Xiao Feng [Wed, 24 Feb 2016 03:37:34 +0000 (11:37 +0800)]
clk: rockchip: rk3366: add sclk_pvtm_pmu
Change-Id: Id24788b8d7caca776061dd4544ac90443a6be2ad
Signed-off-by: Xiao Feng <xf@rock-chips.com>
Xiao Feng [Wed, 24 Feb 2016 03:36:22 +0000 (11:36 +0800)]
clk: rockchip: add id for pvtm_pmu on rk3366
Change-Id: Iecc20e13134322fc6ed306300b830b9b14dffd97
Signed-off-by: Xiao Feng <xf@rock-chips.com>
Frank Wang [Wed, 3 Feb 2016 02:44:12 +0000 (10:44 +0800)]
usb: dwc_otg: Ported "drivers/usb/dwc_otg_310" from kernel-3.10
Modified some internal interfaces to support kernel-4.4
Change-Id: I1a87b75f5429874d879437b21cbf85eba4473ee0
Signed-off-by: Frank Wang <frank.wang@rock-chips.com>
Xing Zheng [Mon, 22 Feb 2016 10:13:20 +0000 (18:13 +0800)]
clk: rockchip: update dt-binding header for rk3399
Because the RK3399 CRU TRM is updating, so we need to maintain a
consistent naming clock IDs.
Change-Id: I1724827f05f4f44b197c14a5d81fec5afc1202b5
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
Xiao Feng [Tue, 23 Feb 2016 01:49:36 +0000 (09:49 +0800)]
clk: rockchip: rk3366: include downstream muxes into fractional dividers
Use the newly introduced possibility to combine the fractional dividers
with their downstream muxes for all fractional dividers on currently
supported RK3366 SoCs.
Change-Id: Idabfe85f269b8f15f85471daa50c3ef988b21297
Signed-off-by: Xiao Feng <xf@rock-chips.com>
Wenlong Zhuang [Thu, 21 Jan 2016 06:45:37 +0000 (14:45 +0800)]
arm64: configs: rockchip_defconfig: select LCDC_LITE_RK3X
CONFIG_LCDC_LITE_RK3X=y
Change-Id: If326b617341125771a7393a1392755fe9e9a52b4
Signed-off-by: Wenlong Zhuang <daisen.zhuang@rock-chips.com>
Wenlong Zhuang [Tue, 29 Dec 2015 06:42:17 +0000 (14:42 +0800)]
video: rockchip: support VOP-LITE controller driver
Rockchip SoC such RK3366 has VOP-LITE controller. This patch
supports VOP-LITE driver base on Rockchip SoC Chip.
Change-Id: I64ea2307609530f7dc0dbe6b1c9b3059d1cf821d
Signed-off-by: Wenlong Zhuang <daisen.zhuang@rock-chips.com>
Shengfei xu [Fri, 19 Feb 2016 10:01:32 +0000 (18:01 +0800)]
Revert "input: gt9xx: remove tp_register_fb"
This reverts commit
dd82161ce5de1b02eb61a4822aa0118b9082fef0.
Change-Id: I277b2e6146509a56b1f7aa5a53dc481cc63cc0df
Signed-off-by: Shengfei xu <xsf@rock-chips.com>
Shengfei xu [Fri, 19 Feb 2016 09:16:22 +0000 (17:16 +0800)]
Input: gt911: get regulator form dts.
Make it possible to specify the supply of a regulator, through the
tp-supply property in dt.
Change-Id: If741bb48280a339fc37e9f53d566fbbb444c31e8
Signed-off-by: Shengfei xu <xsf@rock-chips.com>
Sugar Zhang [Fri, 19 Feb 2016 10:42:50 +0000 (18:42 +0800)]
ARM64: dts: rk3366-tb: add simple audio card with rt5640
Change-Id: I1f4f7c3faadf68a2f6f7314fc699296a77732442
Signed-off-by: Sugar Zhang <sugar.zhang@rock-chips.com>
Sugar Zhang [Fri, 19 Feb 2016 10:30:20 +0000 (18:30 +0800)]
ARM64: dts: rk3366: add i2s node
Change-Id: Ic646cdeaf8b53be81059061ef8c9a7e7f0aca66f
Signed-off-by: Sugar Zhang <sugar.zhang@rock-chips.com>
Sugar Zhang [Fri, 19 Feb 2016 08:13:49 +0000 (16:13 +0800)]
ARM64: dts: rk3368-tb: fix mistake for rt5640
Change-Id: If6a9296bed3d183f660f1584166be76a0456c1b4
Signed-off-by: Sugar Zhang <sugar.zhang@rock-chips.com>
Sugar Zhang [Fri, 19 Feb 2016 08:11:04 +0000 (16:11 +0800)]
ASoC: rt5640: add mono adc event function
Change-Id: I9d992ce28ad8cc7f772cb83ebde6b9c57b412acd
Signed-off-by: Sugar Zhang <sugar.zhang@rock-chips.com>
Sugar Zhang [Fri, 19 Feb 2016 05:18:05 +0000 (13:18 +0800)]
ARM64: dts: rk3368-tb: add mclk for rt5640 codec
Change-Id: I692653ed270beb19990f2e2a42be1e8a7859e382
Signed-off-by: Sugar Zhang <sugar.zhang@rock-chips.com>
Sugar Zhang [Fri, 19 Feb 2016 05:03:19 +0000 (13:03 +0800)]
ASoC: rt5640: add master clock handling for rt5640
enable/disable master clock when codec is active or not.
Change-Id: Ia876abde08138c4f23ed5a1a684f6637c42d5e34
Signed-off-by: Sugar Zhang <sugar.zhang@rock-chips.com>
Sugar Zhang [Fri, 19 Feb 2016 02:10:07 +0000 (10:10 +0800)]
ASoC: rockchip: i2s: add default values for registers
this patch add default values for registers according description from TRM.
Change-Id: I683b30483b9c1db08a202983f7055092db4cad2e
Signed-off-by: Sugar Zhang <sugar.zhang@rock-chips.com>
Sugar Zhang [Thu, 18 Feb 2016 11:34:41 +0000 (19:34 +0800)]
ARM64: dts: rk3368: Drop unneeded properties for i2s
because i2s have no child devices so address-cells and
size-cells properties are not required. remove these from dts.
Change-Id: Iaaeec7907fd565279a01c0051353c7170af0812c
Signed-off-by: Sugar Zhang <sugar.zhang@rock-chips.com>
Jianqun Xu [Fri, 19 Feb 2016 00:31:22 +0000 (08:31 +0800)]
input: gt9xx: remove tp_register_fb
Fix the suspend/resume bug.
Change-Id: Ia8a6275f3eed9f13af153138e225343486323afb
Signed-off-by: Jianqun Xu <jay.xu@rock-chips.com>
Heiko Stübner [Sat, 26 Dec 2015 13:07:15 +0000 (14:07 +0100)]
UPSTREAM: clk: rockchip: fix section mismatches with new child-clocks
To model the muxes downstream of fractional dividers we introduced the
child property, allowing to describe a direct child clock.
The first implementation seems to cause section warnings, as the core
clock-tree is marked as initdata while the data pointed to from the
child element is not.
While there may be some way to also set that missing property in the
inline notation I didn't find it, so to actually fix the issue for now
move the sub-definitions into separate declarations that can have
their own __initdata properties.
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Michael Turquette <mturquette@baylibre.com>
(cherry picked from commit
5b73840375e3eebeb7adf957ff64a96abdf4e1a1)
Change-Id: I22c03dea33af24ba5743170325f318432cfd766f
Xing Zheng [Tue, 22 Dec 2015 21:28:01 +0000 (22:28 +0100)]
UPSTREAM: clk: rockchip: rk3036: include downstream muxes into fractional dividers
Use the newly introduced possibility to combine the fractional dividers
with their downstream muxes for all fractional dividers on currently
supported RK3036 SoCs.
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Michael Turquette <mturquette@baylibre.com>
(cherry picked from commit
b0158bb27c7b6e9843f541c17b24dbd964b76db6)
Change-Id: Ief8f77ec66c8b281d52d1e19dcd50d2f7b663045
Sjoerd Simons [Tue, 22 Dec 2015 21:28:02 +0000 (22:28 +0100)]
UPSTREAM: clk: rockchip: Allow the RK3288 SPDIF clocks to change their parent
The clock branches leading to sclk_spdif and sclk_spdif_8ch on RK3288
SoCs only feed those clocks, allow those clocks to change their parents
all the way up the hierarchy.
Signed-off-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Michael Turquette <mturquette@baylibre.com>
(cherry picked from commit
84a8c541664b037a4d1fdc3151466b4ec45c37a5)
Change-Id: Id362013ba195fdb88e4cdbaed2468deaafc04e64
Heiko Stuebner [Tue, 22 Dec 2015 21:28:00 +0000 (22:28 +0100)]
UPSTREAM: clk: rockchip: include downstream muxes into fractional dividers
Use the newly introduced possibility to combine the fractional dividers
with their downstream muxes for all fractional dividers on currently
supported Rockchip SoCs.
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Tested-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
Reviewed-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
Signed-off-by: Michael Turquette <mturquette@baylibre.com>
(cherry picked from commit
66746420898984a273ea08fa5926bd1640eaed3e)
Change-Id: I243f17bf622b278ec365755f7fb4da90843107d7
Heiko Stuebner [Tue, 22 Dec 2015 21:27:59 +0000 (22:27 +0100)]
UPSTREAM: clk: rockchip: handle mux dependency of fractional dividers
The fractional dividers of Rockchip SoCs contain an "auto-gating-feature"
that requires the downstream mux to actually point to the fractional
divider and the fractional divider gate to be enabled, for it to really
accept changes to the divider ratio.
