All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 4.8 073/138] ARM: dts: fix the SD card on the Snowball
From: Greg Kroah-Hartman @ 2016-11-09 10:45 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Daniel Lezcano, Ulf Hansson,
	Linus Walleij, Olof Johansson
In-Reply-To: <20161109102844.808685475@linuxfoundation.org>

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Linus Walleij <linus.walleij@linaro.org>

commit 1b283eea6228880b765bc40fe4e555416437ce58 upstream.

This fixes a very annoying regression on the Snowball SD card
that has been around for a while. It turns out that the device
tree does not configure the direction pins properly, nor sets
up the pins for the voltage converter properly at boot. Unless
all things are correctly set up, the feedback clock will not
work, and makes the driver spew messages in the console (but
it works, very slowly):

root@Ux500:/ mount /dev/mmcblk0p2 /mnt/
[    9.953460] mmci-pl18x 80126000.sdi0_per1: error during DMA transfer!
[    9.960296] mmcblk0: error -110 sending status command, retrying
[    9.966461] mmcblk0: error -110 sending status command, retrying
[    9.972534] mmcblk0: error -110 sending status command, aborting

Fix this by rectifying the device tree to correspond to that of
the Ux500 HREF boards plus the DAT31DIR setting that is unique for
the Snowball, and things start working smoothly. Add in the SDR12
and SDR25 modes which this host can do without any problems.

I don't know if this has ever been correct, sadly. It works after
this patch.

Reported-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Cc: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/arm/boot/dts/ste-snowball.dts |   15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

--- a/arch/arm/boot/dts/ste-snowball.dts
+++ b/arch/arm/boot/dts/ste-snowball.dts
@@ -239,14 +239,25 @@
 			arm,primecell-periphid = <0x10480180>;
 			max-frequency = <100000000>;
 			bus-width = <4>;
+			cap-sd-highspeed;
 			cap-mmc-highspeed;
+			sd-uhs-sdr12;
+			sd-uhs-sdr25;
+			/* All direction control is used */
+			st,sig-dir-cmd;
+			st,sig-dir-dat0;
+			st,sig-dir-dat2;
+			st,sig-dir-dat31;
+			st,sig-pin-fbclk;
+			full-pwr-cycle;
 			vmmc-supply = <&ab8500_ldo_aux3_reg>;
 			vqmmc-supply = <&vmmci>;
 			pinctrl-names = "default", "sleep";
 			pinctrl-0 = <&sdi0_default_mode>;
 			pinctrl-1 = <&sdi0_sleep_mode>;
 
-			cd-gpios  = <&gpio6 26 GPIO_ACTIVE_LOW>; // 218
+			/* GPIO218 MMC_CD */
+			cd-gpios  = <&gpio6 26 GPIO_ACTIVE_LOW>;
 
 			status = "okay";
 		};
@@ -549,7 +560,7 @@
 					/* VMMCI level-shifter enable */
 					snowball_cfg3 {
 						pins = "GPIO217_AH12";
-						ste,config = <&gpio_out_lo>;
+						ste,config = <&gpio_out_hi>;
 					};
 					/* VMMCI level-shifter voltage select */
 					snowball_cfg4 {

^ permalink raw reply

* [PATCH 4.8 056/138] usb: increase ohci watchdog delay to 275 msec
From: Greg Kroah-Hartman @ 2016-11-09 10:45 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Bryan Paluch, Alan Stern
In-Reply-To: <20161109102844.808685475@linuxfoundation.org>

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Bryan Paluch <bryanpaluch@gmail.com>

commit ed6d6f8f42d7302f6f9b6245f34927ec20d26c12 upstream.

Increase ohci watchout delay to 275 ms. Previous delay was 250 ms
with 20 ms of slack, after removing slack time some ohci controllers don't
respond in time. Logs from systems with controllers that have the
issue would show "HcDoneHead not written back; disabled"

Signed-off-by: Bryan Paluch <bryanpaluch@gmail.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/host/ohci-hcd.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/usb/host/ohci-hcd.c
+++ b/drivers/usb/host/ohci-hcd.c
@@ -72,7 +72,7 @@
 static const char	hcd_name [] = "ohci_hcd";
 
 #define	STATECHANGE_DELAY	msecs_to_jiffies(300)
-#define	IO_WATCHDOG_DELAY	msecs_to_jiffies(250)
+#define	IO_WATCHDOG_DELAY	msecs_to_jiffies(275)
 
 #include "ohci.h"
 #include "pci-quirks.h"

^ permalink raw reply

* [PATCH 4.8 070/138] KVM: MIPS: Make ERET handle ERL before EXL
From: Greg Kroah-Hartman @ 2016-11-09 10:45 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, James Hogan, Paolo Bonzini,
	Radim Krčmář, Ralf Baechle, linux-mips, kvm
In-Reply-To: <20161109102844.808685475@linuxfoundation.org>

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: James Hogan <james.hogan@imgtec.com>

commit ede5f3e7b54a4347be4d8525269eae50902bd7cd upstream.

The ERET instruction to return from exception is used for returning from
exception level (Status.EXL) and error level (Status.ERL). If both bits
are set however we should be returning from ERL first, as ERL can
interrupt EXL, for example when an NMI is taken. KVM however checks EXL
first.

Fix the order of the checks to match the pseudocode in the instruction
set manual.

Fixes: e685c689f3a8 ("KVM/MIPS32: Privileged instruction/target branch emulation.")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: kvm@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/mips/kvm/emulate.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

--- a/arch/mips/kvm/emulate.c
+++ b/arch/mips/kvm/emulate.c
@@ -791,15 +791,15 @@ enum emulation_result kvm_mips_emul_eret
 	struct mips_coproc *cop0 = vcpu->arch.cop0;
 	enum emulation_result er = EMULATE_DONE;
 
-	if (kvm_read_c0_guest_status(cop0) & ST0_EXL) {
+	if (kvm_read_c0_guest_status(cop0) & ST0_ERL) {
+		kvm_clear_c0_guest_status(cop0, ST0_ERL);
+		vcpu->arch.pc = kvm_read_c0_guest_errorepc(cop0);
+	} else if (kvm_read_c0_guest_status(cop0) & ST0_EXL) {
 		kvm_debug("[%#lx] ERET to %#lx\n", vcpu->arch.pc,
 			  kvm_read_c0_guest_epc(cop0));
 		kvm_clear_c0_guest_status(cop0, ST0_EXL);
 		vcpu->arch.pc = kvm_read_c0_guest_epc(cop0);
 
-	} else if (kvm_read_c0_guest_status(cop0) & ST0_ERL) {
-		kvm_clear_c0_guest_status(cop0, ST0_ERL);
-		vcpu->arch.pc = kvm_read_c0_guest_errorepc(cop0);
 	} else {
 		kvm_err("[%#lx] ERET when MIPS_SR_EXL|MIPS_SR_ERL == 0\n",
 			vcpu->arch.pc);

^ permalink raw reply

* [Buildroot] [PATCH 1/4] configs: atmel: at91sam9260eknf: update defconfig
From: Thomas Petazzoni @ 2016-11-09 11:08 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20161109103955.qgeomymgonuoyxu5@rfolt0960.corp.atmel.com>

Hello,

On Wed, 9 Nov 2016 11:39:55 +0100, Ludovic Desroches wrote:

> > If you are not able/willing to test those defconfigs, then we could
> > just as well remove them. But I'm not going to merge a defconfig that
> > doesn't comply with our policy of having a fixed kernel and a fixed
> > bootloader version.
> 
> Can I use a fixed version of the compiler too? It seems it makes sense
> because this defconfig was tested but is no more compiling.

This could be an option indeed (reverting to gcc 4.x instead of gcc
5.x). However, the fact that no-one is willing to test/maintain this
defconfig is a sign that nobody is interested in it. So I'd rather
remove it, than keep a defconfig that gets never updated, even when
there is a build issue.

So, options are clear:

 1. Remove the defconfig entirely.

 2. Update the defconfig in the proper way, minimally tested on HW.

Best regards,

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com

^ permalink raw reply

* Updates to base (master and morty) in 2016-11-09
From: Otavio Salvador @ 2016-11-09 11:08 UTC (permalink / raw)
  To: meta-freescale

Hello,

I pushed following updates:

commit 4457e4d7db472906ef22929023304bd68f3f4e75 (HEAD -> master-next, m/master-next, freescale/morty, freescale/master-next, freescale/master)
Author: Fabio Berton <fabio.berton@ossystems.com.br>
Date:   Tue Nov 8 15:35:01 2016 -0200

    setup-environment: List available Poky's distros in usage function
    
    Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
    Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>

commit 03ac611b397d57f20a22b58f98fbbd54af53e410
Author: Fabio Berton <fabio.berton@ossystems.com.br>
Date:   Tue Nov 8 09:30:05 2016 -0200

    setup-environment: Change usage to show machine and distro requirement
    
    Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
    Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>

commit 33fdc7bc813acfca5ef9e27a09f2da54b727c18e
Author: Fabio Berton <fabio.berton@ossystems.com.br>
Date:   Tue Nov 8 09:30:04 2016 -0200

    setup-environment: Do not restrict machine usage
    
    Allow use any machine with setup-environment script.
    
    Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
    Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>

commit c5433a1642d5840cc7e055cbe70e54376d94c54e
Author: Fabio Berton <fabio.berton@ossystems.com.br>
Date:   Tue Nov 8 09:30:03 2016 -0200

    setup-environment: Do not restrict meta-freescale's distros usage.
    
    Allow use any distro with setup-environment script.
    
    Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
    Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>

Regards,

--
Otavio Salvador                             O.S. Systems
http://www.ossystems.com.br        http://code.ossystems.com.br
Mobile: +55 (53) 9981-7854            Mobile: +1 (347) 903-9750


^ permalink raw reply

* [PATCH 4.8 071/138] KVM: MIPS: Precalculate MMIO load resume PC
From: Greg Kroah-Hartman @ 2016-11-09 10:45 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, James Hogan, Paolo Bonzini,
	Radim Krčmář, Ralf Baechle, linux-mips, kvm
In-Reply-To: <20161109102844.808685475@linuxfoundation.org>

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: James Hogan <james.hogan@imgtec.com>

commit e1e575f6b026734be3b1f075e780e91ab08ca541 upstream.

The advancing of the PC when completing an MMIO load is done before
re-entering the guest, i.e. before restoring the guest ASID. However if
the load is in a branch delay slot it may need to access guest code to
read the prior branch instruction. This isn't safe in TLB mapped code at
the moment, nor in the future when we'll access unmapped guest segments
using direct user accessors too, as it could read the branch from host
user memory instead.

Therefore calculate the resume PC in advance while we're still in the
right context and save it in the new vcpu->arch.io_pc (replacing the no
longer needed vcpu->arch.pending_load_cause), and restore it on MMIO
completion.

Fixes: e685c689f3a8 ("KVM/MIPS32: Privileged instruction/target branch emulation.")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: kvm@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/mips/include/asm/kvm_host.h |    7 ++++---
 arch/mips/kvm/emulate.c          |   24 +++++++++++++++---------
 2 files changed, 19 insertions(+), 12 deletions(-)

--- a/arch/mips/include/asm/kvm_host.h
+++ b/arch/mips/include/asm/kvm_host.h
@@ -279,7 +279,10 @@ struct kvm_vcpu_arch {
 	/* Host KSEG0 address of the EI/DI offset */
 	void *kseg0_commpage;
 
-	u32 io_gpr;		/* GPR used as IO source/target */
+	/* Resume PC after MMIO completion */
+	unsigned long io_pc;
+	/* GPR used as IO source/target */
+	u32 io_gpr;
 
 	struct hrtimer comparecount_timer;
 	/* Count timer control KVM register */
@@ -301,8 +304,6 @@ struct kvm_vcpu_arch {
 	/* Bitmask of pending exceptions to be cleared */
 	unsigned long pending_exceptions_clr;
 
-	u32 pending_load_cause;
-
 	/* Save/Restore the entryhi register when are are preempted/scheduled back in */
 	unsigned long preempt_entryhi;
 
--- a/arch/mips/kvm/emulate.c
+++ b/arch/mips/kvm/emulate.c
@@ -1522,13 +1522,25 @@ enum emulation_result kvm_mips_emulate_l
 					    struct kvm_vcpu *vcpu)
 {
 	enum emulation_result er = EMULATE_DO_MMIO;
+	unsigned long curr_pc;
 	u32 op, rt;
 	u32 bytes;
 
 	rt = inst.i_format.rt;
 	op = inst.i_format.opcode;
 
-	vcpu->arch.pending_load_cause = cause;
+	/*
+	 * Find the resume PC now while we have safe and easy access to the
+	 * prior branch instruction, and save it for
+	 * kvm_mips_complete_mmio_load() to restore later.
+	 */
+	curr_pc = vcpu->arch.pc;
+	er = update_pc(vcpu, cause);
+	if (er == EMULATE_FAIL)
+		return er;
+	vcpu->arch.io_pc = vcpu->arch.pc;
+	vcpu->arch.pc = curr_pc;
+
 	vcpu->arch.io_gpr = rt;
 
 	switch (op) {
@@ -2488,9 +2500,8 @@ enum emulation_result kvm_mips_complete_
 		goto done;
 	}
 
-	er = update_pc(vcpu, vcpu->arch.pending_load_cause);
-	if (er == EMULATE_FAIL)
-		return er;
+	/* Restore saved resume PC */
+	vcpu->arch.pc = vcpu->arch.io_pc;
 
 	switch (run->mmio.len) {
 	case 4:
@@ -2512,11 +2523,6 @@ enum emulation_result kvm_mips_complete_
 		break;
 	}
 
-	if (vcpu->arch.pending_load_cause & CAUSEF_BD)
-		kvm_debug("[%#lx] Completing %d byte BD Load to gpr %d (0x%08lx) type %d\n",
-			  vcpu->arch.pc, run->mmio.len, vcpu->arch.io_gpr, *gpr,
-			  vcpu->mmio_needed);
-
 done:
 	return er;
 }

^ permalink raw reply

* [PATCH 4.8 066/138] Staging: wilc1000: Fix kernel Oops on opening the device
From: Greg Kroah-Hartman @ 2016-11-09 10:45 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Nicolas Ferre, Aditya Shankar
In-Reply-To: <20161109102844.808685475@linuxfoundation.org>

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Aditya Shankar <Aditya.Shankar@microchip.com>

commit 1d4f1d53e1e2d5e38f4d3ca3bf60f8be5025540f upstream.

