Linux-stable-mirror

linux-stable-mirror@lists.linaro.org

285 participants
124115 discussions

Please apply this commit to v4.14.y: de0aa7b2f97d ("PCI: hv: Fix 2 hang issues in hv_compose_msi_msg()")

by Dexuan Cui

Hi, The patch has been in v4.15.y and v4.16.y, but not in v4.14.y: de0aa7b2f97d ("PCI: hv: Fix 2 hang issues in hv_compose_msi_msg()") The second issue described in the changelog of the commit can happen to v4.14.y too. Since the v4.14.y is a longterm kernel, we should apply the patch to it. I have verified the commit can be cherry-picked cleanly. Thanks! -- Dexuan

7 years, 7 months

[PATCH-RESEND] cxl: Disable prefault_mode in Radix mode

by Vaibhav Jain

From: Vaibhav Jain <vaibhav(a)linux.ibm.com> Currently we see a kernel-oops reported on Power-9 while attaching a context to an AFU, with radix-mode and sysfs attr 'prefault_mode' set to anything other than 'none'. The backtrace of the oops is of this form: Unable to handle kernel paging request for data at address 0x00000080 Faulting instruction address: 0xc00800000bcf3b20 cpu 0x1: Vector: 300 (Data Access) at [c00000037f003800] pc: c00800000bcf3b20: cxl_load_segment+0x178/0x290 [cxl] lr: c00800000bcf39f0: cxl_load_segment+0x48/0x290 [cxl] sp: c00000037f003a80 msr: 9000000000009033 dar: 80 dsisr: 40000000 current = 0xc00000037f280000 paca = 0xc0000003ffffe600 softe: 3 irq_happened: 0x01 pid = 3529, comm = afp_no_int <snip> [c00000037f003af0] c00800000bcf4424 cxl_prefault+0xfc/0x248 [cxl] [c00000037f003b50] c00800000bcf8a40 process_element_entry_psl9+0xd8/0x1a0 [cxl] [c00000037f003b90] c00800000bcf944c cxl_attach_dedicated_process_psl9+0x44/0x130 [cxl] [c00000037f003bd0] c00800000bcf5448 native_attach_process+0xc0/0x130 [cxl] [c00000037f003c50] c00800000bcf16cc afu_ioctl+0x3f4/0x5e0 [cxl] [c00000037f003d00] c00000000039d98c do_vfs_ioctl+0xdc/0x890 [c00000037f003da0] c00000000039e1a8 ksys_ioctl+0x68/0xf0 [c00000037f003df0] c00000000039e270 sys_ioctl+0x40/0xa0 [c00000037f003e30] c00000000000b320 system_call+0x58/0x6c --- Exception: c01 (System Call) at 0000000010053bb0 The issue is caused as on Power-8 the AFU attr 'prefault_mode' was used to improve initial storage fault performance by prefaulting process segments. However on Power-9 with radix mode we don't have Storage-Segments that we can prefault. Also prefaulting process Pages will be too costly and fine-grained. Hence, since the prefaulting mechanism doesn't makes sense of radix-mode, this patch updates prefault_mode_store() to not allow any other value apart from CXL_PREFAULT_NONE when radix mode is enabled. Cc: <stable(a)vger.kernel.org> Fixes: f24be42aab37 ("cxl: Add psl9 specific code") Signed-off-by: Vaibhav Jain <vaibhav(a)linux.ibm.com> --- Change-log: Resend -> Updated the commit description to add more info on the issue seen [Andrew] --- Documentation/ABI/testing/sysfs-class-cxl | 4 +++- drivers/misc/cxl/sysfs.c | 16 ++++++++++++---- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/Documentation/ABI/testing/sysfs-class-cxl b/Documentation/ABI/testing/sysfs-class-cxl index 640f65e79ef1..267920a1874b 100644 --- a/Documentation/ABI/testing/sysfs-class-cxl +++ b/Documentation/ABI/testing/sysfs-class-cxl @@ -69,7 +69,9 @@ Date: September 2014 Contact: linuxppc-dev(a)lists.ozlabs.org Description: read/write Set the mode for prefaulting in segments into the segment table - when performing the START_WORK ioctl. Possible values: + when performing the START_WORK ioctl. Only applicable when + running under hashed page table mmu. + Possible values: none: No prefaulting (default) work_element_descriptor: Treat the work element descriptor as an effective address and diff --git a/drivers/misc/cxl/sysfs.c b/drivers/misc/cxl/sysfs.c index 4b5a4c5d3c01..629e2e156412 100644 --- a/drivers/misc/cxl/sysfs.c +++ b/drivers/misc/cxl/sysfs.c @@ -353,12 +353,20 @@ static ssize_t prefault_mode_store(struct device *device, struct cxl_afu *afu = to_cxl_afu(device); enum prefault_modes mode = -1; - if (!strncmp(buf, "work_element_descriptor", 23)) - mode = CXL_PREFAULT_WED; - if (!strncmp(buf, "all", 3)) - mode = CXL_PREFAULT_ALL; if (!strncmp(buf, "none", 4)) mode = CXL_PREFAULT_NONE; + else { + if (!radix_enabled()) { + + /* only allowed when not in radix mode */ + if (!strncmp(buf, "work_element_descriptor", 23)) + mode = CXL_PREFAULT_WED; + if (!strncmp(buf, "all", 3)) + mode = CXL_PREFAULT_ALL; + } else { + dev_err(device, "Cannot prefault with radix enabled\n"); + } + } if (mode == -1) return -EINVAL; -- 2.17.0

7 years, 7 months

Re: [PATCH 0/4] lib/vsprintf: Remove atomic-unsafe support for printk format %pCr

by Petr Mladek

On Fri 2018-06-01 13:47:38, Petr Mladek wrote: > On Fri 2018-06-01 06:00:47, Linus Torvalds wrote: > > On Fri, Jun 1, 2018 at 4:29 AM Geert Uytterhoeven > > <geert+renesas(a)glider.be> wrote: > > > > > > This patch series: > > > - Changes all existing users of "%pCr" to print the result of > > > clk_get_rate() directly, which is safe as they all do this in task > > > context only, > > > - Removes support for the "%pCr" printk format. > > > > Looks good to me. > > > > What tree will this go through? The normal printk one? Just checking > > that this doesn't end up falling through the cracks because nobody > > knows who would take it... > > I will take it via printk.git. There already is bunch of vsprintf > changes for-4.18. It is in printk.git, branch for-4.18-vsprintf-pcr-removal now. Also I have added Cc: stable(a)vger.kernel.org into the commit messages. Best Regards, Petr