The downstream muxes themselfs are not generic enough to include them
directly into the fractional divider, as they have varying sources of
parent clocks including not only clocks related to the fractional
dividers but other clocks as well.
To solve this, allow our clock branches to specify direct child clock-
branches in the new child property, let the fractional divider register
its downstream mux through this and add a clock notifier that temporarily
switches the mux setting when it notices rate changes to the fractional
divider.
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Tested-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
Reviewed-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
Signed-off-by: Michael Turquette <mturquette@baylibre.com>
(cherry picked from commit
8ca1ca8f6039f19673fb61552f276b848539dbd6)
Change-Id: Ic538fcf248f1e8a7ac87a45788167855155ca54a
Heiko Stuebner [Tue, 22 Dec 2015 21:27:58 +0000 (22:27 +0100)]
UPSTREAM: clk: add flag for clocks that need to be enabled on rate changes
Some clocks need to be enabled to accept rate changes. This patch adds a
new flag CLK_SET_RATE_UNGATE that lets clk_change_rate enable the clock
before trying to change the rate and disable it again afterwards.
This of course doesn't effect clocks that are already running at that
point, as their refcount will only temporarily increase.
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Tested-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
Reviewed-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
Signed-off-by: Michael Turquette <mturquette@baylibre.com>
(cherry picked from commit
2eb8c7104c648ad4bfae1f5333f98c09522149b5)
Change-Id: I4fdabbe7120dd501f350ce2294aa5a6c1827f961
Xing Zheng [Thu, 5 Nov 2015 07:33:58 +0000 (15:33 +0800)]
UPSTREAM: clk: rockchip: add clock controller for rk3036
Add the clock tree definition for the new rk3036 SoC.
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
(cherry picked from commit
5190c08b29899131a183ea5802b9397918cca1ae)
Change-Id: I0609b405ddb437e2ae9a432f386aa89ad47e7c84
Xing Zheng [Thu, 5 Nov 2015 07:33:56 +0000 (15:33 +0800)]
UPSTREAM: clk: rockchip: add dt-binding header for rk3036
Add the dt-bindings header for the rk3036, that gets shared between
the clock controller and the clock references in the dts.
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
(cherry picked from commit
8b0d55e962137bf92f9342ec78e1d8e5fd1c03be)
Change-Id: I3aca4b58f7f7bcd73faec92d07b88dbccf74d825
Huang, Tao [Thu, 18 Feb 2016 08:03:29 +0000 (16:03 +0800)]
Merge tag 'v4.4.2'
This is the 4.4.2 stable release
Huang, Tao [Thu, 18 Feb 2016 07:18:27 +0000 (15:18 +0800)]
Merge branch 'android-4.4'
* android-4.4: (475 commits)
android: base-cfg: Add CONFIG_IP_MULTICAST
android: recommended.cfg: enable taskstats
ANDROID: android: base-cfg: disable CONFIG_SYSVIPC
android: configs: base: enable configfs gadget functions
android: add CONFIG_DEBUG_RODATA to recommended config
android: configs: remove CONFIG_BATTERY_ANDROID=y
android: configs: base: enable IPV6
android: configs: Enable SELinux and its dependencies.
android: base-cfg: disable ALARM_DEV
android: base-cfg: turn off /dev/mem and /dev/kmem
android: base-cfg: enable ARMV8_DEPRECATED and subfeatures
android: base-cfg: enforce the needed XFRM_MODE_TUNNEL (for VPN)
android: base-cfg: disable LOGGER
android: base-cfg: enable DM_VERITY (used for secureboot)
android: configs: add systrace support to recommended configs
android: configs: update 3.10 options
android: configs: Add CONFIG_NETFILTER_XT_TARGET_IDLETIMER
android: configs: add IPV6 ROUTE INFO
android: configs: add TIMER_STATS back, helps with sysrq t.
android: configs: Add HIDRAW to recommended set
...
Change-Id: I4580a461d0e2845c6aa430861174c83bb6120bb4
Zheng Yang [Wed, 17 Feb 2016 07:54:28 +0000 (15:54 +0800)]
arm64: dts: rockchip: add hdmi node on rk3366.dtsi
Change-Id: Ibd0cc2f7642455b3b17f55fbec653466c987a576
Signed-off-by: Zheng Yang <zhengyang@rock-chips.com>
Zheng Yang [Wed, 17 Feb 2016 07:51:41 +0000 (15:51 +0800)]
video: rockchip: hdmi: support rk3366
Change-Id: I944e9749e559c25651de619c89eead0589c1eb5b
Signed-off-by: Zheng Yang <zhengyang@rock-chips.com>
Greg Kroah-Hartman [Wed, 17 Feb 2016 20:31:25 +0000 (12:31 -0800)]
Linux 4.4.2
Benjamin Tissoires [Tue, 1 Dec 2015 11:41:38 +0000 (12:41 +0100)]
HID: multitouch: fix input mode switching on some Elan panels
commit
73e7d63efb4d774883a338997943bfa59e127085 upstream.
as reported by https://bugzilla.kernel.org/show_bug.cgi?id=108481
This bug reports mentions
6d4f5440 ("HID: multitouch: Fetch feature
reports on demand for Win8 devices") as the origin of the problem but this
commit actually masked 2 firmware bugs that are annihilating each other:
The report descriptor declares two features in reports 3 and 5:
0x05, 0x0d, // Usage Page (Digitizers) 318
0x09, 0x0e, // Usage (Device Configuration) 320
0xa1, 0x01, // Collection (Application) 322
0x85, 0x03, // Report ID (3) 324
0x09, 0x22, // Usage (Finger) 326
0xa1, 0x00, // Collection (Physical) 328
0x09, 0x52, // Usage (Inputmode) 330
0x15, 0x00, // Logical Minimum (0) 332
0x25, 0x0a, // Logical Maximum (10) 334
0x75, 0x08, // Report Size (8) 336
0x95, 0x02, // Report Count (2) 338
0xb1, 0x02, // Feature (Data,Var,Abs) 340
0xc0, // End Collection 342
0x09, 0x22, // Usage (Finger) 343
0xa1, 0x00, // Collection (Physical) 345
0x85, 0x05, // Report ID (5) 347
0x09, 0x57, // Usage (Surface Switch) 349
0x09, 0x58, // Usage (Button Switch) 351
0x15, 0x00, // Logical Minimum (0) 353
0x75, 0x01, // Report Size (1) 355
0x95, 0x02, // Report Count (2) 357
0x25, 0x03, // Logical Maximum (3) 359
0xb1, 0x02, // Feature (Data,Var,Abs) 361
0x95, 0x0e, // Report Count (14) 363
0xb1, 0x03, // Feature (Cnst,Var,Abs) 365
0xc0, // End Collection 367
The report ID 3 presents 2 input mode features, while only the first one
is handled by the device. Given that we did not checked if one was
previously assigned, we were dealing with the ignored featured and we
should never have been able to switch this panel into the multitouch mode.
However, the firmware presents an other bugs which allowed
6d4f5440
to counteract the faulty report descriptor. When we request the values
of the feature 5, the firmware answers "03 03 00". The fields are correct
but the report id is wrong. Before
6d4f5440, we retrieved all the features
and injected them in the system. So when we called report 5, we injected
in the system the report 3 with the values "03 00".
Setting the second input mode to 03 in this report changed it to "03 03"
and the touchpad switched to the mt mode. We could have set anything
in the second field because the actual value (the first 03 in this report)
was given by the query of report ID 5.
To sum up: 2 bugs in the firmware were hiding that we were accessing the
wrong feature.
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tetsuo Handa [Fri, 5 Feb 2016 23:36:30 +0000 (15:36 -0800)]
mm, vmstat: fix wrong WQ sleep when memory reclaim doesn't make any progress
commit
564e81a57f9788b1475127012e0fd44e9049e342 upstream.
Jan Stancek has reported that system occasionally hanging after "oom01"
testcase from LTP triggers OOM. Guessing from a result that there is a
kworker thread doing memory allocation and the values between "Node 0
Normal free:" and "Node 0 Normal:" differs when hanging, vmstat is not
up-to-date for some reason.
According to commit
373ccbe59270 ("mm, vmstat: allow WQ concurrency to
discover memory reclaim doesn't make any progress"), it meant to force
the kworker thread to take a short sleep, but it by error used
schedule_timeout(1). We missed that schedule_timeout() in state
TASK_RUNNING doesn't do anything.
Fix it by using schedule_timeout_uninterruptible(1) which forces the
kworker thread to take a short sleep in order to make sure that vmstat
is up-to-date.
Fixes: 373ccbe59270 ("mm, vmstat: allow WQ concurrency to discover memory reclaim doesn't make any progress")
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reported-by: Jan Stancek <jstancek@redhat.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Cristopher Lameter <clameter@sgi.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Arkadiusz Miskiewicz <arekm@maven.pl>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Junil Lee [Wed, 20 Jan 2016 22:58:18 +0000 (14:58 -0800)]
zsmalloc: fix migrate_zspage-zs_free race condition
commit
c102f07ca0b04f2cb49cfc161c83f6239d17f491 upstream.
record_obj() in migrate_zspage() does not preserve handle's
HANDLE_PIN_BIT, set by find_aloced_obj()->trypin_tag(), and implicitly
(accidentally) un-pins the handle, while migrate_zspage() still performs
an explicit unpin_tag() on the that handle. This additional explicit
unpin_tag() introduces a race condition with zs_free(), which can pin
that handle by this time, so the handle becomes un-pinned.