Commit 2518ac59eb27 ("staging: wilc1000: Replace kthread with workqueue
for host interface") adds an unconditional destroy_workqueue() on the
wilc's "hif_workqueue" soon after its creation thereby rendering
it unusable. It then further attempts to queue work onto this
non-existing hif_worqueue and results in:

Unable to handle kernel NULL pointer dereference at virtual address 00000010
pgd = de478000
[00000010] *pgd=3eec0831, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] ARM
Modules linked in: wilc1000_sdio(C) wilc1000(C)
CPU: 0 PID: 825 Comm: ifconfig Tainted: G         C      4.8.0-rc8+ #37
Hardware name: Atmel SAMA5
task: df56f800 task.stack: deeb0000
PC is at __queue_work+0x90/0x284
LR is at __queue_work+0x58/0x284
pc : [<c0126bb0>]    lr : [<c0126b78>]    psr: 600f0093
sp : deeb1aa0  ip : def22d78  fp : deea6000
r10: 00000000  r9 : c0a08150  r8 : c0a2f058
r7 : 00000001  r6 : dee9b600  r5 : def22d74  r4 : 00000000
r3 : 00000000  r2 : def22d74  r1 : 07ffffff  r0 : 00000000
Flags: nZCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment none
...
[<c0127060>] (__queue_work) from [<c0127298>] (queue_work_on+0x34/0x40)
[<c0127298>] (queue_work_on) from [<bf0076b4>] (wilc_enqueue_cmd+0x54/0x64 [wilc1000])
[<bf0076b4>] (wilc_enqueue_cmd [wilc1000]) from [<bf0082b4>] (wilc_set_wfi_drv_handler+0x48/0x70 [wilc1000])
[<bf0082b4>] (wilc_set_wfi_drv_handler [wilc1000]) from [<bf00509c>] (wilc_mac_open+0x214/0x250 [wilc1000])
[<bf00509c>] (wilc_mac_open [wilc1000]) from [<c04fde98>] (__dev_open+0xb8/0x11c)
[<c04fde98>] (__dev_open) from [<c04fe128>] (__dev_change_flags+0x94/0x158)
[<c04fe128>] (__dev_change_flags) from [<c04fe204>] (dev_change_flags+0x18/0x48)
[<c04fe204>] (dev_change_flags) from [<c0557d5c>] (devinet_ioctl+0x6b4/0x788)
[<c0557d5c>] (devinet_ioctl) from [<c04e40a0>] (sock_ioctl+0x154/0x2cc)
[<c04e40a0>] (sock_ioctl) from [<c01b16e0>] (do_vfs_ioctl+0x9c/0x878)
[<c01b16e0>] (do_vfs_ioctl) from [<c01b1ef0>] (SyS_ioctl+0x34/0x5c)
[<c01b1ef0>] (SyS_ioctl) from [<c0107520>] (ret_fast_syscall+0x0/0x3c)
Code: e5932004 e1520006 01a04003 0affffff (e5943010)
---[ end trace b612328adaa6bf20 ]---

This fix removes the unnecessary call to destroy_workqueue() while opening
the device to avoid the above kernel panic. The deinit routine already
does a good job of terminating the workqueue when no longer needed.

Reported-by: Nicolas Ferre <Nicolas.Ferre@microchip.com>
Fixes: 2518ac59eb27 ("staging: wilc1000: Replace kthread with workqueue for host interface")
Signed-off-by: Aditya Shankar <Aditya.Shankar@microchip.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/staging/wilc1000/host_interface.c |    1 -
 1 file changed, 1 deletion(-)

--- a/drivers/staging/wilc1000/host_interface.c
+++ b/drivers/staging/wilc1000/host_interface.c
@@ -3391,7 +3391,6 @@ int wilc_init(struct net_device *dev, st
 
 	clients_count++;
 
-	destroy_workqueue(hif_workqueue);
 _fail_:
 	return result;
 }

^ permalink raw reply

* [PATCH 4.8 075/138] MIPS: KASLR: Fix handling of NULL FDT
From: Greg Kroah-Hartman @ 2016-11-09 10:45 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Matt Redfearn, linux-mips,
	Ralf Baechle
In-Reply-To: <20161109102844.808685475@linuxfoundation.org>

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Matt Redfearn <matt.redfearn@imgtec.com>

commit 4736697963385e6257ee8e260e97347e858cd962 upstream.

If platform code returns a NULL pointer to the FDT, initial_boot_params
will not get set to a valid pointer and attempting to find the /chosen
node in it will cause a NULL pointer dereference and the kernel to crash
immediately on startup - with no output to the console.

Fix this by checking that initial_boot_params is valid before using it.

Fixes: 405bc8fd12f5 ("MIPS: Kernel: Implement KASLR using CONFIG_RELOCATABLE")
Signed-off-by: Matt Redfearn <matt.redfearn@imgtec.com>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/14414/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/mips/kernel/relocate.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/mips/kernel/relocate.c
+++ b/arch/mips/kernel/relocate.c
@@ -200,7 +200,7 @@ static inline __init unsigned long get_r
 
 #if defined(CONFIG_USE_OF)
 	/* Get any additional entropy passed in device tree */
-	{
+	if (initial_boot_params) {
 		int node, len;
 		u64 *prop;
 

^ permalink raw reply

* [PATCH 4.8 065/138] iio:chemical:atlas-ph-sensor: Fix use of 32 bit int to hold 16 bit big endian value
From: Greg Kroah-Hartman @ 2016-11-09 10:45 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Sandhya Bankar, Jonathan Cameron
In-Reply-To: <20161109102844.808685475@linuxfoundation.org>

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Sandhya Bankar <bankarsandhya512@gmail.com>

commit d1fe85ec7702917f2f1515b4c421d5d4792201a0 upstream.

This will result in a random value being reported on big endian architectures.
(thanks to Lars-Peter Clausen for pointing out the effects of this bug)

Only effects a value printed to the log, but as this reports the settings of
the probe in question it may be of direct interest to users.

Also, fixes the following sparse endianness warnings:

drivers/iio/chemical/atlas-ph-sensor.c:215:9: warning: cast to restricted __be16
drivers/iio/chemical/atlas-ph-sensor.c:215:9: warning: cast to restricted __be16
drivers/iio/chemical/atlas-ph-sensor.c:215:9: warning: cast to restricted __be16
drivers/iio/chemical/atlas-ph-sensor.c:215:9: warning: cast to restricted __be16
drivers/iio/chemical/atlas-ph-sensor.c:215:9: warning: cast to restricted __be16
drivers/iio/chemical/atlas-ph-sensor.c:215:9: warning: cast to restricted __be16
drivers/iio/chemical/atlas-ph-sensor.c:215:9: warning: cast to restricted __be16
drivers/iio/chemical/atlas-ph-sensor.c:215:9: warning: cast to restricted __be16

Signed-off-by: Sandhya Bankar <bankarsandhya512@gmail.com>
Fixes: e8dd92bfbff25 ("iio: chemical: atlas-ph-sensor: add EC feature")
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/iio/chemical/atlas-ph-sensor.c |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

--- a/drivers/iio/chemical/atlas-ph-sensor.c
+++ b/drivers/iio/chemical/atlas-ph-sensor.c
@@ -207,13 +207,14 @@ static int atlas_check_ec_calibration(st
 	struct device *dev = &data->client->dev;
 	int ret;
 	unsigned int val;
+	__be16	rval;
 
-	ret = regmap_bulk_read(data->regmap, ATLAS_REG_EC_PROBE, &val, 2);
+	ret = regmap_bulk_read(data->regmap, ATLAS_REG_EC_PROBE, &rval, 2);
 	if (ret)
 		return ret;
 
-	dev_info(dev, "probe set to K = %d.%.2d", be16_to_cpu(val) / 100,
-						 be16_to_cpu(val) % 100);
+	val = be16_to_cpu(rval);
+	dev_info(dev, "probe set to K = %d.%.2d", val / 100, val % 100);
 
 	ret = regmap_read(data->regmap, ATLAS_REG_EC_CALIB_STATUS, &val);
 	if (ret)

^ permalink raw reply

* Re: [v4.9-rc4] dvb-usb/cinergyT2 NULL pointer dereference
From: Jörg Otte @ 2016-11-09 11:09 UTC (permalink / raw)
  To: Mauro Carvalho Chehab
  Cc: Linus Torvalds, Patrick Boettcher, Mauro Carvalho Chehab,
	Linux Kernel Mailing List, Linux Media Mailing List
In-Reply-To: <20161108182215.41f1f3d2@vento.lan>