7 years, 7 months

[PATCH] vmw_balloon: fixing double free when batching mode is off

by Nadav Amit

From: Gil Kupfer <gilkup(a)gmail.com> The balloon.page field is used for two different purposes if paging is on or off. If batching is on, the field point to the page which is used to communicate with with the hypervisor. If it is off, balloon.page points to the page that is about to be (un)locked. Unfortunately, this dual-purpose of the field introduced a bug: when the balloon is popped (e.g., when the machine is reset or the balloon driver is explicitly removed), the balloon driver frees, unconditionally, the page that is held in balloon.page. As a result, if batching is disabled, this leads to double freeing the last page that is sent to the hypervisor. batching and pointer to current page otherwise. When the balloon is popped (during reset or rmmode), it tries to free the communication page. If batching is disabled, this leads to double free of the last page sent to the backend. The following error occurs during rmmod when kernel checkers are on, and the balloon is not empty: [ 42.307653] ------------[ cut here ]------------ [ 42.307657] Kernel BUG at ffffffffba1e4b28 [verbose debug info unavailable] [ 42.307720] invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC [ 42.312512] Modules linked in: vmw_vsock_vmci_transport vsock ppdev joydev vmw_balloon(-) input_leds serio_raw vmw_vmci parport_pc shpchp parport i2c_piix4 nfit mac_hid autofs4 vmwgfx drm_kms_helper hid_generic syscopyarea sysfillrect usbhid sysimgblt fb_sys_fops hid ttm mptspi scsi_transport_spi ahci mptscsih drm psmouse vmxnet3 libahci mptbase pata_acpi [ 42.312766] CPU: 10 PID: 1527 Comm: rmmod Not tainted 4.12.0+ #5 [ 42.312803] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 09/30/2016 [ 42.313042] task: ffff9bf9680f8000 task.stack: ffffbfefc1638000 [ 42.313290] RIP: 0010:__free_pages+0x38/0x40 [ 42.313510] RSP: 0018:ffffbfefc163be98 EFLAGS: 00010246 [ 42.313731] RAX: 000000000000003e RBX: ffffffffc02b9720 RCX: 0000000000000006 [ 42.313972] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff9bf97e08e0a0 [ 42.314201] RBP: ffffbfefc163be98 R08: 0000000000000000 R09: 0000000000000000 [ 42.314435] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffc02b97e4 [ 42.314505] R13: ffffffffc02b9748 R14: ffffffffc02b9728 R15: 0000000000000200 [ 42.314550] FS: 00007f3af5fec700(0000) GS:ffff9bf97e080000(0000) knlGS:0000000000000000 [ 42.314599] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.314635] CR2: 00007f44f6f4ab24 CR3: 00000003a7d12000 CR4: 00000000000006e0 [ 42.314864] Call Trace: [ 42.315774] vmballoon_pop+0x102/0x130 [vmw_balloon] [ 42.315816] vmballoon_exit+0x42/0xd64 [vmw_balloon] [ 42.315853] SyS_delete_module+0x1e2/0x250 [ 42.315891] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 42.315924] RIP: 0033:0x7f3af5b0e8e7 [ 42.315949] RSP: 002b:00007fffe6ce0148 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 [ 42.315996] RAX: ffffffffffffffda RBX: 000055be676401e0 RCX: 00007f3af5b0e8e7 [ 42.316951] RDX: 000000000000000a RSI: 0000000000000800 RDI: 000055be67640248 [ 42.317887] RBP: 0000000000000003 R08: 0000000000000000 R09: 1999999999999999 [ 42.318845] R10: 0000000000000883 R11: 0000000000000206 R12: 00007fffe6cdf130 [ 42.319755] R13: 0000000000000000 R14: 0000000000000000 R15: 000055be676401e0 [ 42.320606] Code: c0 74 1c f0 ff 4f 1c 74 02 5d c3 85 f6 74 07 e8 0f d8 ff ff 5d c3 31 f6 e8 c6 fb ff ff 5d c3 48 c7 c6 c8 0f c5 ba e8 58 be 02 00 <0f> 0b 66 0f 1f 44 00 00 66 66 66 66 90 48 85 ff 75 01 c3 55 48 [ 42.323462] RIP: __free_pages+0x38/0x40 RSP: ffffbfefc163be98 [ 42.325735] ---[ end trace 872e008e33f81508 ]--- To solve the bug, we eliminate the dual purpose of balloon.page. Fixes: 220a80f0c2e7 ("VMware balloon: add batching to the vmw_balloon.") Cc: stable(a)vger.kernel.org Reported-by: Oleksandr Natalenko <onatalen(a)redhat.com> Signed-off-by: Gil Kupfer <gilkup(a)gmail.com> Signed-off-by: Nadav Amit <namit(a)vmware.com> Reviewed-by: Xavier Deguillard <xdeguillard(a)vmware.com> --- drivers/misc/vmw_balloon.c | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) diff --git a/drivers/misc/vmw_balloon.c b/drivers/misc/vmw_balloon.c index 9047c0a529b2..efd733472a35 100644 --- a/drivers/misc/vmw_balloon.c +++ b/drivers/misc/vmw_balloon.c @@ -576,15 +576,9 @@ static void vmballoon_pop(struct vmballoon *b) } } - if (b->batch_page) { - vunmap(b->batch_page); - b->batch_page = NULL; - } - - if (b->page) { - __free_page(b->page); - b->page = NULL; - } + /* Clearing the batch_page unconditionally has no adverse effect */ + free_page((unsigned long)b->batch_page); + b->batch_page = NULL; } /* @@ -991,16 +985,13 @@ static const struct vmballoon_ops vmballoon_batched_ops = { static bool vmballoon_init_batching(struct vmballoon *b) { - b->page = alloc_page(VMW_PAGE_ALLOC_NOSLEEP); - if (!b->page) - return false; + struct page *page; - b->batch_page = vmap(&b->page, 1, VM_MAP, PAGE_KERNEL); - if (!b->batch_page) { - __free_page(b->page); + page = alloc_page(GFP_KERNEL | __GFP_ZERO); + if (!page) return false; - } + b->batch_page = page_address(page); return true; } -- 2.14.1