Schematically, it goes like this:
CPU0 CPU1
migrate_zspage
find_alloced_obj
trypin_tag
set HANDLE_PIN_BIT zs_free()
pin_tag()
obj_malloc() -- new object, no tag
record_obj() -- remove HANDLE_PIN_BIT set HANDLE_PIN_BIT
unpin_tag() -- remove zs_free's HANDLE_PIN_BIT
The race condition may result in a NULL pointer dereference:
Unable to handle kernel NULL pointer dereference at virtual address
00000000
CPU: 0 PID: 19001 Comm: CookieMonsterCl Tainted:
PC is at get_zspage_mapping+0x0/0x24
LR is at obj_free.isra.22+0x64/0x128
Call trace:
get_zspage_mapping+0x0/0x24
zs_free+0x88/0x114
zram_free_page+0x64/0xcc
zram_slot_free_notify+0x90/0x108
swap_entry_free+0x278/0x294
free_swap_and_cache+0x38/0x11c
unmap_single_vma+0x480/0x5c8
unmap_vmas+0x44/0x60
exit_mmap+0x50/0x110
mmput+0x58/0xe0
do_exit+0x320/0x8dc
do_group_exit+0x44/0xa8
get_signal+0x538/0x580
do_signal+0x98/0x4b8
do_notify_resume+0x14/0x5c
This patch keeps the lock bit in migration path and update value
atomically.
Signed-off-by: Junil Lee <junil0814.lee@lge.com>
Signed-off-by: Minchan Kim <minchan@kernel.org>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Jerome Marchand [Sat, 16 Jan 2016 00:54:48 +0000 (16:54 -0800)]
zram: don't call idr_remove() from zram_remove()
commit
17ec4cd985780a7e30aa45bb8f272237c12502a4 upstream.
The use of idr_remove() is forbidden in the callback functions of
idr_for_each(). It is therefore unsafe to call idr_remove in
zram_remove().
This patch moves the call to idr_remove() from zram_remove() to
hot_remove_store(). In the detroy_devices() path, idrs are removed by
idr_destroy(). This solves an use-after-free detected by KASan.
[akpm@linux-foundation.org: fix coding stype, per Sergey]
Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
Acked-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Minchan Kim <minchan@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Kyeongdon Kim [Thu, 14 Jan 2016 23:22:29 +0000 (15:22 -0800)]
zram: try vmalloc() after kmalloc()
commit
d913897abace843bba20249f3190167f7895e9c3 upstream.
When we're using LZ4 multi compression streams for zram swap, we found
out page allocation failure message in system running test. That was
not only once, but a few(2 - 5 times per test). Also, some failure
cases were continually occurring to try allocation order 3.
In order to make parallel compression private data, we should call
kzalloc() with order 2/3 in runtime(lzo/lz4). But if there is no order
2/3 size memory to allocate in that time, page allocation fails. This
patch makes to use vmalloc() as fallback of kmalloc(), this prevents
page alloc failure warning.
After using this, we never found warning message in running test, also
It could reduce process startup latency about 60-120ms in each case.
For reference a call trace :
Binder_1: page allocation failure: order:3, mode:0x10c0d0
CPU: 0 PID: 424 Comm: Binder_1 Tainted: GW
3.10.49-perf-g991d02b-dirty #20
Call trace:
dump_backtrace+0x0/0x270
show_stack+0x10/0x1c
dump_stack+0x1c/0x28
warn_alloc_failed+0xfc/0x11c
__alloc_pages_nodemask+0x724/0x7f0
__get_free_pages+0x14/0x5c
kmalloc_order_trace+0x38/0xd8
zcomp_lz4_create+0x2c/0x38
zcomp_strm_alloc+0x34/0x78
zcomp_strm_multi_find+0x124/0x1ec
zcomp_strm_find+0xc/0x18
zram_bvec_rw+0x2fc/0x780
zram_make_request+0x25c/0x2d4
generic_make_request+0x80/0xbc
submit_bio+0xa4/0x15c
__swap_writepage+0x218/0x230
swap_writepage+0x3c/0x4c
shrink_page_list+0x51c/0x8d0
shrink_inactive_list+0x3f8/0x60c
shrink_lruvec+0x33c/0x4cc
shrink_zone+0x3c/0x100
try_to_free_pages+0x2b8/0x54c
__alloc_pages_nodemask+0x514/0x7f0
__get_free_pages+0x14/0x5c
proc_info_read+0x50/0xe4
vfs_read+0xa0/0x12c
SyS_read+0x44/0x74
DMA: 3397*4kB (MC) 26*8kB (RC) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB
0*512kB 0*1024kB 0*2048kB 0*4096kB = 13796kB
[minchan@kernel.org: change vmalloc gfp and adding comment about gfp]
[sergey.senozhatsky@gmail.com: tweak comments and styles]
Signed-off-by: Kyeongdon Kim <kyeongdon.kim@lge.com>
Signed-off-by: Minchan Kim <minchan@kernel.org>
Acked-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sergey Senozhatsky [Thu, 14 Jan 2016 23:22:26 +0000 (15:22 -0800)]
zram/zcomp: use GFP_NOIO to allocate streams
commit
3d5fe03a3ea013060ebba2a811aeb0f23f56aefa upstream.
We can end up allocating a new compression stream with GFP_KERNEL from
within the IO path, which may result is nested (recursive) IO
operations. That can introduce problems if the IO path in question is a
reclaimer, holding some locks that will deadlock nested IOs.
Allocate streams and working memory using GFP_NOIO flag, forbidding
recursive IO and FS operations.
An example:
inconsistent {IN-RECLAIM_FS-W} -> {RECLAIM_FS-ON-W} usage.
git/20158 [HC0[0]:SC0[0]:HE1:SE1] takes:
(jbd2_handle){+.+.?.}, at: start_this_handle+0x4ca/0x555
{IN-RECLAIM_FS-W} state was registered at:
__lock_acquire+0x8da/0x117b
lock_acquire+0x10c/0x1a7
start_this_handle+0x52d/0x555
jbd2__journal_start+0xb4/0x237
__ext4_journal_start_sb+0x108/0x17e
ext4_dirty_inode+0x32/0x61
__mark_inode_dirty+0x16b/0x60c
iput+0x11e/0x274
__dentry_kill+0x148/0x1b8
shrink_dentry_list+0x274/0x44a
prune_dcache_sb+0x4a/0x55
super_cache_scan+0xfc/0x176
shrink_slab.part.14.constprop.25+0x2a2/0x4d3
shrink_zone+0x74/0x140
kswapd+0x6b7/0x930
kthread+0x107/0x10f
ret_from_fork+0x3f/0x70
irq event stamp: 138297
hardirqs last enabled at (138297): debug_check_no_locks_freed+0x113/0x12f
hardirqs last disabled at (138296): debug_check_no_locks_freed+0x33/0x12f
softirqs last enabled at (137818): __do_softirq+0x2d3/0x3e9
softirqs last disabled at (137813): irq_exit+0x41/0x95
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(jbd2_handle);
<Interrupt>
lock(jbd2_handle);
*** DEADLOCK ***
5 locks held by git/20158:
#0: (sb_writers#7){.+.+.+}, at: [<
ffffffff81155411>] mnt_want_write+0x24/0x4b
#1: (&type->i_mutex_dir_key#2/1){+.+.+.}, at: [<
ffffffff81145087>] lock_rename+0xd9/0xe3
#2: (&sb->s_type->i_mutex_key#11){+.+.+.}, at: [<
ffffffff8114f8e2>] lock_two_nondirectories+0x3f/0x6b
#3: (&sb->s_type->i_mutex_key#11/4){+.+.+.}, at: [<
ffffffff8114f909>] lock_two_nondirectories+0x66/0x6b
#4: (jbd2_handle){+.+.?.}, at: [<
ffffffff811e31db>] start_this_handle+0x4ca/0x555
stack backtrace:
CPU: 2 PID: 20158 Comm: git Not tainted
4.1.0-rc7-next-20150615-dbg-00016-g8bdf555-dirty #211
Call Trace:
dump_stack+0x4c/0x6e
mark_lock+0x384/0x56d
mark_held_locks+0x5f/0x76
lockdep_trace_alloc+0xb2/0xb5
kmem_cache_alloc_trace+0x32/0x1e2
zcomp_strm_alloc+0x25/0x73 [zram]
zcomp_strm_multi_find+0xe7/0x173 [zram]
zcomp_strm_find+0xc/0xe [zram]
zram_bvec_rw+0x2ca/0x7e0 [zram]
zram_make_request+0x1fa/0x301 [zram]
generic_make_request+0x9c/0xdb
submit_bio+0xf7/0x120
ext4_io_submit+0x2e/0x43
ext4_bio_write_page+0x1b7/0x300
mpage_submit_page+0x60/0x77
mpage_map_and_submit_buffers+0x10f/0x21d
ext4_writepages+0xc8c/0xe1b
do_writepages+0x23/0x2c
__filemap_fdatawrite_range+0x84/0x8b
filemap_flush+0x1c/0x1e
ext4_alloc_da_blocks+0xb8/0x117
ext4_rename+0x132/0x6dc
? mark_held_locks+0x5f/0x76
ext4_rename2+0x29/0x2b
vfs_rename+0x540/0x636
SyS_renameat2+0x359/0x44d
SyS_rename+0x1e/0x20
entry_SYSCALL_64_fastpath+0x12/0x6f
[minchan@kernel.org: add stable mark]
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Acked-by: Minchan Kim <minchan@kernel.org>
Cc: Kyeongdon Kim <kyeongdon.kim@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Larry Finger [Thu, 21 Jan 2016 03:58:39 +0000 (21:58 -0600)]
rtlwifi: rtl8821ae: Fix 5G failure when EEPROM is incorrectly encoded
commit
c72fc9093718a3f8597249863a1bac345ba00859 upstream.