2016-11-08 21:22 GMT+01:00 Mauro Carvalho Chehab <mchehab@s-opensource.com>:
> Em Tue, 8 Nov 2016 10:42:03 -0800
> Linus Torvalds <torvalds@linux-foundation.org> escreveu:
>
>> On Sun, Nov 6, 2016 at 7:40 AM, Jörg Otte <jrg.otte@gmail.com> wrote:
>> > Since v4.9-rc4 I get following crash in dvb-usb-cinergyT2 module.
>>
>> Looks like it's commit 5ef8ed0e5608f ("[media] cinergyT2-core: don't
>> do DMA on stack"), which movced the DMA data array from the stack to
>> the "private" pointer. In the process it also added serialization in
>> the form of "data_mutex", but and now it oopses on that mutex because
>> the private pointer is NULL.
>>
>> It looks like the "->private" pointer is allocated in dvb_usb_adapter_init()
>>
>> cinergyt2_usb_probe ->
>>   dvb_usb_device_init ->
>>     dvb_usb_init() ->
>>       dvb_usb_adapter_init()
>>
>> but the dvb_usb_init() function calls dvb_usb_device_power_ctrl()
>> (which calls the "power_ctrl" function, which is
>> cinergyt2_power_ctrl() for that drive) *before* it initializes the
>> private field.
>>
>> Mauro, Patrick, could dvb_usb_adapter_init() be called earlier, perhaps?
>
> Calling it earlier won't work, as we need to load the firmware before
> sending the power control commands on some devices.
>
> Probably the best here is to pass an extra optional function parameter
> that will initialize the mutex before calling any functions.
>
> Btw, if it broke here, the DMA fixes will likely break on other drivers.
> So, after Jörg tests this patch, I'll work on a patch series addressing
> this issue on the other drivers I touched.
>
> Regards,
> Mauro
>
> -
>
> [PATCH RFC] cinergyT2-core: initialize the mutex early
>
> NOTE: don't merge this patch as-is... I actually folded two patches
> together here, in order to make easier to test, but the best is to
> place the changes at the core first, and then the changes at the
> drivers that would need an early init.
>
> The mutex used to protect the URB data buffer needs to be
> inialized early, as otherwise it will cause an OOPS:
>
> dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state.
> BUG: unable to handle kernel NULL pointer dereference at           (null)
> IP: [<ffffffff846617af>] __mutex_lock_slowpath+0x6f/0x100 PGD 0
> Oops: 0002 [#1] SMP
> Modules linked in: dvb_usb_cinergyT2(+) dvb_usb
> CPU: 0 PID: 2029 Comm: modprobe Not tainted 4.9.0-rc4-dvbmod #24
> Hardware name: FUJITSU LIFEBOOK A544/FJNBB35 , BIOS Version 1.17 05/09/2014
> task: ffff88020e943840 task.stack: ffff8801f36ec000
> RIP: 0010:[<ffffffff846617af>]  [<ffffffff846617af>] __mutex_lock_slowpath+0x6f/0x100
> RSP: 0018:ffff8801f36efb10  EFLAGS: 00010282
> RAX: 0000000000000000 RBX: ffff88021509bdc8 RCX: 00000000c0000100
> RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff88021509bdcc
> RBP: ffff8801f36efb58 R08: ffff88021f216320 R09: 0000000000100000
> R10: ffff88021f216320 R11: 00000023fee6c5a1 R12: ffff88020e943840
> R13: ffff88021509bdcc R14: 00000000ffffffff R15: ffff88021509bdd0
> FS:  00007f21adb86740(0000) GS:ffff88021f200000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000000000000 CR3: 0000000215bce000 CR4: 00000000001406f0
> Stack:
>  ffff88021509bdd0 0000000000000000 0000000000000000 ffffffffc0137c80
>  ffff88021509bdc8 ffff8801f5944000 0000000000000001 ffffffffc0136b00
>  ffff880213e52000 ffff88021509bdc8 ffffffff84661856 ffff88021509bd80
> Call Trace:
>  [<ffffffff84661856>] ? mutex_lock+0x16/0x25
>  [<ffffffffc013616f>] ? cinergyt2_power_ctrl+0x1f/0x60 [dvb_usb_cinergyT2]
>  [<ffffffffc012e67e>] ? dvb_usb_device_init+0x21e/0x5d0 [dvb_usb]
>  [<ffffffffc0136021>] ? cinergyt2_usb_probe+0x21/0x50 [dvb_usb_cinergyT2]
>  [<ffffffff844326f3>] ? usb_probe_interface+0xf3/0x2a0
>  [<ffffffff8438e348>] ? driver_probe_device+0x208/0x2b0
>  [<ffffffff8438e477>] ? __driver_attach+0x87/0x90
>  [<ffffffff8438e3f0>] ? driver_probe_device+0x2b0/0x2b0
>  [<ffffffff8438c612>] ? bus_for_each_dev+0x52/0x80
>  [<ffffffff8438d983>] ? bus_add_driver+0x1a3/0x220
>  [<ffffffff8438ec06>] ? driver_register+0x56/0xd0
>  [<ffffffff84431527>] ? usb_register_driver+0x77/0x130
>  [<ffffffffc013a000>] ? 0xffffffffc013a000
>  [<ffffffff84000426>] ? do_one_initcall+0x46/0x180
>  [<ffffffff840eb2c8>] ? free_vmap_area_noflush+0x38/0x70
>  [<ffffffff840f3844>] ? kmem_cache_alloc+0x84/0xc0
>  [<ffffffff840b802c>] ? do_init_module+0x50/0x1be
>  [<ffffffff84095adb>] ? load_module+0x1d8b/0x2100
>  [<ffffffff84093020>] ? find_symbol_in_section+0xa0/0xa0
>  [<ffffffff84095fe9>] ? SyS_finit_module+0x89/0x90
>  [<ffffffff846637a0>] ? entry_SYSCALL_64_fastpath+0x13/0x94
> Code: e8 a7 1d 00 00 8b 03 83 f8 01 0f 84 97 00 00 00 48 8b 43 10 4c 8d 7b 08 48 89 63 10 4c 89 3c 24 41 be ff ff ff ff 48 89 44 24 08 <48> 89 20 4c 89 64 24 10 eb 1a 49 c7 44 24 08 02 00 00 00 c6 43 RIP  [<ffffffff846617af>] __mutex_lock_slowpath+0x6f/0x100 RSP <ffff8801f36efb10>
> CR2: 0000000000000000
>
> Reported-by: Jörg Otte <jrg.otte@gmail.com>
> Fixes: 6679a901c380 ("[media] cinergyT2-core: don't do DMA on stack")
> Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
>
> From cbc7e48a86e8ffd16e49b10061120dfc417397f8 Mon Sep 17 00:00:00 2001
> From: Mauro Carvalho Chehab <mchehab@s-opensource.com>
> Date: Tue, 8 Nov 2016 18:04:24 -0200
> Subject: [PATCH] [media] dvb-usb: allow early initialization of usb device
>  priv data
>
> On some drivers, we need to initialize a mutex before calling
> power control or firmware download routines. Add an extra
> parameter to allow it.
>
> Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
>
> diff --git a/drivers/media/usb/dvb-usb/a800.c b/drivers/media/usb/dvb-usb/a800.c
> index 7ba975bea96a..1e14f79aa57a 100644
> --- a/drivers/media/usb/dvb-usb/a800.c
> +++ b/drivers/media/usb/dvb-usb/a800.c
> @@ -107,7 +107,7 @@ static int a800_probe(struct usb_interface *intf,
>                 const struct usb_device_id *id)
>  {
>         return dvb_usb_device_init(intf, &a800_properties,
> -                                  THIS_MODULE, NULL, adapter_nr);
> +                                  THIS_MODULE, NULL, adapter_nr, NULL);
>  }
>
>  /* do not change the order of the ID table */
> diff --git a/drivers/media/usb/dvb-usb/af9005.c b/drivers/media/usb/dvb-usb/af9005.c
> index b257780fb380..1625b4714d83 100644
> --- a/drivers/media/usb/dvb-usb/af9005.c
> +++ b/drivers/media/usb/dvb-usb/af9005.c
> @@ -1009,7 +1009,7 @@ static int af9005_usb_probe(struct usb_interface *intf,
>         int ret;
>
>         ret = dvb_usb_device_init(intf, &af9005_properties,
> -                                 THIS_MODULE, &d, adapter_nr);
> +                                 THIS_MODULE, &d, adapter_nr, NULL);
>
>         if (ret < 0)
>                 return ret;
> diff --git a/drivers/media/usb/dvb-usb/az6027.c b/drivers/media/usb/dvb-usb/az6027.c
> index 2e711362847e..e8f73a96efd9 100644
> --- a/drivers/media/usb/dvb-usb/az6027.c
> +++ b/drivers/media/usb/dvb-usb/az6027.c
> @@ -946,7 +946,7 @@ static int az6027_usb_probe(struct usb_interface *intf,
>                                    &az6027_properties,
>                                    THIS_MODULE,
>                                    NULL,
> -                                  adapter_nr);
> +                                  adapter_nr, NULL);
>  }
>
>  /* I2C */
> diff --git a/drivers/media/usb/dvb-usb/cinergyT2-core.c b/drivers/media/usb/dvb-usb/cinergyT2-core.c
> index 8ac825413d5a..2aa99c52e39d 100644
> --- a/drivers/media/usb/dvb-usb/cinergyT2-core.c
> +++ b/drivers/media/usb/dvb-usb/cinergyT2-core.c
> @@ -206,24 +206,21 @@ static int cinergyt2_rc_query(struct dvb_usb_device *d, u32 *event, int *state)
>         return ret;
>  }
>
> -static int cinergyt2_usb_probe(struct usb_interface *intf,
> -                               const struct usb_device_id *id)
> +static int cinergyT2_init_mutex(struct dvb_usb_device *d)
>  {
> -       struct dvb_usb_device *d;
> -       struct cinergyt2_state *st;
> -       int ret;
> -
> -       ret = dvb_usb_device_init(intf, &cinergyt2_properties,
> -                                 THIS_MODULE, &d, adapter_nr);
> -       if (ret < 0)
> -               return ret;
> +       struct cinergyt2_state *st = d->priv;
>
> -       st = d->priv;
>         mutex_init(&st->data_mutex);
> -
>         return 0;
>  }
>
> +static int cinergyt2_usb_probe(struct usb_interface *intf,
> +                               const struct usb_device_id *id)
> +{
> +       return dvb_usb_device_init(intf, &cinergyt2_properties,
> +                                  THIS_MODULE, NULL, adapter_nr,
> +                                  cinergyT2_init_mutex);
> +}
>
>  static struct usb_device_id cinergyt2_usb_table[] = {
>         { USB_DEVICE(USB_VID_TERRATEC, 0x0038) },
> diff --git a/drivers/media/usb/dvb-usb/cxusb.c b/drivers/media/usb/dvb-usb/cxusb.c
> index 39772812269d..73c1a8568b55 100644
> --- a/drivers/media/usb/dvb-usb/cxusb.c
> +++ b/drivers/media/usb/dvb-usb/cxusb.c
> @@ -1465,33 +1465,33 @@ static int cxusb_probe(struct usb_interface *intf,
>         struct cxusb_state *st;
>
>         if (0 == dvb_usb_device_init(intf, &cxusb_medion_properties,
> -                                    THIS_MODULE, &d, adapter_nr) ||
> +                                    THIS_MODULE, &d, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &cxusb_bluebird_lgh064f_properties,
> -                                    THIS_MODULE, &d, adapter_nr) ||
> +                                    THIS_MODULE, &d, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &cxusb_bluebird_dee1601_properties,
> -                                    THIS_MODULE, &d, adapter_nr) ||
> +                                    THIS_MODULE, &d, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &cxusb_bluebird_lgz201_properties,
> -                                    THIS_MODULE, &d, adapter_nr) ||
> +                                    THIS_MODULE, &d, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &cxusb_bluebird_dtt7579_properties,
> -                                    THIS_MODULE, &d, adapter_nr) ||
> +                                    THIS_MODULE, &d, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &cxusb_bluebird_dualdig4_properties,
> -                                    THIS_MODULE, &d, adapter_nr) ||
> +                                    THIS_MODULE, &d, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &cxusb_bluebird_nano2_properties,
> -                                    THIS_MODULE, &d, adapter_nr) ||
> +                                    THIS_MODULE, &d, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf,
>                                 &cxusb_bluebird_nano2_needsfirmware_properties,
> -                                    THIS_MODULE, &d, adapter_nr) ||
> +                                    THIS_MODULE, &d, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &cxusb_aver_a868r_properties,
> -                                    THIS_MODULE, &d, adapter_nr) ||
> +                                    THIS_MODULE, &d, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf,
>                                      &cxusb_bluebird_dualdig4_rev2_properties,
> -                                    THIS_MODULE, &d, adapter_nr) ||
> +                                    THIS_MODULE, &d, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &cxusb_d680_dmb_properties,
> -                                    THIS_MODULE, &d, adapter_nr) ||
> +                                    THIS_MODULE, &d, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &cxusb_mygica_d689_properties,
> -                                    THIS_MODULE, &d, adapter_nr) ||
> +                                    THIS_MODULE, &d, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &cxusb_mygica_t230_properties,
> -                                    THIS_MODULE, &d, adapter_nr) ||
> +                                    THIS_MODULE, &d, adapter_nr, NULL) ||
>             0) {
>                 st = d->priv;
>                 mutex_init(&st->data_mutex);
> diff --git a/drivers/media/usb/dvb-usb/dib0700_core.c b/drivers/media/usb/dvb-usb/dib0700_core.c
> index 92d5408684ac..3423b56c92b3 100644
> --- a/drivers/media/usb/dvb-usb/dib0700_core.c
> +++ b/drivers/media/usb/dvb-usb/dib0700_core.c
> @@ -871,7 +871,7 @@ static int dib0700_probe(struct usb_interface *intf,
>
>         for (i = 0; i < dib0700_device_count; i++)
>                 if (dvb_usb_device_init(intf, &dib0700_devices[i], THIS_MODULE,
> -                   &dev, adapter_nr) == 0) {
> +                   &dev, adapter_nr, NULL) == 0) {
>                         struct dib0700_state *st = dev->priv;
>                         u32 hwversion, romversion, fw_version, fwtype;
>
> diff --git a/drivers/media/usb/dvb-usb/dibusb-mb.c b/drivers/media/usb/dvb-usb/dibusb-mb.c
> index a0057641cc86..de4ffe81e8d7 100644
> --- a/drivers/media/usb/dvb-usb/dibusb-mb.c
> +++ b/drivers/media/usb/dvb-usb/dibusb-mb.c
> @@ -111,13 +111,13 @@ static int dibusb_probe(struct usb_interface *intf,
>                 const struct usb_device_id *id)
>  {
>         if (0 == dvb_usb_device_init(intf, &dibusb1_1_properties,
> -                                    THIS_MODULE, NULL, adapter_nr) ||
> +                                    THIS_MODULE, NULL, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &dibusb1_1_an2235_properties,
> -                                    THIS_MODULE, NULL, adapter_nr) ||
> +                                    THIS_MODULE, NULL, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &dibusb2_0b_properties,
> -                                    THIS_MODULE, NULL, adapter_nr) ||
> +                                    THIS_MODULE, NULL, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &artec_t1_usb2_properties,
> -                                    THIS_MODULE, NULL, adapter_nr))
> +                                    THIS_MODULE, NULL, adapter_nr, NULL))
>                 return 0;
>
>         return -EINVAL;
> diff --git a/drivers/media/usb/dvb-usb/dibusb-mc.c b/drivers/media/usb/dvb-usb/dibusb-mc.c
> index 08fb8a3f6e0c..d50731bb5372 100644
> --- a/drivers/media/usb/dvb-usb/dibusb-mc.c
> +++ b/drivers/media/usb/dvb-usb/dibusb-mc.c
> @@ -23,7 +23,7 @@ static int dibusb_mc_probe(struct usb_interface *intf,
>                 const struct usb_device_id *id)
>  {
>         return dvb_usb_device_init(intf, &dibusb_mc_properties, THIS_MODULE,
> -                                  NULL, adapter_nr);
> +                                  NULL, adapter_nr, NULL);
>  }
>
>  /* do not change the order of the ID table */
> diff --git a/drivers/media/usb/dvb-usb/digitv.c b/drivers/media/usb/dvb-usb/digitv.c
> index 4284f6984dc1..3dad2293e598 100644
> --- a/drivers/media/usb/dvb-usb/digitv.c
> +++ b/drivers/media/usb/dvb-usb/digitv.c
> @@ -269,7 +269,7 @@ static int digitv_probe(struct usb_interface *intf,
>  {
>         struct dvb_usb_device *d;
>         int ret = dvb_usb_device_init(intf, &digitv_properties, THIS_MODULE, &d,
> -                                     adapter_nr);
> +                                     adapter_nr, NULL);
>         if (ret == 0) {
>                 u8 b[4] = { 0 };
>
> diff --git a/drivers/media/usb/dvb-usb/dtt200u.c b/drivers/media/usb/dvb-usb/dtt200u.c
> index f88572c7ae7c..3255fee31433 100644
> --- a/drivers/media/usb/dvb-usb/dtt200u.c
> +++ b/drivers/media/usb/dvb-usb/dtt200u.c
> @@ -149,15 +149,15 @@ static int dtt200u_usb_probe(struct usb_interface *intf,
>         struct dtt200u_state *st;
>
>         if (0 == dvb_usb_device_init(intf, &dtt200u_properties,
> -                                    THIS_MODULE, &d, adapter_nr) ||
> +                                    THIS_MODULE, &d, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &wt220u_properties,
> -                                    THIS_MODULE, &d, adapter_nr) ||
> +                                    THIS_MODULE, &d, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &wt220u_fc_properties,
> -                                    THIS_MODULE, &d, adapter_nr) ||
> +                                    THIS_MODULE, &d, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &wt220u_zl0353_properties,
> -                                    THIS_MODULE, &d, adapter_nr) ||
> +                                    THIS_MODULE, &d, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &wt220u_miglia_properties,
> -                                    THIS_MODULE, &d, adapter_nr)) {
> +                                    THIS_MODULE, &d, adapter_nr, NULL)) {
>                 st = d->priv;
>                 mutex_init(&st->data_mutex);
>
> diff --git a/drivers/media/usb/dvb-usb/dtv5100.c b/drivers/media/usb/dvb-usb/dtv5100.c
> index c60fb54f445f..36b553cb3133 100644
> --- a/drivers/media/usb/dvb-usb/dtv5100.c
> +++ b/drivers/media/usb/dvb-usb/dtv5100.c
> @@ -165,7 +165,7 @@ static int dtv5100_probe(struct usb_interface *intf,
>         }
>
>         ret = dvb_usb_device_init(intf, &dtv5100_properties,
> -                                 THIS_MODULE, NULL, adapter_nr);
> +                                 THIS_MODULE, NULL, adapter_nr, NULL);
>         if (ret)
