| Age | Commit message (Collapse) | Author |
|---|
|
When using nmap tool with FMAC, the nmap packets were be dropped by kernel
because the size was too short. The kernel message showed like
"nmap: packet size is too short (42 <= 50)". It is caused by the packet
length is shorter than ndev->hard_header_len. According to definition of
LL_RESERVED_SPACE() and hard_header_len, we should use hard_header_len
to reserve for L2 header, like ethernet header(ETH_HLEN) in our case and
use needed_headroom for the additional headroom needed by hardware.
Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Signed-off-by: Wright Feng <wright.feng@broadcom.com>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
The error message is given for something that is not an error here as
the drive strength configuration may not be applicable for specific
devices. Therefor the error message is rephrased and changed to a
debug message.
Signed-off-by: Wright Feng <wright.feng@broadcom.com>
[arend@broadcom.com: rephrase commit message]
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
SKBs can come with a prioriy. Currently a priority of 0..7 is
assumed. But this assumption is incorrect. To fix this any
priority of 0 or higher then 7 will be adjusted by calling
cfg80211_classify8021d
Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Reviewed-by: Franky Lin <franky.lin@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
Signed-off-by: Hante Meuleman <hante.meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
Only hardcode the LED behavior if the SROM doesn't provide any for all
LEDs of the card. This avoids instantiating LED triggers for unconnected
LEDs, while (hopefully) keeping things working for old cards with a
blank SROM.
Signed-off-by: Lucas Stach <dev@lynxeye.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
gcc-6 reports:
drivers/net/wireless/marvell/libertas_tf/main.c:30:19: error:
'lbtf_driver_version' defined but not used
with -Werror=unused-const-variable=.
Reported-by: Fengguang Wu <fengguang.wu@intel.com> [0-day test robot]
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
There are nine copies of the _rtl88ee_read_adapter_info() function,
and most but not all of them cause a build warning in some configurations:
rtl8192de/hw.c: In function '_rtl92de_read_adapter_info':
rtl8192de/hw.c:1767:12: error: 'hwinfo' may be used uninitialized in this function [-Werror=maybe-uninitialized]
rtl8723ae/hw.c: In function '_rtl8723e_read_adapter_info.constprop':
rtlwifi/rtl8723ae/hw.c:1654:12: error: 'hwinfo' may be used uninitialized in this function [-Werror=maybe-uninitialized]
The problem is that when rtlefuse->epromtype is something other than
EEPROM_BOOT_EFUSE, the rest of the function uses undefined data, resulting
in random behavior later.
Apparently, in some drivers, the problem was already found and fixed
but the fix did not make it into the others.
This picks one approach to deal with the problem and applies identical
code to all 9 files, to simplify the later consolidation of those.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
There are two firmware events we handle similarly in brcmfmac:
BRCMF_E_LINK and BRCMF_E_IF. The difference from firmware point of view
is that the first one means BSS remains present in the firmware. Trying
to (re)create it (e.g. when adding new virtual interface) will result in
an error.
Current code treats both events in a similar way. It removes Linux
interface for each of them. It works OK with e.g. BCM43602. Its firmware
generates both events for each interface. It means we get BRCMF_E_LINK
and remove interface. That is soon followed by BRCMF_E_IF which means
BSS was also removed in a firmware. The only downside of this is a
harmless error like:
[ 208.643180] brcmfmac: brcmf_fweh_call_event_handler: no interface object
Unfortunately BCM4366 firmware doesn't automatically remove BSS and so
it doesn't generate BRCMF_E_IF. In such case we incorrectly remove Linux
interface on BRCMF_E_LINK as BSS is still present in the firmware. It
results in an error when trying to re-create virtual interface, e.g.:
> iw phy phy1 interface add wlan1-1 type __ap
[ 3602.929199] brcmfmac: brcmf_ap_add_vif: timeout occurred
command failed: I/O error (-5)
With this patch we don't remove Linux interface while firmware keeps
BSS. Thanks to this we keep a consistent states of host driver and
device firmware.
Further improvement should be to mark BSS as disabled and remove
interface on BRCMF_E_LINK. Then we should add support for reusing
BSS-es.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
Firmware for new chipsets is based on a new major version of code
internally maintained at Broadcom. E.g. brcmfmac4366b-pcie.bin (used for
BCM4366B1) is based on 10.10.69.3309 while brcmfmac43602-pcie.ap.bin was
based on 7.35.177.56.
