chan' in case
of error.
Signed-off-by: NChristophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: NMark Brown <broonie@kernel.org>

'dma_request_chan_by_mask()' can not return NULL.
Try to keep the logic in 'no_dma:' by resetting 'qspi->rx_chan' in case
of error.
Signed-off-by: NChristophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: NMark Brown <broonie@kernel.org>

This driver should compile on all platforms, activate it under compile
test. The Lantiq specific parts are under ifdef and should be removed
when Lantiq platform supports common clock framework.
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: NMark Brown <broonie@kernel.org>

The call to spi_master_put() in a3700_spi_remove() is redundant since
the master is registered using devm_spi_register_master() and no
reference hold by using spi_master_get() in a3700_spi_remove().

This is detected by Coccinelle semantic patch.

Fixes: 5762ab71 ("spi: Add support for Armada 3700 SPI Controller")
Signed-off-by: NWei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: NMark Brown <broonie@kernel.org>

'devm_ioremap()' returns NULL on error, not an error pointer.

Fixes: f20cc9b0 ("irqchip/qcom: Add IRQ combiner driver")
Signed-off-by: NChristophe JAILLET <christophe.jaillet@wanadoo.fr>
Cc: marc.zyngier@arm.com
Cc: kernel-janitors@vger.kernel.org
Cc: jason@lakedaemon.net
Link: http://lkml.kernel.org/r/20170218083434.2289-1-christophe.jaillet@wanadoo.frSigned-off-by: NThomas Gleixner <tglx@linutronix.de>

Since commit 2d984ad1 (PM / QoS: Introcuce latency tolerance device
PM QoS type) we reassign "c" to point at qos->latency_tolerance before
freeing c->notifiers, but the notifiers field of latency_tolerance is
never used.

Restore the original behaviour of freeing the notifiers pointer on
qos->resume_latency, which is used, and fix the following kmemleak
warning.

unreferenced object 0xed9dba00 (size 64):
  comm "kworker/0:1", pid 36, jiffies 4294670128 (age 15202.983s)
  hex dump (first 32 bytes):
    00 00 00 00 04 ba 9d ed 04 ba 9d ed 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<c06f6084>] kmemleak_alloc+0x74/0xb8
    [<c011c964>] kmem_cache_alloc_trace+0x170/0x25c
    [<c035f448>] dev_pm_qos_constraints_allocate+0x3c/0xe4
    [<c035f574>] __dev_pm_qos_add_request+0x84/0x1a0
    [<c035f6cc>] dev_pm_qos_add_request+0x3c/0x54
    [<c03c3fc4>] usb_hub_create_port_device+0x110/0x2b8
    [<c03b2a60>] hub_probe+0xadc/0xc80
    [<c03bb050>] usb_probe_interface+0x1b4/0x260
    [<c035773c>] driver_probe_device+0x198/0x40c
    [<c0357b14>] __device_attach_driver+0x8c/0x98
    [<c0355bbc>] bus_for_each_drv+0x8c/0x9c
    [<c0357494>] __device_attach+0x98/0x138
    [<c0357c64>] device_initial_probe+0x14/0x18
    [<c03569dc>] bus_probe_device+0x30/0x88
    [<c0354c54>] device_add+0x430/0x554
    [<c03b92d8>] usb_set_configuration+0x660/0x6fc

Fixes: 2d984ad1 (PM / QoS: Introcuce latency tolerance device PM QoS type)
Signed-off-by: NJohn Keeping <john@metanate.com>
Signed-off-by: NRafael J. Wysocki <rafael.j.wysocki@intel.com>

Since the commit 0c1d70af ("net: use dst_cache for vxlan device")
vxlan_fill_metadata_dst() calls vxlan_get_route() passing a NULL
dst_cache pointer, so the latter should explicitly check for
valid dst_cache ptr. Unfortunately the commit d71785ff ("net: add
dst_cache to ovs vxlan lwtunnel") removed said check.

