July 2020 - Linux-stable-mirror

patch "usb: cdns3: gadget: always zeroed TRB buffer when enable endpoint" added to usb-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: cdns3: gadget: always zeroed TRB buffer when enable endpoint to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the usb-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. >From 95f5acfc4f58f01a22b66d8c9c0ffb72aa96271c Mon Sep 17 00:00:00 2001 From: Peter Chen <peter.chen(a)nxp.com> Date: Wed, 22 Jul 2020 11:06:19 +0800 Subject: usb: cdns3: gadget: always zeroed TRB buffer when enable endpoint During the endpoint dequeue operation, it changes dequeued TRB as link TRB, when the endpoint is disabled and re-enabled, the DMA fetches the TRB before the link TRB, after it handles current TRB, the DMA pointer will advance to the TRB after link TRB, but enqueue and dequene variables don't know it due to no hardware interrupt at the time, when the next TRB is added to link TRB position, the DMA will not handle this TRB due to its pointer is already at the next TRB. See the trace log like below: file-storage-675 [001] d..1 86.585657: usb_ep_queue: ep0: req 00000000df9b3a4f length 0/0 sgs 0/0 stream 0 zsI status 0 --> 0 file-storage-675 [001] d..1 86.585663: cdns3_ep_queue: ep1out: req: 000000002ebce364, req buff 00000000f5bc96b4, length: 0/1024 zsi, status: -115, trb: [start:0, end:0: virt addr (null)], flags:0 SID: 0 file-storage-675 [001] d..1 86.585671: cdns3_prepare_trb: ep1out: trb 000000007f770303, dma buf: 0xbd195800, size: 1024, burst: 128 ctrl: 0x00000425 (C=1, T=0, ISP, IOC, Normal) SID:0 LAST_SID:0 file-storage-675 [001] d..1 86.585676: cdns3_ring: Ring contents for ep1out: Ring deq index: 0, trb: 000000007f770303 (virt), 0xc4003000 (dma) Ring enq index: 1, trb: 0000000049c1ba21 (virt), 0xc400300c (dma) free trbs: 38, CCS=1, PCS=1 @0x00000000c4003000 bd195800 80020400 00000425 @0x00000000c400300c c4003018 80020400 00001811 @0x00000000c4003018 bcfcc000 0000001f 00000426 @0x00000000c4003024 bcfce800 0000001f 00000426 ... irq/144-5b13000-698 [000] d... 87.619286: usb_gadget_giveback_request: ep1in: req 0000000031b832eb length 13/13 sgs 0/0 stream 0 zsI status 0 --> 0 file-storage-675 [001] d..1 87.619287: cdns3_ep_queue: ep1out: req: 000000002ebce364, req buff 00000000f5bc96b4, length: 0/1024 zsi, status: -115, trb: [start:0, end:0: virt addr 0x80020400c400300c], flags:0 SID: 0 file-storage-675 [001] d..1 87.619294: cdns3_prepare_trb: ep1out: trb 0000000049c1ba21, dma buf: 0xbd198000, size: 1024, burst: 128 ctrl: 0x00000425 (C=1, T=0, ISP, IOC, Normal) SID:0 LAST_SID:0 file-storage-675 [001] d..1 87.619297: cdns3_ring: Ring contents for ep1out: Ring deq index: 1, trb: 0000000049c1ba21 (virt), 0xc400300c (dma) Ring enq index: 2, trb: 0000000059b34b67 (virt), 0xc4003018 (dma) free trbs: 38, CCS=1, PCS=1 @0x00000000c4003000 bd195800 0000001f 00000427 @0x00000000c400300c bd198000 80020400 00000425 @0x00000000c4003018 bcfcc000 0000001f 00000426 @0x00000000c4003024 bcfce800 0000001f 00000426 ... file-storage-675 [001] d..1 87.619305: cdns3_doorbell_epx: ep1out, ep_trbaddr c4003018 file-storage-675 [001] .... 87.619308: usb_ep_queue: ep1out: req 000000002ebce364 length 0/1024 sgs 0/0 stream 0 zsI status -115 --> 0 irq/144-5b13000-698 [000] d..1 87.619315: cdns3_epx_irq: IRQ for ep1out: 01000c80 TRBERR , ep_traddr: c4003018 ep_last_sid: 00000000 use_streams: 0 irq/144-5b13000-698 [000] d..1 87.619395: cdns3_usb_irq: IRQ 00000008 = Hot Reset Fixes: f616c3bda47e ("usb: cdns3: Fix dequeue implementation") Cc: stable <stable(a)vger.kernel.org> Signed-off-by: Peter Chen <peter.chen(a)nxp.com> Signed-off-by: Felipe Balbi <balbi(a)kernel.org> --- drivers/usb/cdns3/gadget.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/cdns3/gadget.c b/drivers/usb/cdns3/gadget.c index 5b4b16bf4164..65a154d47f8e 100644 --- a/drivers/usb/cdns3/gadget.c +++ b/drivers/usb/cdns3/gadget.c @@ -242,9 +242,10 @@ int cdns3_allocate_trb_pool(struct cdns3_endpoint *priv_ep) return -ENOMEM; priv_ep->alloc_ring_size = ring_size; - memset(priv_ep->trb_pool, 0, ring_size); } + memset(priv_ep->trb_pool, 0, ring_size); + priv_ep->num_trbs = num_trbs; if (!priv_ep->num) -- 2.27.0