7 years, 7 months

[PATCH V4] scsi: hpsa: drop shutdown callback

by Sinan Kaya

'Commit cc27b735ad3a ("PCI/portdrv: Turn off PCIe services during shutdown")' has been added to kernel to shutdown pending PCIe port service interrupts during reboot so that a newly started kexec kernel wouldn't observe pending interrupts. pcie_port_device_remove() is disabling the root port and switches by calling pci_disable_device() after all PCIe service drivers are shutdown. This has been found to cause crashes on HP DL360 Gen9 machines during reboot due to hpsa driver not clearing the bus master bit during the shutdown procedure by calling pci_disable_device(). Disable device as part of the shutdown sequence. Signed-off-by: Sinan Kaya <okaya(a)codeaurora.org> Link: https://bugzilla.kernel.org/show_bug.cgi?id=199779 Fixes: cc27b735ad3a ("PCI/portdrv: Turn off PCIe services during shutdown") Cc: stable(a)vger.kernel.org Reported-by: Ryan Finnie <ryan(a)finnie.org> --- drivers/scsi/hpsa.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c index 3a9eca1..b92f86a 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -8869,7 +8869,7 @@ static void hpsa_disable_rld_caching(struct ctlr_info *h) kfree(options); } -static void hpsa_shutdown(struct pci_dev *pdev) +static void __hpsa_shutdown(struct pci_dev *pdev) { struct ctlr_info *h; @@ -8884,6 +8884,12 @@ static void hpsa_shutdown(struct pci_dev *pdev) hpsa_disable_interrupt_mode(h); /* pci_init 2 */ } +static void hpsa_shutdown(struct pci_dev *pdev) +{ + __hpsa_shutdown(pdev); + pci_disable_device(pdev); +} + static void hpsa_free_device_info(struct ctlr_info *h) { int i; @@ -8927,7 +8933,7 @@ static void hpsa_remove_one(struct pci_dev *pdev) scsi_remove_host(h->scsi_host); /* init_one 8 */ /* includes hpsa_free_irqs - init_one 4 */ /* includes hpsa_disable_interrupt_mode - pci_init 2 */ - hpsa_shutdown(pdev); + __hpsa_shutdown(pdev); hpsa_free_device_info(h); /* scan */ -- 2.7.4

7 years, 7 months

Re: [PATCH V3 2/2] scsi: hpsa: drop shutdown callback

by okaya＠codeaurora.org

On 2018-05-30 15:25, Don Brace wrote: >> -----Original Message----- >> From: Ryan Finnie [mailto:ryan@finnie.org] >> Sent: Tuesday, May 29, 2018 8:50 PM >> To: Sinan Kaya <okaya(a)codeaurora.org>; linux-pci(a)vger.kernel.org; >> timur(a)codeaurora.org >> Cc: linux-arm-msm(a)vger.kernel.org; >> linux-arm-kernel(a)lists.infradead.org; >> stable(a)vger.kernel.org; Don Brace <don.brace(a)microsemi.com>; James >> E.J. >> Bottomley <jejb(a)linux.vnet.ibm.com>; Martin K. Petersen >> <martin.petersen(a)oracle.com>; esc.storagedev >> <esc.storagedev(a)microsemi.com>; open list:HEWLETT-PACKARD SMART ARRAY >> RAID DRIVER (hpsa) <linux-scsi(a)vger.kernel.org>; open list <linux- >> kernel(a)vger.kernel.org> >> Subject: Re: [PATCH V3 2/2] scsi: hpsa: drop shutdown callback >> >> EXTERNAL EMAIL >> >> >> On 05/28/2018 02:21 PM, Sinan Kaya wrote: >> > 'Commit cc27b735ad3a ("PCI/portdrv: Turn off PCIe services during >> > shutdown")' has been added to kernel to shutdown pending PCIe port >> > service interrupts during reboot so that a newly started kexec kernel >> > wouldn't observe pending interrupts. >> > >> > pcie_port_device_remove() is disabling the root port and switches by >> > calling pci_disable_device() after all PCIe service drivers are shutdown. >> > >> > This has been found to cause crashes on HP DL360 Gen9 machines during >> > reboot due to hpsa driver not clearing the bus master bit during the >> > shutdown procedure by calling pci_disable_device(). >> > >> > Drop the shutdown API and do an orderly clean up by using the remove. >> > >> > Signed-off-by: Sinan Kaya <okaya(a)codeaurora.org> >> > Link: https://bugzilla.kernel.org/show_bug.cgi?id=199779 >> > Fixes: cc27b735ad3a ("PCI/portdrv: Turn off PCIe services during shutdown") >> > Cc: stable(a)vger.kernel.org >> > Reported-by: Ryan Finnie <ryan(a)finnie.org> >> >> Tested successfully on DL360 Gen9 and DL380 Gen9. >> >> Tested-by: Ryan Finnie <ryan(a)finnie.org> > > The shutdown path issues a cache flush to the controller. > Without this flush, you will see "Dirty Cache" messages at POST. > It is best to keep the shutdown path. > I have seen that shutdown() is also called from remove(). remove() is supposed to do a safe cleanup too. If it is leaving the hw in inconsistent state even though it is c lling shutdown , it is yet another bug. > Thanks, > Don Brace > ESC - Smart Storage > Microsemi Corporation

