August 2020 - Linux-stable-mirror

Build failure in v4.4.232-120-g11806ba5e43a (v4.4.y-queue)

by Guenter Roeck

Seen with v4.4.232-120-g11806ba5e43a: Building powerpc:defconfig ... failed drivers/misc/cxl/sysfs.c: In function ‘cxl_sysfs_afu_new_cr’: drivers/misc/cxl/sysfs.c:558:1: error: label ‘err’ defined but not used [-Werror=unused-label] Guenter

4 years, 4 months

2
2
0 0

patch "staging: greybus: audio: fix uninitialized value issue" added to staging-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: greybus: audio: fix uninitialized value issue to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 1dffeb8b8b4c261c45416d53c75ea51e6ece1770 Mon Sep 17 00:00:00 2001 From: Vaibhav Agarwal <vaibhav.sr(a)gmail.com> Date: Fri, 14 Aug 2020 18:03:15 +0530 Subject: staging: greybus: audio: fix uninitialized value issue The current implementation for gbcodec_mixer_dapm_ctl_put() uses uninitialized gbvalue for comparison with updated value. This was found using static analysis with coverity. Uninitialized scalar variable (UNINIT) 11. uninit_use: Using uninitialized value gbvalue.value.integer_value[0]. 460 if (gbvalue.value.integer_value[0] != val) { This patch fixes the issue with fetching the gbvalue before using it for comparision. Fixes: 6339d2322c47 ("greybus: audio: Add topology parser for GB codec") Reported-by: Colin Ian King <colin.king(a)canonical.com> Signed-off-by: Vaibhav Agarwal <vaibhav.sr(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/bc4f29eb502ccf93cd2ffd98db0e319fa7d0f247.15974081… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/greybus/audio_topology.c | 29 ++++++++++++------------ 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/drivers/staging/greybus/audio_topology.c b/drivers/staging/greybus/audio_topology.c index 2f9fdbdcd547..83b38ae8908c 100644 --- a/drivers/staging/greybus/audio_topology.c +++ b/drivers/staging/greybus/audio_topology.c @@ -456,6 +456,15 @@ static int gbcodec_mixer_dapm_ctl_put(struct snd_kcontrol *kcontrol, val = ucontrol->value.integer.value[0] & mask; connect = !!val; + ret = gb_pm_runtime_get_sync(bundle); + if (ret) + return ret; + + ret = gb_audio_gb_get_control(module->mgmt_connection, data->ctl_id, + GB_AUDIO_INVALID_INDEX, &gbvalue); + if (ret) + goto exit; + /* update ucontrol */ if (gbvalue.value.integer_value[0] != val) { for (wi = 0; wi < wlist->num_widgets; wi++) { @@ -466,25 +475,17 @@ static int gbcodec_mixer_dapm_ctl_put(struct snd_kcontrol *kcontrol, gbvalue.value.integer_value[0] = cpu_to_le32(ucontrol->value.integer.value[0]); - ret = gb_pm_runtime_get_sync(bundle); - if (ret) - return ret; - ret = gb_audio_gb_set_control(module->mgmt_connection, data->ctl_id, GB_AUDIO_INVALID_INDEX, &gbvalue); - - gb_pm_runtime_put_autosuspend(bundle); - - if (ret) { - dev_err_ratelimited(codec_dev, - "%d:Error in %s for %s\n", ret, - __func__, kcontrol->id.name); - return ret; - } } - return 0; +exit: + gb_pm_runtime_put_autosuspend(bundle); + if (ret) + dev_err_ratelimited(codec_dev, "%d:Error in %s for %s\n", ret, + __func__, kcontrol->id.name); + return ret; } #define SOC_DAPM_MIXER_GB(xname, kcount, data) \ -- 2.28.0