Currently setting AP 5 GHz channel doesn't work reliably with BCM4366B1.
When setting e.g. 36 control channel with VHT80 (center channel 42)
firmware may randomly pick one of:
1) 52 control channel with 58 as center one
2) 100 control channel with 106 as center one
3) 116 control channel with 122 as center one
4) 149 control channel with 155 as center one
It seems new firmwares require setting AP mode (BRCMF_C_SET_AP) before
specifying a channel. Changing an order of firmware calls fixes the
problem. This requirement resulted in two separated "chanspec" calls,
one in AP code path and one in P2P path.
This fix was verified with BCM4366B1 and tested for regressions on
BCM43602.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
gcc-6 on x86 started warning about wl3501_get_encode when building
with -O2:
drivers/net/wireless/wl3501_cs.c: In function ‘wl3501_get_encode’:
drivers/net/wireless/wl3501_cs.c:1769:5: warning: ‘implemented’ may be used uninitialized in this function
drivers/net/wireless/wl3501_cs.c:1686:19: warning: ‘threshold’ may be used uninitialized in this function
drivers/net/wireless/wl3501_cs.c:1702:20: warning: ‘threshold’ may be used uninitialized in this function
drivers/net/wireless/wl3501_cs.c:1719:23: warning: ‘txpow’ may be used uninitialized in this function
drivers/net/wireless/wl3501_cs.c:1752:20: warning: ‘retry’ may be used uninitialized in this function
drivers/net/wireless/wl3501_cs.c:1806:25: warning: ‘pwr_state’ may be used uninitialized in this function
drivers/net/wireless/wl3501_cs.c:1383:24: warning: ‘value’ may be used uninitialized in this function
I could not figure out what exactly confuses gcc here, but splitting the
wl3501_get_mib_value function into two helps the compiler to figure out
that the variables are not actually used uninitialized, and makes it
slightly clearer to a human reader what the function actually does and
which parts of it are under the spinlock.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
The Documentation/devicetree/bindings/net/wireless/marvell-sd8xxx.txt DT
binding document lists the possible compatible strings that a SDIO child
node can have, so the driver checks if the defined in the node matches.
But the error message when that's not the case is misleading, so change
for one that makes clear what the error really is. Also, returning a -1
as errno code is not correct since that's -EPERM. A -EINVAL seems to be
a more appropriate one.
Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
Reviewed-by: Julian Calaby <julian.calaby@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
The Documentation/devicetree/bindings/net/wireless/marvell-sd8xxx.txt DT
binding document say that the "interrupts" property in the child node is
optional. So the property being missed shouldn't be treated as an error.
Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
Reviewed-by: Julian Calaby <julian.calaby@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
The function can fail so the returned value should be checked
and the error propagated to the caller in case of a failure.
Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
Reviewed-by: Julian Calaby <julian.calaby@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
It's better to have the device name prefixed in the error message.
Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
Reviewed-by: Julian Calaby <julian.calaby@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
Instead of duplicating part of the cleanups needed in case of an error
in .probe callback, have a single error path and use goto labels as is
common practice in the kernel.
This also has the nice side effect that the cleanup operations are made
in the inverse order of their counterparts, which was not the case for
the mwifiex_add_card() error path.
Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
Reviewed-by: Julian Calaby <julian.calaby@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
There's only a check if mwifiex_add_card() returned a nonzero value, but
the actual error code is neither stored nor propagated to the caller. So
instead of always returning -1 (which is -EPERM and not a suitable errno
code in this case), propagate the value returned by mwifiex_add_card().
Patch also removes the assignment of sdio_disable_func() returned value
since it was overwritten anyways and what matters is to know the error
value returned by the first function that failed.
Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
Reviewed-by: Julian Calaby <julian.calaby@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
If the sdio_enable_func() function fails on .probe, the -EIO errno code
is always returned but that could make more difficult to debug and find
the cause of why the function actually failed.
Since the driver/device core prints the value returned by .probe in its
error message propagate what was returned by sdio_enable_func() at fail.
Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
Reviewed-by: Julian Calaby <julian.calaby@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
SDIO is an auto enumerable bus so the SDIO devices are matched using the
sdio_device_id table and not using compatible strings from a OF id table.