>                 return ret;
>
> diff --git a/drivers/media/usb/dvb-usb/dvb-usb-init.c b/drivers/media/usb/dvb-usb/dvb-usb-init.c
> index 3896ba9a4179..66493fb25645 100644
> --- a/drivers/media/usb/dvb-usb/dvb-usb-init.c
> +++ b/drivers/media/usb/dvb-usb/dvb-usb-init.c
> @@ -138,23 +138,14 @@ static int dvb_usb_exit(struct dvb_usb_device *d)
>         return 0;
>  }
>
> -static int dvb_usb_init(struct dvb_usb_device *d, short *adapter_nums)
> +static int dvb_usb_init(struct dvb_usb_device *d, short *adapter_nums,
> +                       int (init_device)(struct dvb_usb_device *d))
>  {
>         int ret = 0;
>
>         mutex_init(&d->usb_mutex);
>         mutex_init(&d->i2c_mutex);
>
> -       d->state = DVB_USB_STATE_INIT;
> -
> -       if (d->props.size_of_priv > 0) {
> -               d->priv = kzalloc(d->props.size_of_priv, GFP_KERNEL);
> -               if (d->priv == NULL) {
> -                       err("no memory for priv in 'struct dvb_usb_device'");
> -                       return -ENOMEM;
> -               }
> -       }
> -
>         /* check the capabilities and set appropriate variables */
>         dvb_usb_device_power_ctrl(d, 1);
>
> @@ -233,7 +224,8 @@ int dvb_usb_device_power_ctrl(struct dvb_usb_device *d, int onoff)
>  int dvb_usb_device_init(struct usb_interface *intf,
>                         struct dvb_usb_device_properties *props,
>                         struct module *owner, struct dvb_usb_device **du,
> -                       short *adapter_nums)
> +                       short *adapter_nums,
> +                       int (init_device)(struct dvb_usb_device *d))
>  {
>         struct usb_device *udev = interface_to_usbdev(intf);
>         struct dvb_usb_device *d = NULL;
> @@ -249,19 +241,42 @@ int dvb_usb_device_init(struct usb_interface *intf,
>                 return -ENODEV;
>         }
>
> -       if (cold) {
> -               info("found a '%s' in cold state, will try to load a firmware", desc->name);
> -               ret = dvb_usb_download_firmware(udev, props);
> -               if (!props->no_reconnect || ret != 0)
> -                       return ret;
> -       }
> -
> -       info("found a '%s' in warm state.", desc->name);
>         d = kzalloc(sizeof(struct dvb_usb_device), GFP_KERNEL);
>         if (d == NULL) {
>                 err("no memory for 'struct dvb_usb_device'");
>                 return -ENOMEM;
>         }
> +       d->state = DVB_USB_STATE_INIT;
> +
> +       if (d->props.size_of_priv > 0) {
> +               d->priv = kzalloc(d->props.size_of_priv, GFP_KERNEL);
> +               if (d->priv == NULL) {
> +                       err("no memory for priv in 'struct dvb_usb_device'");
> +                       ret = -ENOMEM;
> +                       goto err;
> +               }
> +       }
> +
> +       /*
> +        * Some drivers may need to early initialize the device private data,
> +        * for example, when a mutex is serializing URB reads/writes,
> +        * in order for dvb_usb_device_power_ctrl() or firmware load to work.
> +        */
> +       if (init_device) {
> +               ret = init_device(d);
> +               if (ret < 0)
> +                       goto err;
> +       }
> +
> +       if (cold) {
> +               info("found a '%s' in cold state, will try to load a firmware",
> +                    desc->name);
> +               ret = dvb_usb_download_firmware(udev, props);
> +               if (!props->no_reconnect || ret != 0)
> +                       goto err;
> +       } else {
> +               info("found a '%s' in warm state.", desc->name);
> +       }
>
>         d->udev = udev;
>         memcpy(&d->props, props, sizeof(struct dvb_usb_device_properties));
> @@ -273,12 +288,17 @@ int dvb_usb_device_init(struct usb_interface *intf,
>         if (du != NULL)
>                 *du = d;
>
> -       ret = dvb_usb_init(d, adapter_nums);
> +       ret = dvb_usb_init(d, adapter_nums, init_device);
>
> -       if (ret == 0)
> +       if (!ret) {
>                 info("%s successfully initialized and connected.", desc->name);
> -       else
> -               info("%s error while loading driver (%d)", desc->name, ret);
> +               return 0;
> +       }
> +err:
> +       info("%s error while loading driver (%d)", desc->name, ret);
> +
> +       kfree(d->priv);
> +       kfree(d);
>         return ret;
>  }
>  EXPORT_SYMBOL(dvb_usb_device_init);
> diff --git a/drivers/media/usb/dvb-usb/dvb-usb.h b/drivers/media/usb/dvb-usb/dvb-usb.h
> index 1448c3d27ea2..02c4dd3c206a 100644
> --- a/drivers/media/usb/dvb-usb/dvb-usb.h
> +++ b/drivers/media/usb/dvb-usb/dvb-usb.h
> @@ -458,7 +458,9 @@ struct dvb_usb_device {
>  extern int dvb_usb_device_init(struct usb_interface *,
>                                struct dvb_usb_device_properties *,
>                                struct module *, struct dvb_usb_device **,
> -                              short *adapter_nums);
> +                              short *adapter_nums,
> +                              int (init_device)(struct dvb_usb_device *d));
> +
>  extern void dvb_usb_device_exit(struct usb_interface *);
>
>  /* the generic read/write method for device control */
> diff --git a/drivers/media/usb/dvb-usb/dw2102.c b/drivers/media/usb/dvb-usb/dw2102.c
> index 2c720cb2fb00..1cb8d96f485e 100644
> --- a/drivers/media/usb/dvb-usb/dw2102.c
> +++ b/drivers/media/usb/dvb-usb/dw2102.c
> @@ -2284,27 +2284,27 @@ static int dw2102_probe(struct usb_interface *intf,
>         s421->adapter->fe[0].frontend_attach = m88rs2000_frontend_attach;
>
>         if (0 == dvb_usb_device_init(intf, &dw2102_properties,
> -                       THIS_MODULE, NULL, adapter_nr) ||
> +                       THIS_MODULE, NULL, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &dw2104_properties,
> -                       THIS_MODULE, NULL, adapter_nr) ||
> +                       THIS_MODULE, NULL, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &dw3101_properties,
> -                       THIS_MODULE, NULL, adapter_nr) ||
> +                       THIS_MODULE, NULL, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &s6x0_properties,
> -                       THIS_MODULE, NULL, adapter_nr) ||
> +                       THIS_MODULE, NULL, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, p1100,
> -                       THIS_MODULE, NULL, adapter_nr) ||
> +                       THIS_MODULE, NULL, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, s660,
> -                       THIS_MODULE, NULL, adapter_nr) ||
> +                       THIS_MODULE, NULL, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, p7500,
> -                       THIS_MODULE, NULL, adapter_nr) ||
> +                       THIS_MODULE, NULL, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, s421,
> -                       THIS_MODULE, NULL, adapter_nr) ||
> +                       THIS_MODULE, NULL, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &su3000_properties,
> -                        THIS_MODULE, NULL, adapter_nr) ||
> +                        THIS_MODULE, NULL, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &t220_properties,
> -                        THIS_MODULE, NULL, adapter_nr) ||
> +                        THIS_MODULE, NULL, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &tt_s2_4600_properties,
> -                        THIS_MODULE, NULL, adapter_nr))
> +                        THIS_MODULE, NULL, adapter_nr, NULL))
>                 return 0;
>
>         return -ENODEV;
> diff --git a/drivers/media/usb/dvb-usb/friio.c b/drivers/media/usb/dvb-usb/friio.c
> index 474a17e4db0c..3854ac7434ad 100644
> --- a/drivers/media/usb/dvb-usb/friio.c
> +++ b/drivers/media/usb/dvb-usb/friio.c
> @@ -437,7 +437,7 @@ static int friio_probe(struct usb_interface *intf,
>         }
>
>         ret = dvb_usb_device_init(intf, &friio_properties,
> -                                 THIS_MODULE, &d, adapter_nr);
> +                                 THIS_MODULE, &d, adapter_nr, NULL);
>         if (ret == 0)
>                 friio_streaming_ctrl(&d->adapter[0], 1);
>
> diff --git a/drivers/media/usb/dvb-usb/gp8psk.c b/drivers/media/usb/dvb-usb/gp8psk.c
> index 2829e3082d15..cede0d8b0f8a 100644
> --- a/drivers/media/usb/dvb-usb/gp8psk.c
> +++ b/drivers/media/usb/dvb-usb/gp8psk.c
> @@ -262,7 +262,7 @@ static int gp8psk_usb_probe(struct usb_interface *intf,
>         int ret;
>         struct usb_device *udev = interface_to_usbdev(intf);
>         ret = dvb_usb_device_init(intf, &gp8psk_properties,
> -                                 THIS_MODULE, NULL, adapter_nr);
> +                                 THIS_MODULE, NULL, adapter_nr, NULL);
>         if (ret == 0) {
>                 info("found Genpix USB device pID = %x (hex)",
>                         le16_to_cpu(udev->descriptor.idProduct));
> diff --git a/drivers/media/usb/dvb-usb/m920x.c b/drivers/media/usb/dvb-usb/m920x.c
> index eafc5c82467f..b4c83f36abee 100644
> --- a/drivers/media/usb/dvb-usb/m920x.c
> +++ b/drivers/media/usb/dvb-usb/m920x.c
> @@ -835,14 +835,14 @@ static int m920x_probe(struct usb_interface *intf,
>                  */
>
>                 ret = dvb_usb_device_init(intf, &megasky_properties,
> -                                         THIS_MODULE, &d, adapter_nr);
> +                                         THIS_MODULE, &d, adapter_nr, NULL);
>                 if (ret == 0) {
>                         rc_init_seq = megasky_rc_init;
>                         goto found;
>                 }
>
>                 ret = dvb_usb_device_init(intf, &digivox_mini_ii_properties,
> -                                         THIS_MODULE, &d, adapter_nr);
> +                                         THIS_MODULE, &d, adapter_nr, NULL);
>                 if (ret == 0) {
>                         /* No remote control, so no rc_init_seq */
>                         goto found;
> @@ -850,28 +850,28 @@ static int m920x_probe(struct usb_interface *intf,
>
>                 /* This configures both tuners on the TV Walker Twin */
>                 ret = dvb_usb_device_init(intf, &tvwalkertwin_properties,
> -                                         THIS_MODULE, &d, adapter_nr);
> +                                         THIS_MODULE, &d, adapter_nr, NULL);
>                 if (ret == 0) {
>                         rc_init_seq = tvwalkertwin_rc_init;
>                         goto found;
>                 }
>
>                 ret = dvb_usb_device_init(intf, &dposh_properties,
> -                                         THIS_MODULE, &d, adapter_nr);
> +                                         THIS_MODULE, &d, adapter_nr, NULL);
>                 if (ret == 0) {
>                         /* Remote controller not supported yet. */
>                         goto found;
>                 }
>
>                 ret = dvb_usb_device_init(intf, &pinnacle_pctv310e_properties,
> -                                         THIS_MODULE, &d, adapter_nr);
> +                                         THIS_MODULE, &d, adapter_nr, NULL);
>                 if (ret == 0) {
>                         rc_init_seq = pinnacle310e_init;
>                         goto found;
>                 }
>
>                 ret = dvb_usb_device_init(intf, &vp7049_properties,
> -                                         THIS_MODULE, &d, adapter_nr);
> +                                         THIS_MODULE, &d, adapter_nr, NULL);
>                 if (ret == 0) {
>                         rc_init_seq = vp7049_rc_init;
>                         goto found;
> diff --git a/drivers/media/usb/dvb-usb/nova-t-usb2.c b/drivers/media/usb/dvb-usb/nova-t-usb2.c
> index 1babd3341910..0d8f06430ca5 100644
> --- a/drivers/media/usb/dvb-usb/nova-t-usb2.c
> +++ b/drivers/media/usb/dvb-usb/nova-t-usb2.c
> @@ -157,7 +157,7 @@ static int nova_t_probe(struct usb_interface *intf,
>                 const struct usb_device_id *id)
>  {
>         return dvb_usb_device_init(intf, &nova_t_properties,
> -                                  THIS_MODULE, NULL, adapter_nr);
> +                                  THIS_MODULE, NULL, adapter_nr, NULL);
>  }
>
>  /* do not change the order of the ID table */
> diff --git a/drivers/media/usb/dvb-usb/opera1.c b/drivers/media/usb/dvb-usb/opera1.c
> index 2566d2f1c2ad..9f2f156e2939 100644
> --- a/drivers/media/usb/dvb-usb/opera1.c
> +++ b/drivers/media/usb/dvb-usb/opera1.c
> @@ -563,7 +563,7 @@ static int opera1_probe(struct usb_interface *intf,
>         }
>
>         if (0 != dvb_usb_device_init(intf, &opera1_properties,
> -                                    THIS_MODULE, NULL, adapter_nr))
> +                                    THIS_MODULE, NULL, adapter_nr, NULL))
>                 return -EINVAL;
>         return 0;
>  }
> diff --git a/drivers/media/usb/dvb-usb/pctv452e.c b/drivers/media/usb/dvb-usb/pctv452e.c
> index 07fa08be9e99..2f844ff39840 100644
> --- a/drivers/media/usb/dvb-usb/pctv452e.c
> +++ b/drivers/media/usb/dvb-usb/pctv452e.c
> @@ -1059,9 +1059,9 @@ static int pctv452e_usb_probe(struct usb_interface *intf,
>                                 const struct usb_device_id *id)
>  {
>         if (0 == dvb_usb_device_init(intf, &pctv452e_properties,
> -                                       THIS_MODULE, NULL, adapter_nr) ||
> +                                       THIS_MODULE, NULL, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &tt_connect_s2_3600_properties,
> -                                       THIS_MODULE, NULL, adapter_nr))
> +                                       THIS_MODULE, NULL, adapter_nr, NULL))
>                 return 0;
>
>         return -ENODEV;
> diff --git a/drivers/media/usb/dvb-usb/technisat-usb2.c b/drivers/media/usb/dvb-usb/technisat-usb2.c
> index 4706628a3ed5..80fc5043e4cf 100644
> --- a/drivers/media/usb/dvb-usb/technisat-usb2.c
> +++ b/drivers/media/usb/dvb-usb/technisat-usb2.c
> @@ -765,7 +765,7 @@ static int technisat_usb2_probe(struct usb_interface *intf,
>         struct dvb_usb_device *dev;
>
>         if (dvb_usb_device_init(intf, &technisat_usb2_devices, THIS_MODULE,
> -                               &dev, adapter_nr) != 0)
> +                               &dev, adapter_nr, NULL) != 0)
>                 return -ENODEV;
>
>         if (dev) {
> diff --git a/drivers/media/usb/dvb-usb/ttusb2.c b/drivers/media/usb/dvb-usb/ttusb2.c
> index ecc207fbaf3c..192057ea58c0 100644
> --- a/drivers/media/usb/dvb-usb/ttusb2.c
> +++ b/drivers/media/usb/dvb-usb/ttusb2.c
> @@ -604,11 +604,11 @@ static int ttusb2_probe(struct usb_interface *intf,
>                 const struct usb_device_id *id)
>  {
>         if (0 == dvb_usb_device_init(intf, &ttusb2_properties,
> -                                    THIS_MODULE, NULL, adapter_nr) ||
> +                                    THIS_MODULE, NULL, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &ttusb2_properties_s2400,
> -                                    THIS_MODULE, NULL, adapter_nr) ||
> +                                    THIS_MODULE, NULL, adapter_nr, NULL) ||
>             0 == dvb_usb_device_init(intf, &ttusb2_properties_ct3650,
> -                                    THIS_MODULE, NULL, adapter_nr))
> +                                    THIS_MODULE, NULL, adapter_nr, NULL))
>                 return 0;
>         return -ENODEV;
>  }
> diff --git a/drivers/media/usb/dvb-usb/umt-010.c b/drivers/media/usb/dvb-usb/umt-010.c
> index 58ad5b4f856c..9af8cca5f2d2 100644
> --- a/drivers/media/usb/dvb-usb/umt-010.c
> +++ b/drivers/media/usb/dvb-usb/umt-010.c
> @@ -78,7 +78,7 @@ static int umt_probe(struct usb_interface *intf,
>                 const struct usb_device_id *id)
>  {
>         if (0 == dvb_usb_device_init(intf, &umt_properties,
> -                                    THIS_MODULE, NULL, adapter_nr))
> +                                    THIS_MODULE, NULL, adapter_nr, NULL))
>                 return 0;
>         return -EINVAL;
>  }
> diff --git a/drivers/media/usb/dvb-usb/vp702x.c b/drivers/media/usb/dvb-usb/vp702x.c
> index 40de33de90a7..e95a84e3f9de 100644
> --- a/drivers/media/usb/dvb-usb/vp702x.c
> +++ b/drivers/media/usb/dvb-usb/vp702x.c
> @@ -337,7 +337,7 @@ static int vp702x_usb_probe(struct usb_interface *intf,
>         int ret;
>
>         ret = dvb_usb_device_init(intf, &vp702x_properties,
> -                                  THIS_MODULE, &d, adapter_nr);
> +                                  THIS_MODULE, &d, adapter_nr, NULL);
>         if (ret)
>                 goto out;
>
> diff --git a/drivers/media/usb/dvb-usb/vp7045.c b/drivers/media/usb/dvb-usb/vp7045.c
> index 13340af0d39c..350603bbe3da 100644
> --- a/drivers/media/usb/dvb-usb/vp7045.c
> +++ b/drivers/media/usb/dvb-usb/vp7045.c
> @@ -225,7 +225,7 @@ static int vp7045_usb_probe(struct usb_interface *intf,
>                 const struct usb_device_id *id)
>  {
>         return dvb_usb_device_init(intf, &vp7045_properties,
> -                                  THIS_MODULE, NULL, adapter_nr);
> +                                  THIS_MODULE, NULL, adapter_nr, NULL);
>  }
>
>  static struct usb_device_id vp7045_usb_table [] = {


