| Age | Commit message (Collapse) | Author |
|---|
|
dvb_detach(arg) calls symbol_put_addr(arg), where arg should be a pointer
to a function. Right now a pointer to state->dib7000p_ops is passed to
dvb_detach(), which causes a BUG() in symbol_put_addr() as discovered by
syzkaller. Pass state->dib7000p_ops.set_wbd_ref instead.
------------[ cut here ]------------
kernel BUG at kernel/module.c:1081!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 1151 Comm: kworker/1:1 Tainted: G W
4.14.0-rc1-42251-gebb2c2437d80 #224
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Workqueue: usb_hub_wq hub_event
task: ffff88006a336300 task.stack: ffff88006a7c8000
RIP: 0010:symbol_put_addr+0x54/0x60 kernel/module.c:1083
RSP: 0018:ffff88006a7ce210 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff880062a8d190 RCX: 0000000000000000
RDX: dffffc0000000020 RSI: ffffffff85876d60 RDI: ffff880062a8d190
RBP: ffff88006a7ce218 R08: 1ffff1000d4f9c12 R09: 1ffff1000d4f9ae4
R10: 1ffff1000d4f9bed R11: 0000000000000000 R12: ffff880062a8d180
R13: 00000000ffffffed R14: ffff880062a8d190 R15: ffff88006947c000
FS: 0000000000000000(0000) GS:ffff88006c900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6416532000 CR3: 00000000632f5000 CR4: 00000000000006e0
Call Trace:
stk7070p_frontend_attach+0x515/0x610
drivers/media/usb/dvb-usb/dib0700_devices.c:1013
dvb_usb_adapter_frontend_init+0x32b/0x660
drivers/media/usb/dvb-usb/dvb-usb-dvb.c:286
dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:86
dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:162
dvb_usb_device_init+0xf70/0x17f0 drivers/media/usb/dvb-usb/dvb-usb-init.c:277
dib0700_probe+0x171/0x5a0 drivers/media/usb/dvb-usb/dib0700_core.c:886
usb_probe_interface+0x35d/0x8e0 drivers/usb/core/driver.c:361
really_probe drivers/base/dd.c:413
driver_probe_device+0x610/0xa00 drivers/base/dd.c:557
__device_attach_driver+0x230/0x290 drivers/base/dd.c:653
bus_for_each_drv+0x161/0x210 drivers/base/bus.c:463
__device_attach+0x26e/0x3d0 drivers/base/dd.c:710
device_initial_probe+0x1f/0x30 drivers/base/dd.c:757
bus_probe_device+0x1eb/0x290 drivers/base/bus.c:523
device_add+0xd0b/0x1660 drivers/base/core.c:1835
usb_set_configuration+0x104e/0x1870 drivers/usb/core/message.c:1932
generic_probe+0x73/0xe0 drivers/usb/core/generic.c:174
usb_probe_device+0xaf/0xe0 drivers/usb/core/driver.c:266
really_probe drivers/base/dd.c:413
driver_probe_device+0x610/0xa00 drivers/base/dd.c:557
__device_attach_driver+0x230/0x290 drivers/base/dd.c:653
bus_for_each_drv+0x161/0x210 drivers/base/bus.c:463
__device_attach+0x26e/0x3d0 drivers/base/dd.c:710
device_initial_probe+0x1f/0x30 drivers/base/dd.c:757
bus_probe_device+0x1eb/0x290 drivers/base/bus.c:523
device_add+0xd0b/0x1660 drivers/base/core.c:1835
usb_new_device+0x7b8/0x1020 drivers/usb/core/hub.c:2457
hub_port_connect drivers/usb/core/hub.c:4903
hub_port_connect_change drivers/usb/core/hub.c:5009
port_event drivers/usb/core/hub.c:5115
hub_event+0x194d/0x3740 drivers/usb/core/hub.c:5195
process_one_work+0xc7f/0x1db0 kernel/workqueue.c:2119
worker_thread+0x221/0x1850 kernel/workqueue.c:2253
kthread+0x3a1/0x470 kernel/kthread.c:231
ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
Code: ff ff 48 85 c0 74 24 48 89 c7 e8 48 ea ff ff bf 01 00 00 00 e8
de 20 e3 ff 65 8b 05 b7 2f c2 7e 85 c0 75 c9 e8 f9 0b c1 ff eb c2 <0f>
0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 b8 00 00
RIP: symbol_put_addr+0x54/0x60 RSP: ffff88006a7ce210
---[ end trace b75b357739e7e116 ]---
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
|
|
There is no need to repeat what check_range() does for us, i.e. BITMASK
validation in v4l2_ctrl_new().