However, commit ce4f6f0c353b ("mwifiex: add platform specific wakeup
interrupt support") allowed to match nodes defined as child of the SDIO
host controller in the probe function using a compatible string to setup
platform specific parameters in the DT.
The problem is that the OF parse function is always called regardless if
the SDIO dev has an OF node associated or not, and prints an error if it
is not found. So, on a platform that doesn't have a node for a SDIO dev,
the following misleading error message will be printed:
[ 12.480042] mwifiex_sdio mmc2:0001:1: sdio platform data not available
Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
Reviewed-by: Julian Calaby <julian.calaby@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
This is helpful for debugging. Without this all I was getting from "iw"
command on failed creating of P2P interface was:
> command failed: Too many open files in system (-23)
Signed-off-by: Rafal Milecki <zajec5@gmail.com>
[arend@broadcom.com: reduce error prints upon iface creation]
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Reviewed-by: Julian Calaby <julian.calaby@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
ath.git fixes for 4.7. Major changes:
ath9k
* fix GPIO mask regression with AR9462 and AR9565
ath10k
* fix deadlock while processing rx_in_ord_ind
* fix crash related to printing firmware features in debug mode
* fix deadlock when peer cannot be created
|
|
path_b_ok is being assigned but immediately after path_a_ok is being
compared to the value 0x03. This appears to be a typo on the
variable name, compare path_b_ok instead.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
|
This bug leads to:
[ 1.906411] Unable to handle kernel NULL pointer dereference at virtual address 0000000c
[ 1.914878] pgd = c0004000
[ 1.917786] [0000000c] *pgd=00000000
[ 1.921536] Internal error: Oops: 5 [#1] SMP ARM
[ 1.926357] Modules linked in:
[ 1.929556] CPU: 0 PID: 14 Comm: kworker/0:1 Not tainted 4.4.5 #18
[ 1.936006] Hardware name: Generic AM33XX (Flattened Device Tree)
[ 1.942383] Workqueue: events power_supply_changed_work
[ 1.947842] task: de2c41c0 ti: de2c8000 task.ti: de2c8000
[ 1.953483] PC is at tps65217_ac_get_property+0x14/0x28
[ 1.958937] LR is at tps65217_ac_get_property+0x10/0x28
Driver was trying to use drv_data in property get handler. However drv_data
was not set, so it caused NULL pointer dereference. This patch properly
sets drv_data during probe by power_supply_config parameter, so the
property get handler works as desired.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Fixes: 3636859b280c ("power_supply: Add support for tps65217-charger")
Signed-off-by: Sebastian Reichel <sre@kernel.org>
|
|
dev_pm_opp_get_sharing_cpus() returns 0 even in the case when the OPP
core doesn't know whether or not the table is shared. It works on the
majority of platforms, where the OPP table is never created before
invoking the function and then -ENODEV is returned by it.
But in the case of one platform (Jetson TK1) at least, the situation
is a bit different. The OPP table has been created (somehow) before
dev_pm_opp_get_sharing_cpus() is called and it returns 0. Its caller
treats that as 'the CPUs don't share OPPs' and that leads to degraded
performance.
Fix this by converting 'shared_opp' in struct opp_table to an enum
and making dev_pm_opp_get_sharing_cpus() return -EINVAL in case when
the value of that field is "access unknown", so that the caller can
handle it accordingly (cpufreq-dt considers that as 'all CPUs share
the table', for example).