4 years, 4 months

1
0
0 0

patch "staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb()" added to staging-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() to my staging git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git in the staging-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From fea22e159d51c766ba70473f473a0ec914cc7e92 Mon Sep 17 00:00:00 2001 From: Rustam Kovhaev <rkovhaev(a)gmail.com> Date: Tue, 4 Aug 2020 07:56:14 -0700 Subject: staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() let's use usb_find_common_endpoints() to discover endpoints, it does all necessary checks for type and xfer direction remove memset() in hfa384x_create(), because we now assign endpoints in prism2sta_probe_usb() and because create_wlan() uses kzalloc() to allocate hfa384x struct before calling hfa384x_create() Fixes: faaff9765664 ("staging: wlan-ng: properly check endpoint types") Reported-and-tested-by: syzbot+22794221ab96b0bab53a(a)syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=22794221ab96b0bab53a Signed-off-by: Rustam Kovhaev <rkovhaev(a)gmail.com> Cc: stable <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20200804145614.104320-1-rkovhaev@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/wlan-ng/hfa384x_usb.c | 5 ----- drivers/staging/wlan-ng/prism2usb.c | 19 ++++++------------- 2 files changed, 6 insertions(+), 18 deletions(-) diff --git a/drivers/staging/wlan-ng/hfa384x_usb.c b/drivers/staging/wlan-ng/hfa384x_usb.c index fa1bf8b069fd..2720f7319a3d 100644 --- a/drivers/staging/wlan-ng/hfa384x_usb.c +++ b/drivers/staging/wlan-ng/hfa384x_usb.c @@ -524,13 +524,8 @@ static void hfa384x_usb_defer(struct work_struct *data) */ void hfa384x_create(struct hfa384x *hw, struct usb_device *usb) { - memset(hw, 0, sizeof(*hw)); hw->usb = usb; - /* set up the endpoints */ - hw->endp_in = usb_rcvbulkpipe(usb, 1); - hw->endp_out = usb_sndbulkpipe(usb, 2); - /* Set up the waitq */ init_waitqueue_head(&hw->cmdq); diff --git a/drivers/staging/wlan-ng/prism2usb.c b/drivers/staging/wlan-ng/prism2usb.c index 456603fd26c0..4b08dc1da4f9 100644 --- a/drivers/staging/wlan-ng/prism2usb.c +++ b/drivers/staging/wlan-ng/prism2usb.c @@ -61,23 +61,14 @@ static int prism2sta_probe_usb(struct usb_interface *interface, const struct usb_device_id *id) { struct usb_device *dev; - const struct usb_endpoint_descriptor *epd; - const struct usb_host_interface *iface_desc = interface->cur_altsetting; + struct usb_endpoint_descriptor *bulk_in, *bulk_out; + struct usb_host_interface *iface_desc = interface->cur_altsetting; struct wlandevice *wlandev = NULL; struct hfa384x *hw = NULL; int result = 0; - if (iface_desc->desc.bNumEndpoints != 2) { - result = -ENODEV; - goto failed; - } - - result = -EINVAL; - epd = &iface_desc->endpoint[1].desc; - if (!usb_endpoint_is_bulk_in(epd)) - goto failed; - epd = &iface_desc->endpoint[2].desc; - if (!usb_endpoint_is_bulk_out(epd)) + result = usb_find_common_endpoints(iface_desc, &bulk_in, &bulk_out, NULL, NULL); + if (result) goto failed; dev = interface_to_usbdev(interface); @@ -96,6 +87,8 @@ static int prism2sta_probe_usb(struct usb_interface *interface, } /* Initialize the hw data */ + hw->endp_in = usb_rcvbulkpipe(dev, bulk_in->bEndpointAddress); + hw->endp_out = usb_sndbulkpipe(dev, bulk_out->bEndpointAddress); hfa384x_create(hw, dev); hw->wlandev = wlandev; -- 2.28.0

4 years, 4 months

1
0
0 0

[PATCH] pinctrl: cherryview: Add quirk with custom translation of ACPI GPIO numbers