Tried patch with no success. Again a NULL ptr dereferece.
Thanks Jörg

Hardware name: FUJITSU LIFEBOOK A544/FJNBB35 , BIOS Version 1.17 05/09/2014
task: ffff8802134ac380 task.stack: ffff8801ed878000
RIP: 0010:[<ffffffffa406b444>]  [<ffffffffa406b444>] __mutex_init+0x4/0x30
RSP: 0018:ffff8801ed87bb98  EFLAGS: 00010206
RAX: 0000000000000050 RBX: ffff8801ef23c000 RCX: ffffea0007bc8f01
RDX: ffffffffc035ef84 RSI: ffffffffc035d772 RDI: 0000000000000048
RBP: ffffffffc035db00 R08: ffffffffffffffe1 R09: ffffffffa4c5fa90
R10: 0000000000000004 R11: 0000000000000000 R12: ffffffffc035d030
R13: ffff880214c93000 R14: 0000000000000000 R15: ffff88020d942400
FS:  00007fb1359ae880(0000) GS:ffff88021f380000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000048 CR3: 00000001f53a2000 CR4: 00000000001406e0
Stack:
 ffffffffc035d04e ffffffffc03555f0 ffffffffc035e970 ffffffffc035ddd0
 ffffffffc035ec80 00000000a4397a2f ffffffffc035ddd0 ffff880214c93098
 ffff880214c93000 ffffffffc035d8e8 ffff88020d942400 ffffffffc035d980
Call Trace:
 [<ffffffffc035d04e>] ? cinergyT2_init_mutex+0x1e/0x30 [dvb_usb_cinergyT2]
 [<ffffffffc03555f0>] ? dvb_usb_device_init+0x190/0x640 [dvb_usb]
 [<ffffffffa44326f3>] ? usb_probe_interface+0xf3/0x2a0
 [<ffffffffa438e348>] ? driver_probe_device+0x208/0x2b0
 [<ffffffffa438e477>] ? __driver_attach+0x87/0x90
 [<ffffffffa438e3f0>] ? driver_probe_device+0x2b0/0x2b0
 [<ffffffffa438c612>] ? bus_for_each_dev+0x52/0x80
 [<ffffffffa438d983>] ? bus_add_driver+0x1a3/0x220
 [<ffffffffa438ec06>] ? driver_register+0x56/0xd0
 [<ffffffffa4431527>] ? usb_register_driver+0x77/0x130
 [<ffffffffc0361000>] ? 0xffffffffc0361000
 [<ffffffffa4000426>] ? do_one_initcall+0x46/0x180
 [<ffffffffa40eb2c8>] ? free_vmap_area_noflush+0x38/0x70
 [<ffffffffa40f3844>] ? kmem_cache_alloc+0x84/0xc0
 [<ffffffffa40b802c>] ? do_init_module+0x50/0x1be
 [<ffffffffa4095adb>] ? load_module+0x1d8b/0x2100
 [<ffffffffa4093020>] ? find_symbol_in_section+0xa0/0xa0
 [<ffffffffa4095fe9>] ? SyS_finit_module+0x89/0x90
 [<ffffffffa46637a0>] ? entry_SYSCALL_64_fastpath+0x13/0x94
Code: 5b 48 89 ee 89 c2 5d e9 bb f9 ff ff 41 b8 00 04 00 00 eb b1 c6
83 a1 00 00 00 00 c7 43 38 ff ff ff ff e9 2f ff ff ff 48 8d 47 08 <c7>
07 01 00 00 00 c7 47 04 00 00 00 00 48 89 47 08 48 89 47 10
RIP  [<ffffffffa406b444>] __mutex_init+0x4/0x30
 RSP <ffff8801ed87bb98>
CR2: 0000000000000048
---[ end trace 03576741447cea2c ]---

^ permalink raw reply

* [PATCH 4.8 079/138] parisc: Ensure consistent state when switching to kernel stack at syscall entry
From: Greg Kroah-Hartman @ 2016-11-09 10:46 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, John David Anglin, Helge Deller
In-Reply-To: <20161109102844.808685475@linuxfoundation.org>

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: John David Anglin <dave.anglin@bell.net>

commit 6ed518328d0189e0fdf1bb7c73290d546143ea66 upstream.

We have one critical section in the syscall entry path in which we switch from
the userspace stack to kernel stack. In the event of an external interrupt, the
interrupt code distinguishes between those two states by analyzing the value of
sr7. If sr7 is zero, it uses the kernel stack. Therefore it's important, that
the value of sr7 is in sync with the currently enabled stack.

This patch now disables interrupts while executing the critical section.  This
prevents the interrupt handler to possibly see an inconsistent state which in
the worst case can lead to crashes.

Interestingly, in the syscall exit path interrupts were already disabled in the
critical section which switches back to the userspace stack.

Signed-off-by: John David Anglin <dave.anglin@bell.net>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 arch/parisc/kernel/syscall.S |   11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

--- a/arch/parisc/kernel/syscall.S
+++ b/arch/parisc/kernel/syscall.S
@@ -106,8 +106,6 @@ linux_gateway_entry:
 	mtsp	%r0,%sr4			/* get kernel space into sr4 */
 	mtsp	%r0,%sr5			/* get kernel space into sr5 */
 	mtsp	%r0,%sr6			/* get kernel space into sr6 */
-	mfsp    %sr7,%r1                        /* save user sr7 */
-	mtsp    %r1,%sr3                        /* and store it in sr3 */
 
 #ifdef CONFIG_64BIT
 	/* for now we can *always* set the W bit on entry to the syscall
@@ -133,6 +131,14 @@ linux_gateway_entry:
 	depdi	0, 31, 32, %r21
 1:	
 #endif
+
+	/* We use a rsm/ssm pair to prevent sr3 from being clobbered
+	 * by external interrupts.
+	 */
+	mfsp    %sr7,%r1                        /* save user sr7 */
+	rsm	PSW_SM_I, %r0			/* disable interrupts */
+	mtsp    %r1,%sr3                        /* and store it in sr3 */
+
 	mfctl   %cr30,%r1
 	xor     %r1,%r30,%r30                   /* ye olde xor trick */
 	xor     %r1,%r30,%r1
@@ -147,6 +153,7 @@ linux_gateway_entry:
 	 */
 
 	mtsp	%r0,%sr7			/* get kernel space into sr7 */
+	ssm	PSW_SM_I, %r0			/* enable interrupts */
 	STREGM	%r1,FRAME_SIZE(%r30)		/* save r1 (usp) here for now */
 	mfctl	%cr30,%r1			/* get task ptr in %r1 */
 	LDREG	TI_TASK(%r1),%r1

^ permalink raw reply

* [PATCH 4.8 082/138] virtio: console: Unlock vqs while freeing buffers
From: Greg Kroah-Hartman @ 2016-11-09 10:46 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Matt Redfearn, Michael S. Tsirkin
In-Reply-To: <20161109102844.808685475@linuxfoundation.org>

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Matt Redfearn <matt.redfearn@imgtec.com>

commit 34563769e438d2881f62cf4d9badc4e589ac0ec0 upstream.