7 years, 7 months

[PATCH v12 1/5] ioremap: Update pgtable free interfaces with addr

by Chintan Pandya

From: Chintan Pandya <cpandya(a)codeaurora.org> The following kernel panic was observed on ARM64 platform due to a stale TLB entry. 1. ioremap with 4K size, a valid pte page table is set. 2. iounmap it, its pte entry is set to 0. 3. ioremap the same address with 2M size, update its pmd entry with a new value. 4. CPU may hit an exception because the old pmd entry is still in TLB, which leads to a kernel panic. Commit b6bdb7517c3d ("mm/vmalloc: add interfaces to free unmapped page table") has addressed this panic by falling to pte mappings in the above case on ARM64. To support pmd mappings in all cases, TLB purge needs to be performed in this case on ARM64. Add a new arg, 'addr', to pud_free_pmd_page() and pmd_free_pte_page() so that TLB purge can be added later in seprate patches. [toshi(a)hpe.com: merge changes, rewrite patch description] Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces") Signed-off-by: Chintan Pandya <cpandya(a)codeaurora.org> Signed-off-by: Toshi Kani <toshi.kani(a)hpe.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: <stable(a)vger.kernel.org> --- arch/arm64/mm/mmu.c | 4 ++-- arch/x86/mm/pgtable.c | 8 +++++--- include/asm-generic/pgtable.h | 8 ++++---- lib/ioremap.c | 4 ++-- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 493ff75..8ae5d7a 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -977,12 +977,12 @@ int pmd_clear_huge(pmd_t *pmdp) return 1; } -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return pud_none(*pud); } -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return pmd_none(*pmd); } diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c index ffc8c13..37e3cba 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -718,11 +718,12 @@ int pmd_clear_huge(pmd_t *pmd) /** * pud_free_pmd_page - Clear pud entry and free pmd page. * @pud: Pointer to a PUD. + * @addr: Virtual address associated with pud. * * Context: The pud range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pud_free_pmd_page(pud_t *pud) +int pud_free_pmd_page(pud_t *pud, unsigned long addr) { pmd_t *pmd; int i; @@ -733,7 +734,7 @@ int pud_free_pmd_page(pud_t *pud) pmd = (pmd_t *)pud_page_vaddr(*pud); for (i = 0; i < PTRS_PER_PMD; i++) - if (!pmd_free_pte_page(&pmd[i])) + if (!pmd_free_pte_page(&pmd[i], addr + (i * PMD_SIZE))) return 0; pud_clear(pud); @@ -745,11 +746,12 @@ int pud_free_pmd_page(pud_t *pud) /** * pmd_free_pte_page - Clear pmd entry and free pte page. * @pmd: Pointer to a PMD. + * @addr: Virtual address associated with pmd. * * Context: The pmd range has been unmaped and TLB purged. * Return: 1 if clearing the entry succeeded. 0 otherwise. */ -int pmd_free_pte_page(pmd_t *pmd) +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { pte_t *pte; diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h index f59639a..b081794 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h @@ -1019,8 +1019,8 @@ static inline int p4d_clear_huge(p4d_t *p4d) int pmd_set_huge(pmd_t *pmd, phys_addr_t addr, pgprot_t prot); int pud_clear_huge(pud_t *pud); int pmd_clear_huge(pmd_t *pmd); -int pud_free_pmd_page(pud_t *pud); -int pmd_free_pte_page(pmd_t *pmd); +int pud_free_pmd_page(pud_t *pud, unsigned long addr); +int pmd_free_pte_page(pmd_t *pmd, unsigned long addr); #else /* !CONFIG_HAVE_ARCH_HUGE_VMAP */ static inline int p4d_set_huge(p4d_t *p4d, phys_addr_t addr, pgprot_t prot) { @@ -1046,11 +1046,11 @@ static inline int pmd_clear_huge(pmd_t *pmd) { return 0; } -static inline int pud_free_pmd_page(pud_t *pud) +static inline int pud_free_pmd_page(pud_t *pud, unsigned long addr) { return 0; } -static inline int pmd_free_pte_page(pmd_t *pmd) +static inline int pmd_free_pte_page(pmd_t *pmd, unsigned long addr) { return 0; } diff --git a/lib/ioremap.c b/lib/ioremap.c index 54e5bba..517f585 100644 --- a/lib/ioremap.c +++ b/lib/ioremap.c @@ -92,7 +92,7 @@ static inline int ioremap_pmd_range(pud_t *pud, unsigned long addr, if (ioremap_pmd_enabled() && ((next - addr) == PMD_SIZE) && IS_ALIGNED(phys_addr + addr, PMD_SIZE) && - pmd_free_pte_page(pmd)) { + pmd_free_pte_page(pmd, addr)) { if (pmd_set_huge(pmd, phys_addr + addr, prot)) continue; } @@ -119,7 +119,7 @@ static inline int ioremap_pud_range(p4d_t *p4d, unsigned long addr, if (ioremap_pud_enabled() && ((next - addr) == PUD_SIZE) && IS_ALIGNED(phys_addr + addr, PUD_SIZE) && - pud_free_pmd_page(pud)) { + pud_free_pmd_page(pud, addr)) { if (pud_set_huge(pud, phys_addr + addr, prot)) continue; } -- Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center, Inc., is a member of Code Aurora Forum, a Linux Foundation Collaborative Project