by Michal Stanek

Dropping custom Linux GPIO translation caused some Intel_Strago based Chromebooks with old firmware to detect GPIOs incorrectly. Add quirk which restores some code removed by commit 03c4749dd6c7ff94 ("gpio / ACPI: Drop unnecessary ACPI GPIO to Linux GPIO translation"). Fixes: 03c4749dd6c7ff94 ("gpio / ACPI: Drop unnecessary ACPI GPIO to Linux GPIO translation") Cc: <stable(a)vger.kernel.org> Reported-by: Alex Levin <levinale(a)chromium.org> Signed-off-by: Michal Stanek <mst(a)semihalf.com> --- drivers/gpio/gpiolib-acpi.c | 102 ++++++++++++++++++++- drivers/pinctrl/intel/pinctrl-cherryview.c | 63 ++++++++++--- 2 files changed, 150 insertions(+), 15 deletions(-) diff --git a/drivers/gpio/gpiolib-acpi.c b/drivers/gpio/gpiolib-acpi.c index 31fee5e918b7..b5358facf3fb 100644 --- a/drivers/gpio/gpiolib-acpi.c +++ b/drivers/gpio/gpiolib-acpi.c @@ -23,6 +23,7 @@ #define QUIRK_NO_EDGE_EVENTS_ON_BOOT 0x01l #define QUIRK_NO_WAKEUP 0x02l +#define QUIRK_NEED_ACPI_GPIO_TRANSLATION 0x04l static int run_edge_events_on_boot = -1; module_param(run_edge_events_on_boot, int, 0444); @@ -34,6 +35,11 @@ module_param(honor_wakeup, int, 0444); MODULE_PARM_DESC(honor_wakeup, "Honor the ACPI wake-capable flag: 0=no, 1=yes, -1=auto"); +static int need_acpi_gpio_translation = -1; +module_param(need_acpi_gpio_translation, int, 0444); +MODULE_PARM_DESC(need_acpi_gpio_translation, + "Do custom ACPI GPIO number translation: 0=no, 1=yes, -1=auto"); + /** * struct acpi_gpio_event - ACPI GPIO event handler data * @@ -98,6 +104,62 @@ static int acpi_gpiochip_find(struct gpio_chip *gc, void *data) return ACPI_HANDLE(gc->parent) == data; } +#ifdef CONFIG_PINCTRL +/** + * acpi_gpiochip_pin_to_gpio_offset() - translates ACPI GPIO to Linux GPIO + * @gdev: GPIO device + * @pin: ACPI GPIO pin number from GpioIo/GpioInt resource + * + * Function takes ACPI GpioIo/GpioInt pin number as a parameter and + * translates it to a corresponding offset suitable to be passed to a + * GPIO controller driver. + * + * Typically the returned offset is same as @pin, but if the GPIO + * controller uses pin controller and the mapping is not contiguous the + * offset might be different. + */ +static int acpi_gpiochip_pin_to_gpio_offset(struct gpio_device *gdev, int pin) +{ + struct gpio_pin_range *pin_range; + + /* Only do translation on selected platforms */ + if (!need_acpi_gpio_translation) + return pin; + + /* If there are no ranges in this chip, use 1:1 mapping */ + if (list_empty(&gdev->pin_ranges)) + return pin; + + list_for_each_entry(pin_range, &gdev->pin_ranges, node) { + const struct pinctrl_gpio_range *range = &pin_range->range; + int i; + + if (range->pins) { + for (i = 0; i < range->npins; i++) { + if (range->pins[i] == pin) + return range->base + i - gdev->base; + } + } else { + if (pin >= range->pin_base && + pin < range->pin_base + range->npins) { + unsigned int gpio_base; + + gpio_base = range->base - gdev->base; + return gpio_base + pin - range->pin_base; + } + } + } + + return -EINVAL; +} +#else +static inline int acpi_gpiochip_pin_to_gpio_offset(struct gpio_device *gdev, + int pin) +{ + return pin; +} +#endif + /** * acpi_get_gpiod() - Translate ACPI GPIO pin to GPIO descriptor usable with GPIO API * @path: ACPI GPIO controller full path name, (e.g. "\\_SB.GPO1") @@ -113,6 +175,7 @@ static struct gpio_desc *acpi_get_gpiod(char *path, int pin) struct gpio_chip *chip; acpi_handle handle; acpi_status status; + int offset; status = acpi_get_handle(NULL, path, &handle); if (ACPI_FAILURE(status)) @@ -122,7 +185,11 @@ static struct gpio_desc *acpi_get_gpiod(char *path, int pin) if (!chip) return ERR_PTR(-EPROBE_DEFER); - return gpiochip_get_desc(chip, pin); + offset = acpi_gpiochip_pin_to_gpio_offset(chip->gpiodev, pin); + if (offset < 0) + return ERR_PTR(offset); + + return gpiochip_get_desc(chip, offset); } static irqreturn_t acpi_gpio_irq_handler(int irq, void *data) @@ -236,6 +303,10 @@ static acpi_status acpi_gpiochip_alloc_event(struct acpi_resource *ares, if (!handler) return AE_OK; + pin = acpi_gpiochip_pin_to_gpio_offset(chip->gpiodev, pin); + if (pin < 0) + return AE_BAD_PARAMETER; + desc = gpiochip_request_own_desc(chip, pin, "ACPI:Event", GPIO_ACTIVE_HIGH, GPIOD_IN); if (IS_ERR(desc)) { @@ -958,6 +1029,12 @@ acpi_gpio_adr_space_handler(u32 function, acpi_physical_address address, struct gpio_desc *desc; bool