Fixes: 6f707daa3833 "PM / OPP: Add dev_pm_opp_get_sharing_cpus()"
Reported-and-tested-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
[ rjw : Subject & changelog ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
|
|
On s390, there are two different hardware PMUs for counting and
sampling. Previously, both PMUs have shared the perf_hw_context
which is not correct and, recently, results in this warning:
------------[ cut here ]------------
WARNING: CPU: 5 PID: 1 at kernel/events/core.c:8485 perf_pmu_register+0x420/0x428
Modules linked in:
CPU: 5 PID: 1 Comm: swapper/0 Not tainted 4.7.0-rc1+ #2
task: 00000009c5240000 ti: 00000009c5234000 task.ti: 00000009c5234000
Krnl PSW : 0704c00180000000 0000000000220c50 (perf_pmu_register+0x420/0x428)
R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3
Krnl GPRS: ffffffffffffffff 0000000000b15ac6 0000000000000000 00000009cb440000
000000000022087a 0000000000000000 0000000000b78fa0 0000000000000000
0000000000a9aa90 0000000000000084 0000000000000005 000000000088a97a
0000000000000004 0000000000749dd0 000000000022087a 00000009c5237cc0
Krnl Code: 0000000000220c44: a7f4ff54 brc 15,220aec
0000000000220c48: 92011000 mvi 0(%r1),1
#0000000000220c4c: a7f40001 brc 15,220c4e
>0000000000220c50: a7f4ff12 brc 15,220a74
0000000000220c54: 0707 bcr 0,%r7
0000000000220c56: 0707 bcr 0,%r7
0000000000220c58: ebdff0800024 stmg %r13,%r15,128(%r15)
0000000000220c5e: a7f13fe0 tmll %r15,16352
Call Trace:
([<000000000022087a>] perf_pmu_register+0x4a/0x428)
([<0000000000b2c25c>] init_cpum_sampling_pmu+0x14c/0x1f8)
([<0000000000100248>] do_one_initcall+0x48/0x140)
([<0000000000b25d26>] kernel_init_freeable+0x1e6/0x2a0)
([<000000000072bda4>] kernel_init+0x24/0x138)
([<000000000073495e>] kernel_thread_starter+0x6/0xc)
([<0000000000734958>] kernel_thread_starter+0x0/0xc)
Last Breaking-Event-Address:
[<0000000000220c4c>] perf_pmu_register+0x41c/0x428
---[ end trace 0c6ef9f5b771ad97 ]---
Using the perf_sw_context is an option because the cpum_cf PMU does
not use interrupts. To make this more clear, initialize the
capabilities in the PMU structure.
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
In the omap gpmc driver it can be noticed that GPMC_CONFIG4_OEEXTRADELAY
is overwritten by the WEEXTRADELAY value from the device tree and
GPMC_CONFIG4_WEEXTRADELAY is not updated by the value from the device
tree.
As a consequence, the memory accesses cannot be configured properly when
the extra delay are needed for OE and WE.
Fix the update of GPMC_CONFIG4_WEEXTRADELAY with the value from the
device tree file and prevents GPMC_CONFIG4_OEXTRADELAY
being overwritten by the WEXTRADELAY value from the device tree.
Cc: stable@vger.kernel.org
Signed-off-by: Ocquidant, Sebastien <sebastienocquidant@eaton.com>
Signed-off-by: Roger Quadros <rogerq@ti.com>
|
|
VT-d posted interrupt is relying on the CPU side's posted interrupt.
Need to check whether VCPU's APICv is active before enabing VT-d
posted interrupt.
Fixes: d62caabb41f33d96333f9ef15e09cd26e1c12760
Cc: stable@vger.kernel.org
Signed-off-by: Yang Zhang <yang.zhang.wz@gmail.com>
Signed-off-by: Shengge Ding <shengge.dsg@alibaba-inc.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
These days, we experienced one guest crash with 8 cores and 3 disks,
with qemu error logs as bellow:
qemu-system-x86_64: /build/qemu-2.0.0/kvm-all.c:984:
kvm_irqchip_commit_routes: Assertion `ret == 0' failed.
And then we found one patch(bdf026317d) in qemu tree, which said
could fix this bug.
Execute the following script will reproduce the BUG quickly:
irq_affinity.sh
========================================================================
vda_irq_num=25
vdb_irq_num=27
while [ 1 ]
do
for irq in {1,2,4,8,10,20,40,80}
do
echo $irq > /proc/irq/$vda_irq_num/smp_affinity
echo $irq > /proc/irq/$vdb_irq_num/smp_affinity
dd if=/dev/vda of=/dev/zero bs=4K count=100 iflag=direct
dd if=/dev/vdb of=/dev/zero bs=4K count=100 iflag=direct
done
done
========================================================================
The following qemu log is added in the qemu code and is displayed when
this bug reproduced:
kvm_irqchip_commit_routes: max gsi: 1008, nr_allocated_irq_routes: 1024,
irq_routes->nr: 1024, gsi_count: 1024.