7 years, 7 months

Linux 3.2.102

by Ben Hutchings

I'm announcing the release of the 3.2.102 kernel. All users of the 3.2 kernel series should upgrade. However, this is likely to be the final stable update for 3.2. Users should plan to switch to a newer longterm stable branch such as 4.14, 4.9 or 4.4 in the near future. The updated 3.2.y git tree can be found at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.2.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git The diff from 3.2.101 is attached to this message. Ben. ------------ Documentation/device-mapper/thin-provisioning.txt | 8 +- Documentation/filesystems/ext4.txt | 2 +- Makefile | 2 +- arch/alpha/kernel/pci_impl.h | 3 +- arch/alpha/kernel/process.c | 12 +-- arch/mips/boot/compressed/Makefile | 6 +- arch/mips/txx9/generic/setup.c | 12 +-- arch/mips/txx9/generic/setup_tx4939.c | 2 +- arch/mips/txx9/rbtx4939/setup.c | 11 +- arch/mn10300/mm/misalignment.c | 2 +- arch/openrisc/kernel/traps.c | 10 +- arch/powerpc/include/asm/topology.h | 8 ++ arch/powerpc/platforms/pseries/hotplug-cpu.c | 2 + arch/s390/kernel/compat_linux.c | 8 +- arch/sh/kernel/traps_32.c | 3 +- arch/x86/crypto/crc32c-intel.c | 1 + arch/x86/include/asm/mce.h | 4 + arch/x86/include/asm/pgtable.h | 4 +- arch/x86/include/asm/pgtable_types.h | 5 + arch/x86/kernel/cpu/mcheck/mce.c | 26 ++++- arch/x86/kernel/entry_64.S | 2 +- arch/x86/kernel/traps.c | 20 +++- crypto/af_alg.c | 5 + crypto/ahash.c | 33 +++++- crypto/algif_hash.c | 54 +++------- crypto/crc32c.c | 1 + crypto/cryptd.c | 6 +- crypto/shash.c | 25 ++++- drivers/ata/ahci.c | 4 +- drivers/ata/libata-core.c | 13 ++- drivers/ata/libata-scsi.c | 4 +- drivers/block/pktcdvd.c | 4 +- drivers/cdrom/cdrom.c | 2 +- drivers/char/tpm/tpm_tis.c | 5 +- drivers/firmware/dmi_scan.c | 30 +++--- drivers/gpu/drm/radeon/radeon_connectors.c | 31 +++--- drivers/gpu/drm/radeon/radeon_device.c | 4 + drivers/gpu/drm/ttm/ttm_bo.c | 2 +- drivers/hid/hid-roccat-kovaplus.c | 2 + drivers/infiniband/core/cma.c | 3 + drivers/infiniband/core/ucma.c | 33 ++++-- drivers/input/keyboard/matrix_keypad.c | 4 +- drivers/media/dvb/bt8xx/bt878.c | 3 +- drivers/media/dvb/dvb-usb/cxusb.c | 2 + drivers/media/dvb/dvb-usb/dib0700_devices.c | 1 + drivers/media/video/cpia2/cpia2_v4l.c | 4 +- drivers/mmc/card/block.c | 21 ++++ drivers/mtd/chips/jedec_probe.c | 2 + drivers/mtd/ubi/vmt.c | 15 ++- drivers/net/bonding/bond_main.c | 5 +- drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 +- drivers/net/ethernet/intel/e1000e/lib.c | 6 +- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 27 +++-- drivers/net/ethernet/mellanox/mlx4/en_main.c | 4 +- drivers/net/slip/slip.c | 4 +- drivers/net/wireless/ath/ath9k/htc_drv_main.c | 4 + drivers/s390/net/qeth_core.h | 5 + drivers/s390/net/qeth_core_main.c | 16 +-- drivers/s390/net/qeth_l2_main.c | 2 +- drivers/s390/net/qeth_l3_main.c | 2 +- drivers/scsi/aacraid/aachba.c | 22 ++-- drivers/scsi/arm/fas216.c | 2 +- drivers/scsi/ibmvscsi/ibmvfc.h | 2 +- drivers/scsi/libsas/sas_expander.c | 3 +- drivers/tty/n_tty.c | 6 ++ drivers/tty/serial/sh-sci.c | 2 + drivers/tty/vt/vt.c | 8 +- drivers/usb/class/cdc-acm.c | 5 +- drivers/usb/core/message.c | 4 + drivers/usb/core/quirks.c | 6 +- drivers/usb/dwc3/gadget.c | 2 + drivers/usb/host/ohci-q.c | 24 ++--- drivers/usb/host/xhci-pci.c | 3 + drivers/usb/host/xhci.c | 3 + drivers/usb/host/xhci.h | 1 + drivers/usb/mon/mon_text.c | 124 ++++++++++++++-------- drivers/usb/serial/io_edgeport.c | 1 - drivers/usb/serial/pl2303.c | 1 + drivers/usb/serial/pl2303.h | 1 + drivers/video/console/dummycon.c | 1 - drivers/video/sbuslib.c | 4 +- fs/btrfs/tree-log.c | 5 +- fs/cifs/file.c | 26 +++-- fs/ext4/balloc.c | 25 ++++- fs/ext4/ialloc.c | 7 ++ fs/ext4/inode.c | 7 ++ fs/ext4/super.c | 1 + fs/hugetlbfs/inode.c | 26 ++++- fs/jffs2/fs.c | 1 - fs/namei.c | 5 +- fs/ncpfs/ncplib_kernel.c | 4 + fs/nfs/super.c | 2 + fs/ocfs2/cluster/nodemanager.c | 63 +++++++++-- include/crypto/hash.h | 34 ++++-- include/crypto/internal/hash.h | 2 + include/linux/crypto.h | 8 ++ include/linux/fs.h | 4 + include/linux/nospec.h | 3 +- include/linux/perf_event.h | 2 + include/linux/usb/audio.h | 4 +- include/linux/usb/quirks.h | 3 + include/net/regulatory.h | 2 +- include/net/sctp/sctp.h | 7 +- kernel/events/core.c | 2 +- kernel/events/hw_breakpoint.c | 41 +++---- kernel/hrtimer.c | 7 +- kernel/posix-timers.c | 15 ++- kernel/relay.c | 2 +- kernel/trace/trace_kprobe.c | 11 +- mm/hugetlb.c | 9 ++ mm/madvise.c | 2 +- mm/mempolicy.c | 3 + mm/vmscan.c | 14 ++- net/9p/trans_virtio.c | 3 +- net/batman-adv/soft-interface.c | 7 +- net/bridge/br_sysfs_if.c | 3 + net/bridge/netfilter/ebt_among.c | 55 +++++++++- net/bridge/netfilter/ebtables.c | 17 ++- net/core/dev.c | 12 ++- net/core/skbuff.c | 4 +- net/dccp/proto.c | 5 + net/decnet/af_decnet.c | 62 ++++++----- net/ipv4/igmp.c | 4 + net/ipv4/ip_sockglue.c | 21 +--- net/ipv4/netfilter/ipt_CLUSTERIP.c | 24 ++++- net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 6 +- net/ipv4/netfilter/nf_nat_proto_common.c | 7 +- net/ipv6/ipv6_sockglue.c | 27 ++--- net/l2tp/l2tp_core.c | 8 +- net/l2tp/l2tp_netlink.c | 2 + net/l2tp/l2tp_ppp.c | 62 +++++------ net/netfilter/xt_IDLETIMER.c | 9 +- net/netfilter/xt_LED.c | 12 +-- net/netfilter/xt_RATEEST.c | 22 +++- net/netlink/af_netlink.c | 3 + net/netlink/genetlink.c | 12 ++- net/sctp/sm_make_chunk.c | 8 +- net/xfrm/xfrm_user.c | 21 ++-- sound/core/oss/pcm_oss.c | 4 +- sound/core/pcm_native.c | 2 +- sound/core/seq/seq_clientmgr.c | 29 +++-- sound/core/seq/seq_fifo.c | 4 +- sound/core/seq/seq_memory.c | 14 ++- sound/core/seq/seq_memory.h | 3 +- sound/core/seq/seq_prioq.c | 27 ++--- sound/core/seq/seq_prioq.h | 6 +- sound/core/seq/seq_queue.c | 28 ++--- sound/drivers/aloop.c | 17 ++- sound/soc/au1x/ac97c.c | 6 +- sound/soc/nuc900/nuc900-ac97.c | 4 +- sound/usb/quirks-table.h | 47 ++++++++ 151 files changed, 1139 insertions(+), 583 deletions(-) AMAN DEEP (1): usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks() Adam Goode (1): ALSA: seq: correctly detect input buffer overflow Alan Stern (1): USB: OHCI: Fix race between ED unlink and URB submission Alexander Potapenko (1): netlink: make sure nladdr has correct size in netlink_connect() Alexey Kodanev (2): dccp: check sk for closed state in dccp_sendmsg() sctp: verify size of a new chunk in _sctp_make_chunk() Andy Lutomirski (1): x86/entry/64: Don't use IST entry for #BP stack Anna-Maria Gleixner (1): hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers) Arnd Bergmann (1): scsi: fas216: fix sense buffer initialization Bart Van Assche (1): pktcdvd: Fix pkt_setup_dev() error path Bastian Stender (1): mmc: block: fix updating ext_csd caches on ioctl call Ben Crocker (1): drm/radeon: insist on 32-bit DMA for Cedar on PPC64/PPC64LE Ben Hutchings (1): Linux 3.2.102 Benjamin Poirier (1): e1000e: Fix check_for_link return value with autoneg off Chien Tin Tung (1): RDMA/ucma: Correct option size check using optlen Christophe JAILLET (1): media: bt8xx: Fix err 'bt878_probe()' Clay McClure (1): ubi: Fix race condition between ubi volume creation and udev Colin Ian King (1): scsi: aacraid: remove redundant setting of variable c Cong Wang (2): netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert netfilter: ipt_CLUSTERIP: fix a refcount bug in clusterip_config_find_get() Corentin Labbe (1): powerpc/pseries: Add empty update_numa_cpu_lookup_table() for NUMA=n Dan Carpenter (8): staging: ncpfs: memory corruption in ncp_read_kernel() cdrom: information leak in cdrom_ioctl_media_changed() media: cpia2: Fix a couple off by one bugs ASoC: nuc900: Fix a loop timeout test ath9k_htc: Add a sanity check in ath9k_htc_ampdu_action() ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() ALSA: pcm: potential uninitialized return values Danilo Krummrich (1): usb: quirks: add control message delay for 1b1c:1b20 Darrick J. Wong (1): ext4: fix block bitmap validation when bigalloc, ^flex_bg David Rientjes (1): kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE Dmitry Vyukov (1): netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check() Eran Ben Elisha (1): net/mlx4_en: Fix mixed PFC and Global pause user control requests Eric Biggers (6): crypto: hash - introduce crypto_hash_alg_has_setkey() crypto: cryptd - pass through absence of ->setkey() crypto: hash - annotate algorithms taking optional key crypto: hash - prevent using keyed hashes without setting key libata: fix length validation of ATAPI-relayed SCSI commands libata: remove WARN() for DMA or PIO command without data Eric Dumazet (3): net: igmp: add a missing rcu locking section netfilter: IDLETIMER: be syzkaller friendly l2tp: do not accept arbitrary sockets Eric W. Biederman (4): signal/sh: Ensure si_signo is initialized in do_divide_error signal/openrisc: Fix do_unaligned_access to send the proper signal mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy fs: Teach path_connected to handle nfs filesystems with multiple roots. Erik Veijola (1): ALSA: usb-audio: Add a quirck for B&W PX headphones Ernesto A. Fernández (1): ext4: correct documentation for grpid mount option Eugene Syromiatnikov (1): s390: fix handling of -1 in set{,fs}[gu]id16 syscalls Felix Kuehling (1): drm/ttm: Don't add swapped BOs to swap-LRU list Florian Fainelli (1): MIPS: TXX9: use IS_ENABLED() macro Florian Westphal (5): netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets netfilter: ebtables: fix erroneous reject of last rule xfrm_user: uncoditionally validate esn replay attribute struct netfilter: bridge: ebt_among: add missing match size checks netfilter: bridge: ebt_among: add more missing match size checks Greg Kroah-Hartman (1): USB: serial: pl2303: new device id for Chilitag Greg Kurz (1): 9p/trans_virtio: discard zero-length reply Hangbin Liu (1): l2tp: fix missing print session offset info Hans de Goede (5): USB: cdc-acm: Do not log urb submission errors on disconnect libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs ahci: Add PCI-id for the Highpoint Rocketraid 644L card libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions Ivan Vecera (1): net/mlx4_en: do not ignore autoneg in mlx4_en_set_pauseparam() Jack Stocker (1): Add delay-init quirk for Corsair K70 RGB keyboards Jake Daryll Obina (1): jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path Jakub Kicinski (1): net: fix race on decreasing number of TX queues James Chapman (2): l2tp: don't use inet_shutdown on ppp session destroy l2tp: fix race in pppol2tp_release with session object destroy James Hogan (1): MIPS: Fix clean of vmlinuz.{32,ecoff,bin,srec} Jan Beulich (1): x86/mm: Fix {pmd,pud}_{set,clear}_flags() Jason Gunthorpe (1): sctp: Fix mangled IPv4 addresses on a IPv6 listening socket Jason Yan (2): scsi: libsas: fix memory leak in sas_smp_get_phy_events() scsi: libsas: fix error when getting phy events Jean Delvare (2): firmware/dmi_scan: constify strings firmware: dmi_scan: Fix handling of empty DMI strings Jeremy Boone (1): tpm_tis: fix potential buffer overruns caused by bit glitches on the bus Jia-Ju Bai (1): USB: serial: io_edgeport: fix possible sleep-in-atomic Johannes Berg (1): regulatory: add NUL to request alpha2 Julia Lawall (1): USB: usbmon: remove assignment from IS_ERR argument Julian Wiedmann (2): s390/qeth: fix SETIP command handling s390/qeth: free netdevice when removing a card K.Prasad (1): perf/hwpb: Invoke __perf_event_disable() if interrupts are already disabled Kai-Heng Feng (2): libata: disable LPM for Crucial BX100 SSD 500GB drive xhci: Fix front USB ports on ASUS PRIME B350M-A Kirill Marinushkin (1): ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit Leon Romanovsky (7): RDMA/ucma: Limit possible option size RDMA/ucma: Check that user doesn't overflow QP state RDMA/ucma: Fix access to non-initialized CM_ID object RDMA/ucma: Fix use-after-free access in ucma_close RDMA/ucma: Ensure that CM_ID exists prior to access it RDMA/ucma: Check that device is connected prior to access it RDMA/ucma: Check that device exists prior to accessing it Linus Torvalds (2): perf/hwbp: Simplify the perf-hwbp code, fix documentation tty: vt: fix up tabstops properly Linus Walleij (1): mtd: jedec_probe: Fix crash in jedec_read_mfr() Liu Bo (1): Btrfs: fix extent state leak from tree log Lukas Czerner (1): ext4: fix bitmap position validation Marc Kleine-Budde (1): slip: sl_alloc(): remove unused parameter "dev_t line" Masami Hiramatsu (1): tracing: probeevent: Fix to support minus offset from symbol Matt Redfearn (1): MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS Matthew Wilcox (1): cifs: Fix missing put_xid in cifs_file_strict_mmap Matthias Schiffer (1): batman-adv: fix packet checksum in receive path Mauro Carvalho Chehab (1): media: cxusb, dib0700: ignore XC2028_I2C_FLUSH Mel Gorman (1): mm: pin address_space before dereferencing it while isolating an LRU page Michel Dänzer (1): drm/radeon: Don't turn off DP sink when disconnected Mike Kravetz (2): hugetlbfs: fix offset overflow in hugetlbfs mmap hugetlbfs: check for pgoff value overflow Mikulas Patocka (2): alpha: fix reboot on Avanti platform alpha: fix crash if pthread_create races with signal delivery Nathan Fontenot (1): powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove Nicolas Dichtel (2): netlink: ensure to loop over all netns in genlmsg_multicast_allns() netlink: avoid a double skb free in genlmsg_mcast() Nicolas Pitre (1): console/dummy: leave .con_font_get set to NULL Oliver Neukum (1): CDC-ACM: apply quirk for card reader Paolo Abeni (5): netfilter: on sockopt() acquire sock lock only in the required scope netfilter: drop outermost socket lock in getsockopt() netfilter: x_tables: fix missing timer initialization in xt_LED netfilter: nat: cope with negative port range dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock Pete Zaitcev (1): usb: usbmon: Read text within supplied buffer size Peter Malone (1): fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper(). Raghava Aditya Renukunta (1): scsi: aacraid: Fix udev inquiry race condition Rasmus Villemoes (1): nospec: Allow index argument to have const-qualified type Seunghun Han (1): x86/MCE: Serialize sysfs changes Stefan Roese (1): ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() Stephan Mueller (1): crypto: af_alg - whitelist mask and type Takashi Iwai (7): ALSA: seq: Fix racy pool initializations ALSA: seq: Don't allow resizing pool in use ALSA: seq: More protection for concurrent write and ioctl races ALSA: seq: Fix possible UAF in snd_seq_check_queue() ALSA: seq: Clear client entry before deleting else at closing ALSA: aloop: Sync stale timer before release ALSA: aloop: Fix access to not-yet-ready substream via cable Tejun Heo (1): tty: make n_tty_read() always abort if hangup is in progress Theodore Ts'o (2): ext4: fail ext4_iget for root directory if unallocated ext4: add validity checks for bitmap block numbers Thinh Nguyen (1): usb: dwc3: gadget: Set maxpacket size for ep0 IN Thomas Gleixner (1): posix-timers: Protect posix clock array access against speculation Tony Luck (1): x86/MCE: Save microcode revision in machine check records Tyrel Datwyler (1): scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info Ulrich Hecht (1): serial: sh-sci: prevent lockup on full TTY buffers Vinicius Costa Gomes (1): skbuff: Fix not waking applications when errors are enqueued Wang Nan (1): x86/traps: Enable DEBUG_STACK after cpu_init() for TRAP_DB/BP Xin Long (2): bridge: check brport attr show in brport_show bonding: process the err returned by dev_set_allmulti properly in bond_enslave Yisheng Xie (1): mm/mempolicy.c: avoid use uninitialized preferred_node Zhang Bo (1): Input: matrix_keypad - fix race when disabling interrupts Zhouyi Zhou (1): ext4: save error to disk in __ext4_grp_locked_error() alex chen (1): ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent chenjie (1): mm/madvise.c: fix madvise() infinite loop under special circumstances mulhern (1): dm thin: fix documentation relative to low water mark threshold -- Ben Hutchings This sentence contradicts itself - no actually it doesn't.