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
|
|
The driver mmap functions shouldn't take lock when calling vb2_mmap().
Fix it to not take the lock. The following lockdep warning is fixed
with this change.
[ 2106.181412] ======================================================
[ 2106.187563] WARNING: possible circular locking dependency detected
[ 2106.193718] 4.14.0-rc2-00002-gfab205f-dirty #4 Not tainted
[ 2106.199175] ------------------------------------------------------
[ 2106.205328] qtdemux0:sink/2614 is trying to acquire lock:
[ 2106.210701] (&dev->mfc_mutex){+.+.}, at: [<bf175544>] s5p_mfc_mmap+0x28/0xd4 [s5p_mfc]
[ 2106.218672]
[ 2106.218672] but task is already holding lock:
[ 2106.224477] (&mm->mmap_sem){++++}, at: [<c01df2e4>] vm_mmap_pgoff+0x44/0xb8
[ 2106.231497]
[ 2106.231497] which lock already depends on the new lock.
[ 2106.231497]
[ 2106.239642]
[ 2106.239642] the existing dependency chain (in reverse order) is:
[ 2106.247095]
[ 2106.247095] -> #1 (&mm->mmap_sem){++++}:
[ 2106.252473] __might_fault+0x80/0xb0
[ 2106.256567] video_usercopy+0x1cc/0x510 [videodev]
[ 2106.261845] v4l2_ioctl+0xa4/0xdc [videodev]
[ 2106.266596] do_vfs_ioctl+0xa0/0xa18
[ 2106.270667] SyS_ioctl+0x34/0x5c
[ 2106.274395] ret_fast_syscall+0x0/0x28
[ 2106.278637]
[ 2106.278637] -> #0 (&dev->mfc_mutex){+.+.}:
[ 2106.284186] lock_acquire+0x6c/0x88
[ 2106.288173] __mutex_lock+0x68/0xa34
[ 2106.292244] mutex_lock_interruptible_nested+0x1c/0x24
[ 2106.297893] s5p_mfc_mmap+0x28/0xd4 [s5p_mfc]
[ 2106.302747] v4l2_mmap+0x54/0x88 [videodev]
[ 2106.307409] mmap_region+0x3a8/0x638
[ 2106.311480] do_mmap+0x330/0x3a4
[ 2106.315207] vm_mmap_pgoff+0x90/0xb8
[ 2106.319279] SyS_mmap_pgoff+0x90/0xc0
[ 2106.323439] ret_fast_syscall+0x0/0x28
[ 2106.327683]
[ 2106.327683] other info that might help us debug this:
[ 2106.327683]
[ 2106.335656] Possible unsafe locking scenario:
[ 2106.335656]
[ 2106.341548] CPU0 CPU1
[ 2106.346053] ---- ----
[ 2106.350559] lock(&mm->mmap_sem);
[ 2106.353939] lock(&dev->mfc_mutex);
[ 2106.353939] lock(&dev->mfc_mutex);
[ 2106.365897] lock(&dev->mfc_mutex);
[ 2106.369450]
[ 2106.369450] *** DEADLOCK ***
[ 2106.369450]
[ 2106.375344] 1 lock held by qtdemux0:sink/2614:
[ 2106.379762] #0: (&mm->mmap_sem){++++}, at: [<c01df2e4>] vm_mmap_pgoff+0x44/0xb8
[ 2106.387214]
[ 2106.387214] stack backtrace:
[ 2106.391550] CPU: 7 PID: 2614 Comm: qtdemux0:sink Not tainted 4.14.0-rc2-00002-gfab205f-dirty #4
[ 2106.400213] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
[ 2106.406285] [<c01102c8>] (unwind_backtrace) from [<c010cabc>] (show_stack+0x10/0x14)
[ 2106.413995] [<c010cabc>] (show_stack) from [<c08543a4>] (dump_stack+0x98/0xc4)
[ 2106.421187] [<c08543a4>] (dump_stack) from [<c016b2fc>] (print_circular_bug+0x254/0x410)
[ 2106.429245] [<c016b2fc>] (print_circular_bug) from [<c016c580>] (check_prev_add+0x468/0x938)
[ 2106.437651] [<c016c580>] (check_prev_add) from [<c016f4dc>] (__lock_acquire+0x1314/0x14fc)
[ 2106.445883] [<c016f4dc>] (__lock_acquire) from [<c016fefc>] (lock_acquire+0x6c/0x88)
[ 2106.453596] [<c016fefc>] (lock_acquire) from [<c0869fb4>] (__mutex_lock+0x68/0xa34)
[ 2106.461221] [<c0869fb4>] (__mutex_lock) from [<c086aa08>] (mutex_lock_interruptible_nested+0x1c/0x24)
[ 2106.470425] [<c086aa08>] (mutex_lock_interruptible_nested) from [<bf175544>] (s5p_mfc_mmap+0x28/0xd4 [s5p_mfc])
[ 2106.480494] [<bf175544>] (s5p_mfc_mmap [s5p_mfc]) from [<bf037120>] (v4l2_mmap+0x54/0x88 [videodev])
[ 2106.489575] [<bf037120>] (v4l2_mmap [videodev]) from [<c01f4798>] (mmap_region+0x3a8/0x638)
[ 2106.497875] [<c01f4798>] (mmap_region) from [<c01f4d58>] (do_mmap+0x330/0x3a4)
[ 2106.505068] [<c01f4d58>] (do_mmap) from [<c01df330>] (vm_mmap_pgoff+0x90/0xb8)