Recently, it has been reported that D-Link DWA-582 cards, which use an
RTL8812AE chip are not able to scan for 5G networks. The problems started
with kernel 4.2, which is the first version that had commit
d10101a60372
("rtlwifi: rtl8821ae: Fix problem with regulatory information"). With this
patch, the driver went from setting a default channel plan to using
the value derived from EEPROM.
Bug reports at https://bugzilla.kernel.org/show_bug.cgi?id=111031 and
https://bugzilla.redhat.com/show_bug.cgi?id=
1279653 are examples of this
problem.
The problem was solved once I learned that the internal country code was
resulting in a regulatory set with only 2.4 GHz channels. With the RTL8821AE
chips available to me, the country code was such that both 2.4 and 5 GHz
channels are allowed. The fix is to allow both bands even when the EEPROM
is incorrectly encoded.
Fixes: d10101a60372 ("rtlwifi: rtl8821ae: Fix problem with regulatory information")
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: littlesmartguy@gmail.com
Cc: gabe@codehaus.org
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Larry Finger [Mon, 14 Dec 2015 22:34:33 +0000 (16:34 -0600)]
rtlwifi: rtl8821ae: Fix errors in parameter initialization
commit
78bae1de422a7f6f2b4b61f6a5c379e3d7f96f44 upstream.
This driver failed to copy parameters sw_crypto and disable_watchdog into
the locations actually used by the driver. In addition, msi_support was
initialized three times and one of them used the wrong variable. The
initialization of parameter int_clear was moved so that it is near that
of the rest of the parameters.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Boris BREZILLON [Fri, 5 Feb 2016 16:45:48 +0000 (17:45 +0100)]
crypto: marvell/cesa - fix test in mv_cesa_dev_dma_init()
commit
8a3978ad55fb4c0564d285fb2f6cdee2313fce01 upstream.
We are checking twice if dma->cache_pool is not NULL but are never testing
dma->padding_pool value.
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cyrille Pitchen [Fri, 5 Feb 2016 12:45:13 +0000 (13:45 +0100)]
crypto: atmel-sha - remove calls of clk_prepare() from atomic contexts
commit
c033042aa8f69894df37dabcaa0231594834a4e4 upstream.
clk_prepare()/clk_unprepare() must not be called within atomic context.
This patch calls clk_prepare() once for all from atmel_sha_probe() and
clk_unprepare() from atmel_sha_remove().
Then calls of clk_prepare_enable()/clk_disable_unprepare() were replaced
by calls of clk_enable()/clk_disable().
Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Reported-by: Matthias Mayr <matthias.mayr@student.kit.edu>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cyrille Pitchen [Fri, 5 Feb 2016 12:45:12 +0000 (13:45 +0100)]
crypto: atmel-sha - fix atmel_sha_remove()
commit
d961436c11482e974b702c8324426208f00cd7c4 upstream.
Since atmel_sha_probe() uses devm_xxx functions to allocate resources,
atmel_sha_remove() should no longer explicitly release them.
Signed-off-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Fixes: b0e8b3417a62 ("crypto: atmel - use devm_xxx() managed function")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Wed, 3 Feb 2016 13:39:27 +0000 (21:39 +0800)]
crypto: algif_skcipher - Do not set MAY_BACKLOG on the async path
commit
dad41997063723eaf5f77bc2015606a5a9bce320 upstream.
The async path cannot use MAY_BACKLOG because it is not meant to
block, which is what MAY_BACKLOG does. On the other hand, both
the sync and async paths can make use of MAY_SLEEP.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Wed, 3 Feb 2016 13:39:26 +0000 (21:39 +0800)]
crypto: algif_skcipher - Do not dereference ctx without socket lock
commit
6454c2b83f719057069777132b13949e4c6b6350 upstream.
Any access to non-constant bits of the private context must be
done under the socket lock, in particular, this includes ctx->req.
This patch moves such accesses under the lock, and fetches the
tfm from the parent socket which is guaranteed to be constant,
rather than from ctx->req.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Wed, 3 Feb 2016 13:39:24 +0000 (21:39 +0800)]
crypto: algif_skcipher - Do not assume that req is unchanged
commit
ec69bbfb9902c32a5c1492f2b1b8ad032a66d724 upstream.
The async path in algif_skcipher assumes that the crypto completion
function will be called with the original request. This is not
necessarily the case. In fact there is no need for this anyway
since we already embed information into the request with struct
skcipher_async_req.
This patch adds a pointer to that struct and then passes it as
the data to the callback function.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mathias Krause [Mon, 1 Feb 2016 13:27:30 +0000 (14:27 +0100)]
crypto: user - lock crypto_alg_list on alg dump
commit
63e41ebc6630f39422d87f8a4bade1e793f37a01 upstream.
We miss to take the crypto_alg_sem semaphore when traversing the
crypto_alg_list for CRYPTO_MSG_GETALG dumps. This allows a race with
crypto_unregister_alg() removing algorithms from the list while we're
still traversing it, thereby leading to a use-after-free as show below:
[ 3482.071639] general protection fault: 0000 [#1] SMP
[ 3482.075639] Modules linked in: aes_x86_64 glue_helper lrw ablk_helper cryptd gf128mul ipv6 pcspkr serio_raw virtio_net microcode virtio_pci virtio_ring virtio sr_mod cdrom [last unloaded: aesni_intel]
[ 3482.075639] CPU: 1 PID: 11065 Comm: crconf Not tainted 4.3.4-grsec+ #126
[ 3482.075639] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 3482.075639] task:
ffff88001cd41a40 ti:
ffff88001cd422c8 task.ti:
ffff88001cd422c8
[ 3482.075639] RIP: 0010:[<
ffffffff93722bd3>] [<
ffffffff93722bd3>] strncpy+0x13/0x30
[ 3482.075639] RSP: 0018:
ffff88001f713b60 EFLAGS:
00010202
[ 3482.075639] RAX:
ffff88001f6c4430 RBX:
ffff88001f6c43a0 RCX:
ffff88001f6c4430
[ 3482.075639] RDX:
0000000000000040 RSI:
fefefefefefeff16 RDI:
ffff88001f6c4430
[ 3482.075639] RBP:
ffff88001f713b60 R08:
ffff88001f6c4470 R09:
ffff88001f6c4480
[ 3482.075639] R10:
0000000000000002 R11:
0000000000000246 R12:
ffff88001ce2aa28
[ 3482.075639] R13:
ffff880000093700 R14:
ffff88001f5e4bf8 R15:
0000000000003b20
[ 3482.075639] FS:
0000033826fa2700(0000) GS:
ffff88001e900000(0000) knlGS:
0000000000000000
[ 3482.075639] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 3482.075639] CR2:
ffffffffff600400 CR3:
00000000139ec000 CR4:
00000000001606f0
[ 3482.075639] Stack:
[ 3482.075639]
ffff88001f713bd8 ffffffff936ccd00 ffff88001e5c4200 ffff880000093700
[ 3482.075639]
ffff88001f713bd0 ffffffff938ef4bf 0000000000000000 0000000000003b20
[ 3482.075639]
ffff88001f5e4bf8 ffff88001f5e4848 0000000000000000 0000000000003b20
[ 3482.075639] Call Trace:
[ 3482.075639] [<
ffffffff936ccd00>] crypto_report_alg+0xc0/0x3e0
[ 3482.075639] [<
ffffffff938ef4bf>] ? __alloc_skb+0x16f/0x300
[ 3482.075639] [<
ffffffff936cd08a>] crypto_dump_report+0x6a/0x90
[ 3482.075639] [<
ffffffff93935707>] netlink_dump+0x147/0x2e0
[ 3482.075639] [<
ffffffff93935f99>] __netlink_dump_start+0x159/0x190
[ 3482.075639] [<
ffffffff936ccb13>] crypto_user_rcv_msg+0xc3/0x130
[ 3482.075639] [<
ffffffff936cd020>] ? crypto_report_alg+0x3e0/0x3e0
[ 3482.075639] [<
ffffffff936cc4b0>] ? alg_test_crc32c+0x120/0x120
[ 3482.075639] [<
ffffffff93933145>] ? __netlink_lookup+0xd5/0x120
[ 3482.075639] [<
ffffffff936cca50>] ? crypto_add_alg+0x1d0/0x1d0
[ 3482.075639] [<
ffffffff93938141>] netlink_rcv_skb+0xe1/0x130
[ 3482.075639] [<
ffffffff936cc4f8>] crypto_netlink_rcv+0x28/0x40
[ 3482.075639] [<
ffffffff939375a8>] netlink_unicast+0x108/0x180
[ 3482.075639] [<
ffffffff93937c21>] netlink_sendmsg+0x541/0x770
[ 3482.075639] [<
ffffffff938e31e1>] sock_sendmsg+0x21/0x40
[ 3482.075639] [<
ffffffff938e4763>] SyS_sendto+0xf3/0x130
[ 3482.075639] [<
ffffffff93444203>] ? bad_area_nosemaphore+0x13/0x20
[ 3482.075639] [<
ffffffff93444470>] ? __do_page_fault+0x80/0x3a0
[ 3482.075639] [<
ffffffff939d80cb>] entry_SYSCALL_64_fastpath+0x12/0x6e
[ 3482.075639] Code: 88 4a ff 75 ed 5d 48 0f ba 2c 24 3f c3 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 85 d2 48 89 f8 48 89 f9 4c 8d 04 17 48 89 e5 74 15 <0f> b6 16 80 fa 01 88 11 48 83 de ff 48 83 c1 01 4c 39 c1 75 eb
[ 3482.075639] RIP [<
ffffffff93722bd3>] strncpy+0x13/0x30
To trigger the race run the following loops simultaneously for a while:
$ while : ; do modprobe aesni-intel; rmmod aesni-intel; done
$ while : ; do crconf show all > /dev/null; done
Fix the race by taking the crypto_alg_sem read lock, thereby preventing
crypto_unregister_alg() from modifying the algorithm list during the
dump.