7 years, 7 months

patch "usb: core: message: remove extra endianness conversion in" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: core: message: remove extra endianness conversion in to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From 48b73d0fa11aa8613d51f7be61d2fa7f0ab05fd3 Mon Sep 17 00:00:00 2001 From: Ruslan Bilovol <ruslan.bilovol(a)gmail.com> Date: Fri, 25 May 2018 19:11:40 +0300 Subject: usb: core: message: remove extra endianness conversion in usb_set_isoch_delay No need to do extra endianness conversion in usb_set_isoch_delay because it is already done in usb_control_msg() Fixes: 886ee36e7205 ("usb: core: add support for USB_REQ_SET_ISOCH_DELAY") Cc: Dmytro Panchenko <dmytro.panchenko(a)globallogic.com> Cc: Felipe Balbi <felipe.balbi(a)linux.intel.com> Cc: stable <stable(a)vger.kernel.org> # v4.16+ Signed-off-by: Ruslan Bilovol <ruslan.bilovol(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/message.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c index 0c11d40a12bc..7b137003c2be 100644 --- a/drivers/usb/core/message.c +++ b/drivers/usb/core/message.c @@ -940,7 +940,7 @@ int usb_set_isoch_delay(struct usb_device *dev) return usb_control_msg(dev, usb_sndctrlpipe(dev, 0), USB_REQ_SET_ISOCH_DELAY, USB_DIR_OUT | USB_TYPE_STANDARD | USB_RECIP_DEVICE, - cpu_to_le16(dev->hub_delay), 0, NULL, 0, + dev->hub_delay, 0, NULL, 0, USB_CTRL_SET_TIMEOUT); } -- 2.17.1