Commit c6017e793b93 ("virtio: console: add locks around buffer removal
in port unplug path") added locking around the freeing of buffers in the
vq. However, when free_buf() is called with can_sleep = true and rproc
is enabled, it calls dma_free_coherent() directly, requiring interrupts
to be enabled. Currently a WARNING is triggered due to the spin locking
around free_buf, with a call stack like this:

WARNING: CPU: 3 PID: 121 at ./include/linux/dma-mapping.h:433
free_buf+0x1a8/0x288
Call Trace:
[<8040c538>] show_stack+0x74/0xc0
[<80757240>] dump_stack+0xd0/0x110
[<80430d98>] __warn+0xfc/0x130
[<80430ee0>] warn_slowpath_null+0x2c/0x3c
[<807e7c6c>] free_buf+0x1a8/0x288
[<807ea590>] remove_port_data+0x50/0xac
[<807ea6a0>] unplug_port+0xb4/0x1bc
[<807ea858>] virtcons_remove+0xb0/0xfc
[<807b6734>] virtio_dev_remove+0x58/0xc0
[<807f918c>] __device_release_driver+0xac/0x134
[<807f924c>] device_release_driver+0x38/0x50
[<807f7edc>] bus_remove_device+0xfc/0x130
[<807f4b74>] device_del+0x17c/0x21c
[<807f4c38>] device_unregister+0x24/0x38
[<807b6b50>] unregister_virtio_device+0x28/0x44

Fix this by restructuring the loops to allow the locks to only be taken
where it is necessary to protect the vqs, and release it while the
buffer is being freed.

Fixes: c6017e793b93 ("virtio: console: add locks around buffer removal in port unplug path")
Signed-off-by: Matt Redfearn <matt.redfearn@imgtec.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/char/virtio_console.c |   22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
@@ -1540,19 +1540,29 @@ static void remove_port_data(struct port
 	spin_lock_irq(&port->inbuf_lock);
 	/* Remove unused data this port might have received. */
 	discard_port_data(port);
+	spin_unlock_irq(&port->inbuf_lock);
 
 	/* Remove buffers we queued up for the Host to send us data in. */
-	while ((buf = virtqueue_detach_unused_buf(port->in_vq)))
-		free_buf(buf, true);
-	spin_unlock_irq(&port->inbuf_lock);
+	do {
+		spin_lock_irq(&port->inbuf_lock);
+		buf = virtqueue_detach_unused_buf(port->in_vq);
+		spin_unlock_irq(&port->inbuf_lock);
+		if (buf)
+			free_buf(buf, true);
+	} while (buf);
 
 	spin_lock_irq(&port->outvq_lock);
 	reclaim_consumed_buffers(port);
+	spin_unlock_irq(&port->outvq_lock);
 
 	/* Free pending buffers from the out-queue. */
-	while ((buf = virtqueue_detach_unused_buf(port->out_vq)))
-		free_buf(buf, true);
-	spin_unlock_irq(&port->outvq_lock);
+	do {
+		spin_lock_irq(&port->outvq_lock);
+		buf = virtqueue_detach_unused_buf(port->out_vq);
+		spin_unlock_irq(&port->outvq_lock);
+		if (buf)
+			free_buf(buf, true);
+	} while (buf);
 }
 
 /*

^ permalink raw reply

* [PATCH 4.8 080/138] virtio_ring: Make interrupt suppression spec compliant
From: Greg Kroah-Hartman @ 2016-11-09 10:46 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Michael S. Tsirkin, Ladi Prosek
In-Reply-To: <20161109102844.808685475@linuxfoundation.org>

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ladi Prosek <lprosek@redhat.com>

commit 0ea1e4a6d9b62cf29e210d2b4ba9fd43917522e3 upstream.

According to the spec, if the VIRTIO_RING_F_EVENT_IDX feature bit is
negotiated the driver MUST set flags to 0. Not dirtying the available
ring in virtqueue_disable_cb also has a minor positive performance
impact, improving L1 dcache load missed by ~0.5% in vring_bench.

Writes to the used event field (vring_used_event) are still unconditional.

Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Ladi Prosek <lprosek@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/virtio/virtio_ring.c |   14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

--- a/drivers/virtio/virtio_ring.c
+++ b/drivers/virtio/virtio_ring.c
@@ -732,7 +732,8 @@ void virtqueue_disable_cb(struct virtque
 
 	if (!(vq->avail_flags_shadow & VRING_AVAIL_F_NO_INTERRUPT)) {
 		vq->avail_flags_shadow |= VRING_AVAIL_F_NO_INTERRUPT;
-		vq->vring.avail->flags = cpu_to_virtio16(_vq->vdev, vq->avail_flags_shadow);
+		if (!vq->event)
+			vq->vring.avail->flags = cpu_to_virtio16(_vq->vdev, vq->avail_flags_shadow);
 	}
 
 }
@@ -764,7 +765,8 @@ unsigned virtqueue_enable_cb_prepare(str
 	 * entry. Always do both to keep code simple. */
 	if (vq->avail_flags_shadow & VRING_AVAIL_F_NO_INTERRUPT) {
 		vq->avail_flags_shadow &= ~VRING_AVAIL_F_NO_INTERRUPT;
-		vq->vring.avail->flags = cpu_to_virtio16(_vq->vdev, vq->avail_flags_shadow);
+		if (!vq->event)
+			vq->vring.avail->flags = cpu_to_virtio16(_vq->vdev, vq->avail_flags_shadow);
 	}
 	vring_used_event(&vq->vring) = cpu_to_virtio16(_vq->vdev, last_used_idx = vq->last_used_idx);
 	END_USE(vq);
@@ -832,10 +834,11 @@ bool virtqueue_enable_cb_delayed(struct
 	 * more to do. */
 	/* Depending on the VIRTIO_RING_F_USED_EVENT_IDX feature, we need to
 	 * either clear the flags bit or point the event index at the next
-	 * entry. Always do both to keep code simple. */
+	 * entry. Always update the event index to keep code simple. */
 	if (vq->avail_flags_shadow & VRING_AVAIL_F_NO_INTERRUPT) {
 		vq->avail_flags_shadow &= ~VRING_AVAIL_F_NO_INTERRUPT;
-		vq->vring.avail->flags = cpu_to_virtio16(_vq->vdev, vq->avail_flags_shadow);
+		if (!vq->event)
+			vq->vring.avail->flags = cpu_to_virtio16(_vq->vdev, vq->avail_flags_shadow);
 	}
 	/* TODO: tune this threshold */
 	bufs = (u16)(vq->avail_idx_shadow - vq->last_used_idx) * 3 / 4;
@@ -953,7 +956,8 @@ struct virtqueue *__vring_new_virtqueue(
 	/* No callback?  Tell other side not to bother us. */
 	if (!callback) {
 		vq->avail_flags_shadow |= VRING_AVAIL_F_NO_INTERRUPT;
-		vq->vring.avail->flags = cpu_to_virtio16(vdev, vq->avail_flags_shadow);
+		if (!vq->event)
+			vq->vring.avail->flags = cpu_to_virtio16(vdev, vq->avail_flags_shadow);
 	}
 
 	/* Put everything in free lists. */

^ permalink raw reply

* [PATCH 4.8 105/138] drm/imx: ipuv3-plane: Access old u/vbo properly in ->atomic_check for YU12/YV12
From: Greg Kroah-Hartman @ 2016-11-09 10:46 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Liu Ying, Philipp Zabel
In-Reply-To: <20161109102844.808685475@linuxfoundation.org>

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Liu Ying <gnuiyl@gmail.com>

commit e73aca5184ad9fc948ba22b4d35dce11db35bb25 upstream.

Before accessing the u/v offset(aka, u/vbo for IPUv3) of the old plane state's
relevant fb, we should make sure the fb is in YU12 or YV12 pixel format(which
are the two YUV pixel formats we support only), otherwise, we are likely to
trigger BUG_ON() in drm_plane_state_to_u/vbo() since the fb's pixel format is
probably not YU12 or YV12.

Link: https://bugs.freedesktop.org/show_bug.cgi?id=98150
Fixes: c6c1f9bc798b ("drm/imx: Add active plane reconfiguration support")
Signed-off-by: Liu Ying <gnuiyl@gmail.com>
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/imx/ipuv3-plane.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/drivers/gpu/drm/imx/ipuv3-plane.c
+++ b/drivers/gpu/drm/imx/ipuv3-plane.c
@@ -360,7 +360,9 @@ static int ipu_plane_atomic_check(struct
 		if ((ubo > 0xfffff8) || (vbo > 0xfffff8))
 			return -EINVAL;
 
-		if (old_fb) {
+		if (old_fb &&
+		    (old_fb->pixel_format == DRM_FORMAT_YUV420 ||
+		     old_fb->pixel_format == DRM_FORMAT_YVU420)) {
 			old_ubo = drm_plane_state_to_ubo(old_state);
 			old_vbo = drm_plane_state_to_vbo(old_state);
 			if (ubo != old_ubo || vbo != old_vbo)

^ permalink raw reply

* [PATCH 4.8 106/138] drm/radeon/si_dpm: Limit clocks on HD86xx part
From: Greg Kroah-Hartman @ 2016-11-09 10:46 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Tom St Denis, Alex Deucher
In-Reply-To: <20161109102844.808685475@linuxfoundation.org>

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Tom St Denis <tom.stdenis@amd.com>

commit fb9a5b0c1c9893db2e0d18544fd49e19d784a87d upstream.

Limit clocks on a specific HD86xx part to avoid
crashes (while awaiting an appropriate PP fix).

Signed-off-by: Tom St Denis <tom.stdenis@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/radeon/si_dpm.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/drivers/gpu/drm/radeon/si_dpm.c
+++ b/drivers/gpu/drm/radeon/si_dpm.c
@@ -3021,6 +3021,12 @@ static void si_apply_state_adjust_rules(
 		max_sclk = 75000;
 		max_mclk = 80000;
 	}
+	/* limit clocks on HD8600 series */
+	if (rdev->pdev->device == 0x6660 &&
+	    rdev->pdev->revision == 0x83) {
+		max_sclk = 75000;
+		max_mclk = 80000;
+	}
 
 	if (rps->vce_active) {
 		rps->evclk = rdev->pm.dpm.vce_states[rdev->pm.dpm.vce_level].evclk;

^ permalink raw reply

* [PATCH 4.8 107/138] drm/radeon/si_dpm: workaround for SI kickers
From: Greg Kroah-Hartman @ 2016-11-09 10:46 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Alex Deucher
In-Reply-To: <20161109102844.808685475@linuxfoundation.org>

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Alex Deucher <alexander.deucher@amd.com>

commit 7dc86ef5ac91642dfc3eb93ee0f0458e702a343e upstream.

Consolidate existing quirks. Fixes stability issues
on some kickers.

Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/radeon/si_dpm.c |   59 +++++++++++++++++++++++++++++-----------
 1 file changed, 43 insertions(+), 16 deletions(-)

--- a/drivers/gpu/drm/radeon/si_dpm.c
+++ b/drivers/gpu/drm/radeon/si_dpm.c
@@ -2999,6 +2999,49 @@ static void si_apply_state_adjust_rules(
 	int i;
 	struct si_dpm_quirk *p = si_dpm_quirk_list;
 
+	/* limit all SI kickers */
+	if (rdev->family == CHIP_PITCAIRN) {
+		if ((rdev->pdev->revision == 0x81) ||
+		    (rdev->pdev->device == 0x6810) ||
+		    (rdev->pdev->device == 0x6811) ||
+		    (rdev->pdev->device == 0x6816) ||
+		    (rdev->pdev->device == 0x6817) ||
+		    (rdev->pdev->device == 0x6806))
+			max_mclk = 120000;
+	} else if (rdev->family == CHIP_VERDE) {
+		if ((rdev->pdev->revision == 0x81) ||
+		    (rdev->pdev->revision == 0x83) ||
+		    (rdev->pdev->revision == 0x87) ||
+		    (rdev->pdev->device == 0x6820) ||
+		    (rdev->pdev->device == 0x6821) ||
+		    (rdev->pdev->device == 0x6822) ||
+		    (rdev->pdev->device == 0x6823) ||
+		    (rdev->pdev->device == 0x682A) ||
+		    (rdev->pdev->device == 0x682B)) {
+			max_sclk = 75000;
+			max_mclk = 80000;
+		}
+	} else if (rdev->family == CHIP_OLAND) {
+		if ((rdev->pdev->revision == 0xC7) ||
+		    (rdev->pdev->revision == 0x80) ||
+		    (rdev->pdev->revision == 0x81) ||
+		    (rdev->pdev->revision == 0x83) ||
+		    (rdev->pdev->device == 0x6604) ||
+		    (rdev->pdev->device == 0x6605)) {
+			max_sclk = 75000;
+			max_mclk = 80000;
+		}
+	} else if (rdev->family == CHIP_HAINAN) {
+		if ((rdev->pdev->revision == 0x81) ||
+		    (rdev->pdev->revision == 0x83) ||
+		    (rdev->pdev->revision == 0xC3) ||
+		    (rdev->pdev->device == 0x6664) ||
+		    (rdev->pdev->device == 0x6665) ||
+		    (rdev->pdev->device == 0x6667)) {
+			max_sclk = 75000;
+			max_mclk = 80000;
+		}
+	}
 	/* Apply dpm quirks */
 	while (p && p->chip_device != 0) {
 		if (rdev->pdev->vendor == p->chip_vendor &&
@@ -3011,22 +3054,6 @@ static void si_apply_state_adjust_rules(
 		}
 		++p;
 	}
-	/* limit mclk on all R7 370 parts for stability */
-	if (rdev->pdev->device == 0x6811 &&
-	    rdev->pdev->revision == 0x81)
-		max_mclk = 120000;
-	/* limit sclk/mclk on Jet parts for stability */
-	if (rdev->pdev->device == 0x6665 &&
-	    rdev->pdev->revision == 0xc3) {
-		max_sclk = 75000;
-		max_mclk = 80000;
-	}
-	/* limit clocks on HD8600 series */
-	if (rdev->pdev->device == 0x6660 &&
-	    rdev->pdev->revision == 0x83) {
-		max_sclk = 75000;
-		max_mclk = 80000;
-	}
 
 	if (rps->vce_active) {
 		rps->evclk = rdev->pm.dpm.vce_states[rdev->pm.dpm.vce_level].evclk;

^ permalink raw reply

* [PATCH 4.8 113/138] drm/i915/gen9: fix DDB partitioning for multi-screen cases
From: Greg Kroah-Hartman @ 2016-11-09 10:46 UTC (permalink / raw)
  To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Paulo Zanoni, Lyude, Jani Nikula
In-Reply-To: <20161109102844.808685475@linuxfoundation.org>

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Paulo Zanoni <paulo.r.zanoni@intel.com>

commit 01c72d6c17dc524f04d4dbe361d214e423b35457 upstream.

