Commit Graph

677821 Commits

Author SHA1 Message Date
Markus Heiser
5383fae76b doc-rst: fixed kernel-doc directives in usb/typec.rst
Even if this file is not yet included in any toctree, it is parsed by
Sphinx since it is named '.rst'. This patch fixes the following two
ERRORs from Sphinx build:

Documentation/usb/typec.rst:116: ERROR: Error in "kernel-doc" directive:
invalid option block.

.. kernel-doc:: drivers/usb/typec/typec.c
   :functions: typec_register_cable typec_unregister_cable typec_register_plug
   typec_unregister_plug

Documentation/usb/typec.rst:139: ERROR: Error in "kernel-doc" directive:
invalid option block.

.. kernel-doc:: drivers/usb/typec/typec.c
   :functions: typec_set_data_role typec_set_pwr_role typec_set_vconn_role
   typec_set_pwr_opmode

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-17 11:52:44 +02:00
Johan Hovold
ef53b92ece USB: core: of: document reference taken by companion helper
Document that the new companion-device lookup helper takes a reference
to the companion device which needs to be dropped after use.

Signed-off-by: Johan Hovold <johan@kernel.org>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-17 11:52:44 +02:00
Johan Hovold
a7415477a2 USB: ehci-platform: fix companion-device leak
Make sure do drop the reference taken to the companion device during
resume.

Fixes: d4d75128b8 ("usb: host: ehci-platform: fix usb 1.1 device is not connected in system resume")
Cc: stable <stable@vger.kernel.org>     # 4.11
Signed-off-by: Johan Hovold <johan@kernel.org>
Acked-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-17 11:52:44 +02:00
Chris Brandt
1f873d857b usb: r8a66597-hcd: select a different endpoint on timeout
If multiple endpoints on a single device have pending IN URBs and one
endpoint times out due to NAKs (perfectly legal), select a different
endpoint URB to try.
The existing code only checked to see another device address has pending
URBs and ignores other IN endpoints on the current device address. This
leads to endpoints never getting serviced if one endpoint is using NAK as
a flow control method.

Fixes: 5d3043586d ("usb: r8a66597-hcd: host controller driver for R8A6659")
Signed-off-by: Chris Brandt <chris.brandt@renesas.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-17 11:52:44 +02:00
Chris Brandt
dd14a3e9b9 usb: r8a66597-hcd: decrease timeout
The timeout for BULK packets was 300ms which is a long time if other
endpoints or devices are waiting for their turn. Changing it to 50ms
greatly increased the overall performance for multi-endpoint devices.

Fixes: 5d3043586d ("usb: r8a66597-hcd: host controller driver for R8A6659")
Signed-off-by: Chris Brandt <chris.brandt@renesas.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-17 11:52:44 +02:00
Anton Bondarenko
1a744d2eb7 usb: core: fix potential memory leak in error path during hcd creation
Free memory allocated for address0_mutex if allocation of bandwidth_mutex
failed.

Fixes: feb26ac31a ("usb: core: hub: hub_port_init lock controller instead of bus")

Signed-off-by: Anton Bondarenko <anton.bondarenko.sama@gmail.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-17 11:27:41 +02:00
Johan Hovold
dd5ca753fa USB: iowarrior: fix info ioctl on big-endian hosts
Drop erroneous le16_to_cpu when returning the USB device speed which is
already in host byte order.

Found using sparse:

	warning: cast to restricted __le16

Fixes: 946b960d13 ("USB: add driver for iowarrior devices.")
Cc: stable <stable@vger.kernel.org>     # 2.6.21
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-17 11:27:41 +02:00
Johan Hovold
63afd5cc78 USB: chaoskey: fix Alea quirk on big-endian hosts
Add missing endianness conversion when applying the Alea timeout quirk.

Found using sparse:

	warning: restricted __le16 degrades to integer

Fixes: e4a886e811 ("hwrng: chaoskey - Fix URB warning due to timeout on Alea")
Cc: stable <stable@vger.kernel.org>     # 4.8
Cc: Bob Ham <bob.ham@collabora.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Keith Packard <keithp@keithp.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-17 11:27:41 +02:00
Jiri Slaby
7cdfe4ddea sisusb_con: fix coccinelle warning
After commit d705ff3818 (tty: vt, cleanup and document con_scroll), in
the coccinelle output, we can see:
drivers/usb/misc/sisusbvga/sisusb_con.c:852:8-9: WARNING: return of 0/1 in function 'sisusbcon_scroll_area' with return type bool

Return true instead of 1 in the function returning bool which was
intended to do in d705ff3818 but omitted.

