December 2019 - Linux-stable-mirror

[PATCH AUTOSEL 5.4 001/187] ASoC: rt5682: fix i2c arbitration lost issue

by Sasha Levin

From: Shuming Fan <shumingf(a)realtek.com> [ Upstream commit bc094709de0192a756c6946a7c89c543243ae609 ] This patch modified the HW initial setting to fix i2c arbitration lost issue. Signed-off-by: Shuming Fan <shumingf(a)realtek.com> Link: https://lore.kernel.org/r/20191125091940.11953-1-shumingf@realtek.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/codecs/rt5682.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sound/soc/codecs/rt5682.c b/sound/soc/codecs/rt5682.c index c50b75ce82e0..05e883a65d7a 100644 --- a/sound/soc/codecs/rt5682.c +++ b/sound/soc/codecs/rt5682.c @@ -72,6 +72,7 @@ struct rt5682_priv { static const struct reg_sequence patch_list[] = { {RT5682_HP_IMP_SENS_CTRL_19, 0x1000}, {RT5682_DAC_ADC_DIG_VOL1, 0xa020}, + {RT5682_I2C_CTRL, 0x000f}, }; static const struct reg_default rt5682_reg[] = { @@ -2481,6 +2482,7 @@ static void rt5682_calibrate(struct rt5682_priv *rt5682) mutex_lock(&rt5682->calibrate_mutex); rt5682_reset(rt5682->regmap); + regmap_write(rt5682->regmap, RT5682_I2C_CTRL, 0x000f); regmap_write(rt5682->regmap, RT5682_PWR_ANLG_1, 0xa2af); usleep_range(15000, 20000); regmap_write(rt5682->regmap, RT5682_PWR_ANLG_1, 0xf2af); -- 2.20.1

4 years, 12 months

2
3
0 0

[PATCH AUTOSEL 4.4 01/25] locking/spinlock/debug: Fix various data races

by Sasha Levin

From: Marco Elver <elver(a)google.com> [ Upstream commit 1a365e822372ba24c9da0822bc583894f6f3d821 ] This fixes various data races in spinlock_debug. By testing with KCSAN, it is observable that the console gets spammed with data races reports, suggesting these are extremely frequent. Example data race report: read to 0xffff8ab24f403c48 of 4 bytes by task 221 on cpu 2: debug_spin_lock_before kernel/locking/spinlock_debug.c:85 [inline] do_raw_spin_lock+0x9b/0x210 kernel/locking/spinlock_debug.c:112 __raw_spin_lock include/linux/spinlock_api_smp.h:143 [inline] _raw_spin_lock+0x39/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:338 [inline] get_partial_node.isra.0.part.0+0x32/0x2f0 mm/slub.c:1873 get_partial_node mm/slub.c:1870 [inline] <snip> write to 0xffff8ab24f403c48 of 4 bytes by task 167 on cpu 3: debug_spin_unlock kernel/locking/spinlock_debug.c:103 [inline] do_raw_spin_unlock+0xc9/0x1a0 kernel/locking/spinlock_debug.c:138 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:159 [inline] _raw_spin_unlock_irqrestore+0x2d/0x50 kernel/locking/spinlock.c:191 spin_unlock_irqrestore include/linux/spinlock.h:393 [inline] free_debug_processing+0x1b3/0x210 mm/slub.c:1214 __slab_free+0x292/0x400 mm/slub.c:2864 <snip> As a side-effect, with KCSAN, this eventually locks up the console, most likely due to deadlock, e.g. .. -> printk lock -> spinlock_debug -> KCSAN detects data race -> kcsan_print_report() -> printk lock -> deadlock. This fix will 1) avoid the data races, and 2) allow using lock debugging together with KCSAN. Reported-by: Qian Cai <cai(a)lca.pw> Signed-off-by: Marco Elver <elver(a)google.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Paul E. McKenney <paulmck(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Will Deacon <will.deacon(a)arm.com> Link: https://lkml.kernel.org/r/20191120155715.28089-1-elver@google.com Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/locking/spinlock_debug.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/kernel/locking/spinlock_debug.c b/kernel/locking/spinlock_debug.c index 0374a596cffa..95e610e3f7ef 100644 --- a/kernel/locking/spinlock_debug.c +++ b/kernel/locking/spinlock_debug.c @@ -51,19 +51,19 @@ EXPORT_SYMBOL(__rwlock_init); static void spin_dump(raw_spinlock_t *lock, const char *msg) { - struct task_struct *owner = NULL; + struct task_struct *owner = READ_ONCE(lock->owner); - if (lock->owner && lock->owner != SPINLOCK_OWNER_INIT) - owner = lock->owner; + if (owner == SPINLOCK_OWNER_INIT) + owner = NULL; printk(KERN_EMERG "BUG: spinlock %s on CPU#%d, %s/%d\n", msg, raw_smp_processor_id(), current->comm, task_pid_nr(current)); printk(KERN_EMERG " lock: %pS, .magic: %08x, .owner: %s/%d, " ".owner_cpu: %d\n", - lock, lock->magic, + lock, READ_ONCE(lock->magic), owner ? owner->comm : "<none>", owner ? task_pid_nr(owner) : -1, - lock->owner_cpu); + READ_ONCE(lock->owner_cpu)); dump_stack(); } @@ -80,16 +80,16 @@ static void spin_bug(raw_spinlock_t *lock, const char *msg) static inline void debug_spin_lock_before(raw_spinlock_t *lock) { - SPIN_BUG_ON(lock->magic != SPINLOCK_MAGIC, lock, "bad magic"); - SPIN_BUG_ON(lock->owner == current, lock, "recursion"); - SPIN_BUG_ON(lock->owner_cpu == raw_smp_processor_id(), + SPIN_BUG_ON(READ_ONCE(lock->magic) != SPINLOCK_MAGIC, lock, "bad magic"); + SPIN_BUG_ON(READ_ONCE(lock->owner) == current, lock, "recursion"); + SPIN_BUG_ON(READ_ONCE(lock->owner_cpu) == raw_smp_processor_id(), lock, "cpu recursion"); } static inline void debug_spin_lock_after(raw_spinlock_t *lock) { - lock->owner_cpu = raw_smp_processor_id(); - lock->owner = current; + WRITE_ONCE(lock->owner_cpu, raw_smp_processor_id()); + WRITE_ONCE(lock->owner, current); } static inline void debug_spin_unlock(raw_spinlock_t *lock) @@ -99,8 +99,8 @@ static inline void debug_spin_unlock(raw_spinlock_t *lock) SPIN_BUG_ON(lock->owner != current, lock, "wrong owner"); SPIN_BUG_ON(lock->owner_cpu != raw_smp_processor_id(), lock, "wrong CPU"); - lock->owner = SPINLOCK_OWNER_INIT; - lock->owner_cpu = -1; + WRITE_ONCE(lock->owner, SPINLOCK_OWNER_INIT); + WRITE_ONCE(lock->owner_cpu, -1); } static void __spin_lock_debug(raw_spinlock_t *lock) @@ -233,8 +233,8 @@ static inline void debug_write_lock_before(rwlock_t *lock) static inline void debug_write_lock_after(rwlock_t *lock) { - lock->owner_cpu = raw_smp_processor_id(); - lock->owner = current; + WRITE_ONCE(lock->owner_cpu, raw_smp_processor_id()); + WRITE_ONCE(lock->owner, current); } static inline void debug_write_unlock(rwlock_t *lock) @@ -243,8 +243,8 @@ static inline void debug_write_unlock(rwlock_t *lock) RWLOCK_BUG_ON(lock->owner != current, lock, "wrong owner"); RWLOCK_BUG_ON(lock->owner_cpu != raw_smp_processor_id(), lock, "wrong CPU"); - lock->owner = SPINLOCK_OWNER_INIT; - lock->owner_cpu = -1; + WRITE_ONCE(lock->owner, SPINLOCK_OWNER_INIT); + WRITE_ONCE(lock->owner_cpu, -1); } #if 0 /* This can cause lockups */ -- 2.20.1

4 years, 12 months

1
22
0 0

[PATCH AUTOSEL 4.14 01/57] mwifiex: fix possible heap overflow in mwifiex_process_country_ie()

by Sasha Levin

From: Ganapathi Bhat <gbhat(a)marvell.com> [ Upstream commit 3d94a4a8373bf5f45cf5f939e88b8354dbf2311b ] mwifiex_process_country_ie() function parse elements of bss descriptor in beacon packet. When processing WLAN_EID_COUNTRY element, there is no upper limit check for country_ie_len before calling memcpy. The destination buffer domain_info->triplet is an array of length MWIFIEX_MAX_TRIPLET_802_11D(83). The remote attacker can build a fake AP with the same ssid as real AP, and send malicous beacon packet with long WLAN_EID_COUNTRY elemen (country_ie_len > 83). Attacker can force STA connect to fake AP on a different channel. When the victim STA connects to fake AP, will trigger the heap buffer overflow. Fix this by checking for length and if found invalid, don not connect to the AP. This fix addresses CVE-2019-14895. Reported-by: huangwen <huangwenabc(a)gmail.com> Signed-off-by: Ganapathi Bhat <gbhat(a)marvell.com> Signed-off-by: Kalle Valo <kvalo(a)codeaurora.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/wireless/marvell/mwifiex/sta_ioctl.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c b/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c index a8043d76152a..f88a953b3cd5 100644 --- a/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c +++ b/drivers/net/wireless/marvell/mwifiex/sta_ioctl.c @@ -271,6 +271,14 @@ static int mwifiex_process_country_ie(struct mwifiex_private *priv, "11D: skip setting domain info in FW\n"); return 0; } + + if (country_ie_len > + (IEEE80211_COUNTRY_STRING_LEN + MWIFIEX_MAX_TRIPLET_802_11D)) { + mwifiex_dbg(priv->adapter, ERROR, + "11D: country_ie_len overflow!, deauth AP\n"); + return -EINVAL; + } + memcpy(priv->adapter->country_code, &country_ie[2], 2); domain_info->country_code[0] = country_ie[2]; @@ -314,8 +322,9 @@ int mwifiex_bss_start(struct mwifiex_private *priv, struct cfg80211_bss *bss, priv->scan_block = false; if (bss) { - if (adapter->region_code == 0x00) - mwifiex_process_country_ie(priv, bss); + if (adapter->region_code == 0x00 && + mwifiex_process_country_ie(priv, bss)) + return -EINVAL; /* Allocate and fill new bss descriptor */ bss_desc = kzalloc(sizeof(struct mwifiex_bssdescriptor), -- 2.20.1

4 years, 12 months

1
53
0 0

[PATCH] staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713

by Ian Abbott

The Advantech PCI-1713 has 32 analog input channels, but an incorrect bit-mask in the definition of the `PCI171X_MUX_CHANH(x)` and PCI171X_MUX_CHANL(x)` macros is causing channels 16 to 31 to be aliases of channels 0 to 15. Change the bit-mask value from 0xf to 0xff to fix it. Note that the channel numbers will have been range checked already, so the bit-mask isn't really needed. Fixes: 92c65e5553ed ("staging: comedi: adv_pci1710: define the mux control register bits") Reported-by: Dmytro Fil <monkdaf(a)gmail.com> Cc: <stable(a)vger.kernel.org> # v4.5+ Signed-off-by: Ian Abbott <abbotti(a)mev.co.uk> --- drivers/staging/comedi/drivers/adv_pci1710.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/staging/comedi/drivers/adv_pci1710.c b/drivers/staging/comedi/drivers/adv_pci1710.c index dbff0f7e7cf5..ddc0dc93d08b 100644 --- a/drivers/staging/comedi/drivers/adv_pci1710.c +++ b/drivers/staging/comedi/drivers/adv_pci1710.c @@ -46,8 +46,8 @@ #define PCI171X_RANGE_UNI BIT(4) #define PCI171X_RANGE_GAIN(x) (((x) & 0x7) << 0) #define PCI171X_MUX_REG 0x04 /* W: A/D multiplexor control */ -#define PCI171X_MUX_CHANH(x) (((x) & 0xf) << 8) -#define PCI171X_MUX_CHANL(x) (((x) & 0xf) << 0) +#define PCI171X_MUX_CHANH(x) (((x) & 0xff) << 8) +#define PCI171X_MUX_CHANL(x) (((x) & 0xff) << 0) #define PCI171X_MUX_CHAN(x) (PCI171X_MUX_CHANH(x) | PCI171X_MUX_CHANL(x)) #define PCI171X_STATUS_REG 0x06 /* R: status register */ #define PCI171X_STATUS_IRQ BIT(11) /* 1=IRQ occurred */ -- 2.24.1

4 years, 12 months

1
0
0 0

[PATCH 3/3] KVM: arm/arm64: correct AArch32 SPSR on exception entry

by Mark Rutland

Confusingly, there are three SPSR layouts that a kernel may need to deal with: (1) An AArch64 SPSR_ELx view of an AArch64 pstate (2) An AArch64 SPSR_ELx view of an AArch32 pstate (3) An AArch32 SPSR_* view of an AArch32 pstate When the KVM AArch32 support code deals with SPSR_{EL2,HYP}, it's either dealing with #2 or #3 consistently. On arm64 the PSR_AA32_* definitions match the AArch64 SPSR_ELx view, and on arm the PSR_AA32_* definitions match the AArch32 SPSR_* view. However, when we inject an exception into an AArch32 guest, we have to synthesize the AArch32 SPSR_* that the guest will see. Thus, an AArch64 host needs to synthesize layout #3 from layout #2. This patch adds a new host_spsr_to_spsr32() helper for this, and makes use of it in the KVM AArch32 support code. For arm64 we need to shuffle the DIT bit around, and remove the SS bit, while for arm we can use the value as-is. I've open-coded the bit manipulation for now to avoid having to rework the existing PSR_* definitions into PSR64_AA32_* and PSR32_AA32_* definitions. I hope to perform a more thorough refactoring in future so that we can handle pstate view manipulation more consistently across the kernel tree. Signed-off-by: Mark Rutland <mark.rutland(a)arm.com> Cc: Alexandru Elisei <alexandru.elisei(a)arm.com> Cc: Drew Jones <drjones(a)redhat.com> Cc: James Morse <james.morse(a)arm.com> Cc: Julien Thierry <julien.thierry.kdev(a)gmail.com> Cc: Marc Zyngier <maz(a)kernel.org> Cc: Peter Maydell <peter.maydell(a)linaro.org> Cc: Suzuki K Poulose <suzuki.poulose(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: stable(a)vger.kernel.org --- arch/arm/include/asm/kvm_emulate.h | 5 +++++ arch/arm64/include/asm/kvm_emulate.h | 32 ++++++++++++++++++++++++++++++++ virt/kvm/arm/aarch32.c | 6 +++--- 3 files changed, 40 insertions(+), 3 deletions(-) diff --git a/arch/arm/include/asm/kvm_emulate.h b/arch/arm/include/asm/kvm_emulate.h index dee2567661ed..b811576bc456 100644 --- a/arch/arm/include/asm/kvm_emulate.h +++ b/arch/arm/include/asm/kvm_emulate.h @@ -53,6 +53,11 @@ static inline void vcpu_write_spsr(struct kvm_vcpu *vcpu, unsigned long v) *__vcpu_spsr(vcpu) = v; } +static inline unsigned long host_spsr_to_spsr32(unsigned long spsr) +{ + return spsr; +} + static inline unsigned long vcpu_get_reg(struct kvm_vcpu *vcpu, u8 reg_num) { diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h index d69c1efc63e7..98672938f9f9 100644 --- a/arch/arm64/include/asm/kvm_emulate.h +++ b/arch/arm64/include/asm/kvm_emulate.h @@ -204,6 +204,38 @@ static inline void vcpu_write_spsr(struct kvm_vcpu *vcpu, unsigned long v) vcpu_gp_regs(vcpu)->spsr[KVM_SPSR_EL1] = v; } +/* + * The layout of SPSR for an AArch32 state is different when observed from an + * AArch64 SPSR_ELx or an AArch32 SPSR_*. This function generates the AArch32 + * view given an AArch64 view. + * + * In ARM DDI 0487E.a see: + * + * - The AArch64 view (SPSR_EL2) in section C5.2.18, page C5-426 + * - The AArch32 view (SPSR_abt) in section G8.2.126, page G8-6256 + * - The AArch32 view (SPSR_und) in section G8.2.132, page G8-6280 + * + * Which show the following differences: + * + * | Bit | AA64 | AA32 | Notes | + * +-----+------+------+-----------------------------| + * | 24 | DIT | J | J is RES0 in ARMv8 | + * | 21 | SS | DIT | SS doesn't exist in AArch32 | + * + * ... and all other bits are (currently) common. + */ +static inline unsigned long host_spsr_to_spsr32(unsigned long spsr) +{ + const unsigned long overlap = BIT(24) | BIT(21); + unsigned long dit = !!(spsr & PSR_AA32_DIT_BIT); + + spsr &= overlap; + + spsr |= dit << 21; + + return spsr; +} + static inline bool vcpu_mode_priv(const struct kvm_vcpu *vcpu) { u32 mode; diff --git a/virt/kvm/arm/aarch32.c b/virt/kvm/arm/aarch32.c index 17bcde5c2451..115210e64682 100644 --- a/virt/kvm/arm/aarch32.c +++ b/virt/kvm/arm/aarch32.c @@ -128,15 +128,15 @@ static unsigned long get_except32_cpsr(struct kvm_vcpu *vcpu, u32 mode) static void prepare_fault32(struct kvm_vcpu *vcpu, u32 mode, u32 vect_offset) { - unsigned long new_spsr_value = *vcpu_cpsr(vcpu); - bool is_thumb = (new_spsr_value & PSR_AA32_T_BIT); + unsigned long spsr = *vcpu_cpsr(vcpu); + bool is_thumb = (spsr & PSR_AA32_T_BIT); u32 return_offset = return_offsets[vect_offset >> 2][is_thumb]; u32 sctlr = vcpu_cp15(vcpu, c1_SCTLR); *vcpu_cpsr(vcpu) = get_except32_cpsr(vcpu, mode); /* Note: These now point to the banked copies */ - vcpu_write_spsr(vcpu, new_spsr_value); + vcpu_write_spsr(vcpu, host_spsr_to_spsr32(spsr)); *vcpu_reg32(vcpu, 14) = *vcpu_pc(vcpu) + return_offset; /* Branch to exception vector */ -- 2.11.0

4 years, 12 months

3
3
0 0

[PATCH 1/1] usb: cdns3: should not use the same dev_id for shared interrupt handler

by Peter Chen

Both drd and gadget interrupt handler use the struct cdns3 pointer as dev_id, it causes devm_free_irq at cdns3_gadget_exit doesn't free gadget's interrupt handler, it freed drd's handler. So, when the host interrupt occurs, the gadget's interrupt hanlder is still called, and causes below oops. To fix it, we use gadget's private data priv_dev as interrupt dev_id for gadget. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000380 Mem abort info: ESR = 0x96000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ISS = 0x00000006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000971d79000 [0000000000000380] pgd=0000000971d6f003, pud=0000000971d6e003, pmd=0000000000000000 Internal error: Oops: 96000006 [#1] PREEMPT SMP Modules linked in: mxc_jpeg_encdec crct10dif_ce fsl_imx8_ddr_perf CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.4.0-03486-g69f4e7d9c54a-dirty #254 Hardware name: Freescale i.MX8QM MEK (DT) pstate: 00000085 (nzcv daIf -PAN -UAO) pc : cdns3_device_irq_handler+0x1c/0xb8 lr : __handle_irq_event_percpu+0x78/0x2c0 sp : ffff800010003e30 x29: ffff800010003e30 x28: ffff8000129bb000 x27: ffff8000126e9000 x26: ffff0008f61b5600 x25: ffff800011fe1018 x24: ffff8000126ea120 x23: ffff800010003f04 x22: 0000000000000000 x21: 0000000000000093 x20: ffff0008f61b5600 x19: ffff0008f5061a80 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 003d090000000000 x13: 00003d0900000000 x12: 0000000000000000 x11: 00003d0900000000 x10: 0000000000000040 x9 : ffff800012708cb8 x8 : ffff800012708cb0 x7 : ffff0008f7c7a9d0 x6 : 0000000000000000 x5 : ffff0008f7c7a910 x4 : ffff8008ed359000 x3 : ffff800010003f40 x2 : 0000000000000000 x1 : ffff0008f5061a80 x0 : ffff800010161a60 Call trace: cdns3_device_irq_handler+0x1c/0xb8 __handle_irq_event_percpu+0x78/0x2c0 handle_irq_event_percpu+0x40/0x98 handle_irq_event+0x4c/0xd0 handle_fasteoi_irq+0xbc/0x168 generic_handle_irq+0x34/0x50 __handle_domain_irq+0x6c/0xc0 gic_handle_irq+0xd4/0x174 el1_irq+0xb8/0x180 arch_cpu_idle+0x3c/0x230 default_idle_call+0x38/0x40 do_idle+0x20c/0x298 cpu_startup_entry+0x28/0x48 rest_init+0xdc/0xe8 arch_call_rest_init+0x14/0x1c start_kernel+0x48c/0x4b8 Code: aa0103f3 aa1e03e0 d503201f f9409662 (f941c040) ---[ end trace 091dcf4dee011b0e ]--- Kernel panic - not syncing: Fatal exception in interrupt SMP: stopping secondary CPUs Kernel Offset: disabled CPU features: 0x0002,2100600c Memory Limit: none ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- Fixes: 7733f6c32e36 ("usb: cdns3: Add Cadence USB3 DRD Driver") Cc: <stable(a)vger.kernel.org> #v5.4 Signed-off-by: Peter Chen <peter.chen(a)nxp.com> --- drivers/usb/cdns3/gadget.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/drivers/usb/cdns3/gadget.c b/drivers/usb/cdns3/gadget.c index 4c1e75509303..02f6ca2cb1ba 100644 --- a/drivers/usb/cdns3/gadget.c +++ b/drivers/usb/cdns3/gadget.c @@ -1375,13 +1375,10 @@ static void cdns3_check_usb_interrupt_proceed(struct cdns3_device *priv_dev, */ static irqreturn_t cdns3_device_irq_handler(int irq, void *data) { - struct cdns3_device *priv_dev; - struct cdns3 *cdns = data; + struct cdns3_device *priv_dev = data; irqreturn_t ret = IRQ_NONE; u32 reg; - priv_dev = cdns->gadget_dev; - /* check USB device interrupt */ reg = readl(&priv_dev->regs->usb_ists); if (reg) { @@ -1419,14 +1416,12 @@ static irqreturn_t cdns3_device_irq_handler(int irq, void *data) */ static irqreturn_t cdns3_device_thread_irq_handler(int irq, void *data) { - struct cdns3_device *priv_dev; - struct cdns3 *cdns = data; + struct cdns3_device *priv_dev = data; irqreturn_t ret = IRQ_NONE; unsigned long flags; int bit; u32 reg; - priv_dev = cdns->gadget_dev; spin_lock_irqsave(&priv_dev->lock, flags); reg = readl(&priv_dev->regs->usb_ists); @@ -2539,7 +2534,7 @@ void cdns3_gadget_exit(struct cdns3 *cdns) priv_dev = cdns->gadget_dev; - devm_free_irq(cdns->dev, cdns->dev_irq, cdns); + devm_free_irq(cdns->dev, cdns->dev_irq, priv_dev); pm_runtime_mark_last_busy(cdns->dev); pm_runtime_put_autosuspend(cdns->dev); @@ -2710,7 +2705,8 @@ static int __cdns3_gadget_init(struct cdns3 *cdns) ret = devm_request_threaded_irq(cdns->dev, cdns->dev_irq, cdns3_device_irq_handler, cdns3_device_thread_irq_handler, - IRQF_SHARED, dev_name(cdns->dev), cdns); + IRQF_SHARED, dev_name(cdns->dev), + cdns->gadget_dev); if (ret) goto err0; -- 2.17.1

5 years

1
0
0 0

[PATCH] tpm_tis: reserve chip for duration of tpm_tis_core_init

by Jerry Snitselaar

Instead of repeatedly calling tpm_chip_start/tpm_chip_stop when issuing commands to the tpm during initialization, just reserve the chip after wait_startup, and release it when we are ready to call tpm_chip_register. Cc: Christian Bundy <christianbundy(a)fraction.io> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Peter Huewe <peterhuewe(a)gmx.de> Cc: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Stefan Berger <stefanb(a)linux.vnet.ibm.com> Cc: stable(a)vger.kernel.org Cc: linux-intergrity(a)vger.kernel.org Fixes: a3fbfae82b4c ("tpm: take TPM chip power gating out of tpm_transmit()") Signed-off-by: Jerry Snitselaar <jsnitsel(a)redhat.com> --- drivers/char/tpm/tpm_tis_core.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index 8af2cee1a762..308756d278b3 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -978,13 +978,13 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, if (wait_startup(chip, 0) != 0) { rc = -ENODEV; - goto out_err; + goto out_start; } /* Take control of the TPM's interrupt hardware and shut it off */ rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask); if (rc < 0) - goto out_err; + goto out_start; intmask |= TPM_INTF_CMD_READY_INT | TPM_INTF_LOCALITY_CHANGE_INT | TPM_INTF_DATA_AVAIL_INT | TPM_INTF_STS_VALID_INT; @@ -993,9 +993,8 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, rc = tpm_chip_start(chip); if (rc) - goto out_err; + goto out_start; rc = tpm2_probe(chip); - tpm_chip_stop(chip); if (rc) goto out_err; @@ -1059,7 +1058,6 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, goto out_err; } - tpm_chip_start(chip); chip->flags |= TPM_CHIP_FLAG_IRQ; if (irq) { tpm_tis_probe_irq_single(chip, intmask, IRQF_SHARED, @@ -1070,18 +1068,17 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, } else { tpm_tis_probe_irq(chip, intmask); } - tpm_chip_stop(chip); } + tpm_chip_stop(chip); rc = tpm_chip_register(chip); if (rc) - goto out_err; - - if (chip->ops->clk_enable != NULL) - chip->ops->clk_enable(chip, false); + goto out_start; return 0; out_err: + tpm_chip_stop(chip); +out_start: if ((chip->ops != NULL) && (chip->ops->clk_enable != NULL)) chip->ops->clk_enable(chip, false); -- 2.24.0

5 years

3
25
0 0

[PATCH] tpm: Revert "tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts"

by Jarkko Sakkinen

From: Stefan Berger <stefanb(a)linux.ibm.com> Revert the patch that was setting the TPM_CHIP_FLAG_IRQ before probing for interrupts. Cc: Jerry Snitselaar <jsnitsel(a)redhat.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Fixes: 1ea32c83c699 ("tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts") Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com> Reported-by: Jerry Snitselaar <jsnitsel(a)redhat.com> Cc: stable(a)vger.kernel.org Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> --- Please check and inform if also 2/2 of Stefan's patches is needed. I'll prepare the PR accordingly. Thanks. drivers/char/tpm/tpm_tis_core.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index bb0343ffd235..7ee29e25cb3b 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -1059,7 +1059,6 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, goto err_probe; } - chip->flags |= TPM_CHIP_FLAG_IRQ; if (irq) { tpm_tis_probe_irq_single(chip, intmask, IRQF_SHARED, irq); -- 2.20.1

5 years

1
0
0 0

Re: [PATCH] ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards

by Hans de Goede

Hi, On 26-12-2019 00:55, Sasha Levin wrote: > Hi, > > [This is an automated email] > > This commit has been processed because it contains a -stable tag. > The stable tag indicates that it's relevant for the following trees: all > > The bot has tested the following trees: v5.4.5, v5.3.18, v4.19.90, v4.14.159, v4.9.206, v4.4.206. > > v5.4.5: Build OK! > v5.3.18: Build OK! > v4.19.90: Build OK! > v4.14.159: Build OK! > v4.9.206: Failed to apply! Possible dependencies: > 1f59ab2783ae ("ACPI / video: Add force_none quirk for Dell OptiPlex 9020M") > d37efb79bc1c ("ACPI / video: Add quirks for the Dell Precision 7510") > > v4.4.206: Failed to apply! Possible dependencies: > 1f59ab2783ae ("ACPI / video: Add force_none quirk for Dell OptiPlex 9020M") > d37efb79bc1c ("ACPI / video: Add quirks for the Dell Precision 7510") > > > NOTE: The patch will not be queued to stable trees until it is upstream. > > How should we proceed with this patch? This fix is mostly cosmetical (it hides a non working brightness control in various desktop environments) so just backporting this to the kernels where it cleanly applies is fine. Regards, Hans

5 years

1
0
0 0

Re: usb: dwc3: gadget: Fix logical condition

by youling 257

This patch caused g_mass_storage not working. with this patch, device modprobe g_mass_storage file=/dev/block/mmcblk2p3, [ 255.255238] udc dwc3.3.auto: registering UDC driver [g_mass_storage] [ 255.255266] Mass Storage Function, version: 2009/09/11 [ 255.255362] LUN: removable file: (no medium) [ 255.255533] lun0: open backing file: /dev/block/mmcblk2p3 [ 255.255539] LUN: file: /dev/block/mmcblk2p3 [ 255.255587] Number of LUNs=1 [ 255.255675] g_mass_storage gadget: adding config #1 'Linux File-Backed Storage'/0000000034b331d2 [ 255.255681] g_mass_storage gadget: adding 'Mass Storage Function'/000000009839a369 to config 'Linux File-Backed Storage'/0000000034b331d2 [ 255.256338] g_mass_storage gadget: I/O thread pid: 6312 [ 255.256396] g_mass_storage gadget: cfg 1/0000000034b331d2 speeds: super high full [ 255.256401] g_mass_storage gadget: interface 0 = Mass Storage Function/000000009839a369 [ 255.256411] g_mass_storage gadget: Mass Storage Gadget, version: 2009/09/11 [ 255.256464] g_mass_storage gadget: userspace failed to provide iSerialNumber [ 255.256548] g_mass_storage gadget: g_mass_storage ready [ 255.313503] init: Starting service 'wpa_supplicant'... [ 255.355209] g_mass_storage gadget: suspend [ 255.384831] init: Service 'wpa_supplicant' (pid 6314) exited with status 255 [ 255.384891] init: Service 'wpa_supplicant' (pid 6314) killing any children in process group [ 255.662885] g_mass_storage gadget: high-speed config #1: Linux File-Backed Storage [ 255.663081] g_mass_storage gadget: set_config: interface 0 (Mass Storage Function) requested delayed status [ 255.663089] g_mass_storage gadget: delayed_status count 1 [ 255.663732] g_mass_storage gadget: usb_composite_setup_continue [ 255.663743] g_mass_storage gadget: usb_composite_setup_continue: Completing delayed status [ 256.681607] g_mass_storage gadget: non-core control reqa1.fe v0000 i0000 l1 [ 256.681613] g_mass_storage gadget: get max LUN host not detect sda, [49728.458139] usb 1-2.3: new high-speed USB device number 21 using xhci_hcd [49728.544776] usb-storage 1-2.3:1.0: USB Mass Storage device detected [49728.545875] usb-storage 1-2.3:1.0: Quirks match for vid 0525 pid a4a5: 10000 [49728.546062] scsi host0: usb-storage 1-2.3:1.0 revert this patch, device modprobe g_mass_storage file=/dev/block/mmcblk2p3 [ 405.766178] udc dwc3.3.auto: registering UDC driver [g_mass_storage] [ 405.766225] Mass Storage Function, version: 2009/09/11 [ 405.766307] LUN: removable file: (no medium) [ 405.766532] lun0: open backing file: /dev/block/mmcblk2p3 [ 405.766539] LUN: file: /dev/block/mmcblk2p3 [ 405.766665] Number of LUNs=1 [ 405.766736] g_mass_storage gadget: adding config #1 'Linux File-Backed Storage'/0000000034b331d2 [ 405.766747] g_mass_storage gadget: adding 'Mass Storage Function'/00000000cbbcccdc to config 'Linux File-Backed Storage'/0000000034b331d2 [ 405.767498] g_mass_storage gadget: I/O thread pid: 6873 [ 405.767509] g_mass_storage gadget: cfg 1/0000000034b331d2 speeds: super high full [ 405.767512] g_mass_storage gadget: interface 0 = Mass Storage Function/00000000cbbcccdc [ 405.767519] g_mass_storage gadget: Mass Storage Gadget, version: 2009/09/11 [ 405.767587] g_mass_storage gadget: userspace failed to provide iSerialNumber [ 405.767622] g_mass_storage gadget: g_mass_storage ready [ 405.866215] g_mass_storage gadget: suspend [ 406.175951] g_mass_storage gadget: high-speed config #1: Linux File-Backed Storage [ 406.176130] g_mass_storage gadget: set_config: interface 0 (Mass Storage Function) requested delayed status [ 406.176138] g_mass_storage gadget: delayed_status count 1 [ 406.176186] g_mass_storage gadget: usb_composite_setup_continue [ 406.176211] g_mass_storage gadget: usb_composite_setup_continue: Completing delayed status [ 407.202507] g_mass_storage gadget: non-core control reqa1.fe v0000 i0000 l1 [ 407.202512] g_mass_storage gadget: get max LUN [ 407.203164] SCSI CDB: 12 00 00 00 24 00 [ 407.203177] g_mass_storage gadget: SCSI command: INQUIRY; Dc=6, Di=36; Hc=6, Hi=36 [ 407.205991] SCSI CDB: 00 00 00 00 00 00 [ 407.206005] g_mass_storage gadget: SCSI command: TEST UNIT READY; Dc=6, Dn=0; Hc=6, Hn=0 [ 407.206008] g_mass_storage gadget: sending command-failure status [ 407.206012] g_mass_storage gadget: sense data: SK x06, ASC x29, ASCQ x00; info x0 [ 407.206279] SCSI CDB: 03 00 00 00 12 00 [ 407.206287] g_mass_storage gadget: SCSI command: REQUEST SENSE; Dc=6, Di=18; Hc=6, Hi=18 [ 407.207342] SCSI CDB: 00 00 00 00 00 00 [ 407.207354] g_mass_storage gadget: SCSI command: TEST UNIT READY; Dc=6, Dn=0; Hc=6, Hn=0 [ 407.207633] SCSI CDB: 25 00 00 00 00 00 00 00 00 00 [ 407.207641] g_mass_storage gadget: SCSI command: READ CAPACITY; Dc=10, Di=8; Hc=10, Hi=8 [ 407.208755] SCSI CDB: 1a 00 3f 00 c0 00 [ 407.208766] g_mass_storage gadget: SCSI command: MODE SENSE(6); Dc=6, Di=192; Hc=6, Hi=192 [ 407.208779] g_mass_storage gadget: bulk-in set halt [ 407.208782] g_mass_storage gadget: delayed bulk-in endpoint halt [ 407.320644] SCSI CDB: 1a 00 3f 00 c0 00 [ 407.320662] g_mass_storage gadget: SCSI command: MODE SENSE(6); Dc=6, Di=192; Hc=6, Hi=192 [ 407.320674] g_mass_storage gadget: bulk-in set halt [ 407.320676] g_mass_storage gadget: delayed bulk-in endpoint halt [ 407.440335] SCSI CDB: 00 00 00 00 00 00 host can detect sda, [49878.915966] usb 1-2.3: new high-speed USB device number 23 using xhci_hcd [49878.999260] usb-storage 1-2.3:1.0: USB Mass Storage device detected [49879.001165] usb-storage 1-2.3:1.0: Quirks match for vid 0525 pid a4a5: 10000 [49879.001676] scsi host0: usb-storage 1-2.3:1.0 [49880.026002] scsi 0:0:0:0: Direct-Access Linux File-Stor Gadget 0503 PQ: 0 ANSI: 2 [49880.027243] scsi 0:0:0:0: Attached scsi generic sg0 type 0 [49880.028852] sd 0:0:0:0: Power-on or device reset occurred [49880.030081] sd 0:0:0:0: [sda] 10485760 512-byte logical blocks: (5.37 GB/5.00 GiB) [49880.142046] sd 0:0:0:0: [sda] Write Protect is off [49880.142186] sd 0:0:0:0: [sda] Mode Sense: 0f 00 00 00 [49880.253720] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [49880.500337] audit: type=1400 audit(1577294060.839:15853): avc: denied { noatsecure } for pid=9278 comm="sh" scontext=u:r:vold:s0 tcontext=u:r:sgdisk:s0 tclass=process permissive=1 [49880.596496] sd 0:0:0:0: [sda] Attached SCSI disk

5 years

2
1
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror December 2019