With the previous code we were only recomputing the DDB partitioning
for the CRTCs included in the atomic commit, so any other active CRTCs
would end up having their DDB registers zeroed. In this patch we make
sure that the computed state starts as a copy of the current
partitioning, and then we only zero the DDBs that we're actually
going to recompute.

How to reproduce the bug:
  1 - Enable the primary plane on pipe A
  2 - Enable the primary plane on pipe B
  3 - Enable the cursor or sprite plane on pipe A

Step 3 will zero the DDB partitioning for pipe B since it's not
included in the commit that enabled the cursor or sprite for pipe A.

I expect this to fix many FIFO underrun problems on gen9+.

v2:
  - Mention the cursor on the steps to reproduce the problem (Paulo).
  - Add Testcase tag provided by Maarten (Maarten).

Testcase: kms_cursor_legacy.cursorA-vs-flipB-atomic-transitions
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=96226
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=96828
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97450
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97596
Bugzilla: https://www.phoronix.com/scan.php?page=news_item&px=Intel-Skylake-Multi-Screen-Woes
Signed-off-by: Paulo Zanoni <paulo.r.zanoni@intel.com>
Reviewed-by: Lyude <cpaul@redhat.com>
Link: http://patchwork.freedesktop.org/patch/msgid/1475602652-17326-1-git-send-email-paulo.r.zanoni@intel.com
(cherry picked from commit 5a920b85f2c6e3fd7d9dd9bb3f3345e9085e2360)
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/i915/intel_pm.c |   12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

--- a/drivers/gpu/drm/i915/intel_pm.c
+++ b/drivers/gpu/drm/i915/intel_pm.c
@@ -3363,13 +3363,15 @@ skl_allocate_pipe_ddb(struct intel_crtc_
 	int num_active;
 	int id, i;
 
+	/* Clear the partitioning for disabled planes. */
+	memset(ddb->plane[pipe], 0, sizeof(ddb->plane[pipe]));
+	memset(ddb->y_plane[pipe], 0, sizeof(ddb->y_plane[pipe]));
+
 	if (WARN_ON(!state))
 		return 0;
 
 	if (!cstate->base.active) {
 		ddb->pipe[pipe].start = ddb->pipe[pipe].end = 0;
-		memset(ddb->plane[pipe], 0, sizeof(ddb->plane[pipe]));
-		memset(ddb->y_plane[pipe], 0, sizeof(ddb->y_plane[pipe]));
 		return 0;
 	}
 
@@ -4051,6 +4053,12 @@ skl_compute_ddb(struct drm_atomic_state
 		intel_state->wm_results.dirty_pipes = ~0;
 	}
 
+	/*
+	 * We're not recomputing for the pipes not included in the commit, so
+	 * make sure we start with the current state.
+	 */
+	memcpy(ddb, &dev_priv->wm.skl_hw.ddb, sizeof(*ddb));
+
 	for_each_intel_crtc_mask(dev, intel_crtc, realloc_pipes) {
 		struct intel_crtc_state *cstate;
 

^ permalink raw reply

* Re: fsnotify_mark_srcu wtf?
From: Jan Kara @ 2016-11-09 11:10 UTC (permalink / raw)
  To: Amir Goldstein
  Cc: Jan Kara, Miklos Szeredi, Eric Paris, linux-fsdevel, linux-kernel
In-Reply-To: <CAOQ4uxhC_ZWB4YhubF15L2xLB0Eapec2SijxdUVYhVSDNHex7w@mail.gmail.com>

On Sun 06-11-16 08:45:54, Amir Goldstein wrote:
> On Sat, Nov 5, 2016 at 11:34 PM, Jan Kara <jack@suse.cz> wrote:
> > On Wed 02-11-16 23:09:26, Miklos Szeredi wrote:
> >> We've got a report where a fanotify daemon that implements permission checks
> >> screws up and doesn't send a reply.  This then causes widespread hangs due to
> >> fsnotify_mark_srcu read side lock being held and thus causing synchronize_srcu()
> >> called from e.g. inotify_release()-> fsnotify_destroy_group()->
> >> fsnotify_mark_destroy_list() to block.
> >
> > Yes. But if a program implementing permission checks does not reply, your
> > system is likely hosed anyway. We can only try to somewhat limit the
> > damage...
> >
> 
> That was my initial thought as well, but at least with the sample code
> Miklos sent
> the only thing that gets hosed is the one process watching that one file.
> You could think of a use case of fanotify being used to watch over files
> in a specific user directory, where the damage on the entire system
> should/could be limited. No?

Yes, the damage could at least theoretically be limited only to those files
/ dirs watched by the buggy process.

> >> Below program demonstrates the issue.  It should output a single line:
> >>
> >> close(inotify_fd): success
> >>
> >> Instead it outputs nothing, which means that close(inotify_fd) got blocked by
> >> the waiting permission event.
> >>
> >> Wouldn't making the srcu per-group fix this?  Would that be too expensive?
> >
> > Per-group would be IMHO too expensive. You can have lots of groups and I'm
> > not sure srcu would scale to that. Furthermore the SRCU protects the list
> > of groups that need to get notification so it would not even be easily
> > possible. Also Amir's solution is buggy - I'll comment on that as a reply
> > to his patch. I'll try to find something to improve the situation but so
> > far I have no good idea...
> >
> 
> Yes, very much buggy indeed :/
> Anyway, the reason I drafted it quickly was to highlight the fact that the
> marks only need to live to the point of decision whether or not the event
> should be sent to the group and afterwards, its sufficient to grab the
> group reference, without having impact on the entire system.

Yes, fanotify code as such does not need the marks anymore. But the core
fsnotify code does...

> Yet another possible ugly (but less buggy) solution would be
> to iterate all marks under SRCU read protection.
> If any group is about to block (either by suggested return value
> EAGAIN or another
> by using a new op should_handle_event_deferred), defer event handling to post
> marks iteration, by keeping a few group references on stack.

And this does not work as well... Fanotify must notify groups by their
priority so you cannot arbitrarily reorder ordering in which groups get
notified. I'm currently pondering on using mark refcount to pin it when
processing permission event but there are still some details to check.

								Honza
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

^ permalink raw reply

* [PATCH 4.8 096/138] ath10k: cache calibration data when the core is stopped
From: Greg Kroah-Hartman @ 2016-11-09 10:46 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Nikolay Martynov, Marty Faltesek,
	Kalle Valo
In-Reply-To: <20161109102844.808685475@linuxfoundation.org>

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Marty Faltesek <mfaltesek@google.com>

commit f67b107d4ceddcf7aa65b706aaaf50d68edb52a6 upstream.

Commit 0b8e3c4ca29f ("ath10k: move cal data len to hw_params") broke retrieving
the calibration data from cal_data debugfs file. The length of file was always
zero. The reason is:

    static ssize_t ath10k_debug_cal_data_read(struct file *file,
                                          char __user *user_buf,
                                          size_t count, loff_t *ppos)
    {
        struct ath10k *ar = file->private_data;
        void *buf = file->private_data;

This is obviously bogus, private_data cannot contain both struct ath10k and the
buffer. Fix it by caching calibration data to ar->debug.cal_data. This also
allows it to be accessed when the device is not active (interface is down).

The cal_data buffer is fixed size because during the first firmware probe we
don't yet know what will be the lenght of the calibration data. It was simplest
just to use a fixed length. There's a WARN_ON() in
ath10k_debug_cal_data_fetch() if the buffer is too small.

Tested with qca988x and firmware 10.2.4.70.56.

Reported-by: Nikolay Martynov <mar.kolya@gmail.com>
Fixes: 0b8e3c4ca29f ("ath10k: move cal data len to hw_params")
Signed-off-by: Marty Faltesek <mfaltesek@google.com>
[kvalo@qca.qualcomm.com: improve commit log and minor other changes]
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/net/wireless/ath/ath10k/core.h  |    1 
 drivers/net/wireless/ath/ath10k/debug.c |   75 ++++++++++++++++----------------
 2 files changed, 40 insertions(+), 36 deletions(-)

--- a/drivers/net/wireless/ath/ath10k/core.h
+++ b/drivers/net/wireless/ath/ath10k/core.h
@@ -445,6 +445,7 @@ struct ath10k_debug {
 	u32 pktlog_filter;
 	u32 reg_addr;
 	u32 nf_cal_period;
+	void *cal_data;
 
 	struct ath10k_fw_crash_data *fw_crash_data;
 };
--- a/drivers/net/wireless/ath/ath10k/debug.c
+++ b/drivers/net/wireless/ath/ath10k/debug.c
@@ -30,6 +30,8 @@
 /* ms */
 #define ATH10K_DEBUG_HTT_STATS_INTERVAL 1000
 
+#define ATH10K_DEBUG_CAL_DATA_LEN 12064
+
 #define ATH10K_FW_CRASH_DUMP_VERSION 1
 
 /**
@@ -1450,56 +1452,51 @@ static const struct file_operations fops
 	.llseek = default_llseek,
 };
 
-static int ath10k_debug_cal_data_open(struct inode *inode, struct file *file)
+static int ath10k_debug_cal_data_fetch(struct ath10k *ar)
 {
-	struct ath10k *ar = inode->i_private;
-	void *buf;
 	u32 hi_addr;
 	__le32 addr;
 	int ret;
 
-	mutex_lock(&ar->conf_mutex);
-
-	if (ar->state != ATH10K_STATE_ON &&
-	    ar->state != ATH10K_STATE_UTF) {
-		ret = -ENETDOWN;
-		goto err;
-	}
+	lockdep_assert_held(&ar->conf_mutex);
 
-	buf = vmalloc(ar->hw_params.cal_data_len);
-	if (!buf) {
-		ret = -ENOMEM;
-		goto err;
-	}
+	if (WARN_ON(ar->hw_params.cal_data_len > ATH10K_DEBUG_CAL_DATA_LEN))
+		return -EINVAL;
 
 	hi_addr = host_interest_item_address(HI_ITEM(hi_board_data));
 
 	ret = ath10k_hif_diag_read(ar, hi_addr, &addr, sizeof(addr));
 	if (ret) {
-		ath10k_warn(ar, "failed to read hi_board_data address: %d\n", ret);
-		goto err_vfree;
+		ath10k_warn(ar, "failed to read hi_board_data address: %d\n",
+			    ret);
+		return ret;
 	}
 
-	ret = ath10k_hif_diag_read(ar, le32_to_cpu(addr), buf,
+	ret = ath10k_hif_diag_read(ar, le32_to_cpu(addr), ar->debug.cal_data,
 				   ar->hw_params.cal_data_len);
 	if (ret) {
 		ath10k_warn(ar, "failed to read calibration data: %d\n", ret);
-		goto err_vfree;
+		return ret;
 	}
 
-	file->private_data = buf;
+	return 0;
+}
 
-	mutex_unlock(&ar->conf_mutex);
+static int ath10k_debug_cal_data_open(struct inode *inode, struct file *file)
+{
+	struct ath10k *ar = inode->i_private;
 
-	return 0;
+	mutex_lock(&ar->conf_mutex);
 
-err_vfree:
-	vfree(buf);
+	if (ar->state == ATH10K_STATE_ON ||
+	    ar->state == ATH10K_STATE_UTF) {
+		ath10k_debug_cal_data_fetch(ar);
+	}
 
-err:
+	file->private_data = ar;
 	mutex_unlock(&ar->conf_mutex);
 
-	return ret;
+	return 0;
 }
 
 static ssize_t ath10k_debug_cal_data_read(struct file *file,
@@ -1507,18 +1504,16 @@ static ssize_t ath10k_debug_cal_data_rea
 					  size_t count, loff_t *ppos)
 {
 	struct ath10k *ar = file->private_data;
-	void *buf = file->private_data;
 
-	return simple_read_from_buffer(user_buf, count, ppos,
-				       buf, ar->hw_params.cal_data_len);
-}
+	mutex_lock(&ar->conf_mutex);
 
-static int ath10k_debug_cal_data_release(struct inode *inode,
-					 struct file *file)
-{
-	vfree(file->private_data);
+	count = simple_read_from_buffer(user_buf, count, ppos,
+					ar->debug.cal_data,
+					ar->hw_params.cal_data_len);
 
-	return 0;
+	mutex_unlock(&ar->conf_mutex);
+
+	return count;
 }
 
 static ssize_t ath10k_write_ani_enable(struct file *file,
@@ -1579,7 +1574,6 @@ static const struct file_operations fops
 static const struct file_operations fops_cal_data = {
 	.open = ath10k_debug_cal_data_open,
 	.read = ath10k_debug_cal_data_read,
-	.release = ath10k_debug_cal_data_release,
 	.owner = THIS_MODULE,
 	.llseek = default_llseek,
 };
@@ -1931,6 +1925,8 @@ void ath10k_debug_stop(struct ath10k *ar
 {
 	lockdep_assert_held(&ar->conf_mutex);
 
+	ath10k_debug_cal_data_fetch(ar);
+
 	/* Must not use _sync to avoid deadlock, we do that in
 	 * ath10k_debug_destroy(). The check for htt_stats_mask is to avoid
 	 * warning from del_timer(). */
@@ -2343,6 +2339,10 @@ int ath10k_debug_create(struct ath10k *a
 	if (!ar->debug.fw_crash_data)
 		return -ENOMEM;
 
+	ar->debug.cal_data = vzalloc(ATH10K_DEBUG_CAL_DATA_LEN);
+	if (!ar->debug.cal_data)
+		return -ENOMEM;
+
 	INIT_LIST_HEAD(&ar->debug.fw_stats.pdevs);
 	INIT_LIST_HEAD(&ar->debug.fw_stats.vdevs);
 	INIT_LIST_HEAD(&ar->debug.fw_stats.peers);
@@ -2356,6 +2356,9 @@ void ath10k_debug_destroy(struct ath10k
 	vfree(ar->debug.fw_crash_data);
 	ar->debug.fw_crash_data = NULL;
 
+	vfree(ar->debug.cal_data);
+	ar->debug.cal_data = NULL;
+
 	ath10k_debug_fw_stats_reset(ar);
 
 	kfree(ar->debug.tpc_stats);

^ permalink raw reply

* Re: [PATCH v3 1/3] thinkpad_acpi: Move tablet detection into separate function
From: Daniel Martin @ 2016-11-09 11:10 UTC (permalink / raw)
  To: Lyude
  Cc: ibm-acpi-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f,
	platform-driver-x86-u79uwXL29TY76Z2rM5mHXA,
	Henrique de Moraes Holschuh, linux-kernel-u79uwXL29TY76Z2rM5mHXA,
	Darren Hart
In-Reply-To: <1478538633-11450-1-git-send-email-lyude-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>

Sorry, I didn't had the time to look at the patches earlier.

Now, I did and was wondering why hotkey_tablet_mode doesn't show up in
sysfs anymore ...

On 7 November 2016 at 18:10, Lyude <lyude-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:
> @@ -3464,17 +3495,6 @@ static int __init hotkey_init(struct ibm_init_struct *iibm)
>                 res = add_to_attr_set(hotkey_dev_attributes,
>                                 &dev_attr_hotkey_radio_sw.attr);
>
> -       /* For X41t, X60t, X61t Tablets... */
> -       if (!res && acpi_evalf(hkey_handle, &status, "MHKG", "qd")) {
> -               tp_features.hotkey_tablet = 1;
> -               tabletsw_state = !!(status & TP_HOTKEY_TABLET_MASK);
> -               pr_info("possible tablet mode switch found; "
> -                       "ThinkPad in %s mode\n",
> -                       (tabletsw_state) ? "tablet" : "laptop");
> -               res = add_to_attr_set(hotkey_dev_attributes,
> -                               &dev_attr_hotkey_tablet_mode.attr);
> -       }
> -
>         if (!res)
>                 res = register_attr_set_with_sysfs(
>                                 hotkey_dev_attributes,
> @@ -3482,6 +3502,12 @@ static int __init hotkey_init(struct ibm_init_struct *iibm)
>         if (res)
>                 goto err_exit;
>
> +       res = hotkey_init_tablet_mode();
> +       if (res < 0)
> +               goto err_exit;
> +
> +       tabletsw_state = res;
> +
>         /* Set up key map */
>         hotkey_keycode_map = kmalloc(TPACPI_HOTKEY_MAP_SIZE,
>                                         GFP_KERNEL);
> --
> 2.7.4
>

This block has to be before register_attr_set_with_sysfs().

With that fixed and a small patch (will be sent soon) on top it works
on my Yoga 260, so:
Tested-by: Daniel Martin <consume.noise-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi

^ permalink raw reply

* Re: [PATCH v3 1/3] thinkpad_acpi: Move tablet detection into separate function
From: Daniel Martin @ 2016-11-09 11:10 UTC (permalink / raw)
  To: Lyude
  Cc: ibm-acpi-devel, Henrique de Moraes Holschuh, Darren Hart,
	platform-driver-x86, linux-kernel
In-Reply-To: <1478538633-11450-1-git-send-email-lyude@redhat.com>

Sorry, I didn't had the time to look at the patches earlier.

Now, I did and was wondering why hotkey_tablet_mode doesn't show up in
sysfs anymore ...

On 7 November 2016 at 18:10, Lyude <lyude@redhat.com> wrote:
> @@ -3464,17 +3495,6 @@ static int __init hotkey_init(struct ibm_init_struct *iibm)
>                 res = add_to_attr_set(hotkey_dev_attributes,
>                                 &dev_attr_hotkey_radio_sw.attr);
>
> -       /* For X41t, X60t, X61t Tablets... */
> -       if (!res && acpi_evalf(hkey_handle, &status, "MHKG", "qd")) {
> -               tp_features.hotkey_tablet = 1;
> -               tabletsw_state = !!(status & TP_HOTKEY_TABLET_MASK);
> -               pr_info("possible tablet mode switch found; "
> -                       "ThinkPad in %s mode\n",
> -                       (tabletsw_state) ? "tablet" : "laptop");
> -               res = add_to_attr_set(hotkey_dev_attributes,
> -                               &dev_attr_hotkey_tablet_mode.attr);
> -       }
> -
>         if (!res)
>                 res = register_attr_set_with_sysfs(
>                                 hotkey_dev_attributes,
> @@ -3482,6 +3502,12 @@ static int __init hotkey_init(struct ibm_init_struct *iibm)
>         if (res)
>                 goto err_exit;
>
> +       res = hotkey_init_tablet_mode();
> +       if (res < 0)
> +               goto err_exit;
> +
> +       tabletsw_state = res;
> +
>         /* Set up key map */
>         hotkey_keycode_map = kmalloc(TPACPI_HOTKEY_MAP_SIZE,
>                                         GFP_KERNEL);
> --
> 2.7.4
>

This block has to be before register_attr_set_with_sysfs().

With that fixed and a small patch (will be sent soon) on top it works
on my Yoga 260, so:
Tested-by: Daniel Martin <consume.noise@gmail.com>

^ permalink raw reply

* [PATCH 4.8 120/138] drm: i915: Wait for fences on new fb, not old
From: Greg Kroah-Hartman @ 2016-11-09 10:46 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Daniel Stone, Daniel Vetter,
	Maarten Lankhorst, Daniel Vetter, Jani Nikula
In-Reply-To: <20161109102844.808685475@linuxfoundation.org>

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Daniel Stone <daniels@collabora.com>

commit 1fb3672eaf6ec95fb34c22734feffd6041531c5b upstream.

The previous code would wait for fences on the framebuffer from the old
plane state to complete, rather than the new, so you would see tearing
everywhere. Fix this to wait on the new state before we make it active.

Signed-off-by: Daniel Stone <daniels@collabora.com>
Fixes: 94f050246b42 ("drm/i915: nonblocking commit")
Cc: Daniel Vetter <daniel.vetter@intel.com>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: http://patchwork.freedesktop.org/patch/msgid/20161021144454.6288-1-daniels@collabora.com
(cherry picked from commit 2d2c5ad83f772d7d7b0bb8348ecea42e88f89ab0)
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/gpu/drm/i915/intel_display.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -13834,7 +13834,7 @@ static void intel_atomic_commit_tail(str
 
 	for_each_plane_in_state(state, plane, plane_state, i) {
 		struct intel_plane_state *intel_plane_state =
-			to_intel_plane_state(plane_state);
+			to_intel_plane_state(plane->state);
 
 		if (!intel_plane_state->wait_req)
 			continue;

^ permalink raw reply

* [PATCH 4.8 121/138] i2c: mark device nodes only in case of successful instantiation
From: Greg Kroah-Hartman @ 2016-11-09 10:46 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ralf Ramsauer, Geert Uytterhoeven,
	Pantelis Antoniou, Wolfram Sang
In-Reply-To: <20161109102844.808685475@linuxfoundation.org>

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>

commit 6a676fb69dcbf3310b9e462c1db66c8e7f6ead38 upstream.

Instantiated I2C device nodes are marked with OF_POPULATE. This was
introduced in 4f001fd30145a6. On unloading, loaded device nodes will of
course be unmarked. The problem are nodes that fail during
initialisation: If a node fails, it won't be unloaded and hence not be
unmarked.

If a I2C driver module is unloaded and reloaded, it will skip nodes that
failed before.

Skip device nodes that are already populated and mark them only in case
of success.

Fixes: 4f001fd30145a6 ("i2c: Mark instantiated device nodes with OF_POPULATE")
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
[wsa: use 14-digit commit sha]
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>


---
 drivers/i2c/i2c-core.c |   11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

--- a/drivers/i2c/i2c-core.c
+++ b/drivers/i2c/i2c-core.c
@@ -1592,6 +1592,7 @@ static struct i2c_client *of_i2c_registe
 static void of_i2c_register_devices(struct i2c_adapter *adap)
 {
 	struct device_node *node;
+	struct i2c_client *client;
 
 	/* Only register child devices if the adapter has a node pointer set */
 	if (!adap->dev.of_node)
@@ -1602,7 +1603,14 @@ static void of_i2c_register_devices(stru
 	for_each_available_child_of_node(adap->dev.of_node, node) {
 		if (of_node_test_and_set_flag(node, OF_POPULATED))
 			continue;
-		of_i2c_register_device(adap, node);
+
+		client = of_i2c_register_device(adap, node);
+		if (IS_ERR(client)) {
+			dev_warn(&adap->dev,
+				 "Failed to create I2C device for %s\n",
+				 node->full_name);
+			of_node_clear_flag(node, OF_POPULATED);
+		}
 	}
 }
 
@@ -2201,6 +2209,7 @@ static int of_i2c_notify(struct notifier
 		if (IS_ERR(client)) {
 			dev_err(&adap->dev, "failed to create client for '%s'\n",
 				 rd->dn->full_name);
+			of_node_clear_flag(rd->dn, OF_POPULATED);
 			return notifier_from_errno(PTR_ERR(client));
 		}
 		break;

^ permalink raw reply

* [PATCH 4.8 122/138] netfilter: xt_NFLOG: fix unexpected truncated packet
From: Greg Kroah-Hartman @ 2016-11-09 10:46 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Justin Piszcz, Chris Caputo,
	Liping Zhang, Pablo Neira Ayuso
In-Reply-To: <20161109102844.808685475@linuxfoundation.org>

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Liping Zhang <liping.zhang@spreadtrum.com>

commit 6d19375b58763fefc2f215fb45117d3353ced888 upstream.

Justin and Chris spotted that iptables NFLOG target was broken when they
upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or
"results in segfaults in ulogd-2.0.5".

Because "struct nf_loginfo li;" is a local variable, and flags will be
filled with garbage value, not inited to zero. So if it contains 0x1,
packets will not be logged to the userspace anymore.

Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate packets")
Reported-by: Justin Piszcz <jpiszcz@lucidpixels.com>
Reported-by: Chris Caputo <ccaputo@alt.net>
Tested-by: Chris Caputo <ccaputo@alt.net>
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/netfilter/xt_NFLOG.c |    1 +
 1 file changed, 1 insertion(+)

--- a/net/netfilter/xt_NFLOG.c
+++ b/net/netfilter/xt_NFLOG.c
@@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const stru
 	li.u.ulog.copy_len   = info->len;
 	li.u.ulog.group	     = info->group;
 	li.u.ulog.qthreshold = info->threshold;
+	li.u.ulog.flags	     = 0;
 
 	if (info->flags & XT_NFLOG_F_COPY_LEN)
 		li.u.ulog.flags |= NF_LOG_F_COPY_LEN;

^ permalink raw reply

* [PATCH 4.8 097/138] scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded
From: Greg Kroah-Hartman @ 2016-11-09 10:46 UTC (permalink / raw)
  To: linux-kernel
  Cc: Greg Kroah-Hartman, stable, Ewan D. Milne, Laurence Oberman,
	Martin K. Petersen
In-Reply-To: <20161109102844.808685475@linuxfoundation.org>

4.8-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Ewan D. Milne <emilne@redhat.com>

commit 4d2b496f19f3c2cfaca1e8fa0710688b5ff3811d upstream.

map_storep was not being vfree()'d in the module_exit call.

Signed-off-by: Ewan D. Milne <emilne@redhat.com>
Reviewed-by: Laurence Oberman <loberman@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/scsi/scsi_debug.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/scsi/scsi_debug.c
+++ b/drivers/scsi/scsi_debug.c
@@ -5134,6 +5134,7 @@ static void __exit scsi_debug_exit(void)
 	bus_unregister(&pseudo_lld_bus);
 	root_device_unregister(pseudo_primary);
 
+	vfree(map_storep);
 	vfree(dif_storep);
 	vfree(fake_storep);
 	kfree(sdebug_q_arr);

^ permalink raw reply


This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.