[ 2106.512260] [<c01df330>] (vm_mmap_pgoff) from [<c01f28cc>] (SyS_mmap_pgoff+0x90/0xc0)
[ 2106.520059] [<c01f28cc>] (SyS_mmap_pgoff) from [<c0108820>] (ret_fast_syscall+0x0/0x28)
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Suggested-by: Hans Verkuil <hansverk@cisco.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Acked-by: Hans Verkuil <hansverk@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
|
|
Follow-up to: ead666000a5f ("media: dvb_frontend: only use kref after initialized")
The aforementioned commit fixed refcount OOPSes when demod driver attaching
succeeded but tuner driver didn't. However, the use count of the attached
demod drivers don't go back to zero and thus couldn't be cleanly unloaded.
Improve on this by calling dvb_frontend_invoke_release() in
__dvb_frontend_free() regardless of fepriv being NULL, instead of returning
when fepriv is NULL. This is safe to do since _invoke_release() will check
for passed pointers being valid before calling the .release() function.
[mchehab@s-opensource.com: changed the logic a little bit to reduce
conflicts with another bug fix patch under review]
Fixes: ead666000a5f ("media: dvb_frontend: only use kref after initialized")
Signed-off-by: Daniel Scheller <d.scheller@gmx.net>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
|
|
Conflicts:
arch/x86/include/asm/x2apic.h
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
|
Check on return value and goto instruction is redundant as the code
that follows is the goto label err.
Addresses-Coverity-ID: 1268783
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
|
|
Conflicts:
include/linux/compiler-clang.h
include/linux/compiler-gcc.h
include/linux/compiler-intel.h
include/uapi/linux/stddef.h
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
|
Conflicts:
tools/perf/arch/arm/annotate/instructions.c
tools/perf/arch/arm64/annotate/instructions.c
tools/perf/arch/powerpc/annotate/instructions.c
tools/perf/arch/s390/annotate/instructions.c
tools/perf/arch/x86/tests/intel-cqm.c
tools/perf/ui/tui/progress.c
tools/perf/util/zlib.c
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
|
Add ID 044f:b605 ThrustMaster, Inc. force feedback Racing Wheel
Signed-off-by: Viktor Chapliev <viktor-tch@yandex.ru>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
|
Don't populate array addr_list on the stack but instead make it
static. Makes the object code smaller by over 360 bytes:
Before:
text data bss dec hex filename
8036 1488 192 9716 25f4 au0828-input.o
After:
text data bss dec hex filename
7696 1488 192 9376 24a0 au0828-input.o
(gcc version 7.2.0 x86_64)
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
|
|
Don't populate arrays default_addr_list and pvr2000_addr_list on the
stack but instead make them static. Makes the object code smaller by
over 340 bytes:
Before:
text data bss dec hex filename
12520 2800 64 15384 3c18 drivers/media/pci/cx88/cx88-input.o
After:
text data bss dec hex filename
12142 2832 64 15038 3abe drivers/media/pci/cx88/cx88-input.o
(gcc version 7.2.0 x86_64)
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
|
|
Don't populate array fastIncrDecLUT on the stack but instead make it
static. Makes the object code smaller by over 360 bytes:
text data bss dec hex filename
32680 944 64 33688 8398 drxd_hard.o
text data bss dec hex filename
32223 1040 64 33327 822f drxd_hard.o
(gcc version 7.2.0 x86_64)
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
|
|
Trivial fix to spelling mistake in error message text
[mchehab@s-opensource.org: folded all similar patches into one]
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
|
|
Fix 2 build warnings.
These functions are void, so drop the "return"s.