That's to say when irq_routes->nr == 1024, there are 1024 routing entries,
but in the kernel code when routes->nr >= 1024, will just return -EINVAL;
The nr is the number of the routing entries which is in of
[1 ~ KVM_MAX_IRQ_ROUTES], not the index in [0 ~ KVM_MAX_IRQ_ROUTES - 1].
This patch fix the BUG above.
Cc: stable@vger.kernel.org
Signed-off-by: Xiubo Li <lixiubo@cmss.chinamobile.com>
Signed-off-by: Wei Tang <tangwei@cmss.chinamobile.com>
Signed-off-by: Zhang Zhuoyu <zhangzhuoyu@cmss.chinamobile.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Enabling a component via sysfs (echo 1 > enable_source), would
trigger building a path from the enabled sources to the sink.
If there is an error in the process (e.g, sink not enabled or
the device (CPU corresponding to ETM) is not online), we never report
failure, except for leaving a message in the dmesg.
Do proper error checking for the build path and return the error.
Before:
$ echo 0 > /sys/devices/system/cpu/cpu2/online
$ echo 1 > /sys/devices/cs_etm/cpu2/enable_source
$ echo $?
0
After:
$ echo 0 > /sys/devices/system/cpu/cpu2/online
$ echo 1 > /sys/devices/cs_etm/cpu2/enable_source
-bash: echo: write error: No such device or address
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Acked-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
At the end of a trace collection, we try to clear the entire buffer
and enable the ETR back if it was already enabled. But, we would have
adjusted the drvdata->buf to point to the beginning of the trace data
in the trace buffer @drvdata->vaddr. So, the following code which
clears the buffer is dangerous and can cause crashes, like below :
memset(drvdata->buf, 0, drvdata->size);
Unable to handle kernel paging request at virtual address ffffff800a145000
pgd = ffffffc974726000
*pgd=00000009f3e91003, *pud=00000009f3e91003, *pmd=0000000000000000
PREEMPT SMP
Modules linked in:
CPU: 4 PID: 1692 Comm: dd Not tainted 4.7.0-rc2+ #1721
Hardware name: ARM Juno development board (r0) (DT)
task: ffffffc9734a0080 ti: ffffffc974460000 task.ti: ffffffc974460000
PC is at __memset+0x1ac/0x200
LR is at tmc_read_unprepare_etr+0x144/0x1bc
pc : [<ffffff80083a05ac>] lr : [<ffffff800859c984>] pstate: 200001c5
...
[<ffffff80083a05ac>] __memset+0x1ac/0x200
[<ffffff800859b2e4>] tmc_release+0x90/0x94
[<ffffff8008202f58>] __fput+0xa8/0x1ec
[<ffffff80082030f4>] ____fput+0xc/0x14
[<ffffff80080c3ef8>] task_work_run+0xb0/0xe4
[<ffffff8008088bf4>] do_notify_resume+0x64/0x6c
[<ffffff8008084d5c>] work_pending+0x10/0x14
Code: 91010108 54ffff4a 8b040108 cb050042 (d50b7428)
Since we clear the buffer anyway in the following call to
tmc_etr_enable_hw(), remove the erroneous memset().
Fixes: commit de5461970b3e9e1 ("coresight: tmc: allocating memory when needed")
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
At the end of the trace capture, we free the allocated memory,
resetting the drvdata->buf to NULL, to indicate that trace data
was collected and the next trace session should allocate the
memory in tmc_enable_etr_sink_sysfs.
The tmc_enable_etr_sink_sysfs, we only allocate memory if drvdata->vaddr
is not NULL (which is not performed at the end of previous session).