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Fixes: d705ff3818 (tty: vt, cleanup and document con_scroll)
Cc: Thomas Winischhofer <thomas@winischhofer.net>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: linux-usb@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-17 11:27:41 +02:00
Johan Hovold
41318a2b82 uwb: fix device quirk on big-endian hosts
Add missing endianness conversion when using the USB device-descriptor
idProduct field to apply a hardware quirk.

Fixes: 1ba47da527 ("uwb: add the i1480 DFU driver")
Cc: stable <stable@vger.kernel.org>     # 2.6.28
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-17 11:27:41 +02:00
Maksim Salau
0bd193d62b usb: misc: legousbtower: Fix memory leak
get_version_reply is not freed if function returns with success.

Fixes: 942a48730f ("usb: misc: legousbtower: Fix buffers on stack")
Reported-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Signed-off-by: Maksim Salau <maksim.salau@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-17 11:27:41 +02:00
Vamsi Krishna Samavedam
2f964780c0 USB: core: replace %p with %pK
Format specifier %p can leak kernel addresses while not valuing the
kptr_restrict system settings. When kptr_restrict is set to (1), kernel
pointers printed using the %pK format specifier will be replaced with
Zeros. Debugging Note : &pK prints only Zeros as address. If you need
actual address information, write 0 to kptr_restrict.

echo 0 > /proc/sys/kernel/kptr_restrict

[Found by poking around in a random vendor kernel tree, it would be nice
if someone would actually send these types of patches upstream - gkh]

Signed-off-by: Vamsi Krishna Samavedam <vskrishn@codeaurora.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-17 11:27:41 +02:00
Alan Stern
628c2893d4 USB: ene_usb6250: fix DMA to the stack
The ene_usb6250 sub-driver in usb-storage does USB I/O to buffers on
the stack, which doesn't work with vmapped stacks.  This patch fixes
the problem by allocating a separate 512-byte buffer at probe time and
using it for all of the offending I/O operations.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-and-tested-by: Andreas Hartmann <andihartmann@01019freenet.de>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-17 11:27:40 +02:00
Greg Kroah-Hartman
9b31071dd1 usb: fixes for v4.12-rc2
- New device ID for Intel Canonlake CPUs
 - fix for Isochronous performance regression on dwc3
 - fix for out-of-bounds access on comp_desc on f_fs
 - fix for lost events on dwc3 in case of spurious interrupts
 -----BEGIN PGP SIGNATURE-----
 
 iQJRBAABCAA7FiEElLzh7wn96CXwjh2IzL64meEamQYFAlkcAB0dHGZlbGlwZS5i
 YWxiaUBsaW51eC5pbnRlbC5jb20ACgkQzL64meEamQZiCg//drgDsBI5Q3ifA3kg
 v2XR63GAPjjPpsYB8k5sIzzO8zCyPDXX8/q10seYHYFaoPwHrMn+3GebCOtF9rfm
 10eAHk/FgEQm8Q3w/E3fXI0Ma3JgV8Dt4WqwSe3um9VS/OdokTHMchbxSg2TMyyZ
 8mGukfP8rWGm+Gx327Hpo65+8EwPFgFpAlmWdrGWKPyvJ9Q8Sahjb/E9TWfdZlEq
 OHo1C7cHAKMz3bAxfrh5lYI6rrrTw9zskKMJj6SgKAmN091fXM5fMf45yMYzet41
 yNrr1LPT71BqJ1MQ1aLMCt7aqMCActJ0AcY7f8lgPzqGS+Ykjqn8EipGxbWO72ra
 TUVuAtRkJ5aefzZHY7yUCsn7ejVOZ/Ql/MzmuAKKOGlVkC/qaQi2lGQEDU3dFteh
 X/lv/knNzGfIPtKAvp5oAkdWHKJQ3/Ke0t7GGcWQdKj4HOou75/A0ZWLEAIIp0Fi
 WsHp3368qRFTIIWuCpawRVqoNYyPGokJf1y0QarF+vVD4NvyrLWgCVizciLNbOJa
 BWUqrFdr50vUIXof9ik5ZZVgEzG/rLfbp6WZOeB3SEEIvlm3aysEMCJlU50RuQLc
 1dq43zPd9sEivNIgCZF11p5fkurlYzMriBaIDt9b1rB2pKePi661i/B2x+sQ+kWH
 FPgZ1PyjoeABLVyJLjagyzj0zGY=
 =vKMR
 -----END PGP SIGNATURE-----

Merge tag 'fixes-for-v4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus

Felipe writes:

usb: fixes for v4.12-rc2

- New device ID for Intel Canonlake CPUs
- fix for Isochronous performance regression on dwc3
- fix for out-of-bounds access on comp_desc on f_fs
- fix for lost events on dwc3 in case of spurious interrupts
2017-05-17 11:18:36 +02:00
Andrey Korolyov
5f63424ab7 USB: serial: ftdi_sio: add Olimex ARM-USB-TINY(H) PIDs
This patch adds support for recognition of ARM-USB-TINY(H) devices which
are almost identical to ARM-USB-OCD(H) but lacking separate barrel jack
and serial console.