./drivers/media/pci/ddbridge/ddbridge-io.h: warning: 'return' with a value, in function returning void [enabled by default]: => 50:2, 55:2
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Daniel Scheller <d.scheller.oss@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
|
|
Using the deprecated do_gettimeofday() in print_time() will overflow
in 2038 on 32-bit architectures. It'sbetter to use a structure that
is safe everywhere. While we're at it, fix the missing leading zeroes
on the sub-second portion.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
|
|
Firmware load on AS102 is using the stack which is not allowed any
longer. We currently fail with:
kernel: transfer buffer not dma capable
kernel: ------------[ cut here ]------------
kernel: WARNING: CPU: 0 PID: 598 at drivers/usb/core/hcd.c:1595 usb_hcd_map_urb_for_dma+0x41d/0x620
kernel: Modules linked in: amd64_edac_mod(-) edac_mce_amd as102_fe dvb_as102(+) kvm_amd kvm snd_hda_codec_realtek dvb_core snd_hda_codec_generic snd_hda_codec_hdmi snd_hda_intel snd_hda_codec irqbypass crct10dif_pclmul crc32_pclmul snd_hda_core snd_hwdep snd_seq ghash_clmulni_intel sp5100_tco fam15h_power wmi k10temp i2c_piix4 snd_seq_device snd_pcm snd_timer parport_pc parport tpm_infineon snd tpm_tis soundcore tpm_tis_core tpm shpchp acpi_cpufreq xfs libcrc32c amdgpu amdkfd amd_iommu_v2 radeon hid_logitech_hidpp i2c_algo_bit drm_kms_helper crc32c_intel ttm drm r8169 mii hid_logitech_dj
kernel: CPU: 0 PID: 598 Comm: systemd-udevd Not tainted 4.13.10-200.fc26.x86_64 #1
kernel: Hardware name: ASUS All Series/AM1I-A, BIOS 0505 03/13/2014
kernel: task: ffff979933b24c80 task.stack: ffffaf83413a4000
kernel: RIP: 0010:usb_hcd_map_urb_for_dma+0x41d/0x620
systemd-fsck[659]: /dev/sda2: clean, 49/128016 files, 268609/512000 blocks
kernel: RSP: 0018:ffffaf83413a7728 EFLAGS: 00010282
systemd-udevd[604]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
kernel: RAX: 000000000000001f RBX: ffff979930bce780 RCX: 0000000000000000
kernel: RDX: 0000000000000000 RSI: ffff97993ec0e118 RDI: ffff97993ec0e118
kernel: RBP: ffffaf83413a7768 R08: 000000000000039a R09: 0000000000000000
kernel: R10: 0000000000000001 R11: 00000000ffffffff R12: 00000000fffffff5
kernel: R13: 0000000001400000 R14: 0000000000000001 R15: ffff979930806800
kernel: FS: 00007effaca5c8c0(0000) GS:ffff97993ec00000(0000) knlGS:0000000000000000
kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 00007effa9fca962 CR3: 0000000233089000 CR4: 00000000000406f0
kernel: Call Trace:
kernel: usb_hcd_submit_urb+0x493/0xb40
kernel: ? page_cache_tree_insert+0x100/0x100
kernel: ? xfs_iunlock+0xd5/0x100 [xfs]
kernel: ? xfs_file_buffered_aio_read+0x57/0xc0 [xfs]
kernel: usb_submit_urb+0x22d/0x560
kernel: usb_start_wait_urb+0x6e/0x180
kernel: usb_bulk_msg+0xb8/0x160
kernel: as102_send_ep1+0x49/0xe0 [dvb_as102]
kernel: ? devres_add+0x3f/0x50
kernel: as102_firmware_upload.isra.0+0x1dc/0x210 [dvb_as102]
kernel: as102_fw_upload+0xb6/0x1f0 [dvb_as102]
kernel: as102_dvb_register+0x2af/0x2d0 [dvb_as102]
kernel: as102_usb_probe+0x1f3/0x260 [dvb_as102]
kernel: usb_probe_interface+0x124/0x300
kernel: driver_probe_device+0x2ff/0x450
kernel: __driver_attach+0xa4/0xe0
kernel: ? driver_probe_device+0x450/0x450
kernel: bus_for_each_dev+0x6e/0xb0
kernel: driver_attach+0x1e/0x20
kernel: bus_add_driver+0x1c7/0x270
kernel: driver_register+0x60/0xe0
kernel: usb_register_driver+0x81/0x150
kernel: ? 0xffffffffc0807000
kernel: as102_usb_driver_init+0x1e/0x1000 [dvb_as102]
kernel: do_one_initcall+0x50/0x190
kernel: ? __vunmap+0x81/0xb0
kernel: ? kfree+0x154/0x170
kernel: ? kmem_cache_alloc_trace+0x15f/0x1c0
kernel: ? do_init_module+0x27/0x1e9
kernel: do_init_module+0x5f/0x1e9
kernel: load_module+0x2602/0x2c30
kernel: SYSC_init_module+0x170/0x1a0
kernel: ? SYSC_init_module+0x170/0x1a0