This bug has been detected by the PaX memory sanitize feature.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: PaX Team <pageexec@freemail.hu>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ryan Ware [Thu, 11 Feb 2016 23:58:44 +0000 (15:58 -0800)]
EVM: Use crypto_memneq() for digest comparisons
commit
613317bd212c585c20796c10afe5daaa95d4b0a1 upstream.
This patch fixes vulnerability CVE-2016-2085. The problem exists
because the vm_verify_hmac() function includes a use of memcmp().
Unfortunately, this allows timing side channel attacks; specifically
a MAC forgery complexity drop from 2^128 to 2^12. This patch changes
the memcmp() to the cryptographically safe crypto_memneq().
Reported-by: Xiaofei Rex Guo <xiaofei.rex.guo@intel.com>
Signed-off-by: Ryan Ware <ware@linux.intel.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Wang, Rui Y [Wed, 27 Jan 2016 09:08:37 +0000 (17:08 +0800)]
crypto: algif_hash - wait for crypto_ahash_init() to complete
commit
fe09786178f9df713a4b2dd6b93c0a722346bf5e upstream.
hash_sendmsg/sendpage() need to wait for the completion
of crypto_ahash_init() otherwise it can cause panic.
Signed-off-by: Rui Wang <rui.y.wang@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Tue, 26 Jan 2016 16:16:37 +0000 (00:16 +0800)]
crypto: shash - Fix has_key setting
commit
00420a65fa2beb3206090ead86942484df2275f3 upstream.
The has_key logic is wrong for shash algorithms as they always
have a setkey function. So we should instead be testing against
shash_no_setkey.
Fixes: a5596d633278 ("crypto: hash - Add crypto_ahash_has_setkey")
Reported-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Eli Cooper [Thu, 21 Jan 2016 16:24:08 +0000 (00:24 +0800)]
crypto: chacha20-ssse3 - Align stack pointer to 64 bytes
commit
cbe09bd51bf23b42c3a94c5fb6815e1397c5fc3f upstream.
This aligns the stack pointer in chacha20_4block_xor_ssse3 to 64 bytes.
Fixes general protection faults and potential kernel panics.
Signed-off-by: Eli Cooper <elicooper@gmx.com>
Acked-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Horia Geant? [Tue, 12 Jan 2016 15:59:29 +0000 (17:59 +0200)]
crypto: caam - make write transactions bufferable on PPC platforms
commit
e7a7104e432c0db8469ca3568daf4f1d1afe3e73 upstream.
Previous change (see "Fixes" tag) to the MCFGR register
clears AWCACHE[0] ("bufferable" AXI3 attribute) (which is "1" at POR).
This makes all writes non-bufferable, causing a ~ 5% performance drop
for PPC-based platforms.
Rework previous change such that MCFGR[AWCACHE]=4'b0011
(bufferable + cacheable) for all platforms.
Note: For ARM-based platforms, AWCACHE[0] is ignored
by the interconnect IP.
Fixes: f10967495144 ("crypto: caam - fix snooping for write transactions")
Signed-off-by: Horia Geant? <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Tue, 19 Jan 2016 13:23:57 +0000 (21:23 +0800)]
crypto: algif_skcipher - sendmsg SG marking is off by one
commit
202736d99b7f29279db9da61587f11a08a04a9c6 upstream.
We mark the end of the SG list in sendmsg and sendpage and unmark
it on the next send call. Unfortunately the unmarking in sendmsg
is off-by-one, leading to an SG list that is too short.
Fixes: 0f477b655a52 ("crypto: algif - Mark sgl end at the end of data")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Mon, 18 Jan 2016 10:46:10 +0000 (18:46 +0800)]
crypto: algif_skcipher - Load TX SG list after waiting
commit
4f0414e54e4d1893c6f08260693f8ef84c929293 upstream.
We need to load the TX SG list in sendmsg(2) after waiting for
incoming data, not before.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Jean Delvare [Mon, 18 Jan 2016 16:06:05 +0000 (17:06 +0100)]
crypto: crc32c - Fix crc32c soft dependency
commit
fd7f6727102a1ccf6b4c1dfcc631f9b546526b26 upstream.
I don't think it makes sense for a module to have a soft dependency
on itself. This seems quite cyclic by nature and I can't see what
purpose it could serve.
OTOH libcrc32c calls crypto_alloc_shash("crc32c", 0, 0) so it pretty
much assumes that some incarnation of the "crc32c" hash algorithm has
been loaded. Therefore it makes sense to have the soft dependency
there (as crc-t10dif does.)
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Fri, 15 Jan 2016 14:02:20 +0000 (22:02 +0800)]
crypto: algif_skcipher - Fix race condition in skcipher_check_key
commit
1822793a523e5d5730b19cc21160ff1717421bc8 upstream.
We need to lock the child socket in skcipher_check_key as otherwise
two simultaneous calls can cause the parent socket to be freed.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Fri, 15 Jan 2016 14:01:08 +0000 (22:01 +0800)]
crypto: algif_hash - Fix race condition in hash_check_key
commit
ad46d7e33219218605ea619e32553daf4f346b9f upstream.
We need to lock the child socket in hash_check_key as otherwise
two simultaneous calls can cause the parent socket to be freed.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Wed, 13 Jan 2016 07:03:32 +0000 (15:03 +0800)]
crypto: af_alg - Forbid bind(2) when nokey child sockets are present
commit
a6a48c565f6f112c6983e2a02b1602189ed6e26e upstream.
This patch forbids the calling of bind(2) when there are child
sockets created by accept(2) in existence, even if they are created
on the nokey path.
This is needed as those child sockets have references to the tfm
object which bind(2) will destroy.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Wed, 13 Jan 2016 07:01:06 +0000 (15:01 +0800)]
crypto: algif_skcipher - Remove custom release parent function
commit
d7b65aee1e7b4c87922b0232eaba56a8a143a4a0 upstream.
This patch removes the custom release parent function as the
generic af_alg_release_parent now works for nokey sockets too.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Wed, 13 Jan 2016 07:00:36 +0000 (15:00 +0800)]
crypto: algif_hash - Remove custom release parent function
commit
f1d84af1835846a5a2b827382c5848faf2bb0e75 upstream.
This patch removes the custom release parent function as the
generic af_alg_release_parent now works for nokey sockets too.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Wed, 13 Jan 2016 06:59:03 +0000 (14:59 +0800)]
crypto: af_alg - Allow af_af_alg_release_parent to be called on nokey path
commit
6a935170a980024dd29199e9dbb5c4da4767a1b9 upstream.
This patch allows af_alg_release_parent to be called even for
nokey sockets.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Alexandra Yates [Fri, 5 Feb 2016 23:27:49 +0000 (15:27 -0800)]
ahci: Intel DNV device IDs SATA
commit
342decff2b846b46fa61eb5ee40986fab79a9a32 upstream.
Adding Intel codename DNV platform device IDs for SATA.
Signed-off-by: Alexandra Yates <alexandra.yates@linux.intel.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tejun Heo [Fri, 15 Jan 2016 20:13:05 +0000 (15:13 -0500)]
libata: disable forced PORTS_IMPL for >= AHCI 1.3
commit
566d1827df2ef0cbe921d3d6946ac3007b1a6938 upstream.
Some early controllers incorrectly reported zero ports in PORTS_IMPL
register and the ahci driver fabricates PORTS_IMPL from the number of
ports in those cases. This hasn't mattered but with the new nvme
controllers there are cases where zero PORTS_IMPL is valid and should
be honored.
Disable the workaround for >= AHCI 1.3.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Andy Lutomirski <luto@amacapital.net>
Link: http://lkml.kernel.org/g/CALCETrU7yMvXEDhjAUShoHEhDwifJGapdw--BKxsP0jmjKGmRw@mail.gmail.com
Cc: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Mon, 11 Jan 2016 13:29:41 +0000 (21:29 +0800)]
crypto: algif_skcipher - Add key check exception for cipher_null
commit
6e8d8ecf438792ecf7a3207488fb4eebc4edb040 upstream.
This patch adds an exception to the key check so that cipher_null
users may continue to use algif_skcipher without setting a key.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Mon, 11 Jan 2016 13:26:50 +0000 (21:26 +0800)]
crypto: skcipher - Add crypto_skcipher_has_setkey
commit
a1383cd86a062fc798899ab20f0ec2116cce39cb upstream.
This patch adds a way for skcipher users to determine whether a key
is required by a transform.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Fri, 8 Jan 2016 13:31:04 +0000 (21:31 +0800)]
crypto: algif_hash - Require setkey before accept(2)
commit
6de62f15b581f920ade22d758f4c338311c2f0d4 upstream.
