| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This patch fixes an issue for control write. When usbhsf_prepare_pop()
is called after this driver called a gadget setup function, this controller
doesn't receive the control write data. So, this patch adds a code to clear
the fifo for control write in usbhsf_prepare_pop().
Signed-off-by: Kazuya Mizuguchi <kazuya.mizuguchi.ks@renesas.com>
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
|
|
when copying to iter the size can be different then the iov count,
the check for full iov is wrong and make any read on request which
is not the exactly size of iov to return -EFAULT.
So, just check the success of the copy.
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Felipe Balbi <balbi@ti.com>
|
|
Currently we always assign one of the two common implementations of
ep_offset and ep_select operations, overwriting any platform-specific
implementations.
Fixes: d026e9c76aac ("usb: musb: Change end point selection to use ...")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Felipe Balbi <balbi@ti.com>
|
|
Not checking config_ep_by_speed could lead to a kernel
NULL pointer dereference error in usb_ep_enable
Cc: Felipe Balbi <balbi@ti.com>
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
|
|
Originally FFS_FL_CALL_CLOSED_CALLBACK flag has been used to
indicate if we should call ffs_closed_callback().
Commit 4b187fceec3c ("usb: gadget: FunctionFS: add devices
management code") changed its semantic to indicate if we should
call ffs_closed() function which does a little bit more.
This situation leads to:
[ 122.362269] ------------[ cut here ]------------
[ 122.362287] WARNING: CPU: 2 PID: 2384 at drivers/usb/gadget/function/f_fs.c:3417 ffs_ep0_write+0x730/0x810 [usb_f_fs]()
[ 122.362292] Modules linked in:
[ 122.362555] CPU: 2 PID: 2384 Comm: adbd Tainted: G W 4.1.0-0.rc4.git0.1.1.fc22.i686 #1
[ 122.362561] Hardware name: To be filled by O.E.M. To be filled by O.E.M./Aptio CRB, BIOS 5.6.5 07/25/2014
[ 122.362567] c0d1f947 415badfa 00000000 d1029e64 c0a86e54 00000000 d1029e94 c045b937
[ 122.362584] c0c37f94 00000002 00000950 f9b313d4 00000d59 f9b2ebf0 f9b2ebf0 fffffff0
[ 122.362600] 00000003 deb53d00 d1029ea4 c045ba42 00000009 00000000 d1029f08 f9b2ebf0
[ 122.362617] Call Trace:
[ 122.362633] [<c0a86e54>] dump_stack+0x41/0x52
[ 122.362645] [<c045b937>] warn_slowpath_common+0x87/0xc0
[ 122.362658] [<f9b2ebf0>] ? ffs_ep0_write+0x730/0x810 [usb_f_fs]
[ 122.362668] [<f9b2ebf0>] ? ffs_ep0_write+0x730/0x810 [usb_f_fs]
[ 122.362678] [<c045ba42>] warn_slowpath_null+0x22/0x30
[ 122.362689] [<f9b2ebf0>] ffs_ep0_write+0x730/0x810 [usb_f_fs]
[ 122.362702] [<f9b2e4c0>] ? ffs_ep0_read+0x380/0x380 [usb_f_fs]
[ 122.362712] [<c05a1c1f>] __vfs_write+0x2f/0x100
[ 122.362722] [<c05a42f2>] ? __sb_start_write+0x52/0x110
[ 122.362731] [<c05a2534>] vfs_write+0x94/0x1b0
[ 122.362740] [<c0a8a1c0>] ? mutex_lock+0x10/0x30
[ 122.362749] [<c05a2f41>] SyS_write+0x51/0xb0
[ 122.362759] [<c0a8c71f>] sysenter_do_call+0x12/0x12
[ 122.362766] ---[ end trace 0673d3467cecf8db ]---
in some cases (reproduction path below). This commit get back
semantic of that flag and ensures that ffs_closed() is called
always when needed but ffs_closed_callback() is called only
if this flag is set.
Reproduction path:
Compile kernel without any UDC driver or bound some gadget
to existing one and then:
$ modprobe g_ffs
$ mount none -t functionfs mount_point
$ ffs-example mount_point
This will fail with -ENODEV as there is no udc.
$ ffs-example mount_point
This will fail with -EBUSY because ffs_data has not been
properly cleaned up.
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
|
|
Returning non-zero value from ready callback makes ffs instance
return error from writing strings and enter FFS_CLOSING state.
This means that this this function is not truly ready and
close callback will not be called. This commit fix
ffs_ready_callback() to undo all side effects of this function
in case of error.
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
|
|
For some reason the code has always been disabling pullup
when asked to do the opposite. According to surrounding code
and gadget API this seems to be a mistake. This fix allows
UDC to be detected by host controller on recent kernels.
Signed-off-by: Sergiy Kibrik <sakib@meta.ua>
Signed-off-by: Felipe Balbi <balbi@ti.com>
|
|
Fixed the incorrect macro definitions correctly as per databook.