kernel: SyS_init_module+0xe/0x10
kernel: do_syscall_64+0x67/0x140
kernel: entry_SYSCALL64_slow_path+0x25/0x25
kernel: RIP: 0033:0x7effab6cf3ea
kernel: RSP: 002b:00007fff5cfcbbc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000af
kernel: RAX: ffffffffffffffda RBX: 00005569e0b83760 RCX: 00007effab6cf3ea
kernel: RDX: 00007effac2099c5 RSI: 0000000000009a13 RDI: 00005569e0b98c50
kernel: RBP: 00007effac2099c5 R08: 00005569e0b83ed0 R09: 0000000000001d80
kernel: R10: 00007effab98db00 R11: 0000000000000246 R12: 00005569e0b98c50
kernel: R13: 00005569e0b81c60 R14: 0000000000020000 R15: 00005569dfadfdf7
kernel: Code: 48 39 c8 73 30 80 3d 59 60 9d 00 00 41 bc f5 ff ff ff 0f 85 26 ff ff ff 48 c7 c7 b8 6b d0 92 c6 05 3f 60 9d 00 01 e8 24 3d ad ff <0f> ff 8b 53 64 e9 09 ff ff ff 65 48 8b 0c 25 00 d3 00 00 48 8b
kernel: ---[ end trace c4cae366180e70ec ]---
kernel: as10x_usb: error during firmware upload part1
Let's allocate the the structure dynamically so we can get the firmware
loaded correctly:
[ 14.243057] as10x_usb: firmware: as102_data1_st.hex loaded with success
[ 14.500777] as10x_usb: firmware: as102_data2_st.hex loaded with success
Signed-off-by: Michele Baldessari <michele@acksyn.org>
Cc: stable@vger.kernel.org
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
|
|
The commit aef69d54755d45ed ("media: v4l: fwnode: Add a convenience
function for registering sensors") adds the function
v4l2_async_notifier_parse_fwnode_sensor_common() to parse and register a
subdevice and a subdev-notifier by parsing firmware information. This
new subdev-notifier is stored in the new field 'subdev_notifier' in
struct v4l2_subdev.
In v4l2_async_unregister_subdev() this field is used to unregister and
cleanup the subdev-notifier. A check for if the subdev-notifier is
initialized or not was forgotten leading to a NULL pointer dereference
in v4l2_async_notifier_cleanup() if a subdevice do not use the optional
convince function to initialize the field.
Fix this by checking in v4l2_async_notifier_cleanup() that it is
provided whit a notifier making it safe to call with a NULL parameter.
Fixes: aef69d54755d45ed ("media: v4l: fwnode: Add a convenience function for registering sensors")
Signed-off-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
|
|
A shadow declaration of variable ret is being assigned a return error
status and this value is being lost when the error exit goto's jump
out of the local scope. This leads to an uninitalized error return value
in the outer scope being returned. Fix this by removing the inner scoped
declaration of variable ret.
Detected by CoverityScan, CID#1460380 ("Uninitialized scalar variable")
Fixes: fb45f436b818 ("media: v4l: async: Fix notifier complete callback error handling")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
|
|
The variable ret is being checked for failure however it is not being set
from the return status from the call to imx274_mode_regs. Currently ret is
alwayus zero and the check is redundant. Fix this by assigning it.
Detected by CoverityScan, CID#1460278 ("Logically dead code")
Fixes: 0985dd306f72 ("media: imx274: V4l2 driver for Sony imx274 CMOS sensor")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
|
|
git://people.freedesktop.org/~syeh/repos_linux into drm-fixes
One vmwgfx blackscreen fix and trivial patch.
* 'drm-vmwgfx-fixes' of git://people.freedesktop.org/~syeh/repos_linux:
drm/vmwgfx: Fix Ubuntu 17.10 Wayland black screen issue
drm/vmwgfx: constify vmw_fence_ops
|
|
The pr_err() in q6v5_xfer_mem_ownership() prints, upon failure, the
memory range that failed to be transitioned. But on 32-bit architectures
with CONFIG_PHYS_ADDR_T_64BIT set we cannot cast the phys_addr_t
variable to a pointer, per below build error. Instead these should be
formatted with %pap.
