- 19 2月, 2014 1 次提交
-
-
由 Chao Bi 提交于
In mei_cl_read_start(), if it fails to send flow control request, it will release "cl->read_cb" but forget to set pointer to NULL, leaving "cl->read_cb" still pointing to random memory, next time this client is operated like mei_release(), it has chance to refer to this wrong pointer. Fixes: PANIC at kfree in mei_release() [228781.826904] Call Trace: [228781.829737] [<c16249b8>] ? mei_cl_unlink+0x48/0xa0 [228781.835283] [<c1624487>] mei_io_cb_free+0x17/0x30 [228781.840733] [<c16265d8>] mei_release+0xa8/0x180 [228781.845989] [<c135c610>] ? __fsnotify_parent+0xa0/0xf0 [228781.851925] [<c1325a69>] __fput+0xd9/0x200 [228781.856696] [<c1325b9d>] ____fput+0xd/0x10 [228781.861467] [<c125cae1>] task_work_run+0x81/0xb0 [228781.866821] [<c1242e53>] do_exit+0x283/0xa00 [228781.871786] [<c1a82b36>] ? kprobe_flush_task+0x66/0xc0 [228781.877722] [<c124eeb8>] ? __dequeue_signal+0x18/0x1a0 [228781.883657] [<c124f072>] ? dequeue_signal+0x32/0x190 [228781.889397] [<c1243744>] do_group_exit+0x34/0xa0 [228781.894750] [<c12517b6>] get_signal_to_deliver+0x206/0x610 [228781.901075] [<c12018d8>] do_signal+0x38/0x100 [228781.906136] [<c1626d1c>] ? mei_read+0x42c/0x4e0 [228781.911393] [<c12600a0>] ? wake_up_bit+0x30/0x30 [228781.916745] [<c16268f0>] ? mei_poll+0x120/0x120 [228781.922001] [<c1324be9>] ? vfs_read+0x89/0x160 [228781.927158] [<c16268f0>] ? mei_poll+0x120/0x120 [228781.932414] [<c133ca34>] ? fget_light+0x44/0xe0 [228781.937670] [<c1324e58>] ? SyS_read+0x68/0x80 [228781.942730] [<c12019f5>] do_notify_resume+0x55/0x70 [228781.948376] [<c1a7de5d>] work_notifysig+0x29/0x30 [228781.953827] [<c1a70000>] ? bad_area+0x5/0x3e Cc: stable <stable@vger.kernel.org> # 3.9+ Signed-off-by: NChao Bi <chao.bi@intel.com> Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 08 2月, 2014 2 次提交
-
-
由 Alexander Usyskin 提交于
Don't set read callback to NULL during reset as this leads to memory leak of both cb and its buffer. The memory is correctly freed during mei_release. The memory leak is detectable by kmemleak if application has open read call while system is going through suspend/resume. unreferenced object 0xecead780 (size 64): comm "AsyncTask #1", pid 1018, jiffies 4294949621 (age 152.440s) hex dump (first 32 bytes): 00 01 10 00 00 02 20 00 00 bf 30 f1 00 00 00 00 ...... ...0..... 00 00 00 00 00 00 00 00 36 01 00 00 00 70 da e2 ........6....p.. backtrace: [<c1a60aec>] kmemleak_alloc+0x3c/0xa0 [<c131ed56>] kmem_cache_alloc_trace+0xc6/0x190 [<c16243c9>] mei_io_cb_init+0x29/0x50 [<c1625722>] mei_cl_read_start+0x102/0x360 [<c16268f3>] mei_read+0x103/0x4e0 [<c1324b09>] vfs_read+0x89/0x160 [<c1324d5f>] SyS_read+0x4f/0x80 [<c1a7b318>] syscall_call+0x7/0xb [<ffffffff>] 0xffffffff unreferenced object 0xe2da7000 (size 512): comm "AsyncTask #1", pid 1018, jiffies 4294949621 (age 152.440s) hex dump (first 32 bytes): 00 6c da e2 7c 00 00 00 00 00 00 00 c0 eb 0c 59 .l..|..........Y 1b 00 00 00 01 00 00 00 02 10 00 00 01 00 00 00 ................ backtrace: [<c1a60aec>] kmemleak_alloc+0x3c/0xa0 [<c131f127>] __kmalloc+0xe7/0x1d0 [<c162447e>] mei_io_cb_alloc_resp_buf+0x2e/0x60 [<c162574c>] mei_cl_read_start+0x12c/0x360 [<c16268f3>] mei_read+0x103/0x4e0 [<c1324b09>] vfs_read+0x89/0x160 [<c1324d5f>] SyS_read+0x4f/0x80 [<c1a7b318>] syscall_call+0x7/0xb [<ffffffff>] 0xffffffff Signed-off-by: NAlexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Alexander Usyskin 提交于
Clear write callbacks sitting in write_waiting list on reset. Otherwise these callbacks are left dangling and cause memory leak. Signed-off-by: NAlexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 14 1月, 2014 1 次提交
-
-
由 Tomas Winkler 提交于
give up reseting after 3 unsuccessful tries Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NAlexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 09 1月, 2014 1 次提交
-
-
由 Alexander Usyskin 提交于
Fix syntax errors in comments and debug strings Signed-off-by: NAlexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 19 12月, 2013 1 次提交
-
-
由 Tomas Winkler 提交于
Set hbm header bit 30 for internal commands This mark commands that are generated by the device driver Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 28 11月, 2013 1 次提交
-
-
由 Alexander Usyskin 提交于
list_del_init appears twice in row in mei_cl_unlink, drop one. Signed-off-by: NAlexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 30 10月, 2013 1 次提交
-
-
由 Tomas Winkler 提交于
Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 20 10月, 2013 1 次提交
-
-
由 Alexander Usyskin 提交于
Move host_clients_map cleanup from host client init to device init. This fixes bug where we cleaned up the bitmask that servers as pool for host client ids while file descriptors are kept open during suspend. On resume a new connection will be assigned id that is already taken by opened file descriptor. Consequently read/write will fail due to mismatched book keeping. Signed-off-by: NAlexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 04 10月, 2013 2 次提交
-
-
由 Tomas Winkler 提交于
Make open counter to be incremented and decremented from mei_cl_link and mei_cl_unlik function respectively Nfc was assuming symmetric linking API and thus open handler count was never decreased. This patch fixes that. We need to add separate open hander count for amthif which is handled out of link/unlink functions and doesn't break the symmetric API. Last we do not waste clients slots if amthif or wd are not present in the device. we don't need to allocates slots ahead it is all covered by link/unlink before the devices is responding to user space connection and thus not racing on allocation Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Tomas Winkler 提交于
1. Perform simple checks first and only then attempt to allocate cl structure. 2. Remove open_handler_count test, this is already checked in mei_cl_link function 3. return -EMFILE instead of -ENOENT as expected by user space Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 26 9月, 2013 5 次提交
-
-
由 Tomas Winkler 提交于
we can call list_del_init regardless the client is linked or not it is always properly initialized Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Tomas Winkler 提交于
this eventually allows as use a single write queue both for control and data messages and removing possible race Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Tomas Winkler 提交于
ENODEV will cause application to try to reconnect since it assumes that device went through the reset write errors are not always fatal it can happen due to resource contention Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Alexander Usyskin 提交于
define cl_dbg and cl_err macros that add me and host id prefix for debug and error log messages so we can track for the client context of the flow. Signed-off-by: NAlexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Tomas Winkler 提交于
mei_cl_link is called both from mei_open and also from in-kernel drivers so we need to protect open_handle_count from overflow Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 27 7月, 2013 1 次提交
-
-
由 Tomas Winkler 提交于
Clear pending connection after hw reset but before hw start and wake up the waiting task in poll. Signal POLLERR in select when device went through reset. Add wrapper mei_cl_is_connected for checking if the device and client are connected. Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 25 7月, 2013 1 次提交
-
-
由 Tomas Winkler 提交于
wake writers otherwise might have processes waiting endlessly on wait_tx during reset Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 25 6月, 2013 3 次提交
-
-
由 Frode Isaksen 提交于
MEI_CL_CONNECT_TIMEOUT is the timeout in seconds to wait for a response in mei_cl_connect. The value was converted to jiffies using mei_secs_to_jiffies helper function and assigned to a local variable which is by mistake again multiplied by HZ Signed-off-by: NFrode Isaksen <frodex.isaksen@intel.com> Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Tomas Winkler 提交于
when we buffer write request we should not switch to MEI_WRITING since this will override MEI_WRITE_COMPLETE state of preceding write Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Tomas Winkler 提交于
mei_cl_irq_write_complete operates on a client so move it to client.c Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 22 5月, 2013 1 次提交
-
-
由 Tomas Winkler 提交于
1. rename mei_cl_complete_handler to mei_cl_complete 2. move the function client.c where it belongs Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 20 4月, 2013 1 次提交
-
-
由 Tomas Winkler 提交于
While writting to device is limitted to max_msg_length advertized in client properites the read can be much longer delivered consequiting chunks. We use krealloc to enlarge the buffer when needed. Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 11 4月, 2013 1 次提交
-
-
由 Samuel Ortiz 提交于
NFC ME device is exported through the MEI bus to be consumed by the NFC subsystem. NFC is represented by two mei clients: An info one and the actual NFC one. In order to properly build the ME id we first need to retrieve the firmware information from the info client and then disconnect from it. Signed-off-by: NSamuel Ortiz <sameo@linux.intel.com> Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 09 4月, 2013 1 次提交
-
-
由 Tomas Winkler 提交于
consolidate write code to a specific me client in mei_cl_write function the function is called from mei device write handler and from mei_cl bus send function Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 05 4月, 2013 1 次提交
-
-
由 Masanari Iida 提交于
Correct typos and fix stray comments. Signed-off-by: NMasanari Iida <standby24x7@gmail.com> Acked-by: NWinkler, Tomas <tomas.winkler@intel.com> Signed-off-by: NJiri Kosina <jkosina@suse.cz>
-
- 29 3月, 2013 1 次提交
-
-
由 Samuel Ortiz 提交于
We keep track of all MEI devices on the bus through a specific linked list. We also have a mei_device instance in the mei_cl structure. Signed-off-by: NSamuel Ortiz <sameo@linux.intel.com> Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 07 2月, 2013 2 次提交
-
-
由 Tomas Winkler 提交于
during reset we clean up client data structures we move that code into wrappers in client and call the wrappers Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Tomas Winkler 提交于
we rename the mei_host_buffer_is_empty to keep naming convention of hbuf and also make the query more generic to be correct also for other under laying hardware Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 15 1月, 2013 1 次提交
-
-
由 Tomas Winkler 提交于
On systems where wd and amthif is not initialized we will hit cl->dev == NULL. This condition is okay so we don't need to be laud about it. Fixes the follwing warning during suspend [ 137.061985] WARNING: at drivers/misc/mei/client.c:315 mei_cl_unlink+0x86/0x90 [mei]() [ 137.061986] Hardware name: 530U3BI/530U4BI/530U4BH [ 137.062140] Modules linked in: snd_hda_codec_hdmi snd_hda_codec_realtek joydev coretemp kvm_intel snd_hda_intel snd_hda_codec kvm arc4 iwldvm snd_hwdep i915 snd_pcm mac80211 ghash_clmulni_intel snd_page_alloc aesni_intel snd_seq_midi xts snd_seq_midi_event aes_x86_64 rfcomm snd_rawmidi parport_pc bnep lrw snd_seq uvcvideo i2c_algo_bit ppdev gf128mul iwlwifi snd_timer drm_kms_helper ablk_helper cryptd drm snd_seq_device videobuf2_vmalloc psmouse videobuf2_memops snd cfg80211 btusb videobuf2_core soundcore videodev lp bluetooth samsung_laptop wmi microcode mei serio_raw mac_hid video hid_generic lpc_ich parport usbhid hid r8169 [ 137.062143] Pid: 2706, comm: kworker/u:15 Tainted: G D W 3.8.0-rc2-next20130109-1-iniza-generic #1 [ 137.062144] Call Trace: [ 137.062156] [<ffffffff8105860f>] warn_slowpath_common+0x7f/0xc0 [ 137.062159] [<ffffffff8135b1ea>] ? ioread32+0x3a/0x40 [ 137.062162] [<ffffffff8105866a>] warn_slowpath_null+0x1a/0x20 [ 137.062168] [<ffffffffa0076be6>] mei_cl_unlink+0x86/0x90 [mei] [ 137.062173] [<ffffffffa0071325>] mei_reset+0xc5/0x240 [mei] [ 137.062178] [<ffffffffa0073703>] mei_pci_resume+0xa3/0x110 [mei] [ 137.062183] [<ffffffff81379cae>] pci_pm_resume+0x7e/0xe0 [ 137.062185] [<ffffffff81379c30>] ? pci_pm_thaw+0x80/0x80 [ 137.062189] [<ffffffff8145a415>] dpm_run_callback.isra.6+0x25/0x50 [ 137.062192] [<ffffffff8145a6cf>] device_resume+0x9f/0x140 [ 137.062194] [<ffffffff8145a791>] async_resume+0x21/0x50 [ 137.062200] [<ffffffff810858b0>] async_run_entry_fn+0x90/0x1c0 [ 137.062203] [<ffffffff810778e5>] process_one_work+0x155/0x460 [ 137.062207] [<ffffffff81078578>] worker_thread+0x168/0x400 [ 137.062210] [<ffffffff81078410>] ? manage_workers+0x2b0/0x2b0 [ 137.062214] [<ffffffff8107d9f0>] kthread+0xc0/0xd0 [ 137.062218] [<ffffffff8107d930>] ? flush_kthread_worker+0xb0/0xb0 [ 137.062222] [<ffffffff816bac6c>] ret_from_fork+0x7c/0xb0 [ 137.062228] [<ffffffff8107d930>] ? flush_kthread_worker+0xb0/0xb0 Reported-by: NSedat Dilek <sedat.dilek@gmail.com> Tested-by: NSedat Dilek <sedat.dilek@gmail.com> Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 09 1月, 2013 8 次提交
-
-
由 Tomas Winkler 提交于
In order we can use the same code pattern for in-kernel and user space host clients we replace mei_cl_link_to_me with mei_cl_link function. We then have to keep me client lookupout of the new link function. The unlinking cannot be yet symetric due to amthif connection handling Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Tomas Winkler 提交于
the only real thing that left was mei_amthi_guid the rest was in the strings and comments Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Tomas Winkler 提交于
read_pending never changes, it is a leftover from the old code. Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Tomas Winkler 提交于
Rename hw-me.h to hw-me-regs.h as this file contains only register definitions. Files hw-me.[ch] now contains ME hw dependant functionality Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Tomas Winkler 提交于
Implement mei_cl_connect that warps host client parts of the connection and leave the ioctl specifics in the mei_ioctl_connect_client function. Move mei_ioctl_connect_client to main.c where it belongs Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Tomas Winkler 提交于
Use common prefix for function names: mei_cl_ - for host clients mei_me_ - for me clients mei_io_ - for io callback functions Because mei_cl holds mei_device back pointer we can also drop the dev argument from the client functions add client.h header to export the clients API Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Tomas Winkler 提交于
This file now contains me and host client functions and also io callback helpers We also kill iorw.c which is no longer needed Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Tomas Winkler 提交于
hbm.h provides access host bus messaging functionality for other MEI layers Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 08 1月, 2013 2 次提交
-
-
由 Tomas Winkler 提交于
1. use mei_hbm_ for basic host bus message function 2. use mei_hbm_cl prefix for host bus messages that operation on behalf of a client Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Tomas Winkler 提交于
first include linux/mei.h then only local headers to avoid possible false dependencies Signed-off-by: NTomas Winkler <tomas.winkler@intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-