Hash implementations that require a key may crash if you use
them without setting a key. This patch adds the necessary checks
so that if you do attempt to use them without a key that we return
-ENOKEY instead of proceeding.
This patch also adds a compatibility path to support old applications
that do acept(2) before setkey.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Fri, 8 Jan 2016 13:28:26 +0000 (21:28 +0800)]
crypto: hash - Add crypto_ahash_has_setkey
commit
a5596d6332787fd383b3b5427b41f94254430827 upstream.
This patch adds a way for ahash users to determine whether a key
is required by a crypto_ahash transform.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Mon, 4 Jan 2016 04:36:12 +0000 (13:36 +0900)]
crypto: algif_skcipher - Add nokey compatibility path
commit
a0fa2d037129a9849918a92d91b79ed6c7bd2818 upstream.
This patch adds a compatibility path to support old applications
that do acept(2) before setkey.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Mon, 4 Jan 2016 04:35:18 +0000 (13:35 +0900)]
crypto: af_alg - Add nokey compatibility path
commit
37766586c965d63758ad542325a96d5384f4a8c9 upstream.
This patch adds a compatibility path to support old applications
that do acept(2) before setkey.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Wed, 30 Dec 2015 12:24:17 +0000 (20:24 +0800)]
crypto: af_alg - Fix socket double-free when accept fails
commit
a383292c86663bbc31ac62cc0c04fc77504636a6 upstream.
When we fail an accept(2) call we will end up freeing the socket
twice, once due to the direct sk_free call and once again through
newsock.
This patch fixes this by removing the sk_free call.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Wed, 30 Dec 2015 03:47:53 +0000 (11:47 +0800)]
crypto: af_alg - Disallow bind/setkey/... after accept(2)
commit
c840ac6af3f8713a71b4d2363419145760bd6044 upstream.
Each af_alg parent socket obtained by socket(2) corresponds to a
tfm object once bind(2) has succeeded. An accept(2) call on that
parent socket creates a context which then uses the tfm object.
Therefore as long as any child sockets created by accept(2) exist
the parent socket must not be modified or freed.
This patch guarantees this by using locks and a reference count
on the parent socket. Any attempt to modify the parent socket will
fail with EBUSY.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Herbert Xu [Fri, 25 Dec 2015 07:40:05 +0000 (15:40 +0800)]
crypto: algif_skcipher - Require setkey before accept(2)
commit
dd504589577d8e8e70f51f997ad487a4cb6c026f upstream.
Some cipher implementations will crash if you try to use them
without calling setkey first. This patch adds a check so that
the accept(2) call will fail with -ENOKEY if setkey hasn't been
done on the socket yet.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Raghavendra K T [Fri, 15 Jan 2016 19:01:23 +0000 (00:31 +0530)]
sched: Fix crash in sched_init_numa()
commit
9c03ee147193645be4c186d3688232fa438c57c7 upstream.
The following PowerPC commit:
c118baf80256 ("arch/powerpc/mm/numa.c: do not allocate bootmem memory for non existing nodes")
avoids allocating bootmem memory for non existent nodes.
But when DEBUG_PER_CPU_MAPS=y is enabled, my powerNV system failed to boot
because in sched_init_numa(), cpumask_or() operation was done on
unallocated nodes.
Fix that by making cpumask_or() operation only on existing nodes.
[ Tested with and w/o DEBUG_PER_CPU_MAPS=y on x86 and PowerPC. ]
Reported-by: Jan Stancek <jstancek@redhat.com>
Tested-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
Cc: <gkurz@linux.vnet.ibm.com>
Cc: <grant.likely@linaro.org>
Cc: <nikunj@linux.vnet.ibm.com>
Cc: <vdavydov@parallels.com>
Cc: <linuxppc-dev@lists.ozlabs.org>
Cc: <linux-mm@kvack.org>
Cc: <peterz@infradead.org>
Cc: <benh@kernel.crashing.org>
Cc: <paulus@samba.org>
Cc: <mpe@ellerman.id.au>
Cc: <anton@samba.org>
Link: http://lkml.kernel.org/r/1452884483-11676-1-git-send-email-raghavendra.kt@linux.vnet.ibm.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Theodore Ts'o [Thu, 10 Dec 2015 05:57:58 +0000 (00:57 -0500)]
ext4 crypto: add missing locking for keyring_key access
commit
db7730e3091a52c2fcd8fcc952b964d88998e675 upstream.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Will Deacon [Tue, 15 Dec 2015 16:08:12 +0000 (16:08 +0000)]
iommu/io-pgtable-arm: Ensure we free the final level on teardown
commit
12c2ab09571e8aae3a87da2a4a452632a5fac1e5 upstream.
When tearing down page tables, we return early for the final level
since we know that we won't have any table pointers to follow.
Unfortunately, this also means that we forget to free the final level,
so we end up leaking memory.
Fix the issue by always freeing the current level, but just don't bother
to iterate over the ptes if we're at the final level.
Reported-by: Zhang Bo <zhangbo_a@xiaomi.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 06:40:55 +0000 (22:40 -0800)]
tty: Fix unsafe ldisc reference via ioctl(TIOCGETD)
commit
5c17c861a357e9458001f021a7afa7aab9937439 upstream.
ioctl(TIOCGETD) retrieves the line discipline id directly from the
ldisc because the line discipline id (c_line) in termios is untrustworthy;
userspace may have set termios via ioctl(TCSETS*) without actually
changing the line discipline via ioctl(TIOCSETD).
However, directly accessing the current ldisc via tty->ldisc is
unsafe; the ldisc ptr dereferenced may be stale if the line discipline
is changing via ioctl(TIOCSETD) or hangup.
Wait for the line discipline reference (just like read() or write())
to retrieve the "current" line discipline id.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:13:45 +0000 (21:13 -0800)]
tty: Retry failed reopen if tty teardown in-progress
commit
7f22f6c935cda600660e623a411fe380015d28d9 upstream.
A small window exists where a tty reopen will observe the tty
just prior to imminent teardown (tty->count == 0); in this case, open()
returns EIO to userspace.
Instead, retry the open after checking for signals and yielding;
this interruptible retry loop allows teardown to commence and initialize
a new tty on retry. Never retry the BSD master pty reopen; there is no
guarantee the pty pair teardown is imminent since the slave file
descriptors may remain open indefinitely.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:13:44 +0000 (21:13 -0800)]
tty: Wait interruptibly for tty lock on reopen
commit
0bfd464d3fdd5bb322f9cace4cc47f1796545cf7 upstream.
Allow a signal to interrupt the wait for a tty reopen; eg., if
the tty has starting final close and is waiting for the device to
drain.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 06:40:56 +0000 (22:40 -0800)]
n_tty: Fix unsafe reference to "other" ldisc
commit
6d27a63caad3f13e96cf065d2d96828c2006be6b upstream.
Although n_tty_check_unthrottle() has a valid ldisc reference (since
the tty core gets the ldisc ref in tty_read() before calling the line
discipline read() method), it does not have a valid ldisc reference to
the "other" pty of a pty pair. Since getting an ldisc reference for
tty->link essentially open-codes tty_wakeup(), just replace with the
equivalent tty_wakeup().
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Lu Baolu [Tue, 26 Jan 2016 15:50:08 +0000 (17:50 +0200)]
usb: xhci: apply XHCI_PME_STUCK_QUIRK to Intel Broxton-M platforms
commit
ccc04afb72cddbdf7c0e1c17e92886405a71b754 upstream.
Intel Broxton M was verifed to require XHCI_PME_STUCK_QUIRK quirk as well.
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Lu Baolu [Tue, 26 Jan 2016 15:50:05 +0000 (17:50 +0200)]
usb: xhci: handle both SSIC ports in PME stuck quirk
commit
fa89537783cb442263fa5a14df6c7693eaf32f11 upstream.
Commit
abce329c27b3 ("xhci: Workaround to get D3 working in Intel xHCI")
adds a workaround for a limitation of PME storm caused by SSIC port in
some Intel SoCs. This commit only handled one SSIC port, while there
are actually two SSIC ports in the chips. This patch handles both SSIC
ports. Without this fix, users still see PME storm.
Signed-off-by: Zhuang Jin Can <jin.can.zhuang@intel.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Srinivas Kandagatla [Wed, 13 Jan 2016 09:13:10 +0000 (09:13 +0000)]
usb: phy: msm: fix error handling in probe.
commit
a38a08dfaaab978dced63aa9cad45f0f62e23a66 upstream.
This driver registers for extcon events as part of its probe, but
never unregisters them in case of error in the probe path.
There were multiple issues noticed due to this missing error handling.
One of them is random crashes if the regulators are not ready yet by the
time probe is invoked.
Ivan's previous attempt [1] to fix this issue, did not really address
all the failure cases like regualtor/get_irq failures.
[1] https://lkml.org/lkml/2015/9/7/62
Without this patch the kernel would carsh with log:
...