By suggestion from Johan Hovold it is possible to replace
ftdi_jtag_quirk with a bit more generic construction. Since all
Olimex-ARM debuggers has exactly two ports, we could safely always use
only second port within the debugger family.

Signed-off-by: Andrey Korolyov <andrey@xdel.ru>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
2017-05-17 10:31:20 +02:00
Tin Huynh
83345d51a4 i2c: xgene: Set ACPI_COMPANION_I2C
With ACPI, i2c-core requires ACPI companion to be set in order for it
to create slave device.
This patch sets the ACPI companion accordingly.

Signed-off-by: Tin Huynh <tnhuynh@apm.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
2017-05-17 09:21:06 +02:00
Michael Ellerman
bfb9956ab4 powerpc/mm: Fix crash in page table dump with huge pages
The page table dump code doesn't know about huge pages, so currently
it crashes (or walks random memory, usually leading to a crash), if it
finds a huge page. On Book3S we only see huge pages in the Linux page
tables when we're using the P9 Radix MMU.

Teaching the code to properly handle huge pages is a bit more involved,
so for now just prevent the crash.

Cc: stable@vger.kernel.org # v4.10+
Fixes: 8eb07b1870 ("powerpc/mm: Dump linux pagetables")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2017-05-17 11:56:33 +10:00
Dan Carpenter
2579b8b0ec drm/nouveau/fifo/gk104-: Silence a locking warning
Presumably we can never actually hit this return, but static checkers
complain that we should unlock before we return.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2017-05-17 09:09:41 +10:00
Christophe JAILLET
563ad2b640 drm/nouveau/secboot: plug memory leak in ls_ucode_img_load_gr() error path
The last goto looks spurious because it releases less resources than the
previous one.
Also free 'img->sig' if 'ls_ucode_img_build()' fails.

Fixes: 9d896f3e41 ("drm/nouveau/secboot: abstract LS firmware loading functions")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2017-05-17 09:09:41 +10:00
Peter Ujfalusi
9a2eba337c drm/nouveau: Fix drm poll_helper handling
Commit cae9ff036e effectively disabled the drm poll_helper by checking
the wrong flag to see if the driver should enable the poll or not:
mode_config.poll_enabled is only set to true by poll_init and it is not
indicating if the poll is enabled or not.
nouveau_display_create() will initialize the poll and going to disable it
right away. After poll_init() the mode_config.poll_enabled will be true,
but the poll itself is disabled.

To avoid the race caused by calling the poll_enable() from different paths,
this patch will enable the poll from one place, in the
nouveau_display_hpd_work().

In case the pm_runtime is disabled we will enable the poll in
nouveau_drm_load() once.

Fixes: cae9ff036e ("drm/nouveau: Don't enabling polling twice on runtime resume")
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Reviewed-by: Lyude <lyude@redhat.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2017-05-17 09:09:41 +10:00
Thomas Petazzoni
88ad60c23a i2c: mv64xxx: don't override deferred probing when getting irq
There is no reason to use platform_get_irq() for non-DT probing and
irq_of_parse_and_map() for DT probing. Indeed, platform_get_irq()
works fine for both.

In addition, using platform_get_irq() properly returns -EPROBE_DEFER
when the interrupt controller is not yet available, so instead of
inventing our own error code (-ENXIO), return the one provided by
platform_get_irq().

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
2017-05-16 23:19:00 +02:00
Suman Anna
0d83539092 uio: fix incorrect memory leak cleanup
Commit 75f0aef622 ("uio: fix memory leak") has fixed up some
memory leaks during the failure paths of the addition of uio
attributes, but still is not correct entirely. A kobject_uevent()
failure still needs a kobject_put() and the kobject container
structure allocation failure before the kobject_init() doesn't
need a kobject_put(). Fix this properly.

Fixes: 75f0aef622 ("uio: fix memory leak")
Signed-off-by: Suman Anna <s-anna@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-16 23:06:41 +02:00
Tobias Regnery
a20cfc1cde misc: pci_endpoint_test: select CRC32
There is the following link error with CONFIG_PCI_ENDPOINT_TEST=y and
CONFIG_CRC32=m:

drivers/built-in.o: In function 'pci_endpoint_test_ioctl':
pci_endpoint_test.c:(.text+0xf1251): undefined reference to 'crc32_le'
pci_endpoint_test.c:(.text+0xf1322): undefined reference to 'crc32_le'
pci_endpoint_test.c:(.text+0xf13b2): undefined reference to 'crc32_le'
pci_endpoint_test.c:(.text+0xf141e): undefined reference to 'crc32_le'

Fix this by selecting CRC32 in the PCI_ENDPOINT_TEST kconfig entry.

Fixes: 2c156ac71c ("misc: Add host side PCI driver for PCI test function device")
Signed-off-by: Tobias Regnery <tobias.regnery@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-16 23:05:40 +02:00
Willy Tarreau
3e21f4af17 char: lp: fix possible integer overflow in lp_setup()
The lp_setup() code doesn't apply any bounds checking when passing
"lp=none", and only in this case, resulting in an overflow of the
parport_nr[] array. All versions in Git history are affected.

Reported-By: Roee Hay <roee.hay@hcl.com>
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: stable@vger.kernel.org
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-16 23:05:20 +02:00
Linus Torvalds
b23afd3848 - fix bad EFI vars iterator usage
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 Comment: Kees Cook <kees@outflux.net>
 
 iQIcBAABCgAGBQJZG0rAAAoJEIly9N/cbcAmfigP/iaKLzuVid4PC3Pzf7hAwmmg
 cWrH8sPMZF6elSSKHguRWqUpyHgK6crsJYnMB8c+4+/upXMorBpX6GFK3CEZG2UO
 1vrVkJ06q0N41qNnJc3TpDV3RxecdKOs26Jtc9gm+ZMScJxZBLXBu3bfwkwE8V/c
 1RFYhFciFg2lZBwIUZb73nAtvBtMdkLACLA4isa1Gn/Q0Ah50s+MFrePNjBm2Xen
 mjhp7lP1w57X6Is3ZlbNwVEWA66qUP3PiyTasA0RiCNfQzJtT71NSCkh3849w1rX
 61cink78ZLtokdWMs510PiiUNiwivpkewftkUj33QAWkCvr7mh5rTleYNDcule3S
 GWHcq7I4HNJSf2aoAUMG6A21KGT1Rg3+EmdH6Ci1/sTOIRkitFdWTjdx/JJb6qH8
 WRmFh+lF3v5eB4pFu5z4sgqBbHFEa3cXsHqYw5rRrJuFJM/FLzVrOPTGCEfaQzj0
 Nnl53MeQ3PNK5djpJtNQ0JFkvnylgbed2E5XUQbqm5nNGWMuviBHNPKhyBroSoEZ
 LHk9EW8NRFUXZMjPEbi+2vPigz4/UAXBcc/MOPqdbZCBughTdq7xicIdil31hPxn
 WeJzhXGs0rVEdzZJaUDYT+yKuTbTBeYwl/ujAGtqSB45lk/VLdZ0vWRz7PL83MwL
 BwOer++6MGmiO0JnkS85
 =bdBo
 -----END PGP SIGNATURE-----

Merge tag 'pstore-v4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull pstore fix from Kees Cook:
 "Fix bad EFI vars iterator usage"

* tag 'pstore-v4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  efi-pstore: Fix read iter after pstore API refactor
2017-05-16 13:29:07 -07:00
Arnd Bergmann
2432a3fb5c mlx5e: add CONFIG_INET dependency
We now reference the arp_tbl, which requires IPv4 support to be
enabled in the kernel, otherwise we get a link error:

drivers/net/built-in.o: In function `mlx5e_tc_update_neigh_used_value':
(.text+0x16afec): undefined reference to `arp_tbl'
drivers/net/built-in.o: In function `mlx5e_rep_neigh_init':
en_rep.c:(.text+0x16c16d): undefined reference to `arp_tbl'
drivers/net/built-in.o: In function `mlx5e_rep_netevent_event':
en_rep.c:(.text+0x16cbb5): undefined reference to `arp_tbl'

This adds a Kconfig dependency for it.

Fixes: 232c001398 ("net/mlx5e: Add support to neighbour update flow")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-05-16 15:48:01 -04:00
Paolo Bonzini
b401ee0b85 KVM: x86: lower default for halt_poll_ns
In some fio benchmarks, halt_poll_ns=400000 caused CPU utilization to
increase heavily even in cases where the performance improvement was
small.  In particular, bandwidth divided by CPU usage was as much as
60% lower.

To some extent this is the expected effect of the patch, and the
additional CPU utilization is only visible when running the
benchmarks.  However, halving the threshold also halves the extra
CPU utilization (from +30-130% to +20-70%) and has no negative
effect on performance.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2017-05-16 21:15:50 +02:00
Mikulas Patocka
13840d3801 dm bufio: make the parameter "retain_bytes" unsigned long
Change the type of the parameter "retain_bytes" from unsigned to
unsigned long, so that on 64-bit machines the user can set more than
4GiB of data to be retained.

Also, change the type of the variable "count" in the function
"__evict_old_buffers" to unsigned long.  The assignment
"count = c->n_buffers[LIST_CLEAN] + c->n_buffers[LIST_DIRTY];"
could result in unsigned long to unsigned overflow and that could result
in buffers not being freed when they should.

While at it, avoid division in get_retain_buffers().  Division is slow,
we can change it to shift because we have precalculated the log2 of
block size.

Cc: stable@vger.kernel.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2017-05-16 15:12:08 -04:00
David Ahern
f6c5775ff0 net: Improve handling of failures on link and route dumps
In general, rtnetlink dumps do not anticipate failure to dump a single
object (e.g., link or route) on a single pass. As both route and link
objects have grown via more attributes, that is no longer a given.

netlink dumps can handle a failure if the dump function returns an
error; specifically, netlink_dump adds the return code to the response
if it is <= 0 so userspace is notified of the failure. The missing
piece is the rtnetlink dump functions returning the error.

Fix route and link dump functions to return the errors if no object is
added to an skb (detected by skb->len != 0). IPv6 route dumps
(rt6_dump_route) already return the error; this patch updates IPv4 and
link dumps. Other dump functions may need to be ajusted as well.

Reported-by: Jan Moskyto Matejka <mq@ucw.cz>
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-05-16 14:54:11 -04:00
Christoph Hellwig
19a0f7e37c net/smc: Add warning about remote memory exposure
The driver explicitly bypasses APIs to register all memory once a
connection is made, and thus allows remote access to memory.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Acked-by: Ursula Braun <ubraun@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-05-16 14:49:43 -04:00
Ursula Braun
263eec9b2a smc: switch to usage of IB_PD_UNSAFE_GLOBAL_RKEY
Currently, SMC enables remote access to physical memory when a user
has successfully configured and established an SMC-connection until ten
minutes after the last SMC connection is closed. Because this is considered
a security risk, drivers are supposed to use IB_PD_UNSAFE_GLOBAL_RKEY in
such a case.

This patch changes the current SMC code to use IB_PD_UNSAFE_GLOBAL_RKEY.
This improves user awareness, but does not remove the security risk itself.

Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-05-16 14:49:42 -04:00
Kees Cook
6f61dd3aa3 efi-pstore: Fix read iter after pstore API refactor
During the internal pstore API refactoring, the EFI vars read entry was
accidentally made to update a stack variable instead of the pstore
private data pointer. This corrects the problem (and removes the now
needless argument).

Fixes: 125cc42baf ("pstore: Replace arguments for read() API")
Signed-off-by: Kees Cook <keescook@chromium.org>
2017-05-16 11:46:49 -07:00
Wolfram Sang
fc9d0cd9ca Merge branch 'i2c-mux/for-current' of https://github.com/peda-r/i2c-mux into i2c/for-current
Pull bugfixes from the i2c mux subsubsystem:

This fixes an old bug in resource cleanup on failure in i2c-mux-reg and
a new log spamming bug from this merge window in the i2c-mux core.
2017-05-16 18:57:39 +02:00
Thomas Winter
bcfc7d3311 ipmr: vrf: Find VIFs using the actual device
The skb->dev that is passed into ip_mr_input is
the loX device for VRFs. When we lookup a vif
for this dev, none is found as we do not create
vifs for loopbacks. Instead lookup a vif for the
actual device that the packet was received on,
eg the vlan.

Signed-off-by: Thomas Winter <Thomas.Winter@alliedtelesis.co.nz>
cc: David Ahern <dsa@cumulusnetworks.com>
cc: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
cc: roopa <roopa@cumulusnetworks.com>
Acked-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-05-16 12:52:17 -04:00
Soheil Hassas Yeganeh
bafbb9c732 tcp: eliminate negative reordering in tcp_clean_rtx_queue
tcp_ack() can call tcp_fragment() which may dededuct the
value tp->fackets_out when MSS changes. When prior_fackets
is larger than tp->fackets_out, tcp_clean_rtx_queue() can
invoke tcp_update_reordering() with negative values. This
results in absurd tp->reodering values higher than
sysctl_tcp_max_reordering.

Note that tcp_update_reordering indeeds sets tp->reordering
to min(sysctl_tcp_max_reordering, metric), but because
the comparison is signed, a negative metric always wins.

Fixes: c7caf8d3ed ("[TCP]: Fix reord detection due to snd_una covered holes")
Reported-by: Rebecca Isaacs <risaacs@google.com>
Signed-off-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-05-16 12:45:21 -04:00
Linus Torvalds
2b6b38b04c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 fixes from Martin Schwidefsky:

 - convert the debug feature to refcount_t

 - reduce the copy size for strncpy_from_user

 - 8 bug fixes

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/virtio: change virtio_feature_desc:features type to __le32
  s390: convert debug_info.ref_count from atomic_t to refcount_t
  s390: move _text symbol to address higher than zero
  s390/qdio: increase string buffer size
  s390/ccwgroup: increase string buffer size
  s390/topology: let topology_mnest_limit() return unsigned char
  s390/uaccess: use sane length for __strncpy_from_user()
  s390/uprobes: fix compile for !KPROBES
  s390/ftrace: fix compile for !MODULES
  s390/cputime: fix incorrect system time
2017-05-16 09:24:44 -07:00
Linus Torvalds
bec6cd63aa One amd64_edac fix correcting chip select sizes reporting on F17h
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAlkbE7oACgkQEsHwGGHe
 VUqV7w//fDM2YrUOUQp5lEYXxe+LCKT7i59aL649xlpeZ7/aw2Fd6rMICKvuH4LG
 FYiH2d3Gop6EJqOrVhw91C3JKhqNJCc59x72WdCV0/W/EBJxg9PSrGv0XXZw8YCO
 HAt6aktxqWqFmIKMjxuWdounrjFLKyd7dD0N9Lnw/1OUL/vJ6L5C+2oZu+rtZtva
 2Z3rHVhpOroTI9DmvCUNkCSv0txxBtP9te8yKmMBMqO3MjEBDs7Wfza4/PlDF7TL
 RVu3Hb1AzX04NC9OD62Z49RcBpy7o7ljU9OFbQu9mbobkSncTayBk9jQkQit7lG5
 WLsK3iCNYszldFFhvKAzloohyERXxmUxqjSNmulKcEN24eQaBZWqzPFsTGk9Kir2
 VENB4bJ8KnOKp7P6zKJswzaMwCbR5kK87gMhHdciiwGsbD0HenOn6iw/znaXKsc4
 Ca4qS4juOXecdGZvx6znOAckw0g4KkKlsJ7Z3FLfU30kDwOIVzmEMHQb4M4rr4AF
 k0fGkiA8vfgvo8H2dT6DireeUIqD0nqrGFdaFYSoHH1pHWZCLTEnbmSDzZ/Im0L2
 P6YzZD4kgKPGtgEKDr32sjyq/KcVxwn7+Agnbl8XV+OeezQSM++QXo9Yrj+j2kgj
 Zya6eKtrrnS0Js8L0/WfSCBjc2SWuveYVq6lC0/75xftULz5UBc=
 =j2Fs
 -----END PGP SIGNATURE-----

Merge tag 'edac_fix_for_4.12' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp

Pull EDAC fix from Borislav Petkov:
 "A single amd64_edac fix correcting chip select sizes reporting on
  F17h"

* tag 'edac_fix_for_4.12' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp:
  EDAC, amd64: Fix reporting of Chip Select sizes on Fam17h
2017-05-16 09:18:18 -07:00
Tony Lindgren
aff523fb82 memory: omap-gpmc: Fix debug output for access width
The width needs to be configured in bytes with 1 meaning 8-bit
access and 2 meaning 16-bit access.

Cc: Peter Ujfalusi <peter.ujfalusi@ti.com>
Acked-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
2017-05-16 08:12:47 -07:00
Adam Ford
56322e1232 ARM: dts: LogicPD Torpedo: Fix camera pin mux
Fix commit 05c4ffc3a2 ("ARM: dts: LogicPD Torpedo: Add MT9P031 Support")
In the previous commit, I indicated that the only testing was done by
showing the camera showed up when probing.  This patch fixes an incorrect
pin muxing on cam_d0, cam_d1 and cam_d2.

Signed-off-by: Adam Ford <aford173@gmail.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
2017-05-16 08:12:47 -07:00
Hans Verkuil
f0b8dca833 ARM: dts: omap4: enable CEC pin for Pandaboard A4 and ES
The CEC pin was always pulled up, making it impossible to use it.

Change to PIN_INPUT so it can be used by the new CEC support.

Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Reviewed-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
2017-05-16 08:10:07 -07:00
Andreas Kemnade
910958b65c ARM: dts: gta04: fix polarity of clocks for mcbsp4
The clock polarity setting of the mcbsp connected to
the modem was wrong so almost only noise
was received.
With this patch it is also the same as it was on
earlier non-dt kernels where it was working properly

Signed-off-by: Andreas Kemnade <andreas@kemnade.info>
Signed-off-by: Tony Lindgren <tony@atomide.com>
2017-05-16 08:08:52 -07:00
Keerthy
7c62de5f3f ARM: dts: dra7: Add power hold and power controller properties to palmas
Add power hold and power controller properties to palmas node.
This is needed to shutdown pmic correctly on boards with
powerhold set.

Signed-off-by: Keerthy <j-keerthy@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
2017-05-16 08:06:04 -07:00
Thomas Gleixner
2c4569ca26 genirq: Fix chained interrupt data ordering
irq_set_chained_handler_and_data() sets up the chained interrupt and then
stores the handler data.

That's racy against an immediate interrupt which gets handled before the
store of the handler data happened. The handler will dereference a NULL
pointer and crash.

Cure it by storing handler data before installing the chained handler.

Reported-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
2017-05-16 15:03:26 +02:00
Arnd Bergmann
b72d745120 staging: fsl-dpaa2/eth: add ETHERNET dependency
The new driver cannot link correctly when the netdevice infrastructure
is disabled:

ERROR: "netdev_info" [drivers/staging/fsl-dpaa2/ethernet/fsl-dpaa2-eth.ko] undefined!
ERROR: "skb_to_sgvec" [drivers/staging/fsl-dpaa2/ethernet/fsl-dpaa2-eth.ko] undefined!
ERROR: "napi_disable" [drivers/staging/fsl-dpaa2/ethernet/fsl-dpaa2-eth.ko] undefined!
ERROR: "napi_schedule_prep" [drivers/staging/fsl-dpaa2/ethernet/fsl-dpaa2-eth.ko] undefined!
ERROR: "__napi_schedule_irqoff" [drivers/staging/fsl-dpaa2/ethernet/fsl-dpaa2-eth.ko] undefined!
ERROR: "netif_carrier_on" [drivers/staging/fsl-dpaa2/ethernet/fsl-dpaa2-eth.ko] undefined!

This adds a dependency on NETDEVICES and ETHERNET.

Fixes: 0352d1d852 ("staging: fsl-dpaa2/eth: Add APIs for DPNI objects")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-16 14:23:31 +02:00
Rui Miguel Silva
50b7c322cf staging: typec: fusb302: refactor resume retry mechanism
The i2c functions need to test the pm_suspend state and do, if needed, some
retry before i2c operations. This code was repeated 4x.

To isolate this, create a new function to check suspend state and call it in
every need place.

As at it, move the error message from pr_err to dev_err.

Signed-off-by: Rui Miguel Silva <rmfrfs@gmail.com>
Acked-by: Yueyao Zhu <yueyao.zhu@gmail.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-16 14:23:31 +02:00
Rui Miguel Silva
f0d39a179b staging: typec: fusb302: reset i2c_busy state in error
Fix reset of i2c_busy flag if an error occurs during the i2c block read.

Signed-off-by: Rui Miguel Silva <rmfrfs@gmail.com>
Acked-by: Yueyao Zhu <yueyao.zhu@gmail.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-05-16 14:23:31 +02:00
Pan Bian
018047a1db usb: dwc3: keystone: check return value
Function devm_clk_get() returns an ERR_PTR when it fails. However, in
function kdwc3_probe(), its return value is not checked, which may
result in a bad memory access bug. This patch fixes the bug.

Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
2017-05-16 14:11:04 +03:00
William Wu
b7f73850bb usb: gadget: f_fs: avoid out of bounds access on comp_desc
Companion descriptor is only used for SuperSpeed endpoints,
if the endpoints are HighSpeed or FullSpeed, the Companion
descriptor will not allocated, so we can only access it if
gadget is SuperSpeed.

I can reproduce this issue on Rockchip platform rk3368 SoC
which supports USB 2.0, and use functionfs for ADB. Kernel
build with CONFIG_KASAN=y and CONFIG_SLUB_DEBUG=y report
the following BUG:

==================================================================
BUG: KASAN: slab-out-of-bounds in ffs_func_set_alt+0x224/0x3a0 at addr ffffffc0601f6509
Read of size 1 by task swapper/0/0
============================================================================
BUG kmalloc-256 (Not tainted): kasan: bad access detected
----------------------------------------------------------------------------