This can cause, drvdata->vaddr getting assigned NULL and later we do
memset() which causes a crash as below :
Unable to handle kernel NULL pointer dereference at virtual
address 00000000
pgd = ffffffc9747f0000
[00000000] *pgd=00000009f402e003, *pud=00000009f402e003,
*pmd=0000000000000000
Internal error: Oops: 96000046 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 1592 Comm: bash Not tainted 4.7.0-rc1+ #1712
Hardware name: ARM Juno development board (r0) (DT)
task: ffffffc078fe0080 ti: ffffffc974178000 task.ti: ffffffc974178000
PC is at __memset+0x1ac/0x200
LR is at tmc_enable_etr_sink+0xf8/0x304
pc : [<ffffff80083a002c>] lr : [<ffffff800859be44>] pstate: 400001c5
sp : ffffffc97417bc00
x29: ffffffc97417bc00 x28: ffffffc974178000
Call trace:
Exception stack(0xffffffc97417ba40 to 0xffffffc97417bb60)
ba40: 0000000000000001 ffffffc974a5d098 ffffffc97417bc00 ffffff80083a002c
ba60: ffffffc974a5d118 0000000000000000 0000000000000000 0000000000000000
ba80: 0000000000000001 0000000000000000 ffffff800859bdec 0000000000000040
baa0: ffffff8008b45b58 00000000000001c0 ffffffc97417baf0 ffffff80080eddb4
bac0: 0000000000000003 ffffffc078fe0080 ffffffc078fe0960 ffffffc078fe0940
bae0: 0000000000000000 0000000000000000 00000000007fffc0 0000000000000004
bb00: 0000000000000000 0000000000000040 000000000000003f 0000000000000000
bb20: 0000000000000000 0000000000000000 0000000000000000 0000000000000001
bb40: ffffffc078fe0960 0000000000000018 ffffffffffffffff 0008669628000000
[<ffffff80083a002c>] __memset+0x1ac/0x200
[<ffffff8008599814>] coresight_enable_path+0xa8/0x1dc
[<ffffff8008599b10>] coresight_enable+0x88/0x1b8
[<ffffff8008599d88>] enable_source_store+0x3c/0x6c
[<ffffff800845eaf4>] dev_attr_store+0x18/0x28
[<ffffff80082829e8>] sysfs_kf_write+0x54/0x64
[<ffffff8008281c30>] kernfs_fop_write+0x148/0x1d8
[<ffffff8008200128>] __vfs_write+0x28/0x110
[<ffffff8008200e88>] vfs_write+0xa0/0x198
[<ffffff80082021b0>] SyS_write+0x44/0xa0
[<ffffff8008084e70>] el0_svc_naked+0x24/0x28
Code: 91010108 54ffff4a 8b040108 cb050042 (d50b7428)
This patch fixes the issue by clearing the drvdata->vaddr while we free
the allocated buffer at the end of a session, so that we allocate the
memory again.
Cc: mathieu.poirier@linaro.org
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
_coresight_build_path assumes that all the connections of a csdev
has the child_dev initialised. This may not be true if the particular
component is not supported by the kernel config(e.g TPIU) but is
present in the DT. In which case, building a path can cause a crash like this :
Unable to handle kernel NULL pointer dereference at virtual address 00000010
pgd = ffffffc9750dd000
[00000010] *pgd=00000009f5e90003, *pud=00000009f5e90003, *pmd=0000000000000000
Internal error: Oops: 96000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 4 PID: 1348 Comm: bash Not tainted 4.6.0-next-20160517 #1646
Hardware name: ARM Juno development board (r0) (DT)
task: ffffffc97517a280 ti: ffffffc9762c4000 task.ti: ffffffc9762c4000
PC is at _coresight_build_path+0x18/0xe4
LR is at _coresight_build_path+0xc0/0xe4
pc : [<ffffff80083d5130>] lr : [<ffffff80083d51d8>] pstate: 20000145
sp : ffffffc9762c7ba0
[<ffffff80083d5130>] _coresight_build_path+0x18/0xe4
[<ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<ffffff80083d51d8>] _coresight_build_path+0xc0/0xe4
[<ffffff80083d5cdc>] coresight_build_path+0x40/0x68
[<ffffff80083d5e14>] coresight_enable+0x74/0x1bc
[<ffffff80083d60a0>] enable_source_store+0x3c/0x6c
[<ffffff800830b17c>] dev_attr_store+0x18/0x28
[<ffffff80081ca9c4>] sysfs_kf_write+0x40/0x50
[<ffffff80081c9e38>] kernfs_fop_write+0x140/0x1cc
[<ffffff8008163ec8>] __vfs_write+0x28/0x110
[<ffffff8008164bf0>] vfs_write+0xa0/0x174
[<ffffff8008165d18>] SyS_write+0x44/0xa0
[<ffffff8008084e70>] el0_svc_naked+0x24/0x28
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/chanwoo/extcon into char-misc-linus
Chanwoo writes:
Update extcon for v4.7-rc4
This patch fixes the following issue:
- In the extcon-palmas.c, fix the state of VBUS when using GPIO detection.