found; + pin = acpi_gpiochip_pin_to_gpio_offset(chip->gpiodev, pin); + if (pin < 0) { + status = AE_BAD_PARAMETER; + goto out; + } + mutex_lock(&achip->conn_lock); found = false; @@ -1086,7 +1163,11 @@ acpi_gpiochip_parse_own_gpio(struct acpi_gpio_chip *achip, if (ret < 0) return ERR_PTR(ret); - desc = gpiochip_get_desc(chip, gpios[0]); + ret = acpi_gpiochip_pin_to_gpio_offset(chip->gpiodev, gpios[0]); + if (ret < 0) + return ERR_PTR(ret); + + desc = gpiochip_get_desc(chip, ret); if (IS_ERR(desc)) return desc; @@ -1360,6 +1441,17 @@ static const struct dmi_system_id gpiolib_acpi_quirks[] = { }, .driver_data = (void *)QUIRK_NO_WAKEUP, }, + { + /* + * Some Braswell based Google Chromebooks need custom ACPI GPIO + * number translation due to hardcoded GPIO numbers in firmware. + */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "GOOGLE"), + DMI_MATCH(DMI_PRODUCT_FAMILY, "Intel_Strago"), + }, + .driver_data = (void *)QUIRK_NEED_ACPI_GPIO_TRANSLATION, + }, {} /* Terminating entry */ }; @@ -1385,6 +1477,12 @@ static int acpi_gpio_setup_params(void) else honor_wakeup = 1; } + if (need_acpi_gpio_translation < 0) { + if (quirks & QUIRK_NEED_ACPI_GPIO_TRANSLATION) + need_acpi_gpio_translation = 1; + else + need_acpi_gpio_translation = 0; + } return 0; } diff --git a/drivers/pinctrl/intel/pinctrl-cherryview.c b/drivers/pinctrl/intel/pinctrl-cherryview.c index 4c74fdde576d..dd190ac6b11c 100644 --- a/drivers/pinctrl/intel/pinctrl-cherryview.c +++ b/drivers/pinctrl/intel/pinctrl-cherryview.c @@ -119,6 +119,7 @@ struct chv_gpio_pinrange { * @nfunctions: Number of functions * @gpio_ranges: An array of GPIO ranges in this community * @ngpio_ranges: Number of GPIO ranges + * @ngpios: Total number of GPIOs in this community * @nirqs: Total number of IRQs this community can generate * @acpi_space_id: An address space ID for ACPI OpRegion handler */ @@ -132,6 +133,7 @@ struct chv_community { size_t nfunctions; const struct chv_gpio_pinrange *gpio_ranges; size_t ngpio_ranges; + size_t ngpios; size_t nirqs; acpi_adr_space_type acpi_space_id; }; @@ -380,6 +382,7 @@ static const struct chv_community southwest_community = { .nfunctions = ARRAY_SIZE(southwest_functions), .gpio_ranges = southwest_gpio_ranges, .ngpio_ranges = ARRAY_SIZE(southwest_gpio_ranges), + .ngpios = ARRAY_SIZE(southwest_pins), /* * Southwest community can generate GPIO interrupts only for the * first 8 interrupts. The upper half (8-15) can only be used to @@ -469,6 +472,7 @@ static const struct chv_community north_community = { .npins = ARRAY_SIZE(north_pins), .gpio_ranges = north_gpio_ranges, .ngpio_ranges = ARRAY_SIZE(north_gpio_ranges), + .ngpios = ARRAY_SIZE(north_pins), /* * North community can generate GPIO interrupts only for the first * 8 interrupts. The upper half (8-15) can only be used to trigger @@ -517,6 +521,7 @@ static const struct chv_community east_community = { .npins = ARRAY_SIZE(east_pins), .gpio_ranges = east_gpio_ranges, .ngpio_ranges = ARRAY_SIZE(east_gpio_ranges), + .ngpios = ARRAY_SIZE(east_pins), .nirqs = 16, .acpi_space_id = 0x93, }; @@ -643,6 +648,7 @@ static const struct chv_community southeast_community = { .nfunctions = ARRAY_SIZE(southeast_functions), .gpio_ranges = southeast_gpio_ranges, .ngpio_ranges = ARRAY_SIZE(southeast_gpio_ranges), + .ngpios = ARRAY_SIZE(southeast_pins), .nirqs = 16, .acpi_space_id = 0x94, }; @@ -1236,14 +1242,39 @@ static struct pinctrl_desc chv_pinctrl_desc = { .owner = THIS_MODULE, }; +static const struct dmi_system_id need_acpi_gpio_translation[] = { + { + /* + * Some Braswell based Google Chromebooks need custom ACPI GPIO + * number translation due to hardcoded GPIO numbers in firmware. + */ + .ident = "Intel_Strago based Chromebooks (All models)", + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "GOOGLE"), + DMI_MATCH(DMI_PRODUCT_FAMILY, "Intel_Strago"), + }, + }, +}; + +static unsigned int chv_gpio_offset_to_pin(struct chv_pinctrl *pctrl, + unsigned int offset) +{ + /* Mapping is not 1:1 on some platforms */ + if (dmi_check_system(need_acpi_gpio_translation)) + return pctrl->community->pins[offset].number; + else + return offset; +} + static int chv_gpio_get(struct gpio_chip *chip, unsigned int offset) { struct chv_pinctrl *pctrl = gpiochip_get_data(chip); + unsigned int pin = chv_gpio_offset_to_pin(pctrl, offset); unsigned long flags; u32 