Disabling lock debugging due to kernel taint
INFO: Allocated in ffs_func_bind+0x52c/0x99c age=1275 cpu=0 pid=1
alloc_debug_processing+0x128/0x17c
___slab_alloc.constprop.58+0x50c/0x610
__slab_alloc.isra.55.constprop.57+0x24/0x34
__kmalloc+0xe0/0x250
ffs_func_bind+0x52c/0x99c
usb_add_function+0xd8/0x1d4
configfs_composite_bind+0x48c/0x570
udc_bind_to_driver+0x6c/0x170
usb_udc_attach_driver+0xa4/0xd0
gadget_dev_desc_UDC_store+0xcc/0x118
configfs_write_file+0x1a0/0x1f8
__vfs_write+0x64/0x174
vfs_write+0xe4/0x200
SyS_write+0x68/0xc8
el0_svc_naked+0x24/0x28
INFO: Freed in inode_doinit_with_dentry+0x3f0/0x7c4 age=1275 cpu=7 pid=247
...
Call trace:
[<ffffff900808aab4>] dump_backtrace+0x0/0x230
[<ffffff900808acf8>] show_stack+0x14/0x1c
[<ffffff90084ad420>] dump_stack+0xa0/0xc8
[<ffffff90082157cc>] print_trailer+0x188/0x198
[<ffffff9008215948>] object_err+0x3c/0x4c
[<ffffff900821b5ac>] kasan_report+0x324/0x4dc
[<ffffff900821aa38>] __asan_load1+0x24/0x50
[<ffffff90089eb750>] ffs_func_set_alt+0x224/0x3a0
[<ffffff90089d3760>] composite_setup+0xdcc/0x1ac8
[<ffffff90089d7394>] android_setup+0x124/0x1a0
[<ffffff90089acd18>] _setup+0x54/0x74
[<ffffff90089b6b98>] handle_ep0+0x3288/0x4390
[<ffffff90089b9b44>] dwc_otg_pcd_handle_out_ep_intr+0x14dc/0x2ae4
[<ffffff90089be85c>] dwc_otg_pcd_handle_intr+0x1ec/0x298
[<ffffff90089ad680>] dwc_otg_pcd_irq+0x10/0x20
[<ffffff9008116328>] handle_irq_event_percpu+0x124/0x3ac
[<ffffff9008116610>] handle_irq_event+0x60/0xa0
[<ffffff900811af30>] handle_fasteoi_irq+0x10c/0x1d4
[<ffffff9008115568>] generic_handle_irq+0x30/0x40
[<ffffff90081159b4>] __handle_domain_irq+0xac/0xdc
[<ffffff9008080e9c>] gic_handle_irq+0x64/0xa4
...
Memory state around the buggy address:
  ffffffc0601f6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  ffffffc0601f6480: 00 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc
 >ffffffc0601f6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                       ^
  ffffffc0601f6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
  ffffffc0601f6600: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
==================================================================

Signed-off-by: William Wu <william.wu@rock-chips.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
2017-05-16 14:11:04 +03:00
Bogdan Mirea
844cf8a9d5 usb: gadget: gserial: check if console kthread exists
Check for bad pointer that may result because of kthread_create failure.
This check is needed since the gserial setup callback function
(gs_console_setup()) is only freeing the info->con_buf in case of
kthread_create failure which will result into bad info->console_thread
pointer.
Without checking info->console_thread pointer validity in the
gserial_console_exit() function, before calling kthread_stop(), the
rmmod will generate Kernel Oops.

Signed-off-by: Bogdan Mirea <Bogdan-Stefan_mirea@mentor.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
2017-05-16 14:11:04 +03:00
Thinh Nguyen
d325a1de49 usb: dwc3: gadget: Prevent losing events in event cache
The dwc3 driver can overwite its previous events if its top-half IRQ
handler (TH) gets invoked again before processing the events in the
cache. We see this as a hang in the file transfer and the host will
attempt to reset the device. TH gets the event count and deasserts the
interrupt line by writing DWC3_GEVNTSIZ_INTMASK to DWC3_GEVNTSIZ. If
there's a new event coming between reading the event count and interrupt
deassertion, dwc3 will lose previous pending events. More generally, we
will see 0 event count, which should not affect anything.

This shouldn't be possible in the current dwc3 implementation. However,
through testing and reading the PCIe trace, the TH occasionally still
gets invoked one more time after HW interrupt deassertion. (With PCIe
legacy interrupts, TH is called repeatedly as long as the interrupt line
is asserted). We suspect that there is a small detection delay in the
SW.

To avoid this issue, Check DWC3_EVENT_PENDING flag to determine if the
events are processed in the bottom-half IRQ handler. If not, return
IRQ_HANDLED and don't process new event.

Cc: stable@vger.kernel.org
Signed-off-by: Thinh Nguyen <thinhn@synopsys.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
2017-05-16 14:11:03 +03:00