4 years, 5 months

1
0
0 0

[PATCH 3/3] drm/ast: Disable cursor while switching display modes

by Thomas Zimmermann

The ast's HW cursor requires the primary plane and CRTC to display at a correct mode and format. This is not the case while switching display modes, which can lead to the screen turing permanently dark. As a workaround, the ast driver now disables active HW cursors while the mode switch takes place. It also synchronizes with the vertical refresh to give HW cursor and primary plane some time to catch up on each other. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 4961eb60f145 ("drm/ast: Enable atomic modesetting") Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Gerd Hoffmann <kraxel(a)redhat.com> Cc: Dave Airlie <airlied(a)redhat.com> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: Sam Ravnborg <sam(a)ravnborg.org> Cc: Emil Velikov <emil.l.velikov(a)gmail.com> Cc: "Y.C. Chen" <yc_chen(a)aspeedtech.com> Cc: <stable(a)vger.kernel.org> # v5.6+ --- drivers/gpu/drm/ast/ast_drv.h | 2 ++ drivers/gpu/drm/ast/ast_mode.c | 53 +++++++++++++++++++++++++++++++++- 2 files changed, 54 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/ast/ast_drv.h b/drivers/gpu/drm/ast/ast_drv.h index 57414b429db3..564670b5d2ee 100644 --- a/drivers/gpu/drm/ast/ast_drv.h +++ b/drivers/gpu/drm/ast/ast_drv.h @@ -162,6 +162,8 @@ void ast_driver_unload(struct drm_device *dev); #define AST_IO_MM_OFFSET (0x380) +#define AST_IO_VGAIR1_VREFRESH BIT(3) + #define __ast_read(x) \ static inline u##x ast_read##x(struct ast_private *ast, u32 reg) { \ u##x val = 0;\ diff --git a/drivers/gpu/drm/ast/ast_mode.c b/drivers/gpu/drm/ast/ast_mode.c index 5b2b39c93033..e18365bbc08c 100644 --- a/drivers/gpu/drm/ast/ast_mode.c +++ b/drivers/gpu/drm/ast/ast_mode.c @@ -514,6 +514,17 @@ static void ast_set_start_address_crt1(struct ast_private *ast, } +static void ast_wait_for_vretrace(struct ast_private *ast) +{ + unsigned long timeout = jiffies + HZ; + u8 vgair1; + + do { + vgair1 = ast_io_read8(ast, AST_IO_INPUT_STATUS1_READ); + } while (!(vgair1 & AST_IO_VGAIR1_VREFRESH) && + time_before(jiffies, timeout)); +} + /* * Primary plane */ @@ -666,6 +677,14 @@ static int ast_cursor_plane_helper_atomic_check(struct drm_plane *plane, return 0; } +static bool ast_disable_cursor_during_modeset(struct drm_plane *cursor_plane) +{ + const struct drm_plane_state *cursor_state = cursor_plane->state; + + return cursor_state && cursor_state->visible && cursor_state->crtc && + drm_atomic_crtc_needs_modeset(cursor_state->crtc->state); +} + static void ast_cursor_plane_helper_atomic_update(struct drm_plane *plane, struct drm_plane_state *old_state) @@ -678,7 +697,12 @@ ast_cursor_plane_helper_atomic_update(struct drm_plane *plane, ast_cursor_page_flip(ast); } - ast_cursor_show(ast, state->crtc_x, state->crtc_y); + /* + * For modesets, delay show() until end of atomic_flush(). See the + * atomic_begin() helper for more information. + */ + if (!ast_disable_cursor_during_modeset(plane)) + ast_cursor_show(ast, state->crtc_x, state->crtc_y); } static void @@ -764,6 +788,22 @@ static void ast_crtc_helper_atomic_begin(struct drm_crtc *crtc, struct ast_private *ast = to_ast_private(crtc->dev); ast_open_key(ast); + + /* + * HW cursors require the underlying primary plane and CRTC to + * display a valid mode and image. This is not the case during + * full modeset operations. So we temporarily disable any active + * HW cursor and re-enable it at the end of the atomic_flush() + * helper. The busy waiting allows the code to sync with the + * vertical refresh. + * + * We only do this during *full* modesets. It does not affect + * simple pageflips on the planes. + */ + if (ast_disable_cursor_during_modeset(&ast->cursor_plane)) { + ast_cursor_hide(ast); + ast_wait_for_vretrace(ast); + } } static void ast_crtc_helper_atomic_flush(struct drm_crtc *crtc, @@ -771,6 +811,7 @@ static void ast_crtc_helper_atomic_flush(struct drm_crtc *crtc, { struct drm_device *dev = crtc->dev; struct ast_private *ast = to_ast_private(dev); + struct drm_plane_state *cursor_state = ast->cursor_plane.state; struct ast_crtc_state *ast_state; const struct drm_format_info *format; struct ast_vbios_mode_info *vbios_mode_info; @@ -799,6 +840,16 @@ static void ast_crtc_helper_atomic_flush(struct drm_crtc *crtc, ast_set_dclk_reg(ast, adjusted_mode, vbios_mode_info); ast_set_crtthd_reg(ast); ast_set_sync_reg(ast, adjusted_mode, vbios_mode_info); + + /* + * Re-enabling the HW cursor; if any. See the atomic_begin() helper + * for more information. + */ + if (ast_disable_cursor_during_modeset(&ast->cursor_plane)) { + ast_wait_for_vretrace(ast); + ast_cursor_show(ast, cursor_state->crtc_x, + cursor_state->crtc_y); + } } static void -- 2.27.0