ctrl0, cfg; raw_spin_lock_irqsave(&chv_lock, flags); - ctrl0 = readl(chv_padreg(pctrl, offset, CHV_PADCTRL0)); + ctrl0 = readl(chv_padreg(pctrl, pin, CHV_PADCTRL0)); raw_spin_unlock_irqrestore(&chv_lock, flags); cfg = ctrl0 & CHV_PADCTRL0_GPIOCFG_MASK; @@ -1257,13 +1288,14 @@ static int chv_gpio_get(struct gpio_chip *chip, unsigned int offset) static void chv_gpio_set(struct gpio_chip *chip, unsigned int offset, int value) { struct chv_pinctrl *pctrl = gpiochip_get_data(chip); + unsigned int pin = chv_gpio_offset_to_pin(pctrl, offset); unsigned long flags; void __iomem *reg; u32 ctrl0; raw_spin_lock_irqsave(&chv_lock, flags); - reg = chv_padreg(pctrl, offset, CHV_PADCTRL0); + reg = chv_padreg(pctrl, pin, CHV_PADCTRL0); ctrl0 = readl(reg); if (value) @@ -1279,11 +1311,12 @@ static void chv_gpio_set(struct gpio_chip *chip, unsigned int offset, int value) static int chv_gpio_get_direction(struct gpio_chip *chip, unsigned int offset) { struct chv_pinctrl *pctrl = gpiochip_get_data(chip); + unsigned int pin = chv_gpio_offset_to_pin(pctrl, offset); u32 ctrl0, direction; unsigned long flags; raw_spin_lock_irqsave(&chv_lock, flags); - ctrl0 = readl(chv_padreg(pctrl, offset, CHV_PADCTRL0)); + ctrl0 = readl(chv_padreg(pctrl, pin, CHV_PADCTRL0)); raw_spin_unlock_irqrestore(&chv_lock, flags); direction = ctrl0 & CHV_PADCTRL0_GPIOCFG_MASK; @@ -1322,7 +1355,7 @@ static void chv_gpio_irq_ack(struct irq_data *d) { struct gpio_chip *gc = irq_data_get_irq_chip_data(d); struct chv_pinctrl *pctrl = gpiochip_get_data(gc); - int pin = irqd_to_hwirq(d); + unsigned int pin = chv_gpio_offset_to_pin(pctrl, irqd_to_hwirq(d)); u32 intr_line; raw_spin_lock(&chv_lock); @@ -1339,7 +1372,7 @@ static void chv_gpio_irq_mask_unmask(struct irq_data *d, bool mask) { struct gpio_chip *gc = irq_data_get_irq_chip_data(d); struct chv_pinctrl *pctrl = gpiochip_get_data(gc); - int pin = irqd_to_hwirq(d); + unsigned int pin = chv_gpio_offset_to_pin(pctrl, irqd_to_hwirq(d)); u32 value, intr_line; unsigned long flags; @@ -1384,7 +1417,8 @@ static unsigned chv_gpio_irq_startup(struct irq_data *d) if (irqd_get_trigger_type(d) == IRQ_TYPE_NONE) { struct gpio_chip *gc = irq_data_get_irq_chip_data(d); struct chv_pinctrl *pctrl = gpiochip_get_data(gc); - unsigned int pin = irqd_to_hwirq(d); + unsigned int offset = irqd_to_hwirq(d); + unsigned int pin = chv_gpio_offset_to_pin(pctrl, offset); irq_flow_handler_t handler; unsigned long flags; u32 intsel, value; @@ -1402,7 +1436,7 @@ static unsigned chv_gpio_irq_startup(struct irq_data *d) if (!pctrl->intr_lines[intsel]) { irq_set_handler_locked(d, handler); - pctrl->intr_lines[intsel] = pin; + pctrl->intr_lines[intsel] = offset; } raw_spin_unlock_irqrestore(&chv_lock, flags); } @@ -1415,7 +1449,8 @@ static int chv_gpio_irq_type(struct irq_data *d, unsigned int type) { struct gpio_chip *gc = irq_data_get_irq_chip_data(d); struct chv_pinctrl *pctrl = gpiochip_get_data(gc); - unsigned int pin = irqd_to_hwirq(d); + unsigned int offset = irqd_to_hwirq(d); + unsigned int pin = chv_gpio_offset_to_pin(pctrl, offset); unsigned long flags; u32 value; @@ -1461,7 +1496,7 @@ static int chv_gpio_irq_type(struct irq_data *d, unsigned int type) value &= CHV_PADCTRL0_INTSEL_MASK; value >>= CHV_PADCTRL0_INTSEL_SHIFT; - pctrl->intr_lines[value] = pin; + pctrl->intr_lines[value] = offset; if (type & IRQ_TYPE_EDGE_BOTH) irq_set_handler_locked(d, handle_edge_irq); @@ -1591,17 +1626,19 @@ static int chv_gpio_add_pin_ranges(struct gpio_chip *chip) struct chv_pinctrl *pctrl = gpiochip_get_data(chip); const struct chv_community *community = pctrl->community; const struct chv_gpio_pinrange *range; - int ret, i; + int ret, i, offset; - for (i = 0; i < community->ngpio_ranges; i++) { + for (i = 0, offset = 0; i < community->ngpio_ranges; i++) { range = &community->gpio_ranges[i]; ret = gpiochip_add_pin_range(chip, dev_name(pctrl->dev), - range->base, range->base, + offset, range->base, range->npins); if (ret) { dev_err(pctrl->dev, "failed to add GPIO pin range\n"); return ret; } + + offset += range->npins; } return 0; @@ -1617,7 +1654,7 @@ static int chv_gpio_probe(struct chv_pinctrl *pctrl, int irq) *chip = chv_gpio_chip; - chip->ngpio = community->pins[community->npins - 1].number + 1; + chip->ngpio = community->ngpios; chip->label = dev_name(pctrl->dev); chip->add_pin_ranges = chv_gpio_add_pin_ranges; chip->parent = pctrl->dev; -- 2.17.1