Unable to handle kernel paging request at virtual address
17d78410
pgd =
ffffffc001a5c000
[
17d78410] *pgd=
00000000b6806003, *pud=
00000000b6806003, *pmd=
0000000000000000
Internal error: Oops:
96000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6 Comm: kworker/u8:0 Not tainted 4.4.0+ #48
Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT)
Workqueue: deferwq deferred_probe_work_func
task:
ffffffc03686e900 ti:
ffffffc0368b0000 task.ti:
ffffffc0368b0000
PC is at raw_notifier_chain_register+0x1c/0x44
LR is at extcon_register_notifier+0x88/0xc8
pc : [<
ffffffc0000da43c>] lr : [<
ffffffc000606298>] pstate:
80000085
sp :
ffffffc0368b3a70
x29:
ffffffc0368b3a70 x28:
ffffffc03680c310
x27:
ffffffc035518000 x26:
ffffffc035518000
x25:
ffffffc03bfa20e0 x24:
ffffffc035580a18
x23:
0000000000000000 x22:
ffffffc035518458
x21:
ffffffc0355e9a60 x20:
ffffffc035518000
x19:
0000000000000000 x18:
0000000000000028
x17:
0000000000000003 x16:
ffffffc0018153c8
x15:
0000000000000001 x14:
ffffffc03686f0f8
x13:
ffffffc03686f0f8 x12:
0000000000000003
x11:
0000000000000001 x10:
0000000000000001
x9 :
ffffffc03686f0f8 x8 :
0000e3872014c1a1
x7 :
0000000000000028 x6 :
0000000000000000
x5 :
0000000000000001 x4 :
0000000000000000
x3 :
00000000354fb170 x2 :
0000000017d78400
x1 :
ffffffc0355e9a60 x0 :
ffffffc0354fb268
Fixes: 591fc116f330 ("usb: phy: msm: Use extcon framework for VBUS and ID detection")
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Lu Baolu [Wed, 6 Jan 2016 07:10:04 +0000 (15:10 +0800)]
usb: cdc-acm: send zero packet for intel 7260 modem
commit
ffdb1e369a73b380fce95b05f8498d92c43842b4 upstream.
For Intel 7260 modem, it is needed for host side to send zero
packet if the BULK OUT size is equal to USB endpoint max packet
length. Otherwise, modem side may still wait for more data and
cannot give response to host side.
Signed-off-by: Konrad Leszczynski <konrad.leszczynski@intel.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Lu Baolu [Wed, 30 Dec 2015 04:59:08 +0000 (12:59 +0800)]
usb: cdc-acm: handle unlinked urb in acm read callback
commit
19454462acb1bdef80542061bdc9b410e4ed1ff6 upstream.
In current acm driver, the bulk-in callback function ignores the
URBs unlinked in usb core.
This causes unexpected data loss in some cases. For example,
runtime suspend entry will unlinked all urbs and set urb->status
to -ENOENT even those urbs might have data not processed yet.
Hence, data loss occurs.
This patch lets bulk-in callback function handle unlinked urbs
to avoid data loss.
Signed-off-by: Tang Jian Qiang <jianqiang.tang@intel.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
John Ernberg [Mon, 25 Jan 2016 12:27:17 +0000 (12:27 +0000)]
USB: option: fix Cinterion AHxx enumeration
commit
4152b387da81617c80cb2946b2d56e3958906b3e upstream.
In certain kernel configurations where the cdc_ether and option drivers
are compiled as modules there can occur a race condition in enumeration.
This causes the option driver to enumerate the ethernet(wwan) interface
as usb-serial interfaces.
usb-devices output for the modem:
T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 5 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=1e2d ProdID=0055 Rev=00.00
S: Manufacturer=Cinterion
S: Product=AHx
C: #Ifs= 6 Cfg#= 1 Atr=e0 MxPwr=10mA
I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
I: If#= 4 Alt= 0 #EPs= 1 Cls=02(commc) Sub=06 Prot=00 Driver=cdc_ether
I: If#= 5 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=cdc_ether
Signed-off-by: John Ernberg <john.ernberg@actia.se>
Fixes: 1941138e1c02 ("USB: added support for Cinterion's products...")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Daniele Palmas [Tue, 12 Jan 2016 16:22:06 +0000 (17:22 +0100)]
USB: serial: option: Adding support for Telit LE922
commit
ff4e2494dc17b173468e1713fdf6237fd8578bc7 upstream.
This patch adds support for two PIDs of LE922.
Signed-off-by: Daniele Palmas <dnlplm@gmail.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Dedecker [Fri, 8 Jan 2016 11:34:41 +0000 (12:34 +0100)]
USB: cp210x: add ID for IAI USB to RS485 adaptor
commit
f487c54ddd544e1c9172cd510954f697b77b76e3 upstream.
Added the USB serial console device ID for IAI Corp. RCB-CV-USB
USB to RS485 adaptor.
Signed-off-by: Peter Dedecker <peter.dedecker@hotmail.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Greg Kroah-Hartman [Wed, 20 Jan 2016 07:43:13 +0000 (23:43 -0800)]
USB: serial: ftdi_sio: add support for Yaesu SCU-18 cable
commit
e03cdf22a2727c60307be6a729233edab3bfda9c upstream.
Harald Linden reports that the ftdi_sio driver works properly for the
Yaesu SCU-18 cable if the device ids are added to the driver. So let's
add them.
Reported-by: Harald Linden <harald.linden@7183.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Du, Changbin [Mon, 18 Jan 2016 13:02:42 +0000 (21:02 +0800)]
usb: hub: do not clear BOS field during reset device
commit
d8f00cd685f5c8e0def8593e520a7fef12c22407 upstream.
In function usb_reset_and_verify_device, the old BOS descriptor may
still be used before allocating a new one. (usb_unlocked_disable_lpm
function uses it under the situation that it fails to disable lpm.)
So we cannot set the udev->bos to NULL before that, just keep what it
was. It will be overwrite when allocating a new one.
Crash log:
BUG: unable to handle kernel NULL pointer dereference at
0000000000000010
IP: [<
ffffffff8171f98d>] usb_enable_link_state+0x2d/0x2f0
Call Trace:
[<
ffffffff8171ed5b>] ? usb_set_lpm_timeout+0x12b/0x140
[<
ffffffff8171fcd1>] usb_enable_lpm+0x81/0xa0
[<
ffffffff8171fdd8>] usb_disable_lpm+0xa8/0xc0
[<
ffffffff8171fe1c>] usb_unlocked_disable_lpm+0x2c/0x50
[<
ffffffff81723933>] usb_reset_and_verify_device+0xc3/0x710
[<
ffffffff8172c4ed>] ? usb_sg_wait+0x13d/0x190
[<
ffffffff81724743>] usb_reset_device+0x133/0x280
[<
ffffffff8179ccd1>] usb_stor_port_reset+0x61/0x70
[<
ffffffff8179cd68>] usb_stor_invoke_transport+0x88/0x520
Signed-off-by: Du, Changbin <changbin.du@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Johan Hovold [Tue, 12 Jan 2016 11:05:20 +0000 (12:05 +0100)]
USB: visor: fix null-deref at probe
commit
cac9b50b0d75a1d50d6c056ff65c005f3224c8e0 upstream.
Fix null-pointer dereference at probe should a (malicious) Treo device
lack the expected endpoints.
Specifically, the Treo port-setup hack was dereferencing the bulk-in and
interrupt-in urbs without first making sure they had been allocated by
core.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Vladis Dronov [Tue, 12 Jan 2016 14:10:50 +0000 (15:10 +0100)]
USB: serial: visor: fix crash on detecting device without write_urbs
commit
cb3232138e37129e88240a98a1d2aba2187ff57c upstream.
The visor driver crashes in clie_5_attach() when a specially crafted USB
device without bulk-out endpoint is detected. This fix adds a check that
the device has proper configuration expected by the driver.
Reported-by: Ralf Spenneberg <ralf@spenneberg.net>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Fixes: cfb8da8f69b8 ("USB: visor: fix initialisation of UX50/TH55 devices")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bard Liao [Thu, 21 Jan 2016 05:13:40 +0000 (13:13 +0800)]
ASoC: rt5645: fix the shift bit of IN1 boost
commit
b28785fa9cede0d4f47310ca0dd2a4e1d50478b5 upstream.
The shift bit of IN1 boost gain control is 12.
Signed-off-by: Bard Liao <bardliao@realtek.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mauro Carvalho Chehab [Thu, 4 Feb 2016 17:59:43 +0000 (15:59 -0200)]
saa7134-alsa: Only frees registered sound cards
commit
ac75fe5d8fe4a0bf063be18fb29684405279e79e upstream.