7 years, 7 months

patch "NFC: pn533: don't send USB data off of the stack" added to usb-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled NFC: pn533: don't send USB data off of the stack to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. >From dbafc28955fa6779dc23d1607a0fee5e509a278b Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Date: Sun, 20 May 2018 15:19:46 +0200 Subject: NFC: pn533: don't send USB data off of the stack It's amazing that this driver ever worked, but now that x86 doesn't allow USB data to be sent off of the stack, it really does not work at all. Fix this up by properly allocating the data for the small "commands" that get sent to the device off of the stack. We do this for one command by having a whole urb just for ack messages, as they can be submitted in interrupt context, so we can not use usb_bulk_msg(). But the poweron command can sleep (and does), so use usb_bulk_msg() for that transfer. Reported-by: Carlos Manuel Santos <cmmpsantos(a)gmail.com> Cc: Samuel Ortiz <sameo(a)linux.intel.com> Cc: Stephen Hemminger <stephen(a)networkplumber.org> Cc: stable <stable(a)vger.kernel.org> Reviewed-by: Johan Hovold <johan(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/nfc/pn533/usb.c | 42 +++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/drivers/nfc/pn533/usb.c b/drivers/nfc/pn533/usb.c index e153e8b64bb8..d5553c47014f 100644 --- a/drivers/nfc/pn533/usb.c +++ b/drivers/nfc/pn533/usb.c @@ -62,6 +62,9 @@ struct pn533_usb_phy { struct urb *out_urb; struct urb *in_urb; + struct urb *ack_urb; + u8 *ack_buffer; + struct pn533 *priv; }; @@ -150,13 +153,16 @@ static int pn533_usb_send_ack(struct pn533 *dev, gfp_t flags) struct pn533_usb_phy *phy = dev->phy; static const u8 ack[6] = {0x00, 0x00, 0xff, 0x00, 0xff, 0x00}; /* spec 7.1.1.3: Preamble, SoPC (2), ACK Code (2), Postamble */ - int rc; - phy->out_urb->transfer_buffer = (u8 *)ack; - phy->out_urb->transfer_buffer_length = sizeof(ack); - rc = usb_submit_urb(phy->out_urb, flags); + if (!phy->ack_buffer) { + phy->ack_buffer = kmemdup(ack, sizeof(ack), flags); + if (!phy->ack_buffer) + return -ENOMEM; + } - return rc; + phy->ack_urb->transfer_buffer = phy->ack_buffer; + phy->ack_urb->transfer_buffer_length = sizeof(ack); + return usb_submit_urb(phy->ack_urb, flags); } static int pn533_usb_send_frame(struct pn533 *dev, @@ -375,26 +381,31 @@ static int pn533_acr122_poweron_rdr(struct pn533_usb_phy *phy) /* Power on th reader (CCID cmd) */ u8 cmd[10] = {PN533_ACR122_PC_TO_RDR_ICCPOWERON, 0, 0, 0, 0, 0, 0, 3, 0, 0}; + char *buffer; + int transferred; int rc; void *cntx; struct pn533_acr122_poweron_rdr_arg arg; dev_dbg(&phy->udev->dev, "%s\n", __func__); + buffer = kmemdup(cmd, sizeof(cmd), GFP_KERNEL); + if (!buffer) + return -ENOMEM; + init_completion(&arg.done); cntx = phy->in_urb->context; /* backup context */ phy->in_urb->complete = pn533_acr122_poweron_rdr_resp; phy->in_urb->context = &arg; - phy->out_urb->transfer_buffer = cmd; - phy->out_urb->transfer_buffer_length = sizeof(cmd); - print_hex_dump_debug("ACR122 TX: ", DUMP_PREFIX_NONE, 16, 1, cmd, sizeof(cmd), false); - rc = usb_submit_urb(phy->out_urb, GFP_KERNEL); - if (rc) { + rc = usb_bulk_msg(phy->udev, phy->out_urb->pipe, buffer, sizeof(cmd), + &transferred, 0); + kfree(buffer); + if (rc || (transferred != sizeof(cmd))) { nfc_err(&phy->udev->dev, "Reader power on cmd error %d\n", rc); return rc; @@ -490,8 +501,9 @@ static int pn533_usb_probe(struct usb_interface *interface, phy->in_urb = usb_alloc_urb(0, GFP_KERNEL); phy->out_urb = usb_alloc_urb(0, GFP_KERNEL); + phy->ack_urb = usb_alloc_urb(0, GFP_KERNEL); - if (!phy->in_urb || !phy->out_urb) + if (!phy->in_urb || !phy->out_urb || !phy->ack_urb) goto error; usb_fill_bulk_urb(phy->in_urb, phy->udev, @@ -501,7 +513,9 @@ static int pn533_usb_probe(struct usb_interface *interface, usb_fill_bulk_urb(phy->out_urb, phy->udev, usb_sndbulkpipe(phy->udev, out_endpoint), NULL, 0, pn533_send_complete, phy); - + usb_fill_bulk_urb(phy->ack_urb, phy->udev, + usb_sndbulkpipe(phy->udev, out_endpoint), + NULL, 0, pn533_send_complete, phy); switch (id->driver_info) { case PN533_DEVICE_STD: @@ -554,6 +568,7 @@ static int pn533_usb_probe(struct usb_interface *interface, error: usb_free_urb(phy->in_urb); usb_free_urb(phy->out_urb); + usb_free_urb(phy->ack_urb); usb_put_dev(phy->udev); kfree(in_buf); @@ -573,10 +588,13 @@ static void pn533_usb_disconnect(struct usb_interface *interface) usb_kill_urb(phy->in_urb); usb_kill_urb(phy->out_urb); + usb_kill_urb(phy->ack_urb); kfree(phy->in_urb->transfer_buffer); usb_free_urb(phy->in_urb); usb_free_urb(phy->out_urb); + usb_free_urb(phy->ack_urb); + kfree(phy->ack_buffer); nfc_info(&interface->dev, "NXP PN533 NFC device disconnected\n"); } -- 2.17.1

7 years, 7 months

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror