October 2020 - Linux-stable-mirror

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.241 release. There are 112 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 29 Oct 2020 13:48:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.241-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.241-rc1 Oliver Neukum <oneukum(a)suse.com> USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync(). Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> usb: cdc-acm: add quirk to blacklist ETAS ES58X devices Valentin Vidic <vvidic(a)valentin-vidic.from.hr> net: korina: cast KSEG0 address to pointer in kfree Zekun Shen <bruceshenzk(a)gmail.com> ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() Eli Billauer <eli.billauer(a)gmail.com> usb: core: Solve race condition in anchor cleanup functions Wang Yufen <wangyufen(a)huawei.com> brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach Jan Kara <jack(a)suse.cz> reiserfs: Fix memory leak in reiserfs_parse_options() Peilin Ye <yepeilin.cs(a)gmail.com> ipvs: Fix uninit-value in do_ip_vs_set_ctl() Tong Zhang <ztong0001(a)gmail.com> tty: ipwireless: fix error handling Doug Horn <doughorn(a)google.com> Fix use after free in get_capset_info callback. Chris Chiu <chiu(a)endlessm.com> rtl8xxxu: prevent potential memory leak Keita Suzuki <keitasuzuki.park(a)sslab.ics.keio.ac.jp> brcmsmac: fix memory leak in wlc_phy_attach_lcnphy Jing Xiangfeng <jingxiangfeng(a)huawei.com> scsi: ibmvfc: Fix error return in ibmvfc_probe() Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> Bluetooth: Only mark socket zapped after unlocking Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> usb: ohci: Default to per-port over-current protection Darrick J. Wong <darrick.wong(a)oracle.com> xfs: make sure the rt allocator doesn't run off the end Eric Biggers <ebiggers(a)google.com> reiserfs: only call unlock_new_inode() if I_NEW Keita Suzuki <keitasuzuki.park(a)sslab.ics.keio.ac.jp> misc: rtsx: Fix memory leak in rtsx_pci_probe Brooke Basile <brookebasile(a)gmail.com> ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() Jan Kara <jack(a)suse.cz> udf: Avoid accessing uninitialized data on failed inode read Jan Kara <jack(a)suse.cz> udf: Limit sparing table size Zqiang <qiang.zhang(a)windriver.com> usb: gadget: function: printer: fix use-after-free in __lock_acquire Roman Bolshakov <r.bolshakov(a)yadro.com> scsi: target: core: Add CONTROL field for trace events Jing Xiangfeng <jingxiangfeng(a)huawei.com> scsi: mvumi: Fix error return in mvumi_io_attach() Christoph Hellwig <hch(a)lst.de> PM: hibernate: remove the bogus call to get_gendisk() in software_resume() Rustam Kovhaev <rkovhaev(a)gmail.com> ntfs: add check for mft record size in superblock Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: saa7134: avoid a shift overflow Pali Rohár <pali(a)kernel.org> mmc: sdio: Check for CISTPL_VERS_1 buffer size Adam Goode <agoode(a)google.com> media: uvcvideo: Ensure all probed info is returned to v4l2 Xiaolong Huang <butterflyhuangxx(a)gmail.com> media: media/pci: prevent memory leak in bttv_probe Dinghao Liu <dinghao.liu(a)zju.edu.cn> media: bdisp: Fix runtime PM imbalance on error Qiushi Wu <wu000273(a)umn.edu> media: exynos4-is: Fix a reference count leak Qiushi Wu <wu000273(a)umn.edu> media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync Qiushi Wu <wu000273(a)umn.edu> media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync Oliver Neukum <oneukum(a)suse.com> media: ati_remote: sanity check for both endpoints Pavel Machek <pavel(a)ucw.cz> media: firewire: fix memory leak Vasant Hegde <hegdevasant(a)linux.vnet.ibm.com> powerpc/powernv/dump: Fix race while processing OPAL dump Michal Simek <michal.simek(a)xilinx.com> arm64: dts: zynqmp: Remove additional compatible string for i2c IPs Krzysztof Kozlowski <krzk(a)kernel.org> memory: fsl-corenet-cf: Fix handling of platform_get_irq() error Dan Carpenter <dan.carpenter(a)oracle.com> memory: omap-gpmc: Fix a couple off by ones Robert Hoo <robert.hu(a)linux.intel.com> KVM: x86: emulating RDPID failure shall return #UD rather than #GP Krzysztof Kozlowski <krzk(a)kernel.org> Input: sun4i-ps2 - fix handling of platform_get_irq() error Krzysztof Kozlowski <krzk(a)kernel.org> Input: omap4-keypad - fix handling of platform_get_irq() error Krzysztof Kozlowski <krzk(a)kernel.org> Input: ep93xx_keypad - fix handling of platform_get_irq() error Dan Carpenter <dan.carpenter(a)oracle.com> Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Clear token on bypass registration failure Tobias Jordan <kernel(a)cdqe.de> lib/crc32.c: fix trivial typo in preprocessor condition Srikar Dronamraju <srikar(a)linux.vnet.ibm.com> cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier Kajol Jain <kjain(a)linux.ibm.com> powerpc/perf/hv-gpci: Fix starting index value Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Fix pager search for multi-line strings Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix "context_switch event has no tid" error Finn Thain <fthain(a)telegraphics.com.au> powerpc/tau: Disable TAU between measurements Finn Thain <fthain(a)telegraphics.com.au> powerpc/tau: Remove duplicated set_thresholds() call Finn Thain <fthain(a)telegraphics.com.au> powerpc/tau: Use appropriate temperature sample interval Guillaume Tucker <guillaume.tucker(a)collabora.com> ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> mtd: mtdoops: Don't write panic data twice Arnd Bergmann <arnd(a)arndb.de> mtd: lpddr: fix excessive stack usage with clang Nicholas Mc Guire <hofrat(a)osadl.org> powerpc/icp-hv: Fix missing of_node_put() in success path Nicholas Mc Guire <hofrat(a)osadl.org> powerpc/pseries: Fix missing of_node_put() in rng_init() Håkon Bugge <haakon.bugge(a)oracle.com> IB/mlx4: Adjust delayed work when a dup is observed Valentin Vidic <vvidic(a)valentin-vidic.from.hr> net: korina: fix kfree of rx/tx descriptor array Tom Rix <trix(a)redhat.com> mwifiex: fix double free Johannes Berg <johannes.berg(a)intel.com> nl80211: fix non-split wiphy information Lorenzo Colitti <lorenzo(a)google.com> usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well Dan Carpenter <dan.carpenter(a)oracle.com> mfd: sm501: Fix leaks in probe() Thomas Gleixner <tglx(a)linutronix.de> net: enic: Cure the enic api locking trainwreck Eric Dumazet <edumazet(a)google.com> quota: clear padding in v2r1_mem2diskdqb() Takashi Iwai <tiwai(a)suse.de> ALSA: seq: oss: Avoid mutex lock for a long-time ioctl Souptick Joarder <jrdr.linux(a)gmail.com> misc: mic: scif: Fix error handling path Dan Carpenter <dan.carpenter(a)oracle.com> ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() Dan Carpenter <dan.carpenter(a)oracle.com> HID: roccat: add bounds checking in kone_sysfs_write_settings() Tom Rix <trix(a)redhat.com> video: fbdev: sis: fix null ptr dereference Colin Ian King <colin.king(a)canonical.com> video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error Souptick Joarder <jrdr.linux(a)gmail.com> drivers/virt/fsl_hypervisor: Fix error handling path Artem Savkov <asavkov(a)redhat.com> pty: do tty_flip_buffer_push without port->lock in pty_write Tyrel Datwyler <tyreld(a)linux.ibm.com> tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup() Tong Zhang <ztong0001(a)gmail.com> tty: serial: earlycon dependency Alex Dewar <alex.dewar90(a)gmail.com> VMCI: check return value of get_user_pages_fast() for errors dinghao.liu(a)zju.edu.cn <dinghao.liu(a)zju.edu.cn> backlight: sky81452-backlight: Fix refcount imbalance on error Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' Tom Rix <trix(a)redhat.com> drm/gma500: fix error check Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mwifiex: Do not use GFP_KERNEL in atomic context Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 Dan Carpenter <dan.carpenter(a)oracle.com> ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() Dan Carpenter <dan.carpenter(a)oracle.com> ath6kl: prevent potential array overflow in ath6kl_add_new_sta() Qiushi Wu <wu000273(a)umn.edu> media: ti-vpe: Fix a missing check and reference count leak Tom Rix <trix(a)redhat.com> media: tc358743: initialize variable Tero Kristo <t-kristo(a)ti.com> crypto: omap-sham - fix digcnt register handling with export/import Dinghao Liu <dinghao.liu(a)zju.edu.cn> media: omap3isp: Fix memleak in isp_probe Tom Rix <trix(a)redhat.com> media: m5mols: Check function pointer in m5mols_sensor_power Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()" Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call Dinghao Liu <dinghao.liu(a)zju.edu.cn> EDAC/i5100: Fix error handling order in i5100_init_one() Roberto Sassu <roberto.sassu(a)huawei.com> ima: Don't ignore errors from crypto_shash_update() Dan Carpenter <dan.carpenter(a)oracle.com> cifs: remove bogus debug code Eric Dumazet <edumazet(a)google.com> icmp: randomize the global rate limiter Neal Cardwell <ncardwell(a)google.com> tcp: fix to update snd_wl1 in bulk receiver fast path Defang Bo <bodefang(a)126.com> nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() Xie He <xie.he.0141(a)gmail.com> net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup Xie He <xie.he.0141(a)gmail.com> net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device Andrey Ryabinin <aryabinin(a)virtuozzo.com> x86/mm/ptdump: Fix soft lockup in page table walker Andrey Ryabinin <aryabinin(a)virtuozzo.com> lib/strscpy: Shut up KASAN false-positives in strscpy() Andrey Ryabinin <aryabinin(a)virtuozzo.com> compiler.h: Add read_word_at_a_time() function. Andrey Ryabinin <aryabinin(a)virtuozzo.com> compiler.h, kasan: Avoid duplicating __read_once_size_nocheck() Andrey Ryabinin <aryabinin(a)virtuozzo.com> mm/kasan: add API to check memory regions Andrey Ryabinin <aryabinin(a)virtuozzo.com> mm/kasan: print name of mem[set,cpy,move]() caller in report Dan Carpenter <dan.carpenter(a)oracle.com> ALSA: bebob: potential info leak in hwdep_read() Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix data corruption issue on RTL8402 Maciej Żenczykowski <maze(a)google.com> net/ipv4: always honour route mtu during forwarding Cong Wang <xiyou.wangcong(a)gmail.com> tipc: fix the skb_unshare() in tipc_buf_append() David Wilder <dwilder(a)us.ibm.com> ibmveth: Identify ingress large send packets. ------------- Diffstat: Documentation/networking/ip-sysctl.txt | 4 +- Makefile | 4 +- arch/arm/mm/cache-l2x0.c | 16 ++- arch/arm64/boot/dts/xilinx/zynqmp.dtsi | 4 +- arch/powerpc/include/asm/reg.h | 2 +- arch/powerpc/kernel/tau_6xx.c | 82 +++++---------- arch/powerpc/perf/hv-gpci-requests.h | 6 +- arch/powerpc/platforms/Kconfig | 9 +- arch/powerpc/platforms/powernv/opal-dump.c | 41 +++++--- arch/powerpc/platforms/pseries/rng.c | 1 + arch/powerpc/sysdev/xics/icp-hv.c | 1 + arch/x86/kvm/emulate.c | 2 +- arch/x86/mm/dump_pagetables.c | 2 + drivers/cpufreq/powernv-cpufreq.c | 9 +- drivers/crypto/ixp4xx_crypto.c | 2 +- drivers/crypto/omap-sham.c | 3 + drivers/edac/i5100_edac.c | 11 +- drivers/gpu/drm/gma500/cdv_intel_dp.c | 2 +- drivers/gpu/drm/virtio/virtgpu_kms.c | 2 + drivers/gpu/drm/virtio/virtgpu_vq.c | 10 +- drivers/hid/hid-roccat-kone.c | 23 ++-- drivers/infiniband/hw/mlx4/cm.c | 3 + drivers/input/keyboard/ep93xx_keypad.c | 4 +- drivers/input/keyboard/omap4-keypad.c | 6 +- drivers/input/serio/sun4i-ps2.c | 9 +- drivers/input/touchscreen/imx6ul_tsc.c | 27 +++-- drivers/media/firewire/firedtv-fw.c | 6 +- drivers/media/i2c/m5mols/m5mols_core.c | 3 +- drivers/media/i2c/tc358743.c | 2 +- drivers/media/pci/bt8xx/bttv-driver.c | 13 ++- drivers/media/pci/saa7134/saa7134-tvaudio.c | 3 +- drivers/media/platform/exynos4-is/fimc-isp.c | 4 +- drivers/media/platform/exynos4-is/fimc-lite.c | 2 +- drivers/media/platform/exynos4-is/media-dev.c | 8 +- drivers/media/platform/exynos4-is/mipi-csis.c | 4 +- drivers/media/platform/omap3isp/isp.c | 6 +- drivers/media/platform/sti/bdisp/bdisp-v4l2.c | 3 +- drivers/media/platform/ti-vpe/vpe.c | 2 + drivers/media/rc/ati_remote.c | 4 + drivers/media/usb/uvc/uvc_v4l2.c | 30 ++++++ drivers/memory/fsl-corenet-cf.c | 6 +- drivers/memory/omap-gpmc.c | 4 +- drivers/mfd/rtsx_pcr.c | 4 +- drivers/mfd/sm501.c | 8 +- drivers/misc/mic/scif/scif_rma.c | 4 +- drivers/misc/vmw_vmci/vmci_queue_pair.c | 10 +- drivers/mmc/core/sdio_cis.c | 3 + drivers/mtd/lpddr/lpddr2_nvm.c | 35 ++++--- drivers/mtd/mtdoops.c | 11 +- drivers/net/ethernet/cisco/enic/enic.h | 1 + drivers/net/ethernet/cisco/enic/enic_api.c | 6 ++ drivers/net/ethernet/cisco/enic/enic_main.c | 27 +++-- drivers/net/ethernet/ibm/ibmveth.c | 13 ++- drivers/net/ethernet/korina.c | 3 +- drivers/net/ethernet/realtek/r8169.c | 116 +++++++++++---------- drivers/net/wan/hdlc.c | 10 +- drivers/net/wan/hdlc_raw_eth.c | 1 + drivers/net/wireless/ath/ath10k/htt_rx.c | 8 ++ drivers/net/wireless/ath/ath6kl/main.c | 3 + drivers/net/wireless/ath/ath6kl/wmi.c | 5 + drivers/net/wireless/ath/ath9k/hif_usb.c | 19 ++++ drivers/net/wireless/ath/ath9k/htc_hst.c | 2 + drivers/net/wireless/ath/wcn36xx/main.c | 2 +- drivers/net/wireless/brcm80211/brcmfmac/msgbuf.c | 2 + .../net/wireless/brcm80211/brcmsmac/phy/phy_lcn.c | 4 +- drivers/net/wireless/mwifiex/scan.c | 2 +- drivers/net/wireless/mwifiex/sdio.c | 2 + drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.c | 10 +- drivers/scsi/csiostor/csio_hw.c | 2 +- drivers/scsi/ibmvscsi/ibmvfc.c | 1 + drivers/scsi/mvumi.c | 1 + drivers/scsi/qla4xxx/ql4_os.c | 2 +- drivers/tty/hvc/hvcs.c | 14 +-- drivers/tty/ipwireless/network.c | 4 +- drivers/tty/ipwireless/tty.c | 2 +- drivers/tty/pty.c | 2 +- drivers/tty/serial/Kconfig | 1 + drivers/usb/class/cdc-acm.c | 11 ++ drivers/usb/class/cdc-wdm.c | 72 ++++++++++--- drivers/usb/core/urb.c | 89 +++++++++------- drivers/usb/gadget/function/f_printer.c | 16 ++- drivers/usb/gadget/function/u_ether.c | 2 +- drivers/usb/host/ohci-hcd.c | 16 +-- drivers/vfio/pci/vfio_pci_intrs.c | 4 +- drivers/video/backlight/sky81452-backlight.c | 1 + drivers/video/fbdev/sis/init.c | 11 +- drivers/video/fbdev/vga16fb.c | 14 +-- drivers/virt/fsl_hypervisor.c | 17 ++- fs/cifs/asn1.c | 16 +-- fs/ntfs/inode.c | 6 ++ fs/quota/quota_v2.c | 1 + fs/reiserfs/inode.c | 3 +- fs/reiserfs/super.c | 8 +- fs/udf/inode.c | 25 +++-- fs/udf/super.c | 6 ++ fs/xfs/xfs_rtalloc.c | 11 ++ include/linux/compiler.h | 22 ++-- include/linux/kasan-checks.h | 12 +++ include/net/ip.h | 6 ++ include/scsi/scsi_common.h | 7 ++ include/trace/events/target.h | 12 +-- kernel/debug/kdb/kdb_io.c | 8 +- kernel/power/hibernate.c | 11 -- lib/crc32.c | 2 +- lib/string.c | 2 +- mm/kasan/kasan.c | 76 ++++++++------ net/bluetooth/l2cap_sock.c | 7 +- net/ipv4/icmp.c | 7 +- net/ipv4/tcp_input.c | 2 + net/netfilter/ipvs/ip_vs_ctl.c | 7 +- net/nfc/netlink.c | 2 +- net/tipc/msg.c | 3 +- net/wireless/nl80211.c | 5 +- security/integrity/ima/ima_crypto.c | 2 + sound/core/seq/oss/seq_oss.c | 7 +- sound/firewire/bebob/bebob_hwdep.c | 3 +- tools/perf/util/intel-pt.c | 8 +- 117 files changed, 812 insertions(+), 453 deletions(-)

4 years, 3 months

4
115
0 0

[PATCH v2] usb: gadget: configfs: Fix use-after-free issue with udc_name

by Macpaul Lin

From: Eddie Hung <eddie.hung(a)mediatek.com> There is a use-after-free issue, if access udc_name in function gadget_dev_desc_UDC_store after another context free udc_name in function unregister_gadget. Context 1: gadget_dev_desc_UDC_store()->unregister_gadget()-> free udc_name->set udc_name to NULL Context 2: gadget_dev_desc_UDC_show()-> access udc_name Call trace: dump_backtrace+0x0/0x340 show_stack+0x14/0x1c dump_stack+0xe4/0x134 print_address_description+0x78/0x478 __kasan_report+0x270/0x2ec kasan_report+0x10/0x18 __asan_report_load1_noabort+0x18/0x20 string+0xf4/0x138 vsnprintf+0x428/0x14d0 sprintf+0xe4/0x12c gadget_dev_desc_UDC_show+0x54/0x64 configfs_read_file+0x210/0x3a0 __vfs_read+0xf0/0x49c vfs_read+0x130/0x2b4 SyS_read+0x114/0x208 el0_svc_naked+0x34/0x38 Add mutex_lock to protect this kind of scenario. Signed-off-by: Eddie Hung <eddie.hung(a)mediatek.com> Signed-off-by: Macpaul Lin <macpaul.lin(a)mediatek.com> Reviewed-by: Peter Chen <peter.chen(a)nxp.com> Cc: stable(a)vger.kernel.org --- Changes for v2: - Fix typo %s/contex/context, Thanks Peter. drivers/usb/gadget/configfs.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/usb/gadget/configfs.c b/drivers/usb/gadget/configfs.c index 56051bb..d9743f4 100644 --- a/drivers/usb/gadget/configfs.c +++ b/drivers/usb/gadget/configfs.c @@ -221,9 +221,16 @@ static ssize_t gadget_dev_desc_bcdUSB_store(struct config_item *item, static ssize_t gadget_dev_desc_UDC_show(struct config_item *item, char *page) { - char *udc_name = to_gadget_info(item)->composite.gadget_driver.udc_name; + struct gadget_info *gi = to_gadget_info(item); + char *udc_name; + int ret; + + mutex_lock(&gi->lock); + udc_name = gi->composite.gadget_driver.udc_name; + ret = sprintf(page, "%s\n", udc_name ?: ""); + mutex_unlock(&gi->lock); - return sprintf(page, "%s\n", udc_name ?: ""); + return ret; } static int unregister_gadget(struct gadget_info *gi) -- 1.7.9.5

4 years, 3 months

1
1
0 0

Re: HID : Add devices for HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE

by Dmitry Torokhov

Hi Chris, On Tue, Oct 27, 2020 at 12:57:51PM -0700, Chris Ye wrote: > Add devices for HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE > > Kernel 5.4 introduces HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE, devices need > to be set explicitly with this flag. > Signed-off-by: Chris Ye <lzye(a)google.com> > This is still line-wrapped and still is in HTML. It also is not formatted so that maintainers scripts can process it properly. Please follow Documentation/process/suubmitting-patches.rst "Canonical format patch" section. I recommend using "git format-patch ..." to generate it and git send-email for sending it. Thanks. > diff -uprN -X linux-vanilla/Documentation/dontdiff > linux-vanilla/drivers/hid/hid-ids.h linux/drivers/hid/hid-ids.h > --- linux-vanilla/drivers/hid/hid-ids.h 2020-10-26 22:16:49.930361683 -0700 > +++ linux/drivers/hid/hid-ids.h 2020-10-26 22:20:02.811994573 -0700 > @@ -443,6 +443,10 @@ > #define USB_VENDOR_ID_FRUCTEL 0x25B6 > #define USB_DEVICE_ID_GAMETEL_MT_MODE 0x0002 > > +#define USB_VENDOR_ID_GAMEVICE 0x27F8 > +#define USB_DEVICE_ID_GAMEVICE_GV186 0x0BBE > +#define USB_DEVICE_ID_GAMEVICE_KISHI 0x0BBF > + > #define USB_VENDOR_ID_GAMERON 0x0810 > #define USB_DEVICE_ID_GAMERON_DUAL_PSX_ADAPTOR 0x0001 > #define USB_DEVICE_ID_GAMERON_DUAL_PCS_ADAPTOR 0x0002 > diff -uprN -X linux-vanilla/Documentation/dontdiff > linux-vanilla/drivers/hid/hid-quirks.c linux/drivers/hid/hid-quirks.c > --- linux-vanilla/drivers/hid/hid-quirks.c 2020-10-26 > 22:16:49.930361683 -0700 > +++ linux/drivers/hid/hid-quirks.c 2020-10-26 22:20:02.811994573 -0700 > @@ -84,6 +84,8 @@ static const struct hid_device_id hid_qu > { HID_USB_DEVICE(USB_VENDOR_ID_FREESCALE, > USB_DEVICE_ID_FREESCALE_MX28), HID_QUIRK_NOGET }, > { HID_USB_DEVICE(USB_VENDOR_ID_FUTABA, USB_DEVICE_ID_LED_DISPLAY), > HID_QUIRK_NO_INIT_REPORTS }, > { HID_USB_DEVICE(USB_VENDOR_ID_GREENASIA, > USB_DEVICE_ID_GREENASIA_DUAL_USB_JOYPAD), HID_QUIRK_MULTI_INPUT }, > + { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_GAMEVICE, > USB_DEVICE_ID_GAMEVICE_GV186), HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE }, > + { HID_USB_DEVICE(USB_VENDOR_ID_GAMEVICE, > USB_DEVICE_ID_GAMEVICE_KISHI), HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE }, > { HID_USB_DEVICE(USB_VENDOR_ID_HAPP, USB_DEVICE_ID_UGCI_DRIVING), > HID_QUIRK_BADPAD | HID_QUIRK_MULTI_INPUT }, > { HID_USB_DEVICE(USB_VENDOR_ID_HAPP, USB_DEVICE_ID_UGCI_FIGHTING), > HID_QUIRK_BADPAD | HID_QUIRK_MULTI_INPUT }, > { HID_USB_DEVICE(USB_VENDOR_ID_HAPP, USB_DEVICE_ID_UGCI_FLYING), > HID_QUIRK_BADPAD | HID_QUIRK_MULTI_INPUT }, -- Dmitry

4 years, 3 months

1
0
0 0

Re: [PATCH] mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read

by Miquel Raynal

Hello, Praveenkumar I <ipkumar(a)codeaurora.org> wrote on Wed, 28 Oct 2020 19:48:34 +0530: > Hi Miquel, > > Please find the inline reply. > > Thanks, > Praveenkumar I > > > On 10/28/2020 3:38 PM, Miquel Raynal wrote: > > Hello, > > > > Praveenkumar I <ipkumar(a)codeaurora.org> wrote on Fri, 9 Oct 2020 > > 13:37:52 +0530: > > > >> After each codeword NAND_FLASH_STATUS is read for possible operational > >> failures. But there is no DMA sync for CPU operation before reading it > >> and this leads to incorrect or older copy of DMA buffer in reg_read_buf. > >> > >> This patch adds the DMA sync on reg_read_buf for CPU before reading it. > >> > >> Fixes: 5bc36b2bf6e2 ("mtd: rawnand: qcom: check for operation errors in case of raw read") > > I guess this deserves a proper Cc: stable tag? > > >> Yes. I will send a V2 Patch with stable tag in Cc That's fine for this one, I'll add it myself. > >> Signed-off-by: Praveenkumar I <ipkumar(a)codeaurora.org> > > I think your full name is required in the SoB line (should match the > > authorship). > > >> "Praveenkumar I" is my full name and it is same as the authorship. Ok, sorry for the confusion. > > Otherwise looks good to me. > > > >> --- > >> drivers/mtd/nand/raw/qcom_nandc.c | 2 ++ > >> 1 file changed, 2 insertions(+) > >> > >> diff --git a/drivers/mtd/nand/raw/qcom_nandc.c b/drivers/mtd/nand/raw/qcom_nandc.c > >> index bd7a7251429b..5bb85f1ba84c 100644 > >> --- a/drivers/mtd/nand/raw/qcom_nandc.c > >> +++ b/drivers/mtd/nand/raw/qcom_nandc.c > >> @@ -1570,6 +1570,8 @@ static int check_flash_errors(struct qcom_nand_host *host, int cw_cnt) > >> struct qcom_nand_controller *nandc = get_qcom_nand_controller(chip); > >> int i; > >> >> + nandc_read_buffer_sync(nandc, true); > >> + > >> for (i = 0; i < cw_cnt; i++) { > >> u32 flash = le32_to_cpu(nandc->reg_read_buf[i]); > >> > Thanks, > > Miquèl > Cheers, Miquèl

4 years, 3 months

1
0
0 0

[PATCH 4.9 000/139] 4.9.241-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.241 release. There are 139 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 29 Oct 2020 13:48:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.241-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.241-rc1 Lorenzo Colitti <lorenzo(a)google.com> usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets. Christian Eggers <ceggers(a)arri.de> eeprom: at25: set minimum read/write access stride to 1 Oliver Neukum <oneukum(a)suse.com> USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync(). Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> usb: cdc-acm: add quirk to blacklist ETAS ES58X devices Valentin Vidic <vvidic(a)valentin-vidic.from.hr> net: korina: cast KSEG0 address to pointer in kfree Zekun Shen <bruceshenzk(a)gmail.com> ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() Eli Billauer <eli.billauer(a)gmail.com> usb: core: Solve race condition in anchor cleanup functions Wang Yufen <wangyufen(a)huawei.com> brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach Jan Kara <jack(a)suse.cz> reiserfs: Fix memory leak in reiserfs_parse_options() Peilin Ye <yepeilin.cs(a)gmail.com> ipvs: Fix uninit-value in do_ip_vs_set_ctl() Tong Zhang <ztong0001(a)gmail.com> tty: ipwireless: fix error handling Doug Horn <doughorn(a)google.com> Fix use after free in get_capset_info callback. Chris Chiu <chiu(a)endlessm.com> rtl8xxxu: prevent potential memory leak Keita Suzuki <keitasuzuki.park(a)sslab.ics.keio.ac.jp> brcmsmac: fix memory leak in wlc_phy_attach_lcnphy Jing Xiangfeng <jingxiangfeng(a)huawei.com> scsi: ibmvfc: Fix error return in ibmvfc_probe() Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> Bluetooth: Only mark socket zapped after unlocking Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> usb: ohci: Default to per-port over-current protection Darrick J. Wong <darrick.wong(a)oracle.com> xfs: make sure the rt allocator doesn't run off the end Eric Biggers <ebiggers(a)google.com> reiserfs: only call unlock_new_inode() if I_NEW Keita Suzuki <keitasuzuki.park(a)sslab.ics.keio.ac.jp> misc: rtsx: Fix memory leak in rtsx_pci_probe Brooke Basile <brookebasile(a)gmail.com> ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() Johan Hovold <johan(a)kernel.org> USB: cdc-acm: handle broken union descriptors Jan Kara <jack(a)suse.cz> udf: Avoid accessing uninitialized data on failed inode read Jan Kara <jack(a)suse.cz> udf: Limit sparing table size Zqiang <qiang.zhang(a)windriver.com> usb: gadget: function: printer: fix use-after-free in __lock_acquire Sherry Sun <sherry.sun(a)nxp.com> misc: vop: add round_up(x,4) for vring_size to avoid kernel panic Sherry Sun <sherry.sun(a)nxp.com> mic: vop: copy data to kernel space then write to io memory Roman Bolshakov <r.bolshakov(a)yadro.com> scsi: target: core: Add CONTROL field for trace events Jing Xiangfeng <jingxiangfeng(a)huawei.com> scsi: mvumi: Fix error return in mvumi_io_attach() Christoph Hellwig <hch(a)lst.de> PM: hibernate: remove the bogus call to get_gendisk() in software_resume() Rustam Kovhaev <rkovhaev(a)gmail.com> ntfs: add check for mft record size in superblock Alexander Aring <aahringo(a)redhat.com> fs: dlm: fix configfs memory leak Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: saa7134: avoid a shift overflow Pali Rohár <pali(a)kernel.org> mmc: sdio: Check for CISTPL_VERS_1 buffer size Adam Goode <agoode(a)google.com> media: uvcvideo: Ensure all probed info is returned to v4l2 Xiaolong Huang <butterflyhuangxx(a)gmail.com> media: media/pci: prevent memory leak in bttv_probe Dinghao Liu <dinghao.liu(a)zju.edu.cn> media: bdisp: Fix runtime PM imbalance on error Dinghao Liu <dinghao.liu(a)zju.edu.cn> media: platform: sti: hva: Fix runtime PM imbalance on error Dinghao Liu <dinghao.liu(a)zju.edu.cn> media: platform: s3c-camif: Fix runtime PM imbalance on error Dinghao Liu <dinghao.liu(a)zju.edu.cn> media: vsp1: Fix runtime PM imbalance on error Qiushi Wu <wu000273(a)umn.edu> media: exynos4-is: Fix a reference count leak Qiushi Wu <wu000273(a)umn.edu> media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync Qiushi Wu <wu000273(a)umn.edu> media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync Oliver Neukum <oneukum(a)suse.com> media: ati_remote: sanity check for both endpoints Pavel Machek <pavel(a)ucw.cz> media: firewire: fix memory leak Pavel Machek <pavel(a)denx.de> crypto: ccp - fix error handling Kaige Li <likaige(a)loongson.cn> NTB: hw: amd: fix an issue about leak system resources zhenwei pi <pizhenwei(a)bytedance.com> nvmet: fix uninitialized work for zero kato Vasant Hegde <hegdevasant(a)linux.vnet.ibm.com> powerpc/powernv/dump: Fix race while processing OPAL dump Michal Simek <michal.simek(a)xilinx.com> arm64: dts: zynqmp: Remove additional compatible string for i2c IPs Stephan Gerhold <stephan(a)gerhold.net> arm64: dts: qcom: msm8916: Fix MDP/DSI interrupts Krzysztof Kozlowski <krzk(a)kernel.org> memory: fsl-corenet-cf: Fix handling of platform_get_irq() error Dan Carpenter <dan.carpenter(a)oracle.com> memory: omap-gpmc: Fix a couple off by ones Robert Hoo <robert.hu(a)linux.intel.com> KVM: x86: emulating RDPID failure shall return #UD rather than #GP Krzysztof Kozlowski <krzk(a)kernel.org> Input: sun4i-ps2 - fix handling of platform_get_irq() error Krzysztof Kozlowski <krzk(a)kernel.org> Input: twl4030_keypad - fix handling of platform_get_irq() error Krzysztof Kozlowski <krzk(a)kernel.org> Input: omap4-keypad - fix handling of platform_get_irq() error Krzysztof Kozlowski <krzk(a)kernel.org> Input: ep93xx_keypad - fix handling of platform_get_irq() error Dan Carpenter <dan.carpenter(a)oracle.com> Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Clear token on bypass registration failure Navid Emamdoost <navid.emamdoost(a)gmail.com> clk: bcm2835: add missing release if devm_clk_hw_register fails Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: at91: clk-main: update key before writing AT91_CKGR_MOR Jing Xiangfeng <jingxiangfeng(a)huawei.com> rapidio: fix the missed put_device() for rio_mport_add_riodev Souptick Joarder <jrdr.linux(a)gmail.com> rapidio: fix error handling path Tobias Jordan <kernel(a)cdqe.de> lib/crc32.c: fix trivial typo in preprocessor condition Colin Ian King <colin.king(a)canonical.com> IB/rdmavt: Fix sizeof mismatch Srikar Dronamraju <srikar(a)linux.vnet.ibm.com> cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier Kajol Jain <kjain(a)linux.ibm.com> powerpc/perf/hv-gpci: Fix starting index value Athira Rajeev <atrajeev(a)linux.vnet.ibm.com> powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints Leon Romanovsky <leonro(a)nvidia.com> overflow: Include header file with SIZE_MAX declaration Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Fix pager search for multi-line strings Lijun Ou <oulijun(a)huawei.com> RDMA/hns: Set the unsupported wr opcode Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix "context_switch event has no tid" error Finn Thain <fthain(a)telegraphics.com.au> powerpc/tau: Disable TAU between measurements Finn Thain <fthain(a)telegraphics.com.au> powerpc/tau: Remove duplicated set_thresholds() call Finn Thain <fthain(a)telegraphics.com.au> powerpc/tau: Use appropriate temperature sample interval Michal Kalderon <michal.kalderon(a)marvell.com> RDMA/qedr: Fix use of uninitialized field Guillaume Tucker <guillaume.tucker(a)collabora.com> ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values Mark Tomlinson <mark.tomlinson(a)alliedtelesis.co.nz> mtd: mtdoops: Don't write panic data twice Arnd Bergmann <arnd(a)arndb.de> mtd: lpddr: fix excessive stack usage with clang Nicholas Mc Guire <hofrat(a)osadl.org> powerpc/icp-hv: Fix missing of_node_put() in success path Nicholas Mc Guire <hofrat(a)osadl.org> powerpc/pseries: Fix missing of_node_put() in rng_init() Håkon Bugge <haakon.bugge(a)oracle.com> IB/mlx4: Adjust delayed work when a dup is observed Håkon Bugge <haakon.bugge(a)oracle.com> IB/mlx4: Fix starvation in paravirt mux/demux Valentin Vidic <vvidic(a)valentin-vidic.from.hr> net: korina: fix kfree of rx/tx descriptor array Tom Rix <trix(a)redhat.com> mwifiex: fix double free Dan Carpenter <dan.carpenter(a)oracle.com> scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() Johannes Berg <johannes.berg(a)intel.com> nl80211: fix non-split wiphy information Lorenzo Colitti <lorenzo(a)google.com> usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well Lorenzo Colitti <lorenzo(a)google.com> usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above. Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> iwlwifi: mvm: split a print to avoid a WARNING in ROC Dan Carpenter <dan.carpenter(a)oracle.com> mfd: sm501: Fix leaks in probe() Thomas Gleixner <tglx(a)linutronix.de> net: enic: Cure the enic api locking trainwreck Eric Dumazet <edumazet(a)google.com> quota: clear padding in v2r1_mem2diskdqb() Takashi Iwai <tiwai(a)suse.de> ALSA: seq: oss: Avoid mutex lock for a long-time ioctl Souptick Joarder <jrdr.linux(a)gmail.com> misc: mic: scif: Fix error handling path Dan Carpenter <dan.carpenter(a)oracle.com> ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() Dan Carpenter <dan.carpenter(a)oracle.com> HID: roccat: add bounds checking in kone_sysfs_write_settings() Tom Rix <trix(a)redhat.com> video: fbdev: sis: fix null ptr dereference Colin Ian King <colin.king(a)canonical.com> video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error Souptick Joarder <jrdr.linux(a)gmail.com> drivers/virt/fsl_hypervisor: Fix error handling path Artem Savkov <asavkov(a)redhat.com> pty: do tty_flip_buffer_push without port->lock in pty_write Tyrel Datwyler <tyreld(a)linux.ibm.com> tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup() Tong Zhang <ztong0001(a)gmail.com> tty: serial: earlycon dependency Alex Dewar <alex.dewar90(a)gmail.com> VMCI: check return value of get_user_pages_fast() for errors dinghao.liu(a)zju.edu.cn <dinghao.liu(a)zju.edu.cn> backlight: sky81452-backlight: Fix refcount imbalance on error Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' Tom Rix <trix(a)redhat.com> drm/gma500: fix error check Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mwifiex: Do not use GFP_KERNEL in atomic context Rohit kumar <rohitkr(a)codeaurora.org> ASoC: qcom: lpass-platform: fix memory leak Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 Dan Carpenter <dan.carpenter(a)oracle.com> ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() Dan Carpenter <dan.carpenter(a)oracle.com> ath6kl: prevent potential array overflow in ath6kl_add_new_sta() Venkateswara Naralasetty <vnaralas(a)codeaurora.org> ath10k: provide survey info as accumulated data Michał Mirosław <mirq-linux(a)rere.qmqm.pl> regulator: resolve supply after creating regulator Qiushi Wu <wu000273(a)umn.edu> media: ti-vpe: Fix a missing check and reference count leak Qiushi Wu <wu000273(a)umn.edu> media: platform: fcp: Fix a reference count leak. Tom Rix <trix(a)redhat.com> media: tc358743: initialize variable Tero Kristo <t-kristo(a)ti.com> crypto: omap-sham - fix digcnt register handling with export/import Dinghao Liu <dinghao.liu(a)zju.edu.cn> media: omap3isp: Fix memleak in isp_probe Tom Rix <trix(a)redhat.com> media: m5mols: Check function pointer in m5mols_sensor_power Sylwester Nawrocki <s.nawrocki(a)samsung.com> media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()" Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call Dinghao Liu <dinghao.liu(a)zju.edu.cn> EDAC/i5100: Fix error handling order in i5100_init_one() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: algif_aead - Do not set MAY_BACKLOG on the async path Roberto Sassu <roberto.sassu(a)huawei.com> ima: Don't ignore errors from crypto_shash_update() Sean Christopherson <sean.j.christopherson(a)intel.com> KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages Dan Carpenter <dan.carpenter(a)oracle.com> cifs: remove bogus debug code Eric Dumazet <edumazet(a)google.com> icmp: randomize the global rate limiter Neal Cardwell <ncardwell(a)google.com> tcp: fix to update snd_wl1 in bulk receiver fast path Defang Bo <bodefang(a)126.com> nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() Xie He <xie.he.0141(a)gmail.com> net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup Xie He <xie.he.0141(a)gmail.com> net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device Dan Carpenter <dan.carpenter(a)oracle.com> ALSA: bebob: potential info leak in hwdep_read() Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix data corruption issue on RTL8402 Maciej Żenczykowski <maze(a)google.com> net/ipv4: always honour route mtu during forwarding Cong Wang <xiyou.wangcong(a)gmail.com> tipc: fix the skb_unshare() in tipc_buf_append() David Wilder <dwilder(a)us.ibm.com> ibmveth: Identify ingress large send packets. ------------- Diffstat: Documentation/networking/ip-sysctl.txt | 4 +- Makefile | 4 +- arch/arm/mm/cache-l2x0.c | 16 ++- arch/arm64/boot/dts/qcom/msm8916.dtsi | 4 +- arch/arm64/boot/dts/xilinx/zynqmp.dtsi | 4 +- arch/powerpc/include/asm/reg.h | 2 +- arch/powerpc/kernel/tau_6xx.c | 82 ++++++---------- arch/powerpc/perf/hv-gpci-requests.h | 6 +- arch/powerpc/perf/isa207-common.c | 10 ++ arch/powerpc/platforms/Kconfig | 9 +- arch/powerpc/platforms/powernv/opal-dump.c | 41 +++++--- arch/powerpc/platforms/pseries/rng.c | 1 + arch/powerpc/sysdev/xics/icp-hv.c | 1 + arch/x86/kvm/emulate.c | 2 +- arch/x86/kvm/mmu.c | 1 + crypto/algif_aead.c | 4 +- drivers/clk/at91/clk-main.c | 11 ++- drivers/clk/bcm/clk-bcm2835.c | 4 +- drivers/cpufreq/powernv-cpufreq.c | 9 +- drivers/crypto/ccp/ccp-ops.c | 2 +- drivers/crypto/ixp4xx_crypto.c | 2 +- drivers/crypto/omap-sham.c | 3 + drivers/edac/i5100_edac.c | 11 +-- drivers/gpu/drm/gma500/cdv_intel_dp.c | 2 +- drivers/gpu/drm/virtio/virtgpu_kms.c | 2 + drivers/gpu/drm/virtio/virtgpu_vq.c | 10 +- drivers/hid/hid-roccat-kone.c | 23 +++-- drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 1 - drivers/infiniband/hw/mlx4/cm.c | 3 + drivers/infiniband/hw/mlx4/mad.c | 34 ++++++- drivers/infiniband/hw/mlx4/mlx4_ib.h | 2 + drivers/infiniband/hw/qedr/main.c | 2 +- drivers/infiniband/sw/rdmavt/vt.c | 4 +- drivers/input/keyboard/ep93xx_keypad.c | 4 +- drivers/input/keyboard/omap4-keypad.c | 6 +- drivers/input/keyboard/twl4030_keypad.c | 8 +- drivers/input/serio/sun4i-ps2.c | 9 +- drivers/input/touchscreen/imx6ul_tsc.c | 27 +++--- drivers/media/firewire/firedtv-fw.c | 6 +- drivers/media/i2c/m5mols/m5mols_core.c | 3 +- drivers/media/i2c/tc358743.c | 2 +- drivers/media/pci/bt8xx/bttv-driver.c | 13 ++- drivers/media/pci/saa7134/saa7134-tvaudio.c | 3 +- drivers/media/platform/exynos4-is/fimc-isp.c | 4 +- drivers/media/platform/exynos4-is/fimc-lite.c | 2 +- drivers/media/platform/exynos4-is/media-dev.c | 8 +- drivers/media/platform/exynos4-is/mipi-csis.c | 4 +- drivers/media/platform/omap3isp/isp.c | 6 +- drivers/media/platform/rcar-fcp.c | 4 +- drivers/media/platform/s3c-camif/camif-core.c | 5 +- drivers/media/platform/sti/bdisp/bdisp-v4l2.c | 3 +- drivers/media/platform/sti/hva/hva-hw.c | 2 +- drivers/media/platform/ti-vpe/vpe.c | 2 + drivers/media/platform/vsp1/vsp1_drv.c | 11 ++- drivers/media/rc/ati_remote.c | 4 + drivers/media/usb/uvc/uvc_v4l2.c | 30 ++++++ drivers/memory/fsl-corenet-cf.c | 6 +- drivers/memory/omap-gpmc.c | 4 +- drivers/mfd/rtsx_pcr.c | 4 +- drivers/mfd/sm501.c | 8 +- drivers/misc/eeprom/at25.c | 2 +- drivers/misc/mic/scif/scif_rma.c | 4 +- drivers/misc/mic/vop/vop_main.c | 2 +- drivers/misc/mic/vop/vop_vringh.c | 24 +++-- drivers/misc/vmw_vmci/vmci_queue_pair.c | 10 +- drivers/mmc/core/sdio_cis.c | 3 + drivers/mtd/lpddr/lpddr2_nvm.c | 35 ++++--- drivers/mtd/mtdoops.c | 11 ++- drivers/net/ethernet/cisco/enic/enic.h | 1 + drivers/net/ethernet/cisco/enic/enic_api.c | 6 ++ drivers/net/ethernet/cisco/enic/enic_main.c | 27 ++++-- drivers/net/ethernet/ibm/ibmveth.c | 13 ++- drivers/net/ethernet/korina.c | 3 +- drivers/net/ethernet/realtek/r8169.c | 108 +++++++++++---------- drivers/net/wan/hdlc.c | 10 +- drivers/net/wan/hdlc_raw_eth.c | 1 + drivers/net/wireless/ath/ath10k/htt_rx.c | 8 ++ drivers/net/wireless/ath/ath10k/mac.c | 2 +- drivers/net/wireless/ath/ath6kl/main.c | 3 + drivers/net/wireless/ath/ath6kl/wmi.c | 5 + drivers/net/wireless/ath/ath9k/hif_usb.c | 19 ++++ drivers/net/wireless/ath/ath9k/htc_hst.c | 2 + drivers/net/wireless/ath/wcn36xx/main.c | 2 +- .../wireless/broadcom/brcm80211/brcmfmac/msgbuf.c | 2 + .../broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 9 +- drivers/net/wireless/marvell/mwifiex/scan.c | 2 +- drivers/net/wireless/marvell/mwifiex/sdio.c | 2 + .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 10 +- drivers/ntb/hw/amd/ntb_hw_amd.c | 1 + drivers/nvme/target/core.c | 3 +- drivers/rapidio/devices/rio_mport_cdev.c | 18 ++-- drivers/regulator/core.c | 21 ++-- drivers/scsi/be2iscsi/be_main.c | 4 +- drivers/scsi/csiostor/csio_hw.c | 2 +- drivers/scsi/ibmvscsi/ibmvfc.c | 1 + drivers/scsi/mvumi.c | 1 + drivers/scsi/qla4xxx/ql4_os.c | 2 +- drivers/tty/hvc/hvcs.c | 14 +-- drivers/tty/ipwireless/network.c | 4 +- drivers/tty/ipwireless/tty.c | 2 +- drivers/tty/pty.c | 2 +- drivers/tty/serial/Kconfig | 1 + drivers/usb/class/cdc-acm.c | 23 +++++ drivers/usb/class/cdc-wdm.c | 72 ++++++++++---- drivers/usb/core/urb.c | 89 ++++++++++------- drivers/usb/gadget/function/f_ncm.c | 8 +- drivers/usb/gadget/function/f_printer.c | 16 ++- drivers/usb/gadget/function/u_ether.c | 2 +- drivers/usb/host/ohci-hcd.c | 16 +-- drivers/vfio/pci/vfio_pci_intrs.c | 4 +- drivers/video/backlight/sky81452-backlight.c | 1 + drivers/video/fbdev/sis/init.c | 11 +-- drivers/video/fbdev/vga16fb.c | 14 +-- drivers/virt/fsl_hypervisor.c | 17 ++-- fs/cifs/asn1.c | 16 +-- fs/dlm/config.c | 3 + fs/ntfs/inode.c | 6 ++ fs/quota/quota_v2.c | 1 + fs/reiserfs/inode.c | 3 +- fs/reiserfs/super.c | 8 +- fs/udf/inode.c | 25 ++--- fs/udf/super.c | 6 ++ fs/xfs/xfs_rtalloc.c | 11 +++ include/linux/overflow.h | 1 + include/net/ip.h | 6 ++ include/scsi/scsi_common.h | 7 ++ include/trace/events/target.h | 12 +-- kernel/debug/kdb/kdb_io.c | 8 +- kernel/power/hibernate.c | 11 --- lib/crc32.c | 2 +- net/bluetooth/l2cap_sock.c | 7 +- net/ipv4/icmp.c | 7 +- net/ipv4/tcp_input.c | 2 + net/netfilter/ipvs/ip_vs_ctl.c | 7 +- net/nfc/netlink.c | 2 +- net/tipc/msg.c | 3 +- net/wireless/nl80211.c | 5 +- samples/mic/mpssd/mpssd.c | 4 +- security/integrity/ima/ima_crypto.c | 2 + sound/core/seq/oss/seq_oss.c | 7 +- sound/firewire/bebob/bebob_hwdep.c | 3 +- sound/soc/qcom/lpass-platform.c | 3 +- tools/perf/util/intel-pt.c | 8 +- 144 files changed, 891 insertions(+), 478 deletions(-)

4 years, 3 months

3
141
0 0

[PATCH] mm/slub: fix panic in slab_alloc_node()

by Laurent Dufour

While doing memory hot-unplug operation on a PowerPC VM running 1024 CPUs with 11TB of ram, I hit the following panic: BUG: Kernel NULL pointer dereference on read at 0x00000007 Faulting instruction address: 0xc000000000456048 Oops: Kernel access of bad area, sig: 11 [#2] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries Modules linked in: rpadlpar_io rpaphp CPU: 160 PID: 1 Comm: systemd Tainted: G D 5.9.0 #1 NIP: c000000000456048 LR: c000000000455fd4 CTR: c00000000047b350 REGS: c00006028d1b77a0 TRAP: 0300 Tainted: G D (5.9.0) MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 24004228 XER: 00000000 CFAR: c00000000000f1b0 DAR: 0000000000000007 DSISR: 40000000 IRQMASK: 0 GPR00: c000000000455fd4 c00006028d1b7a30 c000000001bec800 0000000000000000 GPR04: 0000000000000dc0 0000000000000000 00000000000374ef c00007c53df99320 GPR08: 000007c53c980000 0000000000000000 000007c53c980000 0000000000000000 GPR12: 0000000000004400 c00000001e8e4400 0000000000000000 0000000000000f6a GPR16: 0000000000000000 c000000001c25930 c000000001d62528 00000000000000c1 GPR20: c000000001d62538 c00006be469e9000 0000000fffffffe0 c0000000003c0ff8 GPR24: 0000000000000018 0000000000000000 0000000000000dc0 0000000000000000 GPR28: c00007c513755700 c000000001c236a4 c00007bc4001f800 0000000000000001 NIP [c000000000456048] __kmalloc_node+0x108/0x790 LR [c000000000455fd4] __kmalloc_node+0x94/0x790 Call Trace: [c00006028d1b7a30] [c00007c51af92000] 0xc00007c51af92000 (unreliable) [c00006028d1b7aa0] [c0000000003c0ff8] kvmalloc_node+0x58/0x110 [c00006028d1b7ae0] [c00000000047b45c] mem_cgroup_css_online+0x10c/0x270 [c00006028d1b7b30] [c000000000241fd8] online_css+0x48/0xd0 [c00006028d1b7b60] [c00000000024af14] cgroup_apply_control_enable+0x2c4/0x470 [c00006028d1b7c40] [c00000000024e838] cgroup_mkdir+0x408/0x5f0 [c00006028d1b7cb0] [c0000000005a4ef0] kernfs_iop_mkdir+0x90/0x100 [c00006028d1b7cf0] [c0000000004b8168] vfs_mkdir+0x138/0x250 [c00006028d1b7d40] [c0000000004baf04] do_mkdirat+0x154/0x1c0 [c00006028d1b7dc0] [c000000000032b38] system_call_exception+0xf8/0x200 [c00006028d1b7e20] [c00000000000c740] system_call_common+0xf0/0x27c Instruction dump: e93e0000 e90d0030 39290008 7cc9402a e94d0030 e93e0000 7ce95214 7f89502a 2fbc0000 419e0018 41920230 e9270010 <89290007> 7f994800 419e0220 7ee6bb78 This pointing to the following code: mm/slub.c:2851 if (unlikely(!object || !node_match(page, node))) { c000000000456038: 00 00 bc 2f cmpdi cr7,r28,0 c00000000045603c: 18 00 9e 41 beq cr7,c000000000456054 <__kmalloc_node+0x114> node_match(): mm/slub.c:2491 if (node != NUMA_NO_NODE && page_to_nid(page) != node) c000000000456040: 30 02 92 41 beq cr4,c000000000456270 <__kmalloc_node+0x330> page_to_nid(): include/linux/mm.h:1294 c000000000456044: 10 00 27 e9 ld r9,16(r7) c000000000456048: 07 00 29 89 lbz r9,7(r9) <<<< r9 = NULL node_match(): mm/slub.c:2491 c00000000045604c: 00 48 99 7f cmpw cr7,r25,r9 c000000000456050: 20 02 9e 41 beq cr7,c000000000456270 <__kmalloc_node+0x330> The panic occurred in slab_alloc_node() when checking for the page's node: object = c->freelist; page = c->page; if (unlikely(!object || !node_match(page, node))) { object = __slab_alloc(s, gfpflags, node, addr, c); stat(s, ALLOC_SLOWPATH); The issue is that object is not NULL while page is NULL which is odd but may happen if the cache flush happened after loading object but before loading page. Thus checking for the page pointer is required too. In commit 6159d0f5c03e ("mm/slub.c: page is always non-NULL in node_match()") check on the page pointer has been removed assuming that page is always valid when it is called. It happens that this is not true in that particular case, so check for page before calling node_match() here. Fixes: 6159d0f5c03e ("mm/slub.c: page is always non-NULL in node_match()") Signed-off-by: Laurent Dufour <ldufour(a)linux.ibm.com> Cc: Christoph Lameter <cl(a)linux.com> Cc: Pekka Enberg <penberg(a)kernel.org> Cc: David Rientjes <rientjes(a)google.com> Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: stable(a)vger.kernel.org --- mm/slub.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/slub.c b/mm/slub.c index 8f66de8a5ab3..7dc5c6aaf4b7 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -2852,7 +2852,7 @@ static __always_inline void *slab_alloc_node(struct kmem_cache *s, object = c->freelist; page = c->page; - if (unlikely(!object || !node_match(page, node))) { + if (unlikely(!object || !page || !node_match(page, node))) { object = __slab_alloc(s, gfpflags, node, addr, c); } else { void *next_object = get_freepointer_safe(s, object); -- 2.29.1

4 years, 3 months

4
8
0 0

patch "vt: keyboard, extend func_buf_lock to readers" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vt: keyboard, extend func_buf_lock to readers to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 82e61c3909db51d91b9d3e2071557b6435018b80 Mon Sep 17 00:00:00 2001 From: Jiri Slaby <jslaby(a)suse.cz> Date: Mon, 19 Oct 2020 10:55:17 +0200 Subject: vt: keyboard, extend func_buf_lock to readers Both read-side users of func_table/func_buf need locking. Without that, one can easily confuse the code by repeatedly setting altering strings like: while (1) for (a = 0; a < 2; a++) { struct kbsentry kbs = {}; strcpy((char *)kbs.kb_string, a ? ".\n" : "88888\n"); ioctl(fd, KDSKBSENT, &kbs); } When that program runs, one can get unexpected output by holding F1 (note the unxpected period on the last line): . 88888 .8888 So protect all accesses to 'func_table' (and func_buf) by preexisting 'func_buf_lock'. It is easy in 'k_fn' handler as 'puts_queue' is expected not to sleep. On the other hand, KDGKBSENT needs a local (atomic) copy of the string because copy_to_user can sleep. Use already allocated, but unused 'kbs->kb_string' for that purpose. Note that the program above needs at least CAP_SYS_TTY_CONFIG. This depends on the previous patch and on the func_buf_lock lock added in commit 46ca3f735f34 (tty/vt: fix write/write race in ioctl(KDSKBSENT) handler) in 5.2. Likely fixes CVE-2020-25656. Cc: <stable(a)vger.kernel.org> Reported-by: Minh Yuan <yuanmingbuaa(a)gmail.com> Signed-off-by: Jiri Slaby <jslaby(a)suse.cz> Link: https://lore.kernel.org/r/20201019085517.10176-2-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/vt/keyboard.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c index 7bfa95c3252c..78acc270e39a 100644 --- a/drivers/tty/vt/keyboard.c +++ b/drivers/tty/vt/keyboard.c @@ -743,8 +743,13 @@ static void k_fn(struct vc_data *vc, unsigned char value, char up_flag) return; if ((unsigned)value < ARRAY_SIZE(func_table)) { + unsigned long flags; + + spin_lock_irqsave(&func_buf_lock, flags); if (func_table[value]) puts_queue(vc, func_table[value]); + spin_unlock_irqrestore(&func_buf_lock, flags); + } else pr_err("k_fn called with value=%d\n", value); } @@ -1991,7 +1996,7 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, #undef s #undef v -/* FIXME: This one needs untangling and locking */ +/* FIXME: This one needs untangling */ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) { struct kbsentry *kbs; @@ -2023,10 +2028,14 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) switch (cmd) { case KDGKBSENT: { /* size should have been a struct member */ - unsigned char *from = func_table[i] ? : ""; + ssize_t len = sizeof(user_kdgkb->kb_string); + + spin_lock_irqsave(&func_buf_lock, flags); + len = strlcpy(kbs->kb_string, func_table[i] ? : "", len); + spin_unlock_irqrestore(&func_buf_lock, flags); - ret = copy_to_user(user_kdgkb->kb_string, from, - strlen(from) + 1) ? -EFAULT : 0; + ret = copy_to_user(user_kdgkb->kb_string, kbs->kb_string, + len + 1) ? -EFAULT : 0; goto reterr; } -- 2.29.1