As a result is possible to trigger a null pointer access calling
vxlan_fill_metadata_dst(), e.g. with:

ovs-vsctl add-br ovs-br0
ovs-vsctl add-port ovs-br0 vxlan0 -- set interface vxlan0 \
	type=vxlan options:remote_ip=192.168.1.1 \
	options:key=1234 options:dst_port=4789 ofport_request=10
ip address add dev ovs-br0 172.16.1.2/24
ovs-vsctl set Bridge ovs-br0 ipfix=@i -- --id=@i create IPFIX \
	targets=\"172.16.1.1:1234\" sampling=1
iperf -c 172.16.1.1 -u -l 1000 -b 10M -t 1 -p 1234

This commit addresses the issue passing to vxlan_get_route() the
dst_cache already available into the lwt info processed by
vxlan_fill_metadata_dst().

Fixes: d71785ff ("net: add dst_cache to ovs vxlan lwtunnel")
Signed-off-by: NPaolo Abeni <pabeni@redhat.com>
Acked-by: NJiri Benc <jbenc@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

We need to verify that the controller supports the security
commands before actually trying to issue them.
Signed-off-by: NScott Bauer <scott.bauer@intel.com>
[hch: moved the check so that we don't call into the OPAL code if not
      supported]
Signed-off-by: NChristoph Hellwig <hch@lst.de>
Signed-off-by: NJens Axboe <axboe@fb.com>

Insted of bloating the containing structure with it all the time this
allocates struct opal_dev dynamically.  Additionally this allows moving
the definition of struct opal_dev into sed-opal.c.  For this a new
private data field is added to it that is passed to the send/receive
callback.  After that a lot of internals can be made private as well.
Signed-off-by: NChristoph Hellwig <hch@lst.de>
Tested-by: NScott Bauer <scott.bauer@intel.com>
Reviewed-by: NScott Bauer <scott.bauer@intel.com>
Signed-off-by: NJens Axboe <axboe@fb.com>

This should be >= instead of > here.  It means that we don't increment
the free count enough so it becomes off by one.

Fixes: 9ad1a374 ("dpaa_eth: add support for DPAA Ethernet")
Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

call spi_master_put() in case of failures after spi_alloc_master().
call pm_runtime_disable() in case of failures after pm_runtime_enable().
Signed-off-by: NPrahlad V <prahlad.eee@gmail.com>
Signed-off-by: NMark Brown <broonie@kernel.org>

For a shared reset, when the reset is successful, the triggered_count is
incremented when trying to call the reset callback, so that another device
sharing the same reset line won't trigger it again. If the reset has not
been triggered successfully, the trigger_count should be decremented.

The code does the opposite, and decrements the trigger_count on success.
As a consequence, another device sharing the reset will be able to trigger
it again.

Fixed be removing negation in from of the error code of the reset function.

Fixes: 7da33a37 ("reset: allow using reset_control_reset with shared reset")
Signed-off-by: NJerome Brunet <jbrunet@baylibre.com>
Acked-by: NMartin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: NPhilipp Zabel <p.zabel@pengutronix.de>

Commit df2cb6da ("block: Avoid deadlocks with bio allocation by
stacking drivers") created a workqueue for every bio set and code
in bio_alloc_bioset() that tries to resolve some low-memory deadlocks
by redirecting bios queued on current->bio_list to the workqueue if the
system is low on memory.  However other deadlocks (see below **) may
happen, without any low memory condition, because generic_make_request
is queuing bios to current->bio_list (rather than submitting them).

** the related dm-snapshot deadlock is detailed here:
https://www.redhat.com/archives/dm-devel/2016-July/msg00065.html

Fix this deadlock by redirecting any bios on current->bio_list to the
bio_set's rescue workqueue on every schedule() call.  Consequently,
when the process blocks on a mutex, the bios queued on
current->bio_list are dispatched to independent workqueus and they can
complete without waiting for the mutex to be available.

The structure blk_plug contains an entry cb_list and this list can contain
arbitrary callback functions that are called when the process blocks.
To implement this fix DM (ab)uses the onstack plug's cb_list interface
to get its flush_current_bio_list() called at schedule() time.