4 years, 4 months

7
15
0 0

patch "mei: hdcp: fix mei_hdcp_verify_mprime() input parameter" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mei: hdcp: fix mei_hdcp_verify_mprime() input parameter to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 51072c0f5b5e98a035c6f63b83ba2afedbb7accd Mon Sep 17 00:00:00 2001 From: Tomas Winkler <tomas.winkler(a)intel.com> Date: Tue, 18 Aug 2020 10:54:06 +0300 Subject: mei: hdcp: fix mei_hdcp_verify_mprime() input parameter wired_cmd_repeater_auth_stream_req_in has a variable length array at the end. we use struct_size() overflow macro to determine the size for the allocation and sending size. This also fixes bug in case number of streams is > 0 in the original submission. This bug was not triggered as the number of streams is always one. Fixes: c56967d674e3 (mei: hdcp: Replace one-element array with flexible-array member) Fixes: 0a1af1b5c18d (misc/mei/hdcp: Verify M_prime) Cc: <stable(a)vger.kernel.org> # v5.1+: c56967d674e3 (mei: hdcp: Replace one-element array with flexible-array member) Signed-off-by: Tomas Winkler <tomas.winkler(a)intel.com> Reviewed-by: Gustavo A. R. Silva <gustavoars(a)kernel.org> Link: https://lore.kernel.org/r/20200818075406.2532605-1-tomas.winkler@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/misc/mei/hdcp/mei_hdcp.c | 40 +++++++++++++++++++------------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/drivers/misc/mei/hdcp/mei_hdcp.c b/drivers/misc/mei/hdcp/mei_hdcp.c index d1d3e025ca0e..9ae9669e46ea 100644 --- a/drivers/misc/mei/hdcp/mei_hdcp.c +++ b/drivers/misc/mei/hdcp/mei_hdcp.c @@ -546,38 +546,46 @@ static int mei_hdcp_verify_mprime(struct device *dev, struct hdcp_port_data *data, struct hdcp2_rep_stream_ready *stream_ready) { - struct wired_cmd_repeater_auth_stream_req_in - verify_mprime_in = { { 0 } }; + struct wired_cmd_repeater_auth_stream_req_in *verify_mprime_in; struct wired_cmd_repeater_auth_stream_req_out verify_mprime_out = { { 0 } }; struct mei_cl_device *cldev; ssize_t byte; + size_t cmd_size; if (!dev || !stream_ready || !data) return -EINVAL; cldev = to_mei_cl_device(dev); - verify_mprime_in.header.api_version = HDCP_API_VERSION; - verify_mprime_in.header.command_id = WIRED_REPEATER_AUTH_STREAM_REQ; - verify_mprime_in.header.status = ME_HDCP_STATUS_SUCCESS; - verify_mprime_in.header.buffer_len = + cmd_size = struct_size(verify_mprime_in, streams, data->k); + if (cmd_size == SIZE_MAX) + return -EINVAL; + + verify_mprime_in = kzalloc(cmd_size, GFP_KERNEL); + if (!verify_mprime_in) + return -ENOMEM; + + verify_mprime_in->header.api_version = HDCP_API_VERSION; + verify_mprime_in->header.command_id = WIRED_REPEATER_AUTH_STREAM_REQ; + verify_mprime_in->header.status = ME_HDCP_STATUS_SUCCESS; + verify_mprime_in->header.buffer_len = WIRED_CMD_BUF_LEN_REPEATER_AUTH_STREAM_REQ_MIN_IN; - verify_mprime_in.port.integrated_port_type = data->port_type; - verify_mprime_in.port.physical_port = (u8)data->fw_ddi; - verify_mprime_in.port.attached_transcoder = (u8)data->fw_tc; + verify_mprime_in->port.integrated_port_type = data->port_type; + verify_mprime_in->port.physical_port = (u8)data->fw_ddi; + verify_mprime_in->port.attached_transcoder = (u8)data->fw_tc; + + memcpy(verify_mprime_in->m_prime, stream_ready->m_prime, HDCP_2_2_MPRIME_LEN); + drm_hdcp_cpu_to_be24(verify_mprime_in->seq_num_m, data->seq_num_m); - memcpy(verify_mprime_in.m_prime, stream_ready->m_prime, - HDCP_2_2_MPRIME_LEN); - drm_hdcp_cpu_to_be24(verify_mprime_in.seq_num_m, data->seq_num_m); - memcpy(verify_mprime_in.streams, data->streams, + memcpy(verify_mprime_in->streams, data->streams, array_size(data->k, sizeof(*data->streams))); - verify_mprime_in.k = cpu_to_be16(data->k); + verify_mprime_in->k = cpu_to_be16(data->k); - byte = mei_cldev_send(cldev, (u8 *)&verify_mprime_in, - sizeof(verify_mprime_in)); + byte = mei_cldev_send(cldev, (u8 *)verify_mprime_in, cmd_size); + kfree(verify_mprime_in); if (byte < 0) { dev_dbg(dev, "mei_cldev_send failed. %zd\n", byte); return byte; -- 2.28.0