4 years, 3 months

1
0
0 0

patch "vt: keyboard, simplify vt_kdgkbsent" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vt: keyboard, simplify vt_kdgkbsent to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 6ca03f90527e499dd5e32d6522909e2ad390896b Mon Sep 17 00:00:00 2001 From: Jiri Slaby <jslaby(a)suse.cz> Date: Mon, 19 Oct 2020 10:55:16 +0200 Subject: vt: keyboard, simplify vt_kdgkbsent Use 'strlen' of the string, add one for NUL terminator and simply do 'copy_to_user' instead of the explicit 'for' loop. This makes the KDGKBSENT case more compact. The only thing we need to take care about is NULL 'func_table[i]'. Use an empty string in that case. The original check for overflow could never trigger as the func_buf strings are always shorter or equal to 'struct kbsentry's. Cc: <stable(a)vger.kernel.org> Signed-off-by: Jiri Slaby <jslaby(a)suse.cz> Link: https://lore.kernel.org/r/20201019085517.10176-1-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/vt/keyboard.c | 28 +++++++++------------------- 1 file changed, 9 insertions(+), 19 deletions(-) diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c index 0db53b5b3acf..7bfa95c3252c 100644 --- a/drivers/tty/vt/keyboard.c +++ b/drivers/tty/vt/keyboard.c @@ -1995,9 +1995,7 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) { struct kbsentry *kbs; - char *p; u_char *q; - u_char __user *up; int sz, fnw_sz; int delta; char *first_free, *fj, *fnw; @@ -2023,23 +2021,15 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) i = array_index_nospec(kbs->kb_func, MAX_NR_FUNC); switch (cmd) { - case KDGKBSENT: - sz = sizeof(kbs->kb_string) - 1; /* sz should have been - a struct member */ - up = user_kdgkb->kb_string; - p = func_table[i]; - if(p) - for ( ; *p && sz; p++, sz--) - if (put_user(*p, up++)) { - ret = -EFAULT; - goto reterr; - } - if (put_user('\0', up)) { - ret = -EFAULT; - goto reterr; - } - kfree(kbs); - return ((p && *p) ? -EOVERFLOW : 0); + case KDGKBSENT: { + /* size should have been a struct member */ + unsigned char *from = func_table[i] ? : ""; + + ret = copy_to_user(user_kdgkb->kb_string, from, + strlen(from) + 1) ? -EFAULT : 0; + + goto reterr; + } case KDSKBSENT: if (!perm) { ret = -EPERM; -- 2.29.1

4 years, 3 months

1
0
0 0

patch "tty: serial: fsl_lpuart: LS1021A has a FIFO size of 16 words, like" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tty: serial: fsl_lpuart: LS1021A has a FIFO size of 16 words, like to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From c97f2a6fb3dfbfbbc88edc8ea62ef2b944e18849 Mon Sep 17 00:00:00 2001 From: Vladimir Oltean <vladimir.oltean(a)nxp.com> Date: Fri, 23 Oct 2020 04:34:29 +0300 Subject: tty: serial: fsl_lpuart: LS1021A has a FIFO size of 16 words, like LS1028A MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Prior to the commit that this one fixes, the FIFO size was derived from the read-only register LPUARTx_FIFO[TXFIFOSIZE] using the following formula: TX FIFO size = 2 ^ (LPUARTx_FIFO[TXFIFOSIZE] - 1) The documentation for LS1021A is a mess. Under chapter 26.1.3 LS1021A LPUART module special consideration, it mentions TXFIFO_SZ and RXFIFO_SZ being equal to 4, and in the register description for LPUARTx_FIFO, it shows the out-of-reset value of TXFIFOSIZE and RXFIFOSIZE fields as "011", even though these registers read as "101" in reality. And when LPUART on LS1021A was working, the "101" value did correspond to "16 datawords", by applying the formula above, even though the documentation is wrong again (!!!!) and says that "101" means 64 datawords (hint: it doesn't). So the "new" formula created by commit f77ebb241ce0 has all the premises of being wrong for LS1021A, because it relied only on false data and no actual experimentation. Interestingly, in commit c2f448cff22a ("tty: serial: fsl_lpuart: add LS1028A support"), Michael Walle applied a workaround to this by manually setting the FIFO widths for LS1028A. It looks like the same values are used by LS1021A as well, in fact. When the driver thinks that it has a deeper FIFO than it really has, getty (user space) output gets truncated. Many thanks to Michael for pointing out where to look. Fixes: f77ebb241ce0 ("tty: serial: fsl_lpuart: correct the FIFO depth size") Suggested-by: Michael Walle <michael(a)walle.cc> Signed-off-by: Vladimir Oltean <vladimir.oltean(a)nxp.com> Link: https://lore.kernel.org/r/20201023013429.3551026-1-vladimir.oltean@nxp.com Reviewed-by：Fugang Duan <fugang.duan(a)nxp.com> Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/fsl_lpuart.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c index ff4b88c637d0..bd047e1f9bea 100644 --- a/drivers/tty/serial/fsl_lpuart.c +++ b/drivers/tty/serial/fsl_lpuart.c @@ -314,9 +314,10 @@ MODULE_DEVICE_TABLE(of, lpuart_dt_ids); /* Forward declare this for the dma callbacks*/ static void lpuart_dma_tx_complete(void *arg); -static inline bool is_ls1028a_lpuart(struct lpuart_port *sport) +static inline bool is_layerscape_lpuart(struct lpuart_port *sport) { - return sport->devtype == LS1028A_LPUART; + return (sport->devtype == LS1021A_LPUART || + sport->devtype == LS1028A_LPUART); } static inline bool is_imx8qxp_lpuart(struct lpuart_port *sport) @@ -1701,11 +1702,11 @@ static int lpuart32_startup(struct uart_port *port) UARTFIFO_FIFOSIZE_MASK); /* - * The LS1028A has a fixed length of 16 words. Although it supports the - * RX/TXSIZE fields their encoding is different. Eg the reference manual - * states 0b101 is 16 words. + * The LS1021A and LS1028A have a fixed FIFO depth of 16 words. + * Although they support the RX/TXSIZE fields, their encoding is + * different. Eg the reference manual states 0b101 is 16 words. */ - if (is_ls1028a_lpuart(sport)) { + if (is_layerscape_lpuart(sport)) { sport->rxfifo_size = 16; sport->txfifo_size = 16; sport->port.fifosize = sport->txfifo_size; -- 2.29.1

4 years, 3 months

1
0
0 0

patch "tty: serial: 21285: fix lockup on open" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled tty: serial: 21285: fix lockup on open to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 82776f6c75a90e1d2103e689b84a689de8f1aa02 Mon Sep 17 00:00:00 2001 From: Russell King <rmk+kernel(a)armlinux.org.uk> Date: Sun, 18 Oct 2020 09:42:04 +0100 Subject: tty: serial: 21285: fix lockup on open Commit 293f89959483 ("tty: serial: 21285: stop using the unused[] variable from struct uart_port") introduced a bug which stops the transmit interrupt being disabled when there are no characters to transmit - disabling the transmit interrupt at the interrupt controller is the only way to stop an interrupt storm. If this interrupt is not disabled when there are no transmit characters, we end up with an interrupt storm which prevents the machine making forward progress. Fixes: 293f89959483 ("tty: serial: 21285: stop using the unused[] variable from struct uart_port") Signed-off-by: Russell King <rmk+kernel(a)armlinux.org.uk> Cc: stable <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/E1kU4GS-0006lE-OO@rmk-PC.armlinux.org.uk Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/21285.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/tty/serial/21285.c b/drivers/tty/serial/21285.c index 718e010fcb04..09baef4ccc39 100644 --- a/drivers/tty/serial/21285.c +++ b/drivers/tty/serial/21285.c @@ -50,25 +50,25 @@ static const char serial21285_name[] = "Footbridge UART"; static bool is_enabled(struct uart_port *port, int bit) { - unsigned long private_data = (unsigned long)port->private_data; + unsigned long *private_data = (unsigned long *)&port->private_data; - if (test_bit(bit, &private_data)) + if (test_bit(bit, private_data)) return true; return false; } static void enable(struct uart_port *port, int bit) { - unsigned long private_data = (unsigned long)port->private_data; + unsigned long *private_data = (unsigned long *)&port->private_data; - set_bit(bit, &private_data); + set_bit(bit, private_data); } static void disable(struct uart_port *port, int bit) { - unsigned long private_data = (unsigned long)port->private_data; + unsigned long *private_data = (unsigned long *)&port->private_data; - clear_bit(bit, &private_data); + clear_bit(bit, private_data); } #define is_tx_enabled(port) is_enabled(port, tx_enabled_bit) -- 2.29.1

4 years, 3 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2020