In file included from include/linux/kernel.h:14:0,
from include/linux/clk.h:16,
from drivers/remoteproc/qcom_q6v5_pil.c:18:
drivers/remoteproc/qcom_q6v5_pil.c: In function 'q6v5_xfer_mem_ownership':
drivers/remoteproc/qcom_q6v5_pil.c:337:10: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast]
(void *)addr, (void *)(addr + size),
^
Most callers will upon failure print a specific error message describing
which memory region that we failed to pass ownership of, so rather than
fixing the format string this patch fixes up the last callers and drop
the print from this function, saving us from spamming the log in most of
these error cases.
Fixes: 6c5a9dc2481b ("remoteproc: qcom: Make secure world call for mem ownership switch")
Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
|
|
Change hwspinlock to a bool in case some drivers will meet dependency
issue when hwspinlock is built as a module.
Signed-off-by: Baolin Wang <baolin.wang@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
|
|
This patch offers the capability to dump memory carveouts associated
to one remoteprocessor.
Signed-off-by: Loic Pallardy <loic.pallardy@st.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
|
|
This patch adds the capability to display the content of
the resource table associated to a remote processor firmware.
Signed-off-by: Loic Pallardy <loic.pallardy@st.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
|
|
Avoid that the following is reported while loading the qla2xxx
kernel module:
BUG: using smp_processor_id() in preemptible [00000000] code: modprobe/783
caller is debug_smp_processor_id+0x17/0x20
CPU: 7 PID: 783 Comm: modprobe Not tainted 4.14.0-rc8-dbg+ #2
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Call Trace:
dump_stack+0x8e/0xce
check_preemption_disabled+0xe3/0xf0
debug_smp_processor_id+0x17/0x20
qla2x00_probe_one+0xf43/0x26c0 [qla2xxx]
pci_device_probe+0xca/0x140
driver_probe_device+0x2e2/0x440
__driver_attach+0xa3/0xe0
bus_for_each_dev+0x5f/0x90
driver_attach+0x19/0x20
bus_add_driver+0x1c0/0x260
driver_register+0x5b/0xd0
__pci_register_driver+0x63/0x70
qla2x00_module_init+0x1d6/0x222 [qla2xxx]
do_one_initcall+0x3c/0x163
do_init_module+0x55/0x1eb
load_module+0x20a2/0x2890
SYSC_finit_module+0xd7/0xf0
SyS_finit_module+0x9/0x10
entry_SYSCALL_64_fastpath+0x23/0xc2
Fixes: commit 8abfa9e22683 ("scsi: qla2xxx: Add function call to qpair for door bell")
Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
Cc: Quinn Tran <quinn.tran@cavium.com>
Cc: Himanshu Madhani <himanshu.madhani@cavium.com>
Cc: <stable@vger.kernel.org>
Acked-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
The newly added base_make_prp_nvme function triggers a build warning on
some 32-bit configurations:
drivers/scsi/mpt3sas/mpt3sas_base.c: In function 'base_make_prp_nvme':
drivers/scsi/mpt3sas/mpt3sas_base.c:1664:13: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
msg_phys = (dma_addr_t)mpt3sas_base_get_pcie_sgl_dma(ioc, smid);
After taking a closer look, I found that the problem is that the new
code mixes up pointers and dma_addr_t values unnecessarily.
This changes it to use the correct types consistently, which lets us get
rid of a lot of type casts in the process. I'm also renaming some
variables to avoid confusion between physical and dma address spaces
that are often distinct.
Fixes: 016d5c35e278 ("scsi: mpt3sas: SGL to PRP Translation for I/Os to NVMe devices")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Sathya Prakash Veerichetty <sathya.prakash@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
Use kasprintf instead of combination of kmalloc and sprintf. Also,
remove BEISCSI_MSI_NAME macro used to specify size of string as
kasprintf handles size computations.
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
Reviewed-by: Kyle Fortin <kyle.fortin@oracle.com>
Reviewed-by: Jitendra Bhivare <jitendra.bhivare@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
When there are multiple disks attached to the same SCSI controller, the
host may send several VSTOR_OPERATION_REMOVE_DEVICE or
VSTOR_OPERATION_ENUMERATE_BUS messages in a row, to indicate there is a
change on the SCSI controller. In response, storvsc rescans the SCSI
host.
There is no need to do multiple scans on the same host. Fix the code to
do only one scan.
[mkp: applied by hand]
Signed-off-by: Long Li <longli@microsoft.com>
Tested-by: Cathy Avery <cavery@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
|
It is possible that the hotplug event has already happened before the
driver is attached to a PCIe hotplug downstream port. If we just clear the
status we never get the hotplug interrupt and thus the event will be
missed.
To make sure that does not happen, we leave Presence Detect Changed bit
untouched during initialization. Then once the event is unmasked we get an
interrupt and handle the hotplug event properly.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
|
|
A surprise link down may retrain very quickly causing the same slot
generate a link up event before handling the link down event completes.