4 years, 5 months

2
1
0 0

[PATCH] PM / devfreq: Fix the wrong end with semicolon

by Chanwoo Choi

Fix the wrong grammar at the end of code line by using semicolon. Cc: stable(a)vger.kernel.org Fixes: 490a421bc575 ("PM / devfreq: Add debugfs support with devfreq_summary file") Signed-off-by: Chanwoo Choi <cw00.choi(a)samsung.com> --- It was my mistake using comma instead of semicolon. But, I don't know why the build error was not caught. Anyway, I fix the wrong basic grammar. drivers/devfreq/devfreq.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c index 9d324ff87ee6..561d91b2d3bf 100644 --- a/drivers/devfreq/devfreq.c +++ b/drivers/devfreq/devfreq.c @@ -1800,9 +1800,9 @@ static int devfreq_summary_show(struct seq_file *s, void *data) #endif mutex_lock(&devfreq->lock); - cur_freq = devfreq->previous_freq, + cur_freq = devfreq->previous_freq; get_freq_range(devfreq, &min_freq, &max_freq); - polling_ms = devfreq->profile->polling_ms, + polling_ms = devfreq->profile->polling_ms; mutex_unlock(&devfreq->lock); seq_printf(s, -- 2.17.1

4 years, 5 months

1
0
0 0

[PATCH] PM / devfrq: Fix indentaion of devfreq_summary debugfs node

by Chanwoo Choi

The commit 66d0e797bf09 ("Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs"") roll back the device name from 'devfreqX' to device name explained in DT. After applied commit 66d0e797bf09, the indentation of devfreq_summary debugfs node was broken. So, fix indentaion of devfreq_summary debugfs node as following: For example on Exynos5422-based Odroid-XU3 board, $ cat /sys/kernel/debug/devfreq/devfreq_summary dev parent_dev governor polling_ms cur_freq_Hz min_freq_Hz max_freq_Hz ------------------------------ ------------------------------ --------------- ---------- ------------ ------------ ------------ 10c20000.memory-controller null simple_ondemand 0 413000000 165000000 825000000 soc:bus_wcore null simple_ondemand 50 88700000 88700000 532000000 soc:bus_noc soc:bus_wcore passive 0 66600000 66600000 111000000 soc:bus_fsys_apb soc:bus_wcore passive 0 111000000 111000000 222000000 soc:bus_fsys soc:bus_wcore passive 0 75000000 75000000 200000000 soc:bus_fsys2 soc:bus_wcore passive 0 75000000 75000000 200000000 soc:bus_mfc soc:bus_wcore passive 0 83250000 83250000 333000000 soc:bus_gen soc:bus_wcore passive 0 88700000 88700000 266000000 soc:bus_peri soc:bus_wcore passive 0 66600000 66600000 66600000 soc:bus_g2d soc:bus_wcore passive 0 83250000 83250000 333000000 soc:bus_g2d_acp soc:bus_wcore passive 0 0 66500000 266000000 soc:bus_jpeg soc:bus_wcore passive 0 0 75000000 300000000 soc:bus_jpeg_apb soc:bus_wcore passive 0 0 83250000 166500000 soc:bus_disp1_fimd soc:bus_wcore passive 0 0 120000000 200000000 soc:bus_disp1 soc:bus_wcore passive 0 0 120000000 300000000 soc:bus_gscl_scaler soc:bus_wcore passive 0 0 150000000 300000000 soc:bus_mscl soc:bus_wcore passive 0 0 84000000 666000000 Cc: stable(a)vger.kernel.org Fixes: commit 66d0e797bf09 ("Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs"") Signed-off-by: Chanwoo Choi <cw00.choi(a)samsung.com> --- drivers/devfreq/devfreq.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c index ce82bdb5fa5c..2ff35ec1b53b 100644 --- a/drivers/devfreq/devfreq.c +++ b/drivers/devfreq/devfreq.c @@ -1839,8 +1839,7 @@ static int devfreq_summary_show(struct seq_file *s, void *data) unsigned long cur_freq, min_freq, max_freq; unsigned int polling_ms; - seq_printf(s, "%-30s %-10s %-10s %-15s %10s %12s %12s %12s\n", - "dev_name", + seq_printf(s, "%-30s %-30s %-15s %10s %12s %12s %12s\n", "dev", "parent_dev", "governor", @@ -1848,10 +1847,9 @@ static int devfreq_summary_show(struct seq_file *s, void *data) "cur_freq_Hz", "min_freq_Hz", "max_freq_Hz"); - seq_printf(s, "%30s %10s %10s %15s %10s %12s %12s %12s\n", + seq_printf(s, "%30s %30s %15s %10s %12s %12s %12s\n", + "------------------------------", "------------------------------", - "----------", - "----------", "---------------", "----------", "------------", @@ -1880,8 +1878,7 @@ static int devfreq_summary_show(struct seq_file *s, void *data) mutex_unlock(&devfreq->lock); seq_printf(s, - "%-30s %-10s %-10s %-15s %10d %12ld %12ld %12ld\n", - dev_name(devfreq->dev.parent), + "%-30s %-30s %-15s %10d %12ld %12ld %12ld\n", dev_name(&devfreq->dev), p_devfreq ? dev_name(&p_devfreq->dev) : "null", devfreq->governor_name, -- 2.17.1

4 years, 5 months

2
3
0 0

[PATCH] powerpc/rtas: Restrict RTAS requests from userspace

by Andrew Donnellan

A number of userspace utilities depend on making calls to RTAS to retrieve information and update various things. The existing API through which we expose RTAS to userspace exposes more RTAS functionality than we actually need, through the sys_rtas syscall, which allows root (or anyone with CAP_SYS_ADMIN) to make any RTAS call they want with arbitrary arguments. Many RTAS calls take the address of a buffer as an argument, and it's up to the caller to specify the physical address of the buffer as an argument. We allocate a buffer (the "RMO buffer") in the Real Memory Area that RTAS can access, and then expose the physical address and size of this buffer in /proc/powerpc/rtas/rmo_buffer. Userspace is expected to read this address, poke at the buffer using /dev/mem, and pass an address in the RMO buffer to the RTAS call. However, there's nothing stopping the caller from specifying whatever address they want in the RTAS call, and it's easy to construct a series of RTAS calls that can overwrite arbitrary bytes (even without /dev/mem access). Additionally, there are some RTAS calls that do potentially dangerous things and for which there are no legitimate userspace use cases. In the past, this would not have been a particularly big deal as it was assumed that root could modify all system state freely, but with Secure Boot and lockdown we need to care about this. We can't fundamentally change the ABI at this point, however we can address this by implementing a filter that checks RTAS calls against a list of permitted calls and forces the caller to use addresses within the RMO buffer. The list is based off the list of calls that are used by the librtas userspace library, and has been tested with a number of existing userspace RTAS utilities. For compatibility with any applications we are not aware of that require other calls, the filter can be turned off at build time. Reported-by: Daniel Axtens <dja(a)axtens.net> Cc: stable(a)vger.kernel.org Signed-off-by: Andrew Donnellan <ajd(a)linux.ibm.com> --- arch/powerpc/Kconfig | 13 +++ arch/powerpc/kernel/rtas.c | 198 +++++++++++++++++++++++++++++++++++++ 2 files changed, 211 insertions(+) diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index 9fa23eb320ff..0e2dfe497357 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -973,6 +973,19 @@ config PPC_SECVAR_SYSFS read/write operations on these variables. Say Y if you have secure boot enabled and want to expose variables to userspace. +config PPC_RTAS_FILTER + bool "Enable filtering of RTAS syscalls" + default y + depends on PPC_RTAS + help + The RTAS syscall API has security issues that could be used to + compromise system integrity. This option enforces restrictions on the + RTAS calls and arguments passed by userspace programs to mitigate + these issues. + + Say Y unless you know what you are doing and the filter is causing + problems for you. + endmenu config ISA_DMA_API diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c index a09eba03f180..ec1cae52d8bd 100644 --- a/arch/powerpc/kernel/rtas.c +++ b/arch/powerpc/kernel/rtas.c @@ -324,6 +324,23 @@ int rtas_token(const char *service) } EXPORT_SYMBOL(rtas_token); +#ifdef CONFIG_PPC_RTAS_FILTER + +static char *rtas_token_name(int token) +{ + struct property *prop; + + for_each_property_of_node(rtas.dev, prop) { + const __be32 *tokp = prop->value; + + if (tokp && be32_to_cpu(*tokp) == token) + return prop->name; + } + return NULL; +} + +#endif /* CONFIG_PPC_RTAS_FILTER */ + int rtas_service_present(const char *service) { return rtas_token(service) != RTAS_UNKNOWN_SERVICE; @@ -1110,6 +1127,184 @@ struct pseries_errorlog *get_pseries_errorlog(struct rtas_error_log *log, return NULL; } +#ifdef CONFIG_PPC_RTAS_FILTER + +/* + * The sys_rtas syscall, as originally designed, allows root to pass + * arbitrary physical addresses to RTAS calls. A number of RTAS calls + * can be abused to write to arbitrary memory and do other things that + * are potentially harmful to system integrity, and thus should only + * be used inside the kernel and not exposed to userspace. + * + * All known legitimate users of the sys_rtas syscall will only ever + * pass addresses that fall within the RMO buffer, and use a known + * subset of RTAS calls. + * + * Accordingly, we filter RTAS requests to check that the call is + * permitted, and that provided pointers fall within the RMO buffer. + * The rtas_filters list contains an entry for each permitted call, + * with the indexes of the parameters which are expected to contain + * addresses and sizes of buffers allocated inside the RMO buffer. + */ +struct rtas_filter { + const char name[32]; + + /* Indexes into the args buffer, -1 if not used */ + int rmo_buf_idx1; + int rmo_size_idx1; + int rmo_buf_idx2; + int rmo_size_idx2; +}; + +struct rtas_filter rtas_filters[] = { + { "ibm,activate-firmware", -1, -1, -1, -1 }, + { "ibm,configure-connector", 0, -1, 1, -1 }, /* Special cased, size 4096 */ + { "display-character", -1, -1, -1, -1 }, + { "ibm,display-message", 0, -1, -1, -1 }, + { "ibm,errinjct", 2, -1, -1, -1 }, /* Fixed size of 1024 */ + { "ibm,close-errinjct", -1, -1, -1, -1 }, + { "ibm,open-errinct", -1, -1, -1, -1 }, + { "ibm,get-config-addr-info2", -1, -1, -1, -1 }, + { "ibm,get-dynamic-sensor-state", 1, -1, -1, -1 }, + { "ibm,get-indices", 2, 3, -1, -1 }, + { "get-power-level", -1, -1, -1, -1 }, + { "get-sensor-state", -1, -1, -1, -1 }, + { "ibm,get-system-parameter", 1, 2, -1, -1 }, + { "get-time-of-day", -1, -1, -1, -1 }, + { "ibm,get-vpd", 0, -1, 1, 2 }, + { "ibm,lpar-perftools", 2, 3, -1, -1 }, + { "ibm,platform-dump", 4, 5, -1, -1 }, + { "ibm,read-slot-reset-state", -1, -1, -1, -1 }, + { "ibm,scan-log-dump", 0, 1, -1, -1 }, + { "ibm,set-dynamic-indicator", 2, -1, -1, -1 }, + { "ibm,set-eeh-option", -1, -1, -1, -1 }, + { "set-indicator", -1, -1, -1, -1 }, + { "set-power-level", -1, -1, -1, -1 }, + { "set-time-for-power-on", -1, -1, -1, -1 }, + { "ibm,set-system-parameter", 1, -1, -1, -1 }, + { "set-time-of-day", -1, -1, -1, -1 }, + { "ibm,suspend-me", -1, -1, -1, -1 }, + { "ibm,update-nodes", 0, -1, -1, -1 }, /* Fixed size of 4096 */ + { "ibm,update-properties", 0, -1, -1, -1 }, /* Fixed size of 4096 */ + { "ibm,physical-attestation", 0, 1, -1, -1 }, +}; + +static void dump_rtas_params(int token, int nargs, int nret, + struct rtas_args *args) +{ + int i; + char *token_name = rtas_token_name(token); + + pr_err_ratelimited("sys_rtas: token=0x%x (%s), nargs=%d, nret=%d (called by %s)\n", + token, token_name ? token_name : "unknown", nargs, + nret, current->comm); + pr_err_ratelimited("sys_rtas: args: "); + + for (i = 0; i < nargs; i++) { + u32 arg = be32_to_cpu(args->args[i]); + + pr_cont("%08x ", arg); + if (arg >= rtas_rmo_buf && + arg < (rtas_rmo_buf + RTAS_RMOBUF_MAX)) + pr_cont("(buf+0x%lx) ", arg - rtas_rmo_buf); + } + + pr_cont("\n"); +} + +static bool in_rmo_buf(u32 base, u32 end) +{ + return base >= rtas_rmo_buf && + base < (rtas_rmo_buf + RTAS_RMOBUF_MAX) && + base <= end && + end >= rtas_rmo_buf && + end < (rtas_rmo_buf + RTAS_RMOBUF_MAX); +} + +static bool block_rtas_call(int token, int nargs, + struct rtas_args *args) +{ + int i; + const char *reason; + char *token_name = rtas_token_name(token); + + if (!token_name) + goto err_notpermitted; + + for (i = 0; i < ARRAY_SIZE(rtas_filters); i++) { + struct rtas_filter *f = &rtas_filters[i]; + u32 base, size, end; + + if (strcmp(token_name, f->name)) + continue; + + if (f->rmo_buf_idx1 != -1) { + base = be32_to_cpu(args->args[f->rmo_buf_idx1]); + if (f->rmo_size_idx1 != -1) + size = be32_to_cpu(args->args[f->rmo_size_idx1]); + else if (!strcmp(token_name, "ibm,errinjct")) + size = 1024; + else if (!strcmp(token_name, "ibm,update-nodes") || + !strcmp(token_name, "ibm,update-properties") || + !strcmp(token_name, "ibm,configure-connector")) + size = 4096; + else + size = 1; + + end = base + size - 1; + if (!in_rmo_buf(base, end)) { + reason = "address pair 1 out of range"; + goto err; + } + } + + if (f->rmo_buf_idx2 != -1) { + base = be32_to_cpu(args->args[f->rmo_buf_idx2]); + if (f->rmo_size_idx2 != -1) + size = be32_to_cpu(args->args[f->rmo_size_idx2]); + else if (!strcmp(token_name, "ibm,configure-connector")) + size = 4096; + else + size = 1; + end = base + size - 1; + + /* + * Special case for ibm,configure-connector where the + * address can be 0 + */ + if (!strcmp(token_name, "ibm,configure-connector") && + base == 0) + return false; + + if (!in_rmo_buf(base, end)) { + reason = "address pair 2 out of range"; + goto err; + } + } + + return false; + } + +err_notpermitted: + reason = "call not permitted"; + +err: + pr_err_ratelimited("sys_rtas: RTAS call blocked - exploit attempt? (%s)\n", + reason); + dump_rtas_params(token, nargs, 0, args); + return true; +} + +#else + +static bool block_rtas_call(int token, int nargs, + struct rtas_args *args) +{ + return false; +} + +#endif /* CONFIG_PPC_RTAS_FILTER */ + /* We assume to be passed big endian arguments */ SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs) { @@ -1147,6 +1342,9 @@ SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs) args.rets = &args.args[nargs]; memset(args.rets, 0, nret * sizeof(rtas_arg_t)); + if (block_rtas_call(token, nargs, &args)) + return -EINVAL; + /* Need to handle ibm,suspend_me call specially */ if (token == ibm_suspend_me_token) { -- 2.20.1