4 years, 4 months

1
0
0 0

[PATCH] selftests: kvm: Use a shorter encoding to clear RAX

by Paolo Bonzini

From: Yang Weijiang <weijiang.yang(a)intel.com> If debug_regs.c is built with newer binutils, the resulting binary is "optimized" by the assembler: asm volatile("ss_start: " "xor %%rax,%%rax\n\t" "cpuid\n\t" "movl $0x1a0,%%ecx\n\t" "rdmsr\n\t" : : : "rax", "ecx"); is translated to : 000000000040194e <ss_start>: 40194e: 31 c0 xor %eax,%eax <----- rax->eax? 401950: 0f a2 cpuid 401952: b9 a0 01 00 00 mov $0x1a0,%ecx 401957: 0f 32 rdmsr As you can see rax is replaced with eax in target binary code. This causes a difference is the length of xor instruction (2 Byte vs 3 Byte), and makes the hard-coded instruction length check fail: /* Instruction lengths starting at ss_start */ int ss_size[4] = { 3, /* xor */ <-------- 2 or 3? 2, /* cpuid */ 5, /* mov */ 2, /* rdmsr */ }; Encode the shorter version directly and, while at it, fix the "clobbers" of the asm. Reported-by: Yang Weijiang <weijiang.yang(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> --- tools/testing/selftests/kvm/x86_64/debug_regs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/kvm/x86_64/debug_regs.c b/tools/testing/selftests/kvm/x86_64/debug_regs.c index 8162c58a1234..b8d14f9db5f9 100644 --- a/tools/testing/selftests/kvm/x86_64/debug_regs.c +++ b/tools/testing/selftests/kvm/x86_64/debug_regs.c @@ -40,11 +40,11 @@ static void guest_code(void) /* Single step test, covers 2 basic instructions and 2 emulated */ asm volatile("ss_start: " - "xor %%rax,%%rax\n\t" + "xor %%eax,%%eax\n\t" "cpuid\n\t" "movl $0x1a0,%%ecx\n\t" "rdmsr\n\t" - : : : "rax", "ecx"); + : : : "eax", "ebx", "ecx", "edx"); /* DR6.BD test */ asm volatile("bd_start: mov %%dr0, %%rax" : : : "rax"); -- 2.26.2

4 years, 4 months

3
2
0 0

[PATCH v7 3/6] tcp: use sendpage_ok() to detect misused .sendpage

by Coly Li

commit a10674bf2406 ("tcp: detecting the misuse of .sendpage for Slab objects") adds the checks for Slab pages, but the pages don't have page_count are still missing from the check. Network layer's sendpage method is not designed to send page_count 0 pages neither, therefore both PageSlab() and page_count() should be both checked for the sending page. This is exactly what sendpage_ok() does. This patch uses sendpage_ok() in do_tcp_sendpages() to detect misused .sendpage, to make the code more robust. Fixes: a10674bf2406 ("tcp: detecting the misuse of .sendpage for Slab objects") Suggested-by: Eric Dumazet <eric.dumazet(a)gmail.com> Signed-off-by: Coly Li <colyli(a)suse.de> Cc: Vasily Averin <vvs(a)virtuozzo.com> Cc: David S. Miller <davem(a)davemloft.net> Cc: stable(a)vger.kernel.org --- net/ipv4/tcp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 31f3b858db81..2135ee7c806d 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -970,7 +970,8 @@ ssize_t do_tcp_sendpages(struct sock *sk, struct page *page, int offset, long timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT); if (IS_ENABLED(CONFIG_DEBUG_VM) && - WARN_ONCE(PageSlab(page), "page must not be a Slab one")) + WARN_ONCE(!sendpage_ok(page), + "page must not be a Slab one and have page_count > 0")) return -EINVAL; /* Wait for a connection to finish. One exception is TCP Fast Open -- 2.26.2

4 years, 4 months

1
0
0 0

[PATCH v7 2/6] nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage()

by Coly Li

Currently nvme_tcp_try_send_data() doesn't use kernel_sendpage() to send slab pages. But for pages allocated by __get_free_pages() without __GFP_COMP, which also have refcount as 0, they are still sent by kernel_sendpage() to remote end, this is problematic. The new introduced helper sendpage_ok() checks both PageSlab tag and page_count counter, and returns true if the checking page is OK to be sent by kernel_sendpage(). This patch fixes the page checking issue of nvme_tcp_try_send_data() with sendpage_ok(). If sendpage_ok() returns true, send this page by kernel_sendpage(), otherwise use sock_no_sendpage to handle this page. Signed-off-by: Coly Li <colyli(a)suse.de> Cc: Chaitanya Kulkarni <chaitanya.kulkarni(a)wdc.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Hannes Reinecke <hare(a)suse.de> Cc: Jan Kara <jack(a)suse.com> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: Mikhail Skorzhinskii <mskorzhinskiy(a)solarflare.com> Cc: Philipp Reisner <philipp.reisner(a)linbit.com> Cc: Sagi Grimberg <sagi(a)grimberg.me> Cc: Vlastimil Babka <vbabka(a)suse.com> Cc: stable(a)vger.kernel.org --- drivers/nvme/host/tcp.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c index 62fbaecdc960..902fe742762b 100644 --- a/drivers/nvme/host/tcp.c +++ b/drivers/nvme/host/tcp.c @@ -912,12 +912,11 @@ static int nvme_tcp_try_send_data(struct nvme_tcp_request *req) else flags |= MSG_MORE | MSG_SENDPAGE_NOTLAST; - /* can't zcopy slab pages */ - if (unlikely(PageSlab(page))) { - ret = sock_no_sendpage(queue->sock, page, offset, len, + if (sendpage_ok(page)) { + ret = kernel_sendpage(queue->sock, page, offset, len, flags); } else { - ret = kernel_sendpage(queue->sock, page, offset, len, + ret = sock_no_sendpage(queue->sock, page, offset, len, flags); } if (ret <= 0) -- 2.26.2

4 years, 4 months

1
0
0 0

[PATCH v6 0/6] Introduce sendpage_ok() to detect misused sendpage in network related drivers

by Coly Li

This series was original by a bug fix in nvme-over-tcp driver which only checked whether a page was allocated from slab allcoator, but forgot to check its page_count: The page handled by sendpage should be neither a Slab page nor 0 page_count page. As Sagi Grimberg suggested, the original fix is refind to a more common inline routine: static inline bool sendpage_ok(struct page *page) { return (!PageSlab(page) && page_count(page) >= 1); } If sendpage_ok() returns true, the checking page can be handled by the zero copy sendpage method in network layer. The first patch in this series introduces sendpage_ok() in header file include/linux/net.h, the second patch fixes the page checking issue in nvme-over-tcp driver, the third patch adds page_count check by using sendpage_ok() in do_tcp_sendpages() as Eric Dumazet suggested, and all rested patches just replace existing open coded checks with the inline sendpage_ok() routine. Coly Li Cc: Chaitanya Kulkarni <chaitanya.kulkarni(a)wdc.com> Cc: Chris Leech <cleech(a)redhat.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Cong Wang <amwang(a)redhat.com> Cc: David S. Miller <davem(a)davemloft.net> Cc: Hannes Reinecke <hare(a)suse.de> Cc: Ilya Dryomov <idryomov(a)gmail.com> Cc: Jan Kara <jack(a)suse.com> Cc: Jeff Layton <jlayton(a)kernel.org> Cc: Jens Axboe <axboe(a)kernel.dk> Cc: Lee Duncan <lduncan(a)suse.com> Cc: Mike Christie <michaelc(a)cs.wisc.edu> Cc: Mikhail Skorzhinskii <mskorzhinskiy(a)solarflare.com> Cc: Philipp Reisner <philipp.reisner(a)linbit.com> Cc: Sagi Grimberg <sagi(a)grimberg.me> Cc: stable(a)vger.kernel.org Cc: Vasily Averin <vvs(a)virtuozzo.com> Cc: Vlastimil Babka <vbabka(a)suse.com> --- Changelog: v6: fix page check in do_tcp_sendpages(), and replace other open coded checks with sendpage_ok() in libceph, iscsi drivers. v5, include linux/mm.h in include/linux/net.h v4, change sendpage_ok() as an inline helper, and post it as separate patch. v3, introduce a more common sendpage_ok() v2, fix typo in patch subject v1, the initial version. Coly Li (6): net: introduce helper sendpage_ok() in include/linux/net.h nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() tcp: use sendpage_ok() to detect misused .sendpage drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() libceph: use sendpage_ok() in ceph_tcp_sendpage() drivers/block/drbd/drbd_main.c | 2 +- drivers/nvme/host/tcp.c | 7 +++---- drivers/scsi/libiscsi_tcp.c | 2 +- include/linux/net.h | 16 ++++++++++++++++ net/ceph/messenger.c | 2 +- net/ipv4/tcp.c | 3 ++- 6 files changed, 24 insertions(+), 8 deletions(-) -- 2.26.2

4 years, 4 months

1
3
0 0

patch "serial: samsung: Removes the IRQ not found warning" added to tty-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled serial: samsung: Removes the IRQ not found warning to my tty git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git in the tty-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. >From 8c6c378b0cbe0c9f1390986b5f8ffb5f6ff7593b Mon Sep 17 00:00:00 2001 From: Tamseel Shams <m.shams(a)samsung.com> Date: Mon, 10 Aug 2020 08:30:21 +0530 Subject: serial: samsung: Removes the IRQ not found warning In few older Samsung SoCs like s3c2410, s3c2412 and s3c2440, UART IP is having 2 interrupt lines. However, in other SoCs like s3c6400, s5pv210, exynos5433, and exynos4210 UART is having only 1 interrupt line. Due to this, "platform_get_irq(platdev, 1)" call in the driver gives the following false-positive error: "IRQ index 1 not found" on newer SoC's. This patch adds the condition to check for Tx interrupt only for the those SoC's which have 2 interrupt lines. Tested-by: Alim Akhtar <alim.akhtar(a)samsung.com> Tested-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Reviewed-by: Krzysztof Kozlowski <krzk(a)kernel.org> Reviewed-by: Alim Akhtar <alim.akhtar(a)samsung.com> Signed-off-by: Tamseel Shams <m.shams(a)samsung.com> Cc: stable <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20200810030021.45348-1-m.shams@samsung.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/tty/serial/samsung_tty.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/tty/serial/samsung_tty.c b/drivers/tty/serial/samsung_tty.c index 8ed3482d2e1e..8ae3e03fbd8c 100644 --- a/drivers/tty/serial/samsung_tty.c +++ b/drivers/tty/serial/samsung_tty.c @@ -1905,9 +1905,11 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport, ourport->tx_irq = ret + 1; } - ret = platform_get_irq(platdev, 1); - if (ret > 0) - ourport->tx_irq = ret; + if (!s3c24xx_serial_has_interrupt_mask(port)) { + ret = platform_get_irq(platdev, 1); + if (ret > 0) + ourport->tx_irq = ret; + } /* * DMA is currently supported only on DT platforms, if DMA properties * are specified. -- 2.28.0

4 years, 4 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror August 2020