That prevents this bug:
[ 2382.269496] BUG: unable to handle kernel NULL pointer dereference at
0000000000000540
[ 2382.270013] IP: [<
ffffffffa01fe616>] snd_card_free+0x36/0x70 [snd]
[ 2382.270013] PGD 0
[ 2382.270013] Oops: 0002 [#1] SMP
[ 2382.270013] Modules linked in: saa7134_alsa(-) tda1004x saa7134_dvb videobuf2_dvb dvb_core tda827x tda8290 tuner saa7134 tveeprom videobuf2_dma_sg videobuf2_memops videobuf2_v4l2 videobuf2_core v4l2_common videodev media auth_rpcgss nfsv4 dns_resolver nfs lockd grace sunrpc tun bridge stp llc ebtables ip6table_filter ip6_tables nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack it87 hwmon_vid snd_hda_codec_idt snd_hda_codec_generic iTCO_wdt iTCO_vendor_support snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core snd_seq pcspkr i2c_i801 snd_seq_device snd_pcm snd_timer lpc_ich snd mfd_core soundcore binfmt_misc i915 video i2c_algo_bit drm_kms_helper drm r8169 ata_generic serio_raw pata_acpi mii i2c_core [last unloaded: videobuf2_memops]
[ 2382.270013] CPU: 0 PID: 4899 Comm: rmmod Not tainted 4.5.0-rc1+ #4
[ 2382.270013] Hardware name: PCCHIPS P17G/P17G, BIOS 080012 05/14/2008
[ 2382.270013] task:
ffff880039c38000 ti:
ffff88003c764000 task.ti:
ffff88003c764000
[ 2382.270013] RIP: 0010:[<
ffffffffa01fe616>] [<
ffffffffa01fe616>] snd_card_free+0x36/0x70 [snd]
[ 2382.270013] RSP: 0018:
ffff88003c767ea0 EFLAGS:
00010286
[ 2382.270013] RAX:
ffff88003c767eb8 RBX:
0000000000000000 RCX:
0000000000006260
[ 2382.270013] RDX:
ffffffffa020a060 RSI:
ffffffffa0206de1 RDI:
ffff88003c767eb0
[ 2382.270013] RBP:
ffff88003c767ed8 R08:
0000000000019960 R09:
ffffffff811a5412
[ 2382.270013] R10:
ffffea0000d7c200 R11:
0000000000000000 R12:
ffff88003c767ea8
[ 2382.270013] R13:
00007ffe760617f7 R14:
0000000000000000 R15:
0000557625d7f1e0
[ 2382.270013] FS:
00007f80bb1c0700(0000) GS:
ffff88003f400000(0000) knlGS:
0000000000000000
[ 2382.270013] CS: 0010 DS: 0000 ES: 0000 CR0:
000000008005003b
[ 2382.270013] CR2:
0000000000000540 CR3:
000000003c00f000 CR4:
00000000000006f0
[ 2382.270013] Stack:
[ 2382.270013]
000000003c767ed8 ffffffff00000000 ffff880000000000 ffff88003c767eb8
[ 2382.270013]
ffff88003c767eb8 ffffffffa049a890 00007ffe76060060 ffff88003c767ef0
[ 2382.270013]
ffffffffa049889d ffffffffa049a500 ffff88003c767f48 ffffffff8111079c
[ 2382.270013] Call Trace:
[ 2382.270013] [<
ffffffffa049889d>] saa7134_alsa_exit+0x1d/0x780 [saa7134_alsa]
[ 2382.270013] [<
ffffffff8111079c>] SyS_delete_module+0x19c/0x1f0
[ 2382.270013] [<
ffffffff8170fc2e>] entry_SYSCALL_64_fastpath+0x12/0x71
[ 2382.270013] Code: 20 a0 48 c7 c6 e1 6d 20 a0 48 89 e5 41 54 53 4c 8d 65 d0 48 89 fb 48 83 ec 28 c7 45 d0 00 00 00 00 49 8d 7c 24 08 e8 7a 55 ed e0 <4c> 89 a3 40 05 00 00 48 89 df e8 eb fd ff ff 85 c0 75 1a 48 8d
[ 2382.270013] RIP [<
ffffffffa01fe616>] snd_card_free+0x36/0x70 [snd]
[ 2382.270013] RSP <
ffff88003c767ea0>
[ 2382.270013] CR2:
0000000000000540
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Tue, 2 Feb 2016 14:27:36 +0000 (15:27 +0100)]
ALSA: dummy: Implement timer backend switching more safely
commit
ddce57a6f0a2d8d1bfacfa77f06043bc760403c2 upstream.
Currently the selected timer backend is referred at any moment from
the running PCM callbacks. When the backend is switched, it's
possible to lead to inconsistency from the running backend. This was
pointed by syzkaller fuzzer, and the commit [
7ee96216c31a: ALSA:
dummy: Disable switching timer backend via sysfs] disabled the dynamic
switching for avoiding the crash.
This patch improves the handling of timer backend switching. It keeps
the reference to the selected backend during the whole operation of an
opened stream so that it won't be changed by other streams.
Together with this change, the hrtimer parameter is reenabled as
writable now.
NOTE: this patch also turned out to fix the still remaining race.
Namely, ops was still replaced dynamically at dummy_pcm_open:
static int dummy_pcm_open(struct snd_pcm_substream *substream)
{
....
dummy->timer_ops = &dummy_systimer_ops;
if (hrtimer)
dummy->timer_ops = &dummy_hrtimer_ops;
Since dummy->timer_ops is common among all streams, and when the
replacement happens during accesses of other streams, it may lead to a
crash. This was actually triggered by syzkaller fuzzer and KASAN.
This patch rewrites the code not to use the ops shared by all streams
any longer, too.
BugLink: http://lkml.kernel.org/r/CACT4Y+aZ+xisrpuM6cOXbL21DuM0yVxPYXf4cD4Md9uw0C3dBQ@mail.gmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Tue, 9 Feb 2016 09:23:52 +0000 (10:23 +0100)]
ALSA: hda - Fix bad dereference of jack object
commit
2ebab40eb74a0225d5dfba72bfae317dd948fa2d upstream.
The hda_jack_tbl entries are managed by snd_array for allowing
multiple jacks. It's good per se, but the problem is that struct
hda_jack_callback keeps the hda_jack_tbl pointer. Since snd_array
doesn't preserve each pointer at resizing the array, we can't keep the
original pointer but have to deduce the pointer at each time via
snd_array_entry() instead. Actually, this resulted in the deference
to the wrong pointer on codecs that have many pins such as CS4208.
This patch replaces the pointer to the NID value as the search key.
As an unexpected good side effect, this even simplifies the code, as
only NID is needed in most cases.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Sun, 7 Feb 2016 08:38:26 +0000 (09:38 +0100)]
ALSA: hda - Fix speaker output from VAIO AiO machines
commit
c44d9b1181cf34e0860c72cc8a00e0c47417aac0 upstream.
Some Sony VAIO AiO models (VGC-JS4EF and VGC-JS25G, both with PCI SSID
104d:9044) need the same quirk to make the speaker working properly.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=112031
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Fri, 5 Feb 2016 19:12:24 +0000 (20:12 +0100)]
Revert "ALSA: hda - Fix noise on Gigabyte Z170X mobo"
commit
6c361d10e0eb859233c71954abcd20d2d8700587 upstream.
This reverts commit
0c25ad80408e95e0a4fbaf0056950206e95f726f.
The original commit disabled the aamixer path due to the noise
problem, but it turned out that some mobo with the same PCI SSID
doesn't suffer from the issue, and the disabled function (analog
loopback) is still demanded by users.
Since the recent commit [
e7fdd52779a6: ALSA: hda - Implement loopback
control switch for Realtek and other codecs], we have the dynamic
mixer switch to enable/disable the aamix path, and we don't have to
disable the path statically any longer. So, let's revert the
disablement, so that only the user suffering from the noise problem
can turn off the aamix on the fly.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=108301
Reported-by: <mutedbytes@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
David Henningsson [Fri, 5 Feb 2016 08:05:41 +0000 (09:05 +0100)]
ALSA: hda - Fix static checker warning in patch_hdmi.c
commit
360a8245680053619205a3ae10e6bfe624a5da1d upstream.
The static checker warning is:
sound/pci/hda/patch_hdmi.c:460 hdmi_eld_ctl_get()
error: __memcpy() 'eld->eld_buffer' too small (256 vs 512)
I have a hard time figuring out if this can ever cause an information leak
(I don't think so), but nonetheless it does not hurt to increase the
robustness of the code.
Fixes: 68e03de98507 ('ALSA: hda - hdmi: Do not expose eld data when eld is invalid')
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Wed, 3 Feb 2016 11:32:51 +0000 (12:32 +0100)]
ALSA: hda - Add fixup for Mac Mini 7,1 model
commit
2154cc0e2d4ae15132d005d17e473327c70c9a06 upstream.
Mac Mini 7,1 model with CS4208 codec reports the headphone jack
detection wrongly in an inverted way. Moreover, the advertised pins
for the audio input and SPDIF output have actually no jack detection.
This patch addresses these issues. The inv_jack_detect flag is set
for fixing the headphone jack detection, and the pin configs for audio
input and SPDIF output are marked as non-detectable.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=105161
Report-and-tested-by: moosotc@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Tue, 9 Feb 2016 11:02:32 +0000 (12:02 +0100)]
ALSA: timer: Fix race between stop and interrupt
commit
ed8b1d6d2c741ab26d60d499d7fbb7ac801f0f51 upstream.
A slave timer element also unlinks at snd_timer_stop() but it takes
only slave_active_lock. When a slave is assigned to a master,
however, this may become a race against the master's interrupt
handling, eventually resulting in a list corruption. The actual bug
could be seen with a syzkaller fuzzer test case in BugLink below.
As a fix, we need to take timeri->timer->lock when timer isn't NULL,
i.e. assigned to a master, while the assignment to a master itself is
protected by slave_active_lock.
BugLink: http://lkml.kernel.org/r/CACT4Y+Y_Bm+7epAb=8Wi=AaWd+DYS7qawX52qxdCfOfY49vozQ@mail.gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Mon, 8 Feb 2016 16:36:25 +0000 (17:36 +0100)]
ALSA: timer: Fix wrong instance passed to slave callbacks
commit
117159f0b9d392fb433a7871426fad50317f06f7 upstream.
In snd_timer_notify1(), the wrong timer instance was passed for slave
ccallback function. This leads to the access to the wrong data when
an incompatible master is handled (e.g. the master is the sequencer
timer and the slave is a user timer), as spotted by syzkaller fuzzer.
This patch fixes that wrong assignment.
BugLink: http://lkml.kernel.org/r/CACT4Y+Y_Bm+7epAb=8Wi=AaWd+DYS7qawX52qxdCfOfY49vozQ@mail.gmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>