4 years, 5 months

3
2
0 0

✅ PASS: Test report for kernel 5.7.10-2b46147.cki (stable-queue)

by CKI Project

Hello, We ran automated tests on a recent commit from this kernel tree: Kernel repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Commit: 2b46147096e0 - btrfs: fix page leaks after failure to lock page for delalloc The results of these automated tests are provided below. Overall result: PASSED Merge: OK Compile: OK Tests: OK All kernel binaries, config files, and logs are available for download here: https://cki-artifacts.s3.us-east-2.amazonaws.com/index.html?prefix=dataware… Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Compile testing --------------- We compiled the kernel for 4 architectures: aarch64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg ppc64le: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg s390x: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg x86_64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg Hardware testing ---------------- We booted each kernel and ran the following tests: aarch64: Host 1: ✅ Boot test ✅ xfstests - ext4 ✅ xfstests - xfs ✅ selinux-policy: serge-testsuite ✅ storage: software RAID testing ✅ stress: stress-ng 🚧 ✅ xfstests - btrfs 🚧 ✅ IPMI driver test 🚧 ✅ IPMItool loop stress test 🚧 ✅ Storage blktests Host 2: ✅ Boot test ✅ ACPI table test ✅ ACPI enabled test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ AMTU (Abstract Machine Test Utility) ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking socket: fuzz ✅ Networking: igmp conformance test ✅ Networking route: pmtu ✅ Networking route_func - local ✅ Networking route_func - forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns - transport ✅ Networking ipsec: basic netns - tunnel ✅ Libkcapi AF_ALG test ✅ pciutils: update pci ids test ✅ ALSA PCM loopback test ✅ ALSA Control (mixer) Userspace Element test ✅ storage: SCSI VPD 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm - DaCapo Benchmark Suite 🚧 ✅ jvm - jcstress tests 🚧 ✅ Memory function: kaslr 🚧 ✅ Networking firewall: basic netfilter test 🚧 ✅ audit: audit testsuite test 🚧 ✅ trace: ftrace/tracer 🚧 ✅ kdump - kexec_boot ppc64le: Host 1: ✅ Boot test ✅ xfstests - ext4 ✅ xfstests - xfs ✅ selinux-policy: serge-testsuite ✅ storage: software RAID testing 🚧 ✅ xfstests - btrfs 🚧 ✅ IPMI driver test 🚧 ✅ IPMItool loop stress test 🚧 ✅ Storage blktests Host 2: ✅ Boot test 🚧 ✅ kdump - sysrq-c Host 3: ✅ Boot test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ AMTU (Abstract Machine Test Utility) ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking socket: fuzz ✅ Networking route: pmtu ✅ Networking route_func - local ✅ Networking route_func - forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns - tunnel ✅ Libkcapi AF_ALG test ✅ pciutils: update pci ids test ✅ ALSA PCM loopback test ✅ ALSA Control (mixer) Userspace Element test 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm - DaCapo Benchmark Suite 🚧 ✅ jvm - jcstress tests 🚧 ✅ Memory function: kaslr 🚧 ✅ Networking firewall: basic netfilter test 🚧 ✅ audit: audit testsuite test 🚧 ✅ trace: ftrace/tracer s390x: Host 1: ✅ Boot test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ AMTU (Abstract Machine Test Utility) ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking route: pmtu ✅ Networking route_func - local ✅ Networking route_func - forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns - transport ✅ Networking ipsec: basic netns - tunnel ✅ Libkcapi AF_ALG test 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm - DaCapo Benchmark Suite 🚧 ✅ jvm - jcstress tests 🚧 ✅ Memory function: kaslr 🚧 ✅ Networking firewall: basic netfilter test 🚧 ✅ audit: audit testsuite test 🚧 ✅ trace: ftrace/tracer Host 2: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ✅ Boot test 🚧 ⚡⚡⚡ kdump - file-load Host 3: ✅ Boot test ✅ selinux-policy: serge-testsuite ✅ stress: stress-ng 🚧 ✅ Storage blktests x86_64: Host 1: ✅ Boot test ✅ ACPI table test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ AMTU (Abstract Machine Test Utility) ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking socket: fuzz ✅ Networking: igmp conformance test ✅ Networking route: pmtu ✅ Networking route_func - local ✅ Networking route_func - forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns - transport ✅ Networking ipsec: basic netns - tunnel ✅ Libkcapi AF_ALG test ✅ pciutils: sanity smoke test ✅ pciutils: update pci ids test ✅ ALSA PCM loopback test ✅ ALSA Control (mixer) Userspace Element test ✅ storage: SCSI VPD 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm - DaCapo Benchmark Suite 🚧 ✅ jvm - jcstress tests 🚧 ✅ Memory function: kaslr 🚧 ✅ Networking firewall: basic netfilter test 🚧 ✅ audit: audit testsuite test 🚧 ✅ trace: ftrace/tracer 🚧 ✅ kdump - kexec_boot Host 2: ✅ Boot test 🚧 ✅ kdump - sysrq-c 🚧 ✅ kdump - file-load Host 3: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ⚡⚡⚡ Boot test ⚡⚡⚡ xfstests - ext4 ⚡⚡⚡ xfstests - xfs ⚡⚡⚡ selinux-policy: serge-testsuite ⚡⚡⚡ storage: software RAID testing ⚡⚡⚡ stress: stress-ng 🚧 ⚡⚡⚡ CPU: Frequency Driver Test 🚧 ⚡⚡⚡ CPU: Idle Test 🚧 ⚡⚡⚡ xfstests - btrfs 🚧 ⚡⚡⚡ IOMMU boot test 🚧 ⚡⚡⚡ IPMI driver test 🚧 ⚡⚡⚡ IPMItool loop stress test 🚧 ⚡⚡⚡ power-management: cpupower/sanity test 🚧 ⚡⚡⚡ Storage blktests Host 4: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ⚡⚡⚡ Boot test ⚡⚡⚡ xfstests - ext4 ⚡⚡⚡ xfstests - xfs ⚡⚡⚡ selinux-policy: serge-testsuite ⚡⚡⚡ storage: software RAID testing ⚡⚡⚡ stress: stress-ng 🚧 ⚡⚡⚡ CPU: Frequency Driver Test 🚧 ⚡⚡⚡ CPU: Idle Test 🚧 ⚡⚡⚡ xfstests - btrfs 🚧 ⚡⚡⚡ IOMMU boot test 🚧 ⚡⚡⚡ IPMI driver test 🚧 ⚡⚡⚡ IPMItool loop stress test 🚧 ⚡⚡⚡ power-management: cpupower/sanity test 🚧 ⚡⚡⚡ Storage blktests Host 5: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ⚡⚡⚡ Boot test ⚡⚡⚡ xfstests - ext4 ⚡⚡⚡ xfstests - xfs ⚡⚡⚡ selinux-policy: serge-testsuite ⚡⚡⚡ storage: software RAID testing ⚡⚡⚡ stress: stress-ng 🚧 ⚡⚡⚡ CPU: Frequency Driver Test 🚧 ⚡⚡⚡ CPU: Idle Test 🚧 ⚡⚡⚡ xfstests - btrfs 🚧 ⚡⚡⚡ IOMMU boot test 🚧 ⚡⚡⚡ IPMI driver test 🚧 ⚡⚡⚡ IPMItool loop stress test 🚧 ⚡⚡⚡ power-management: cpupower/sanity test 🚧 ⚡⚡⚡ Storage blktests Test sources: https://gitlab.com/cki-project/kernel-tests 💚 Pull requests are welcome for new tests or improvements to existing tests! Aborted tests ------------- Tests that didn't complete running successfully are marked with ⚡⚡⚡. If this was caused by an infrastructure issue, we try to mark that explicitly in the report. Waived tests ------------ If the test run included waived tests, they are marked with 🚧. Such tests are executed but their results are not taken into account. Tests are waived when their results are not reliable enough, e.g. when they're just introduced or are being fixed. Testing timeout --------------- We aim to provide a report within reasonable timeframe. Tests that haven't finished running yet are marked with ⏱.

4 years, 5 months

1
0
0 0

✅ PASS: Test report for kernel 5.7.10-8a001e6.cki (stable-queue)

by CKI Project

Hello, We ran automated tests on a recent commit from this kernel tree: Kernel repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git Commit: 8a001e6ae787 - btrfs: fix page leaks after failure to lock page for delalloc The results of these automated tests are provided below. Overall result: PASSED Merge: OK Compile: OK Tests: OK All kernel binaries, config files, and logs are available for download here: https://cki-artifacts.s3.us-east-2.amazonaws.com/index.html?prefix=dataware… Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Compile testing --------------- We compiled the kernel for 4 architectures: aarch64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg ppc64le: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg s390x: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg x86_64: make options: -j30 INSTALL_MOD_STRIP=1 targz-pkg Hardware testing ---------------- We booted each kernel and ran the following tests: aarch64: Host 1: ✅ Boot test ✅ xfstests - ext4 ✅ xfstests - xfs ✅ selinux-policy: serge-testsuite ✅ storage: software RAID testing ✅ stress: stress-ng 🚧 ✅ xfstests - btrfs 🚧 ✅ IPMI driver test 🚧 ✅ IPMItool loop stress test 🚧 ✅ Storage blktests Host 2: ✅ Boot test ✅ ACPI table test ✅ ACPI enabled test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ AMTU (Abstract Machine Test Utility) ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking socket: fuzz ✅ Networking: igmp conformance test ✅ Networking route: pmtu ✅ Networking route_func - local ✅ Networking route_func - forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns - transport ✅ Networking ipsec: basic netns - tunnel ✅ Libkcapi AF_ALG test ✅ pciutils: update pci ids test ✅ ALSA PCM loopback test ✅ ALSA Control (mixer) Userspace Element test ✅ storage: SCSI VPD 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm - DaCapo Benchmark Suite 🚧 ✅ jvm - jcstress tests 🚧 ✅ Memory function: kaslr 🚧 ✅ Networking firewall: basic netfilter test 🚧 ✅ audit: audit testsuite test 🚧 ✅ trace: ftrace/tracer 🚧 ✅ kdump - kexec_boot ppc64le: Host 1: ✅ Boot test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ AMTU (Abstract Machine Test Utility) ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking socket: fuzz ✅ Networking route: pmtu ✅ Networking route_func - local ✅ Networking route_func - forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns - tunnel ✅ Libkcapi AF_ALG test ✅ pciutils: update pci ids test ✅ ALSA PCM loopback test ✅ ALSA Control (mixer) Userspace Element test 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm - DaCapo Benchmark Suite 🚧 ✅ jvm - jcstress tests 🚧 ✅ Memory function: kaslr 🚧 ✅ Networking firewall: basic netfilter test 🚧 ✅ audit: audit testsuite test 🚧 ✅ trace: ftrace/tracer Host 2: ✅ Boot test 🚧 ✅ kdump - sysrq-c Host 3: ✅ Boot test ✅ xfstests - ext4 ✅ xfstests - xfs ✅ selinux-policy: serge-testsuite ✅ storage: software RAID testing 🚧 ✅ xfstests - btrfs 🚧 ✅ IPMI driver test 🚧 ✅ IPMItool loop stress test 🚧 ✅ Storage blktests s390x: Host 1: ⚡ Internal infrastructure issues prevented one or more tests (marked with ⚡⚡⚡) from running on this architecture. This is not the fault of the kernel that was tested. ✅ Boot test 🚧 ⚡⚡⚡ kdump - file-load Host 2: ✅ Boot test ✅ selinux-policy: serge-testsuite ✅ stress: stress-ng 🚧 ✅ Storage blktests Host 3: ✅ Boot test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ AMTU (Abstract Machine Test Utility) ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking route: pmtu ✅ Networking route_func - local ✅ Networking route_func - forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns - transport ✅ Networking ipsec: basic netns - tunnel ✅ Libkcapi AF_ALG test 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm - DaCapo Benchmark Suite 🚧 ✅ jvm - jcstress tests 🚧 ✅ Memory function: kaslr 🚧 ✅ Networking firewall: basic netfilter test 🚧 ✅ audit: audit testsuite test 🚧 ✅ trace: ftrace/tracer x86_64: Host 1: ✅ Boot test ✅ ACPI table test ✅ Podman system integration test - as root ✅ Podman system integration test - as user ✅ LTP ✅ Loopdev Sanity ✅ Memory function: memfd_create ✅ AMTU (Abstract Machine Test Utility) ✅ Networking bridge: sanity ✅ Ethernet drivers sanity ✅ Networking socket: fuzz ✅ Networking: igmp conformance test ✅ Networking route: pmtu ✅ Networking route_func - local ✅ Networking route_func - forward ✅ Networking TCP: keepalive test ✅ Networking UDP: socket ✅ Networking tunnel: geneve basic test ✅ Networking tunnel: gre basic ✅ L2TP basic test ✅ Networking tunnel: vxlan basic ✅ Networking ipsec: basic netns - transport ✅ Networking ipsec: basic netns - tunnel ✅ Libkcapi AF_ALG test ✅ pciutils: sanity smoke test ✅ pciutils: update pci ids test ✅ ALSA PCM loopback test ✅ ALSA Control (mixer) Userspace Element test ✅ storage: SCSI VPD 🚧 ✅ CIFS Connectathon 🚧 ✅ POSIX pjd-fstest suites 🚧 ✅ jvm - DaCapo Benchmark Suite 🚧 ✅ jvm - jcstress tests 🚧 ✅ Memory function: kaslr 🚧 ✅ Networking firewall: basic netfilter test 🚧 ✅ audit: audit testsuite test 🚧 ✅ trace: ftrace/tracer 🚧 ✅ kdump - kexec_boot Host 2: ✅ Boot test ✅ xfstests - ext4 ✅ xfstests - xfs ✅ selinux-policy: serge-testsuite ✅ storage: software RAID testing ✅ stress: stress-ng 🚧 ✅ CPU: Frequency Driver Test 🚧 ✅ CPU: Idle Test 🚧 ✅ xfstests - btrfs 🚧 ✅ IOMMU boot test 🚧 ✅ IPMI driver test 🚧 ✅ IPMItool loop stress test 🚧 ✅ power-management: cpupower/sanity test 🚧 ✅ Storage blktests Host 3: ✅ Boot test 🚧 ✅ kdump - sysrq-c 🚧 ✅ kdump - file-load Test sources: https://gitlab.com/cki-project/kernel-tests 💚 Pull requests are welcome for new tests or improvements to existing tests! Aborted tests ------------- Tests that didn't complete running successfully are marked with ⚡⚡⚡. If this was caused by an infrastructure issue, we try to mark that explicitly in the report. Waived tests ------------ If the test run included waived tests, they are marked with 🚧. Such tests are executed but their results are not taken into account. Tests are waived when their results are not reliable enough, e.g. when they're just introduced or are being fixed. Testing timeout --------------- We aim to provide a report within reasonable timeframe. Tests that haven't finished running yet are marked with ⏱.

4 years, 5 months

1
0
0 0

[PATCH AUTOSEL 4.19 01/19] HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override

by Sasha Levin

From: Federico Ricchiuto <fed.ricchiuto(a)gmail.com> [ Upstream commit 43e666acb79f3d355dd89bf20f4d25d3b15da13e ] The Mediacom FlexBook edge13 uses the SIPODEV SP1064 touchpad, which does not supply descriptors, so it has to be added to the override list. Signed-off-by: Federico Ricchiuto <fed.ricchiuto(a)gmail.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.cz> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c b/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c index 681ac9bc68b3d..f98c1e1b1dbdc 100644 --- a/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c +++ b/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c @@ -373,6 +373,14 @@ static const struct dmi_system_id i2c_hid_dmi_desc_override_table[] = { }, .driver_data = (void *)&sipodev_desc }, + { + .ident = "Mediacom FlexBook edge 13", + .matches = { + DMI_EXACT_MATCH(DMI_SYS_VENDOR, "MEDIACOM"), + DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "FlexBook_edge13-M-FBE13"), + }, + .driver_data = (void *)&sipodev_desc + }, { .ident = "Odys Winbook 13", .matches = { -- 2.25.1

4 years, 5 months

2
19
0 0

[PATCH] drm/mcde: Fix stability issue

by Linus Walleij

Whenener a display update was sent, apart from updating the memory base address we called mcde_display_send_one_frame() which also sent a command to the display requesting the TE IRQ and enabling the FIFO. When continous updates are running this is wrong: we need to only send this to start the flow to the display on the very first update. This lead to the display pipeline locking up and crashing. Check if the flow is already running and in that case do not call mcde_display_send_one_frame(). This fixes crashes on the Samsung GT-S7710 (Skomer). Cc: Stephan Gerhold <stephan(a)gerhold.net> Cc: stable(a)vger.kernel.org Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> --- drivers/gpu/drm/mcde/mcde_display.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/mcde/mcde_display.c b/drivers/gpu/drm/mcde/mcde_display.c index 212aee60cf61..1d8ea8830a17 100644 --- a/drivers/gpu/drm/mcde/mcde_display.c +++ b/drivers/gpu/drm/mcde/mcde_display.c @@ -1086,9 +1086,14 @@ static void mcde_display_update(struct drm_simple_display_pipe *pipe, */ if (fb) { mcde_set_extsrc(mcde, drm_fb_cma_get_gem_addr(fb, pstate, 0)); - if (!mcde->video_mode) - /* Send a single frame using software sync */ - mcde_display_send_one_frame(mcde); + if (!mcde->video_mode) { + /* + * Send a single frame using software sync if the flow + * is not active yet. + */ + if (mcde->flow_active == 0) + mcde_display_send_one_frame(mcde); + } dev_info_once(mcde->dev, "sent first display update\n"); } else { /* -- 2.26.2

4 years, 5 months

4
3
0 0

[PATCH] drm: of: Fix double-free bug

by Biju Das

Fix double-free bug in the error path. Fixes: 6529007522de ("drm: of: Add drm_of_lvds_get_dual_link_pixel_order") Reported-by: Pavel Machek <pavel(a)denx.de> Signed-off-by: Biju Das <biju.das.jz(a)bp.renesas.com> Cc: stable(a)vger.kernel.org --- This patch is tested against drm-fixes and drm-next. --- drivers/gpu/drm/drm_of.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/gpu/drm/drm_of.c b/drivers/gpu/drm/drm_of.c index fdb05fb..ca04c34 100644 --- a/drivers/gpu/drm/drm_of.c +++ b/drivers/gpu/drm/drm_of.c @@ -331,10 +331,8 @@ static int drm_of_lvds_get_remote_pixels_type( * configurations by passing the endpoints explicitly to * drm_of_lvds_get_dual_link_pixel_order(). */ - if (!current_pt || pixels_type != current_pt) { - of_node_put(remote_port); + if (!current_pt || pixels_type != current_pt) return -EINVAL; - } } return pixels_type; -- 2.7.4

4 years, 5 months

3
2
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror July 2020