This fixes the snapshot deadlock - if the map method blocks,
flush_current_bio_list() will be called and it redirects bios waiting
on current->bio_list to appropriate workqueues.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1267650
Depends-on: df2cb6da ("block: Avoid deadlocks with bio allocation by stacking drivers")
Signed-off-by: NMikulas Patocka <mpatocka@redhat.com>
Signed-off-by: NMike Snitzer <snitzer@redhat.com>

The sloppy nature of lockless access to percpu pointers
(s->current_path) in rr_select_path(), from multiple threads, is
causing some paths to used more than others -- which results in less
IO performance being observed.

Revert these upstream commits to restore truly symmetric round-robin
IO submission in DM multipath:

b0b477c7 dm round robin: use percpu 'repeat_count' and 'current_path'
802934b2 dm round robin: do not use this_cpu_ptr() without having preemption disabled

There is no benefit to all this complexity if repeat_count = 1 (which is
the recommended default).

Cc: stable@vger.kernel.org # 4.6+
Signed-off-by: NMike Snitzer <snitzer@redhat.com>

On Skylake hardware, the link_poll isn't clearing the pending interrupt
bit.  Adding a new function for SKX that handles clearing of status bit the
right way.
Signed-off-by: NDave Jiang <dave.jiang@intel.com>
Fixes: 783dfa6c ("ntb: Adding Skylake Xeon NTB support")
Signed-off-by: NJon Mason <jdmason@kudzu.us>

Fix typo causing ntb_transport_create_queue to select the first
queue every time, instead of using the next free queue.
Signed-off-by: NThomas VanSelus <tvanselus@xes-inc.com>
Signed-off-by: NAaron Sierra <asierra@xes-inc.com>
Acked-by: NAllen Hubbe <Allen.Hubbe@dell.com>
Fixes: fce8a7bb ("PCI-Express Non-Transparent Bridge Support")
Signed-off-by: NJon Mason <jdmason@kudzu.us>

In the normal I/O execution path, ntb_perf is missing a call to
dmaengine_unmap_put() after submission. That causes us to leak
unmap objects.
Signed-off-by: NDave Jiang <dave.jiang@intel.com>
Fixes: 8a7b6a77 ("ntb: ntb perf tool")
Signed-off-by: NJon Mason <jdmason@kudzu.us>

The call to debugfs_remove_recursive(qp->debugfs_dir) of the sub-level
directory must not be later than
debugfs_remove_recursive(nt_debugfs_dir) of the top-level directory.
Otherwise, the sub-level directory will not exist, and it would be
invalid (panic) to attempt to remove it.  This removes the top-level
directory last, after sub-level directories have been cleaned up.
Signed-off-by: NAllen Hubbe <Allen.Hubbe@dell.com>
Fixes: e26a5843 ("NTB: Split ntb_hw_intel and ntb_transport drivers")
Signed-off-by: NJon Mason <jdmason@kudzu.us>

This driver requires a GPIO line to be used for the chip select of
each SPI device.

Remove the ep93xx_spi_chip_ops definition from the platform data
and use the spi core GPIO handling for the chip selects.

Fix all the ep93xx platforms that use this driver and remove the
old Documentation.
Signed-off-by: NH Hartley Sweeten <hsweeten@visionengravers.com>
Signed-off-by: NMark Brown <broonie@kernel.org>

Fixes: dfcfac3e ("dm stats: collect and report histogram of IO latencies")
Cc: stable@vger.kernel.org # v4.2+
Signed-off-by: NMikulas Patocka <mpatocka@redhat.com>
Signed-off-by: NMike Snitzer <snitzer@redhat.com>

Declare dm_space_map structures as const as they are only passed as an
argument to the function memcpy. This argument is of type const void *,
so dm_space_map structures having this property can be declared as
const.

File size before:
   text	   data	    bss	    dec	    hex	filename
   4889	    240	      0	   5129	   1409 dm-space-map-metadata.o

File size after:
   text	   data	    bss	    dec	    hex	filename
   5139	      0	      0	   5139	   1413 dm-space-map-metadata.o
Signed-off-by: NBhumika Goyal <bhumirks@gmail.com>
Signed-off-by: NMike Snitzer <snitzer@redhat.com>