Signed-off-by: Subbaraya Sundeep Bhatta <sbhatta@xilinx.com>
Fixes: b09bb64239c8 (usb: dwc3: gadget: implement Global Command support)
Cc: <stable@vger.kernel.org> #v3.5+
Signed-off-by: Felipe Balbi <balbi@ti.com>
|
|
Since commit 1c6c69525b40 ("genirq: Reject bogus threaded irq requests")
threaded IRQs without a primary handler need to be requested with
IRQF_ONESHOT, otherwise the request will fail.
So pass the IRQF_ONESHOT flag in this case.
The semantic patch that makes this change is available
in scripts/coccinelle/misc/irqf_oneshot.cocci.
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
|
|
Since commit 1c6c69525b40 ("genirq: Reject bogus threaded irq requests")
threaded IRQs without a primary handler need to be requested with
IRQF_ONESHOT, otherwise the request will fail.
So pass the IRQF_ONESHOT flag in this case.
The semantic patch that makes this change is available
in scripts/coccinelle/misc/irqf_oneshot.cocci.
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
|
|
Since the DT should describe the hardware (not the driver limitation),
This patch revises the binding document about the dma-names to change
simple numbering as "ch%d" instead of "tx<n>" and "rx<n>".
Also this patch fixes the actual code of renesas_usbhs driver to handle
the new dma-names.
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Felipe Balbi <balbi@ti.com>
|
|
When midi function is created, 'id' attribute is initialized with
SNDRV_DEFAULT_STR1, which is NULL pointer. Trying to read this attribute
before filling it ends up with segmentation fault.
This commit fix this issue by preventing null pointer dereference. Now
f_midi_opts_id_show() returns empty string when id is a null pointer.
Reproduction path:
$ mkdir functions/midi.0
$ cat functions/midi.0/id
[ 53.130132] Unable to handle kernel NULL pointer dereference at
virtual address 00000000
[ 53.132630] pgd = ec6cc000
[ 53.135308] [00000000] *pgd=6b759831, *pte=00000000, *ppte=00000000
[ 53.141530] Internal error: Oops: 17 [#1] PREEMPT SMP ARM
[ 53.146904] Modules linked in: usb_f_midi snd_rawmidi libcomposite
[ 53.153071] CPU: 1 PID: 2936 Comm: cat Not tainted
3.19.0-00041-gcf4b216 #7
[ 53.160010] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
[ 53.166088] task: ee234c80 ti: ec764000 task.ti: ec764000
[ 53.171482] PC is at strlcpy+0x8/0x60
[ 53.175128] LR is at f_midi_opts_id_show+0x28/0x3c [usb_f_midi]
[ 53.181019] pc : [<c0222a9c>] lr : [<bf01bed0>] psr: 60000053
[ 53.181019] sp : ec765ef8 ip : 00000141 fp : 00000000
[ 53.192474] r10: 00019000 r9 : ed7546c0 r8 : 00010000
[ 53.197682] r7 : ec765f80 r6 : eb46a000 r5 : eb46a000 r4 :
ed754734
[ 53.204192] r3 : ee234c80 r2 : 00001000 r1 : 00000000 r0 :
eb46a000
[ 53.210704] Flags: nZCv IRQs on FIQs off Mode SVC_32 ISA ARM
Segment user
[ 53.217907] Control: 10c5387d Table: 6c6cc04a DAC: 00000015
[ 53.223636] Process cat (pid: 2936, stack limit = 0xec764238)
[ 53.229364] Stack: (0xec765ef8 to 0xec766000)
[ 53.233706] 5ee0:
ed754734 ed7546c0
[ 53.241866] 5f00: eb46a000 bf01bed0 eb753b80 bf01cc44 eb753b98
bf01b0a4 bf01b08c c0125dd0
[ 53.250025] 5f20: 00002f19 00000000 ec432e00 bf01cce8 c0530c00
00019000 00010000 ec765f80
[ 53.258184] 5f40: 00010000 ec764000 00019000 c00cc4ac ec432e00
c00cc55c 00000017 000081a4
[ 53.266343] 5f60: 00000001 00000000 00000000 ec432e00 ec432e00
00010000 00019000 c00cc620
[ 53.274502] 5f80: 00000000 00000000 00000000 00010000 ffff1000
00019000 00000003 c000e9a8
[ 53.282662] 5fa0: 00000000 c000e7e0 00010000 ffff1000 00000003
00019000 00010000 00019000
[ 53.290821] 5fc0: 00010000 ffff1000 00019000 00000003 7fffe000
00000001 00000000 00000000
[ 53.298980] 5fe0: 00000000 be8c68d4 0000b995 b6f0e3e6 40000070
00000003 00000000 00000000
[ 53.307157] [<c0222a9c>] (strlcpy) from [<bf01bed0>]
(f_midi_opts_id_show+0x28/0x3c [usb_f_midi])
[ 53.316006] [<bf01bed0>] (f_midi_opts_id_show [usb_f_midi]) from
[<bf01b0a4>] (f_midi_opts_attr_show+0x18/0x24 )
[ 53.327209] [<bf01b0a4>] (f_midi_opts_attr_show [usb_f_midi]) from
[<c0125dd0>] (configfs_read_file+0x9c/0xec)
[ 53.337180] [<c0125dd0>] (configfs_read_file) from [<c00cc4ac>]
(__vfs_read+0x18/0x4c)
[ 53.345073] [<c00cc4ac>] (__vfs_read) from [<c00cc55c>]
(vfs_read+0x7c/0x100)
[ 53.352190] [<c00cc55c>] (vfs_read) from [<c00cc620>]
(SyS_read+0x40/0x8c)
[ 53.359056] [<c00cc620>] (SyS_read) from [<c000e7e0>]
(ret_fast_syscall+0x0/0x34)
[ 53.366513] Code: ebffe3d3 e8bd8008 e92d4070 e1a05000 (e5d14000)
[ 53.372641] ---[ end trace e4f53a4e233d98d0 ]---
Signed-off-by: Pawel Szewczyk <p.szewczyk@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
|
|
A recent change introduced a link error for the composite
printer gadget driver:
`printer_unbind' referenced in section `.ref.data' of drivers/built-in.o: defined in discarded section `.exit.text' of drivers/built-in.o
Evidently the unbind function should not be marked __exit here,
because it is called through a callback pointer that is not necessarily
discarded, __composite_unbind() is indeed called from the error path of
composite_bind(), which can never work for a built-in driver.
Looking at the surrounding code, I found the same problem in all other
composite gadget drivers in both the bind and unbind functions, as
well as the udc platform driver 'remove' functions. Those will break
if anyone uses the 'unbind' sysfs attribute to detach a device from a
built-in driver.
This patch removes the incorrect annotations from all the gadget
drivers.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Felipe Balbi <balbi@ti.com>
|
|
The isp1301-omap driver contains special hooks for the TPS65010
power management controller. It provides its own 'tps65010_set_vbus_draw'
wrapper in case that driver is not enabled through Kconfig, but
fails to handle the case where isp1301-omap is built-in but TPS65010
is a loadable module, which currently results in a link error:
drivers/built-in.o: In function `isp1301_set_power':
:(.text+0x14e188): undefined reference to `tps65010_set_vbus_draw'
This is a workaround to use the same trick as before also when
tps65010 is a module. Doing a proper fix would require much larger
changes to the driver that is not really worth it when the usb-phy
drivers are going to eventually get replaced with generic-phy
drivers.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Felipe Balbi <balbi@ti.com>
|
|
When a single thread is sending out data over the gadget serial port,
gs_start_tx() will be called both from the sender context and from the
write completion. Since the port lock is released before the packet is
queued, the order in which the URBs are submitted is not guaranteed.
E.g.
sending thread completion (interrupt)
gs_write()
LOCK
gs_write_complete()
LOCK (wait)
gs_start_tx()
req1 = list_entry(pool->next)
UNLOCK
LOCK (acquired)
gs_start_tx()
req2 = list_entry(pool->next)
UNLOCK
usb_ep_queue(req2)
usb_ep_queue(req1)
I.e., req2 is submitted before req1 but it contains the data that
comes after req1.
To reproduce, use SMP with sending thread and completion pinned to
different CPUs, or use PREEMPT_RT, and add the following delay just
before the call to usb_ep_queue():
if (port->write_started > 0 && !list_empty(pool))
udelay(1000);
To work around this problem, make sure that only one thread is running
through the gs_start_tx() loop with an extra flag write_busy. Since
gs_start_tx() is always called with the port lock held, no further
synchronisation is needed. The original caller will continue through
the loop when the request was successfully submitted.
Signed-off-by: Philip Oberstaller <Philip.Oberstaller@septentrio.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Felipe Balbi <balbi@ti.com>
|
|
If we have multiple instances of hid function, each of
them may have different report descriptor, also their
length may be different.
Currently we are using static hidg_desc varable which
is being filled in hidg_bind(). Then we send its content
to host in hidg_setup() function. This content may
have been already overwriten if another instance
has executed hidg_bind().
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
|
|
memset() to 0 interfaces array before reusing
usb_configuration structure.
This commit fix bug:
ln -s functions/acm.1 configs/c.1
ln -s functions/acm.2 configs/c.1
ln -s functions/acm.3 configs/c.1
echo "UDC name" > UDC
echo "" > UDC
rm configs/c.1/acm.*
rmdir functions/*
mkdir functions/ecm.usb0
ln -s functions/ecm.usb0 configs/c.1
echo "UDC name" > UDC
[ 82.220969] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[ 82.229009] pgd = c0004000
[ 82.231698] [00000000] *pgd=00000000
[ 82.235260] Internal error: Oops: 17 [#1] PREEMPT SMP ARM
[ 82.240638] Modules linked in:
[ 82.243681] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.0.0-rc2 #39
[ 82.249926] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
[ 82.256003] task: c07cd2f0 ti: c07c8000 task.ti: c07c8000
[ 82.261393] PC is at composite_setup+0xe3c/0x1674
[ 82.266073] LR is at composite_setup+0xf20/0x1674
[ 82.270760] pc : [<c03510d4>] lr : [<c03511b8>] psr: 600001d3
[ 82.270760] sp : c07c9df0 ip : c0806448 fp : ed8c9c9c
[ 82.282216] r10: 00000001 r9 : 00000000 r8 : edaae918
[ 82.287425] r7 : ed551cc0 r6 : 00007fff r5 : 00000000 r4 : ed799634
[ 82.293934] r3 : 00000003 r2 : 00010002 r1 : edaae918 r0 : 0000002e
[ 82.300446] Flags: nZCv IRQs off FIQs off Mode SVC_32 ISA ARM Segment kernel
[ 82.307910] Control: 10c5387d Table: 6bc1804a DAC: 00000015
[ 82.313638] Process swapper/0 (pid: 0, stack limit = 0xc07c8210)
[ 82.319627] Stack: (0xc07c9df0 to 0xc07ca000)
[ 82.323969] 9de0: 00000000 c06e65f4 00000000 c07c9f68
[ 82.332130] 9e00: 00000067 c07c59ac 000003f7 edaae918 ed8c9c98 ed799690 eca2f140 200001d3
[ 82.340289] 9e20: ee79a2d8 c07c9e88 c07c5304 ffff55db 00010002 edaae810 edaae860 eda96d50
[ 82.348448] 9e40: 00000009 ee264510 00000007 c07ca444 edaae860 c0340890 c0827a40 ffff55e0
[ 82.356607] 9e60: c0827a40 eda96e40 ee264510 edaae810 00000000 edaae860 00000007 c07ca444
[ 82.364766] 9e80: edaae860 c0354170 c03407dc c033db4c edaae810 00000000 00000000 00000010
[ 82.372925] 9ea0: 00000032 c0341670 00000000 00000000 00000001 eda96e00 00000000 00000000
[ 82.381084] 9ec0: 00000000 00000032 c0803a23 ee1aa840 00000001 c005d54c 249e2450 00000000
[ 82.389244] 9ee0: 200001d3 ee1aa840 ee1aa8a0 ed84f4c0 00000000 c07c9f68 00000067 c07c59ac
[ 82.397403] 9f00: 00000000 c005d688 ee1aa840 ee1aa8a0 c07db4b4 c006009c 00000032 00000000
[ 82.405562] 9f20: 00000001 c005ce20 c07c59ac c005cf34 f002000c c07ca780 c07c9f68 00000057
[ 82.413722] 9f40: f0020000 413fc090 00000001 c00086b4 c000f804 60000053 ffffffff c07c9f9c
[ 82.421880] 9f60: c0803a20 c0011fc0 00000000 00000000 c07c9fb8 c001bee0 c07ca4f0 c057004c
[ 82.430040] 9f80: c07ca4fc c0803a20 c0803a20 413fc090 00000001 00000000 01000000 c07c9fb0
[ 82.438199] 9fa0: c000f800 c000f804 60000053 ffffffff 00000000 c0050e70 c0803bc0 c0783bd8
[ 82.446358] 9fc0: ffffffff ffffffff c0783664 00000000 00000000 c07b13e8 00000000 c0803e54
[ 82.454517] 9fe0: c07ca480 c07b13e4 c07ce40c 4000406a 00000000 40008074 00000000 00000000
[ 82.462689] [<c03510d4>] (composite_setup) from [<c0340890>] (s3c_hsotg_complete_setup+0xb4/0x418)
[ 82.471626] [<c0340890>] (s3c_hsotg_complete_setup) from [<c0354170>] (usb_gadget_giveback_request+0xc/0x10)
[ 82.481429] [<c0354170>] (usb_gadget_giveback_request) from [<c033db4c>] (s3c_hsotg_complete_request+0xcc/0x12c)
[ 82.491583] [<c033db4c>] (s3c_hsotg_complete_request) from [<c0341670>] (s3c_hsotg_irq+0x4fc/0x558)
[ 82.500614] [<c0341670>] (s3c_hsotg_irq) from [<c005d54c>] (handle_irq_event_percpu+0x50/0x150)
[ 82.509291] [<c005d54c>] (handle_irq_event_percpu) from [<c005d688>] (handle_irq_event+0x3c/0x5c)
[ 82.518145] [<c005d688>] (handle_irq_event) from [<c006009c>] (handle_fasteoi_irq+0xd4/0x18c)
[ 82.526650] [<c006009c>] (handle_fasteoi_irq) from [<c005ce20>] (generic_handle_irq+0x20/0x30)
[ 82.535242] [<c005ce20>] (generic_handle_irq) from [<c005cf34>] (__handle_domain_irq+0x6c/0xdc)
[ 82.543923] [<c005cf34>] (__handle_domain_irq) from [<c00086b4>] (gic_handle_irq+0x2c/0x6c)
[ 82.552256] [<c00086b4>] (gic_handle_irq) from [<c0011fc0>] (__irq_svc+0x40/0x74)
[ 82.559716] Exception stack(0xc07c9f68 to 0xc07c9fb0)
[ 82.564753] 9f60: 00000000 00000000 c07c9fb8 c001bee0 c07ca4f0 c057004c
[ 82.572913] 9f80: c07ca4fc c0803a20 c0803a20 413fc090 00000001 00000000 01000000 c07c9fb0
[ 82.581069] 9fa0: c000f800 c000f804 60000053 ffffffff
[ 82.586113] [<c0011fc0>] (__irq_svc) from [<c000f804>] (arch_cpu_idle+0x30/0x3c)
[ 82.593491] [<c000f804>] (arch_cpu_idle) from [<c0050e70>] (cpu_startup_entry+0x128/0x1a4)
[ 82.601740] [<c0050e70>] (cpu_startup_entry) from [<c0783bd8>] (start_kernel+0x350/0x3bc)
[ 82.609890] Code: 0a000002 e3530005 05975010 15975008 (e5953000)
[ 82.615965] ---[ end trace f57d5f599a5f1bfa ]---
Most of kernel code assume that interface array in
struct usb_configuration is NULL terminated.
When gadget is composed with configfs configuration
structure may be reused for different functions set.
This bug happens because purge_configs_funcs() sets
only next_interface_id to 0. Interface array still
contains pointers to already freed interfaces. If in
second try we add less interfaces than earlier we
may access unallocated memory when trying to get
interface descriptors.
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Cc: <stable@vger.kernel.org> # 3.10+
Signed-off-by: Felipe Balbi <balbi@ti.com>
|
|
devm_ioremap_resource() returns IOMEM_ERR_PTR() and it never
returns NULL, fix the check to prevent access to invalid
virtual address.
Signed-off-by: Vladimir Zapolskiy <vz@mleia.com>
Reviewed-by: Sören Brinkmann <soren.brinkmann@xilinx.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
|
|
The macros related to register UTMI_OTG_CTRL and UTMI_OTG_STATUS are
swapped. Correct them for readability.
Signed-off-by: Bin Liu <b-liu@ti.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
|
|
|
|
AMD CPUs don't reinitialize the SS descriptor on SYSRET, so SYSRET with
SS == 0 results in an invalid usermode state in which SS is apparently
equal to __USER_DS but causes #SS if used.
Work around the issue by setting SS to __KERNEL_DS __switch_to, thus
ensuring that SYSRET never happens with SS set to NULL.
This was exposed by a recent vDSO cleanup.
Fixes: e7d6eefaaa44 x86/vdso32/syscall.S: Do not load __USER32_DS to %ss
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Peter Anvin <hpa@zytor.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Denys Vlasenko <vda.linux@googlemail.com>
Cc: Brian Gerst <brgerst@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
The new Atmel MXT driver expects i2c client's address contain the
primary (main address) of the chip, and calculates the expected
bootloader address form the primary address. Unfortunately chrome_laptop
does probe the devices and if touchpad (or touchscreen, or both) comes
up in bootloader mode the i2c device gets instantiated with the
bootloader address which confuses the driver.
To work around this issue let's probe the primary address first. If the
device is not detected at the primary address we'll probe alternative
addresses as "dummy" devices. If any of them are found, destroy the
dummy client and instantiate client with proper name at primary address
still.
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
|
|
Calling unlazy_walk() in walk_component() and do_last() when we find
a symlink that needs to be followed doesn't acquire a reference to vfsmount.
That's fine when the symlink is on the same vfsmount as the parent directory
(which is almost always the case), but it's not always true - one _can_
manage to bind a symlink on top of something. And in such cases we end up
with excessive mntput().
Cc: stable@vger.kernel.org # since 2.6.39
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
|
I_DIO_WAKEUP is never directly used, but fix it up anyway.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
|
do_blockdev_direct_IO() increments and decrements the inode
->i_dio_count for each IO operation. It does this to protect against
truncate of a file. Block devices don't need this sort of protection.
For a capable multiqueue setup, this atomic int is the only shared
state between applications accessing the device for O_DIRECT, and it
presents a scaling wall for that. In my testing, as much as 30% of
system time is spent incrementing and decrementing this value. A mixed
read/write workload improved from ~2.5M IOPS to ~9.6M IOPS, with
better latencies too. Before:
clat percentiles (usec):
| 1.00th=[ 33], 5.00th=[ 34], 10.00th=[ 34], 20.00th=[ 34],
| 30.00th=[ 34], 40.00th=[ 34], 50.00th=[ 35], 60.00th=[ 35],
| 70.00th=[ 35], 80.00th=[ 35], 90.00th=[ 37], 95.00th=[ 80],
| 99.00th=[ 98], 99.50th=[ 151], 99.90th=[ 155], 99.95th=[ 155],
| 99.99th=[ 165]
After:
clat percentiles (usec):
| 1.00th=[ 95], 5.00th=[ 108], 10.00th=[ 129], 20.00th=[ 149],
| 30.00th=[ 155], 40.00th=[ 161], 50.00th=[ 167], 60.00th=[ 171],
| 70.00th=[ 177], 80.00th=[ 185], 90.00th=[ 201], 95.00th=[ 270],
| 99.00th=[ 390], 99.50th=[ 398], 99.90th=[ 418], 99.95th=[ 422],
| 99.99th=[ 438]
In other setups, Robert Elliott reported seeing good performance
improvements:
https://lkml.org/lkml/2015/4/3/557
The more applications accessing the device, the worse it gets.
Add a new direct-io flags, DIO_SKIP_DIO_COUNT, which tells
do_blockdev_direct_IO() that it need not worry about incrementing
or decrementing the inode i_dio_count for this caller.
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: Elliott, Robert (Server Storage) <elliott@hp.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
|
Al Viro's IOV changes broke 9p readdir() because the new code
didn't abort the read when it returned nothing. The original
code checked if the combined error/length was <= 0 but in the
new code that accidentally got changed to just an error check.
Add back the return from the function when nothing is read.
Cc: Al Viro <viro@zeniv.linux.org.uk>
Fixes: e1200fe68f20 ("9p: switch p9_client_read() to passing struct iov_iter *")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
|
__btrfs_write_out_cache is holding the ctl->tree_lock while it prepares
a list of bitmaps to record in the free space cache. It was dropping
the lock while it worked on other components, which made a window for
free_bitmap() to free the bitmap struct without removing it from the
list.
This changes things to hold the lock the whole time, and also makes sure
we hold the lock during enospc cleanup.
Reported-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
|
|
commit a39f46df33c6 ("toshiba_acpi: Fix regression caused by backlight extra
check code") causes the backlight to no longer work on the Toshiba Z30,
reverting that commit fixes this but restores the original issue fixed
by that commit.
Looking at the toshiba_acpi backlight code for a fix for this I noticed that
the toshiba code is the only code under platform/x86 which unconditionally
registers a vendor acpi backlight interface, without checking for acpi_video
backlight support first.
This commit adds the necessary checks bringing toshiba_acpi in line with the
other drivers, and fixing the Z30 regression without needing to revert the
commit causing it.
Chances are that there will be some Toshiba models which have a non working
acpi-video implementation while the toshiba vendor backlight interface does
work, this commit adds an empty dmi_id table where such systems can be added,
this is identical to how other drivers handle such systems.
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1206036
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=86521
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-and-tested-by: Azael Avalos <coproscefalo@gmail.com>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
|
|
Commit cae2a173fe94 ("x86: clean up/fix 'copy_in_user()' tail zeroing")
fixed the failure case tail zeroing of one special case of the x86-64
generic user-copy routine, namely when used for the user-to-user case
("copy_in_user()").
But in the process it broke an even more unusual case: using the user
copy routine for kernel-to-kernel copying.
Now, normally kernel-kernel copies are obviously done using memcpy(),
but we have a couple of special cases when we use the user-copy
functions. One is when we pass a kernel buffer to a regular user-buffer
routine, using set_fs(KERNEL_DS). That's a "normal" case, and continued
to work fine, because it never takes any faults (with the possible
exception of a silent and successful vmalloc fault).
But Jan Beulich pointed out another, very unusual, special case: when we
use the user-copy routines not because it's a path that expects a user
pointer, but for a couple of ftrace/kgdb cases that want to do a kernel
copy, but do so using "unsafe" buffers, and use the user-copy routine to
gracefully handle faults. IOW, for probe_kernel_write().
And that broke for the case of a faulting kernel destination, because we
saw the kernel destination and wanted to try to clear the tail of the
buffer. Which doesn't work, since that's what faults.
This only triggers for things like kgdb and ftrace users (eg trying
setting a breakpoint on read-only memory), but it's definitely a bug.
The fix is to not compare against the kernel address start (TASK_SIZE),
but instead use the same limits "access_ok()" uses.
Reported-and-tested-by: Jan Beulich <jbeulich@suse.com>
Cc: stable@vger.kernel.org # 4.0
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
If NO_DMA=y:
drivers/built-in.o: In function `img_hash_write_via_dma_stop':
img-hash.c:(.text+0xa2b822): undefined reference to `dma_unmap_sg'
drivers/built-in.o: In function `img_hash_xmit_dma':
img-hash.c:(.text+0xa2b8d8): undefined reference to `dma_map_sg'
img-hash.c:(.text+0xa2b948): undefined reference to `dma_unmap_sg'
Also move the "depends" section below the "tristate" line while we're at
it.
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
Patch e68410ebf626 ("crypto: x86/sha512_ssse3 - move SHA-384/512
SSSE3 implementation to base layer") changed the prototypes of the
core asm SHA-512 implementations so that they are compatible with
the prototype used by the base layer.
However, in one instance, the register that was used for passing the
input buffer was reused as a scratch register later on in the code,
and since the input buffer param changed places with the digest param
-which needs to be written back before the function returns- this
resulted in the scratch register to be dereferenced in a memory write
operation, causing a GPF.
Fix this by changing the scratch register to use the same register as
the input buffer param again.
Fixes: e68410ebf626 ("crypto: x86/sha512_ssse3 - move SHA-384/512 SSSE3 implementation to base layer")
Reported-By: Bobby Powers <bobbypowers@gmail.com>
Tested-By: Bobby Powers <bobbypowers@gmail.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
|
- flush dcache before flush instruction cache
- remork update_mmu_cache and flush_dcache_page
- add shmparam.h
Signed-off-by: Ley Foon Tan <lftan@altera.com>
|
|
Reported by the header checker (CONFIG_HEADERS_CHECK=y):
CHECK usr/include/asm/ (31 files)
./usr/include/asm/ptrace.h:77: found __[us]{8,16,32,64} type without #include <linux/types.h>
Signed-off-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Acked-by: Ley Foon Tan <lftan@altera.com>
|
|
We have two machines with alc256 codec in the pin quirk table, so
moving the common pins to ALC256_STANDARD_PINS.
Cc: stable@vger.kernel.org
BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1447909
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
|
Signed-off-by: Steven Miao <realmz6@gmail.com>
|
|
The related syscalls are below which may cause samples/kdbus building
break in next-20150401 tree, the related information and error:
CALL scripts/checksyscalls.sh
<stdin>:1223:2: warning: #warning syscall kcmp not implemented [-Wcpp]
<stdin>:1226:2: warning: #warning syscall finit_module not implemented [-Wcpp]
<stdin>:1229:2: warning: #warning syscall sched_setattr not implemented [-Wcpp]
<stdin>:1232:2: warning: #warning syscall sched_getattr not implemented [-Wcpp]
<stdin>:1235:2: warning: #warning syscall renameat2 not implemented [-Wcpp]
<stdin>:1238:2: warning: #warning syscall seccomp not implemented [-Wcpp]
<stdin>:1241:2: warning: #warning syscall getrandom not implemented [-Wcpp]
<stdin>:1244:2: warning: #warning syscall memfd_create not implemented [-Wcpp]
<stdin>:1247:2: warning: #warning syscall bpf not implemented [-Wcpp]
<stdin>:1250:2: warning: #warning syscall execveat not implemented [-Wcpp]
[...]
HOSTCC samples/kdbus/kdbus-workers
samples/kdbus/kdbus-workers.c: In function ‘prime_new’:
samples/kdbus/kdbus-workers.c:930:18: error: ‘__NR_memfd_create’ undeclared (first use in this function)
p->fd = syscall(__NR_memfd_create, "prime-area", MFD_CLOEXEC);
^
samples/kdbus/kdbus-workers.c:930:18: note: each undeclared identifier is reported only once for each function it appears in
Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
|
|
The code to fix stalls during free spache cache IO wasn't using
the correct root when waiting on the IO for inode caches. This
is only a problem when the inode cache is enabled with
mount -o inode_cache
This fixes the inode cache writeout to preserve any error values and
makes sure not to override the root when inode cache writeout is done.
Reported-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
|
|
If the special PRP0001 device ID is present in the given device's list
of ACPI/PNP IDs and the device has a valid "compatible" property in
the _DSD, it should be enumerated using the default mechanism,
unless some scan handlers match the IDs preceding PRP0001 in the
device's list of ACPI/PNP IDs. In addition to that, no scan handlers
matching the IDs following PRP0001 in that list should be attached
to the device.
To make that happen, define a scan handler that will match PRP0001
and trigger the default enumeration for the matching devices if the
"compatible" property is present for them.
Since that requires the check for platform_id and device->handler
to be removed from acpi_default_enumeration(), move the fallback
invocation of acpi_default_enumeration() to acpi_bus_attach()
(after it's checked if there's a matching ACPI driver for the
device), which is a better place to call it, and do the platform_id
check in there too (device->handler is guaranteed to be unset at
the point where the function is looking for a matching ACPI driver).
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Acked-by: Darren Hart <dvhart@linux.intel.com>
|
|
acpi_scan_is_offline() may be called under the physical_node_lock
lock of the given device object's parent, so prevent lockdep from
complaining about that by annotating that instance with
SINGLE_DEPTH_NESTING.
Fixes: caa73ea158de (ACPI / hotplug / driver core: Handle containers in a special way)
Reported-and-tested-by: Xie XiuQi <xiexiuqi@huawei.com>
Reviewed-by: Toshi Kani <toshi.kani@hp.com>
Cc: 3.14+ <stable@vger.kernel.org> # 3.14+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
|
|
Due this typo we don't save/restore the GFX_MAX_REQ_COUNT register across
suspend/resume, so fix this.
This was introduced in
commit ddeea5b0c36f3665446518c609be91f9336ef674
Author: Imre Deak <imre.deak@intel.com>
Date: Mon May 5 15:19:56 2014 +0300
drm/i915: vlv: add runtime PM support
I noticed this only by reading the code. To my knowledge it shouldn't
cause any real problems at the moment, since the power well backing this
register remains on across a runtime s/r. This may change once
system-wide s0ix functionality is enabled in the kernel.
v2:
- resend after a missing git add -u :/
Cc: stable@vger.kernel.org
Signed-off-by: Imre Deak <imre.deak@intel.com>
Tested-By: PRC QA PRTS (Patch Regression Test System Contact: shuang.he@intel.com)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Reviewed-by: Mika Kuoppala <mika.kuoppala@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
|
|
WaIdleLiteRestore is an execlists-only workaround, and requires the driver
to ensure that any context always has HEAD!=TAIL when attempting lite
restore.
Add two extra MI_NOOP instructions at the end of each request, but keep
the requests tail pointing before the MI_NOOPs. We may not need to
executed them, and this is why request->tail is sampled before adding
these extra instructions.
If we submit a context to the ELSP which has previously been submitted,
move the tail pointer past the MI_NOOPs. This ensures HEAD!=TAIL.
v2: Move overallocation to gen8_emit_request, and added note about
sampling request->tail in commit message (Chris).
v3: Remove redundant request->tail assignment in __i915_add_request, in
lrc mode this is already set in execlists_context_queue.
Do not add wa implementation details inside gem (Chris).
v4: Apply the wa whenever the req has been resubmitted and update
comment (Chris).
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Thomas Daniel <thomas.daniel@intel.com>
Signed-off-by: Michel Thierry <michel.thierry@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
|
|
The hardware, according to the specs, is limited to 256 byte transfers,
and current driver has no protections in case users attempt to do larger
transfers. The code will just stomp over status register and mayhem
ensues.
Let's split larger transfers into digestable chunks. Doing this allows
Atmel MXT driver on Pixel 1 function properly (it hasn't since commit
9d8dc3e529a19e427fd379118acd132520935c5d "Input: atmel_mxt_ts -
implement T44 message handling" which tries to consume multiple
touchscreen/touchpad reports in a single transaction).
Cc: stable@vger.kernel.org
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
|
|
The brand new GCC 5.1.0 warns by default on using a boolean in the
switch condition. This results in the following warning:
fs/nfs/nfs4proc.c: In function 'nfs4_proc_get_rootfh':
fs/nfs/nfs4proc.c:3100:10: warning: switch condition has boolean value [-Wswitch-bool]
switch (auth_probe) {
^
This code was obviously using switch to make use of the fall-through
semantics (without the usual comment, though).
Rewrite that code using if statements to avoid the warning and make
the code a bit more readable on the way.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
|
|
Don't unnecessarily cast allocation return value in
fs/nfs/inode.c::nfs_alloc_inode().
Signed-off-by: Firo Yang <firogm@gmail.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
|
|
If a READDIR reply comes back without any page data, avoid a NULL pointer
dereference in xdr_copy_to_scratch().
BUG: unable to handle kernel NULL pointer dereference at 0000000000000001
IP: [<ffffffff813a378d>] memcpy+0xd/0x110
...
Call Trace:
? xdr_inline_decode+0x7a/0xb0 [sunrpc]
nfs3_decode_dirent+0x73/0x320 [nfsv3]
nfs_readdir_page_filler+0xd5/0x4e0 [nfs]
? nfs3_rpc_wrapper.constprop.9+0x42/0xc0 [nfsv3]
nfs_readdir_xdr_to_array+0x1fa/0x330 [nfs]
? mem_cgroup_commit_charge+0xac/0x160
? nfs_readdir_xdr_to_array+0x330/0x330 [nfs]
nfs_readdir_filler+0x22/0x90 [nfs]
do_read_cache_page+0x7e/0x1a0
read_cache_page+0x1c/0x20
nfs_readdir+0x18e/0x660 [nfs]
? nfs3_xdr_dec_getattr3res+0x80/0x80 [nfsv3]
iterate_dir+0x97/0x130
SyS_getdents+0x94/0x120
? fillonedir+0xd0/0xd0
system_call_fastpath+0x12/0x17
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
|
|
This reverts commit 5a254d08b086d80cbead2ebcee6d2a4b3a15587a.
Since commit 5a254d08b086 ("nfs: replace nfs_add_stats with
nfs_inc_stats when add one"), nfs_readpage and nfs_do_writepage use
nfs_inc_stats to increment NFSIOS_READPAGES and NFSIOS_WRITEPAGES
instead of nfs_add_stats.
However nfs_inc_stats does not do the same thing as nfs_add_stats with
value 1 because these functions work on distinct stats:
nfs_inc_stats increments stats from "enum nfs_stat_eventcounters" (in
server->io_stats->events) and nfs_add_stats those from "enum
nfs_stat_bytecounters" (in server->io_stats->bytes).
Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
Fixes: 5a254d08b086 ("nfs: replace nfs_add_stats with nfs_inc_stats...")
Cc: stable@vger.kernel.org # 3.19+
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
|
|
I added the nfs4 prefix to make it obvious that this file is built into
the NFS v4 module, and not the generic client.
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
|
|
This file is only used internally to the NFS v4 module, so it doesn't
need to be in the global include path. I also renamed it from
nfs_idmap.h to nfs4idmap.h to emphasize that it's an NFSv4-only include
file.
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
|
|
The idmapper is completely internal to the NFS v4 module, so this macro
will always evaluate to true. This patch also removes unnecessary
includes of this file from the generic NFS client.
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
|
Kazuya Mizuguchi
Rui Miguel Silva
Ben Hutchings
Michael Trimarchi
Krzysztof Opasiak
Sergiy Kibrik
Subbaraya Sundeep Bhatta
Fabio Estevam
Yoshihiro Shimoda
Pawel Szewczyk
Arnd Bergmann
Philip Oberstaller
Krzysztof Opasiak
Vladimir Zapolskiy
Bin Liu
Linus Torvalds
Andy Lutomirski
Stephen Rothwell
Dmitry Torokhov
Al Viro
Eric Sandeen
Jens Axboe
Johannes Berg
Chris Mason
Hans de Goede
Geert Uytterhoeven
Ard Biesheuvel
Ley Foon Tan
Ezequiel Garcia
Hui Wang
Steven Miao
Chen Gang
Rafael J. Wysocki
Imre Deak
Michel Thierry
Andre Przywara
Firo Yang
Benjamin Coddington
Nicolas Iooss
Anna Schumaker