Since the link is active, the power off work queued from the first link
down will cause a second down event when power is disabled. However, the
link up event sets the slot state to POWERON_STATE before the event to
handle this is enqueued, making the second down event believe it needs to
do something.
This creates constant link up and down event cycle.
To prevent this it is better to handle each event at the time in order it
occurred, so change the driver to use ordered workqueue instead.
A normal device hotplug triggers two events (presense detect and link up)
that are already handled properly in the driver but we currently log an
error if we find an existing device in the slot. Since this is not an error
change the log level to be debug instead to avoid scaring users.
This is based on the original work by Ashok Raj.
Link: https://patchwork.kernel.org/patch/9469023
Suggested-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
|
|
The same problem that we have with bus space applies to other resources
as well. Linux only allocates the minimal amount of resources so that
the devices currently present barely fit there. This prevents extending
the chain later on because the resource windows allocated for hotplug
downstream ports are too small.
Follow what we already did for bus number and assign all available extra
resources to hotplug-capable bridges. This makes it possible to extend the
hierarchy later.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
|
|
System BIOS sometimes allocates extra bus space for hotplug-capable PCIe
root/downstream ports. This space is needed if the device plugged to the
port will have more hotplug-capable downstream ports. A good example of
this is Thunderbolt. Each Thunderbolt device contains a PCIe switch and
one or more hotplug-capable PCIe downstream ports where the daisy chain
can be extended.
Currently Linux only allocates minimal bus space to make sure all the
enumerated devices barely fit there. The BIOS reserved extra space is
not taken into consideration at all. Because of this we run out of bus
space pretty quickly when more PCIe devices are attached to hotplug
downstream ports in order to extend the chain.
Modify the PCI core so we distribute the available BIOS allocated bus space
equally between hotplug-capable bridges to make sure there is enough bus
space for extending the hierarchy later on.
Update kernel docs of the affected functions.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
|
|
One can ask more buses to be reserved for hotplug bridges by passing
pci=hpbussize=N in the kernel command line. If the parent bus does not
have enough bus space available we incorrectly create child bus with the
requested number of subordinate buses.
In the example below hpbussize is set to one more than we have available
buses in the root port:
pci 0000:07:00.0: [8086:1578] type 01 class 0x060400
pci 0000:07:00.0: scanning [bus 00-00] behind bridge, pass 0
pci 0000:07:00.0: bridge configuration invalid ([bus 00-00]), reconfiguring
pci 0000:07:00.0: scanning [bus 00-00] behind bridge, pass 1
pci_bus 0000:08: busn_res: can not insert [bus 08-ff] under [bus 07-3f] (conflicts with (null) [bus 07-3f])
pci_bus 0000:08: scanning bus
...
pci_bus 0000:0a: bus scan returning with max=40
pci_bus 0000:0a: busn_res: [bus 0a-ff] end is updated to 40
pci_bus 0000:0a: [bus 0a-40] partially hidden behind bridge 0000:07 [bus 07-3f]
pci_bus 0000:08: bus scan returning with max=40
pci_bus 0000:08: busn_res: [bus 08-ff] end is updated to 40
Instead of allowing this, limit the subordinate number to be less than or
equal the maximum subordinate number allocated for the parent bus (if it
has any).
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
[bhelgaas: remove irrelevant dmesg messages]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
|
|
The current scanning code is really hard to understand because it calls
the same function in a loop where pass value is changed without any
comments explaining it:
for (pass = 0; pass < 2; pass++)
for_each_pci_bridge(dev, bus)
max = pci_scan_bridge(bus, dev, max, pass);
Unfamiliar reader cannot tell easily what is the purpose of this loop
without looking at internals of pci_scan_bridge().
In order to make this bit easier to understand, open-code the loop in
pci_scan_child_bus() and pci_hp_add_bridge() with added comments.
No functional changes intended.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
|
|
There is not much point of having a file with a single function in it.
Instead we can just move pci_hp_add_bridge() to drivers/pci/probe.c and
make it available always when PCI core is enabled.
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
[bhelgaas: convert printk to dev_err()]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
|
|
The following pattern is often used:
list_for_each_entry(dev, &bus->devices, bus_list) {
if (pci_is_bridge(dev)) {
...
}
}
Add a for_each_pci_bridge() helper to make that code easier to write and
read by reducing indentation level. It also saves one or few lines of code
in each occurrence.