If probe funticon don't check the state during probe, the extcon client
driver cannot get the state of VBUS gpio until the user detach the connector
and attach the connector again.
|
|
Daniel Borkmann says:
====================
bpf: improve fd array release
This set improves BPF perf fd array map release wrt to purging
entries, first two extend the API as needed. Please see individual
patches for more details.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The behavior of perf event arrays are quite different from all
others as they are tightly coupled to perf event fds, f.e. shown
recently by commit e03e7ee34fdd ("perf/bpf: Convert perf_event_array
to use struct file") to make refcounting on perf event more robust.
A remaining issue that the current code still has is that since
additions to the perf event array take a reference on the struct
file via perf_event_get() and are only released via fput() (that
cleans up the perf event eventually via perf_event_release_kernel())
when the element is either manually removed from the map from user
space or automatically when the last reference on the perf event
map is dropped. However, this leads us to dangling struct file's
when the map gets pinned after the application owning the perf
event descriptor exits, and since the struct file reference will
in such case only be manually dropped or via pinned file removal,
it leads to the perf event living longer than necessary, consuming
needlessly resources for that time.
Relations between perf event fds and bpf perf event map fds can be
rather complex. F.e. maps can act as demuxers among different perf
event fds that can possibly be owned by different threads and based
on the index selection from the program, events get dispatched to
one of the per-cpu fd endpoints. One perf event fd (or, rather a
per-cpu set of them) can also live in multiple perf event maps at
the same time, listening for events. Also, another requirement is
that perf event fds can get closed from application side after they
have been attached to the perf event map, so that on exit perf event
map will take care of dropping their references eventually. Likewise,
when such maps are pinned, the intended behavior is that a user
application does bpf_obj_get(), puts its fds in there and on exit
when fd is released, they are dropped from the map again, so the map
acts rather as connector endpoint. This also makes perf event maps
inherently different from program arrays as described in more detail
in commit c9da161c6517 ("bpf: fix clearing on persistent program
array maps").
To tackle this, map entries are marked by the map struct file that
added the element to the map. And when the last reference to that map
struct file is released from user space, then the tracked entries
are purged from the map. This is okay, because new map struct files
instances resp. frontends to the anon inode are provided via
bpf_map_new_fd() that is called when we invoke bpf_obj_get_user()
for retrieving a pinned map, but also when an initial instance is
created via map_create(). The rest is resolved by the vfs layer
automatically for us by keeping reference count on the map's struct
file. Any concurrent updates on the map slot are fine as well, it
just means that perf_event_fd_array_release() needs to delete less
of its own entires.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
This patch extends map_fd_get_ptr() callback that is used by fd array
maps, so that struct file pointer from the related map can be passed
in. It's safe to remove map_update_elem() callback for the two maps since
this is only allowed from syscall side, but not from eBPF programs for these
two map types. Like in per-cpu map case, bpf_fd_array_map_update_elem()
needs to be called directly here due to the extra argument.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Add a release callback for maps that is invoked when the last
reference to its struct file is gone and the struct file about
to be released by vfs. The handler will be used by fd array maps.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Hayes Wang says:
====================
r8152: fix known issues
These patches fix some known issues.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The rx early size should be
(agg_buf_sz - packet size) / 8
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Reset the BMU to clear the rx/tx fifo. This avoids that the unexpected
data remains in the hw.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Disable MAC clock speed down. It may casue the first control
transfer to contain the wrong data, when the power state change
from U1 to U0.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Alexei Starovoitov says:
====================
bpf fixes
Fixes for two bpf bugs:
1st bug reported by Sasha Goldshtein here:
https://github.com/iovisor/bcc/issues/570
2nd discovered by Daniel Borkmann by manual code analysis.
See patches for details.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
similar to bpf_perf_event_output() the bpf_perf_event_read() helper
needs to check the type of the perf_event before reading the counter.
Fixes: a43eec304259 ("bpf: introduce bpf_perf_event_output() helper")
Reported-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The ctx structure passed into bpf programs is different depending on bpf
program type. The verifier incorrectly marked ctx->data and ctx->data_end
access based on ctx offset only. That caused loads in tracing programs
int bpf_prog(struct pt_regs *ctx) { .. ctx->ax .. }
to be incorrectly marked as PTR_TO_PACKET which later caused verifier
to reject the program that was actually valid in tracing context.
Fix this by doing program type specific matching of ctx offsets.
Fixes: 969bf05eb3ce ("bpf: direct packet access")
Reported-by: Sasha Goldshtein <goldshtn@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"The main drm fixes pull for rc4: one regression fix in the connector
refcounting, and an MST fix.
There rest is nouveau, amdkfd, i915, etnaviv, and radeon/amdgpu fixes,
mostly regression or black screen fixes"
* tag 'drm-fixes-for-v4.7-rc4' of git://people.freedesktop.org/~airlied/linux: (23 commits)
drm/etnaviv: initialize iommu domain page size
drm/nouveau/iccsense: fix memory leak
drm/nouveau/Revert "drm/nouveau/device/pci: set as non-CPU-coherent on ARM64"
drm/amd/powerplay: select samu dpm 0 as boot level on polaris.
drm/amd/powerplay: update powerplay table parsing
drm/dp/mst: Always clear proposed vcpi table for port.
drm/crtc: only store the necessary data for set_config rollback
drm/crtc: fix connector reference counting mismatch in drm_crtc_helper_set_config
drm/i915/ilk: Don't disable SSC source if it's in use
Revert "drm/amdgpu: add pipeline sync while vmid switch in same ctx"
drm/amdgpu/gfx7: fix broken condition check
drm/radeon: fix asic initialization for virtualized environments
amdgpu: fix asic initialization for virtualized environments (v2)
drm/radeon: don't use fractional dividers on RS[78]80 if SS is enabled
drm/radeon: do not hard reset GPU while freezing on r600/r700 family
drm/i915: Extract physical display dimensions from VBT
drm/i915: Check VBT for port presence in addition to the strap on VLV/CHV
drm/i915: Only ignore eDP ports that are connected
drm/i915: Silence "unexpected child device config size" for VBT on 845g
drm/i915: Fix NULL pointer deference when out of PLLs in IVB
...
|
|
git://git.infradead.org/users/dvhart/linux-platform-drivers-x86
Pull x86 platform driver fixes from Darren Hart:
"Minor kconfig dependency cleanup, trivial mic mute hotkey for ideapad,
and a needed improvement in adaptive keyboard detection for thinkpad:
platform/x86:
- Drop duplicate dependencies on X86
thinkpad_acpi:
- Add support for HKEY version 0x200
ideapad_laptop:
- Add an event for mic mute hotkey"
* tag 'platform-drivers-x86-v4.7-2' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86:
platform/x86: Drop duplicate dependencies on X86
thinkpad_acpi: Add support for HKEY version 0x200
ideapad_laptop: Add an event for mic mute hotkey
|
|
Edward Cree says:
====================
sfc: RX VLAN filtering
Adds support for VLAN-qualified receive filters on EF10 hardware.
This is needed when running as a guest if the hypervisor has enabled
vfs-vlan-restrict, in which case the firmware rejects filters not qualified
with VLAN 0.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
If vPort has VLAN_RESTRICT flag, VLAN tagged traffic will not be
delivered without corresponding Rx filters which may be proxied to and
moderated by hypervisor.
Signed-off-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
If should be done after net_dev->hw_features initialization, to keep the
feature there to be able to enable it later using ethtool.
VLAN filtering is enforced and fixed if vPort requires usage of VLAN
filters to receive tagged traffic.
Signed-off-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
If it is not supported we simply disable the feature.
For the feature to work we need firmware filter support for
OUTER_VID + LOC_MAC and for OUTER_VID + LOC_MAC_IG.
The low-latency firmware can match on OUTER_VID + LOC_MAC but not on
OUTER_VID + LOC_MAC_IG.
For the capture packet firmware it is the other way around.
Only the full-feature variant can match on both combinations.
Incorporates a fix by Andrew Rybchenko <Andrew.Rybchenko@oktetlabs.ru>
in the net_dev->[hw_]features handling.
Signed-off-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Filter match flags are not unique criteria to be mapped to priority
because of both unknown unicast and unknown multicast are mapped to
LOC_MAC_IG. So, local MAC is required to map filter to priority.
MCDI filter flags is unique criteria to find filter priority.
Signed-off-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