Convert PCI core parts here at the same time.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[bhelgaas: fold in http://lkml.kernel.org/r/20171013165352.25550-1-andriy.shevchenko@linux.intel.com]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
|
|
In preparation for unconditionally passing the struct timer_list pointer to
all timer callbacks, switch to using the new timer_setup() and from_timer()
to pass the timer pointer explicitly.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Arvind Yadav <arvind.yadav.cs@gmail.com>
Cc: Quentin Lambert <lambert.quentin@gmail.com>
Cc: Aleksandr Bezzubikov <zuban32s@gmail.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Marcel Apfelbaum <marcel@redhat.com>
|
|
In preparation for unconditionally passing the struct timer_list pointer to
all timer callbacks, switch to using the new timer_setup() and from_timer()
to pass the timer pointer explicitly. This has the result of fixing
pushbutton_helper_thread(), which was truncating the event pointer to 32
bits.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Arvind Yadav <arvind.yadav.cs@gmail.com>
Cc: Quentin Lambert <lambert.quentin@gmail.com>
Cc: Aleksandr Bezzubikov <zuban32s@gmail.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Marcel Apfelbaum <marcel@redhat.com>
|
|
In preparation for unconditionally passing the struct timer_list pointer to
all timer callbacks, switch to using the new timer_setup() and from_timer()
to pass the timer pointer explicitly. This fixes what appears to be a bug
in passing the wrong pointer to the timer handler (address of ctrl pointer
instead of ctrl pointer).
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Mika Westerberg <mika.westerberg@linux.intel.com>
Cc: Mayurkumar Patel <mayurkumar.patel@intel.com>
Cc: Keith Busch <keith.busch@intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
|
|
Combine two error paths that emit the same message and return the same
error code.
This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
[bhelgaas: changelog]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
|
|
Some of the PCIe services such as AER are being left enabled during
shutdown. This might cause spurious AER errors while SOC is being powered
down.
Clean up the PCIe services gracefully during shutdown to clear these false
positives.
Signed-off-by: Sinan Kaya <okaya@codeaurora.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
|
|
At least one Dell XPS13 9360 is reported to have serious issues with
the Low Power S0 Idle _DSM interface and since this machine model
generally can do ACPI S3 just fine, add a blacklist entry to disable
that interface for Dell XPS13 9360.
Fixes: 8110dd281e15 (ACPI / sleep: EC-based wakeup from suspend-to-idle on recent systems)
Link: https://bugzilla.kernel.org/show_bug.cgi?id=196907
Reported-by: Paul Menzel <pmenzel@molgen.mpg.de>
Tested-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Cc: 4.13+ <stable@vger.kernel.org> # 4.13+
|
|
mtd_partition are not supposed to change at runtime.
Functions 'mtd_device_parse_register' working with const mtd_partition
provided by <linux/mtd/mtd.h>. So mark the non-const structs as const.
Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
Driver contains unsuitable request_mem_region() and
release_resource() calls.
The patch switches manual resource management by devm interface for
readability and error-free simplification.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Anton Vasilyev <vasilyev@ispras.ru>
Suggested-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
|
|
We can end up sleeping for a while waiting for the dead timeout, which
means we could get the per request timer to fire. We did handle this
case, but if the dead timeout happened right after we submitted we'd
either tear down the connection or possibly requeue as we're handling an
error and race with the endio which can lead to panics and other
hilarity.
Fixes: 560bc4b39952 ("nbd: handle dead connections")
Cc: stable@vger.kernel.org
Signed-off-by: Josef Bacik <jbacik@fb.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
|
|
If we have a pending signal or the user kills their application then
it'll bring down the whole device, which is less than awesome. Instead
wait uninterruptible for the dead timeout so we're sure we gave it our
best shot.
Fixes: 560bc4b39952 ("nbd: handle dead connections")
Cc: stable@vger.kernel.org
Signed-off-by: Josef Bacik <jbacik@fb.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
|
|
This patch implements the driver to support the front panel LEDs
for PC Engines APU and APU2 boards.
Signed-off-by: Alan Mizrahi <alan@mizrahi.com.ve>
Signed-off-by: Jacek Anaszewski <jacek.anaszewski@gmail.com>
|
|
Grant v2 will be needed in cases where a frame number in the grant
table can exceed 32 bits. For PV guests this is a host feature, while
for HVM guests this is a guest feature.
So select grant v2 in case frame numbers can be larger than 32 bits
and grant v1 else.
For testing purposes add a way to specify the grant interface version
via a boot parameter.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|
|
Instead of having multiple variables with constants like
grant_table_version or grefs_per_grant_frame add those to struct
gnttab_ops and access them just via the gnttab_interface pointer.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|
|
As there is currently no user for sub-page grants or transient grants
remove that functionality. This at once makes it possible to switch
from grant v2 to grant v1 without restrictions, as there is no loss of
functionality other than the limited frame number width related to
the switch.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|
