Peifu Jiang [Wed, 24 May 2017 10:34:15 +0000 (18:34 +0800)]
security: arm: meson: add tee support [2/2]
PD#145094: security: arm: meson: add tee support
Change-Id: I8789ef2b6d774abb6252e60c0726e7384127339f
Signed-off-by: Peifu Jiang <peifu.jiang@amlogic.com>
Long Yu [Fri, 19 May 2017 01:54:22 +0000 (09:54 +0800)]
emmc: add emmc HS400 function
PD#142470: emmc: support hs400 busmode
1. refix source clock 400MHZ
2. add hs400 timming function
Change-Id: I9cc767262379ba2be5ab5d3e68aae87c1f18c242
Signed-off-by: Long Yu <long.yu@amlogic.com>
Weiguang Ruan [Tue, 23 May 2017 04:14:34 +0000 (12:14 +0800)]
dts: axg: s400,s420: support uart bt
PD#142470: bt: add s400 & s420 uart bt support
1. add bt power enable configuration: bt-dev
2. enable uart_a
3. add cts rts pin mux for uart_a
Change-Id: I96bbb3c885da3c860bc1015b2b33971ee9740b26
Signed-off-by: Weiguang Ruan <Weiguang.ruan@amlogic.com>
Xing Wang [Tue, 30 May 2017 13:22:31 +0000 (21:22 +0800)]
audio: add asoc auge driver for axg
PD#142470: audio: new Asoc driver
1) tdm module
2) spdif module
3) pdm module
4) audio clock
Change-Id: I064975f4cb036d013a7ca74d781a91c31e7c2436
Signed-off-by: Xing Wang <xing.wang@amlogic.com>
Alex Deng [Sat, 27 May 2017 14:06:28 +0000 (22:06 +0800)]
dts: s420; remove ethmac config
PD#142470: eth: A113x no eth
Change-Id: I39ee67276a4126b7ecf741285d1b5129eb12cf4b
Signed-off-by: Alex Deng <alex.deng@amlogic.com>
Weiguang Ruan [Tue, 16 May 2017 14:32:52 +0000 (22:32 +0800)]
wifi: meson64: support ath10k pcie wifi and sdio wifi in s400/s420
PD#142470: wifi
1. add ath10k driver compile as module
add cfg80211_wext_compat to support wext command.
CONFIG_CFG80211_WEXT=y
CONFIG_ATH_COMMON=m
CONFIG_ATH10K=m
CONFIG_ATH10K_PCI=m
2. fix wifi enalbe & irq pin num
3. add pwm config for 32k
4. add 32k pin mux
Change-Id: I71872ceef147b6cc49a76bce837a9aff0d5be66f
Signed-off-by: Weiguang Ruan <Weiguang.ruan@amlogic.com>
Signed-off-by: Yun Cai <yun.cai@amlogic.com>
Bo Yang [Tue, 9 May 2017 06:54:08 +0000 (14:54 +0800)]
dts: add watchdog support for axg
PD#142470: dts: add watchdog support for axg
Default disable watchdog.
Change-Id: I1d314594eff9773d04aeb4943a4e89604c35f100
Signed-off-by: Bo Yang <bo.yang@amlogic.com>
Yizhou Jiang [Wed, 17 May 2017 02:33:14 +0000 (10:33 +0800)]
eth: add ethernet function for axg
PD#142470: eth: add ethernet for axg
1.for external phy
2.not set regs that did not exist in axg
Change-Id: I4d9f8732f35a0e9e605f1a4a4a9a0285236e705f
Signed-off-by: Yizhou Jiang <yizhou.jiang@amlogic.com>
xingyu.chen [Thu, 18 May 2017 04:48:38 +0000 (12:48 +0800)]
pinctrl: add enable interface for gpio request
PD#142470: pinctrl and fix tas5707 reset pin
1. add enable interface for gpio request
mux register be set '0x0' when pin requested as gpio
2. fix reset pin of gpio ao in dts.
3. fix gpio ctl when no reset pin defined in dts
Change-Id: I866d29a96025811b1d0436eb5d157e4dff1ff7ca
Signed-off-by: xingyu.chen <xingyu.chen@amlogic.com>
Signed-off-by: Alex Deng <alex.deng@amlogic.com>
Signed-off-by: Yun Cai <yun.cai@amlogic.com>
Long Yu [Tue, 16 May 2017 15:26:41 +0000 (23:26 +0800)]
emmc/sdio: support emmc/sdio driver for new host controller
PD#142470: emmc/sdio: support emmc/sdio driver for new host controller
1. add emmc support
2. support emmc DDR52 Busmode
3. add sdio support
4: axg_s400: disabled emmc function
Change-Id: Iaccca580393477f0ad96e7638dfa4d9e2809c37d
Signed-off-by: Long Yu <long.yu@amlogic.com>
Qi Duan [Mon, 15 May 2017 09:48:40 +0000 (17:48 +0800)]
dts: all uart dts setting [1/1]
PD#142470: all uart dts setting
all uart node added.default is disable
If want to enable, 1. status = okay 2.set the right pinmux
Change-Id: I744db5735212f3a3217a4b9e26f4ebe074aa5bdc
Signed-off-by: Qi Duan <qi.duan@amlogic.com>
Yonghui Yu [Mon, 15 May 2017 03:49:39 +0000 (11:49 +0800)]
nand: update config for mtd driver
PD#142470: update nand config for mtd
1. update dts of skt&s400
2. update clock reg
3. update regbase
4. update bchmode for infopage
5. mtd: support desctrete uboot layout for slc
change uboot layout for slc [3/3]
multi bootloaders were stored in mlc/slc/emmc.
For emmc/mlc, there's enough space at the begining.
bl2&fip can be stored together which we may call it
as compact mode.
|bl2|fip|bl2|fip|bl2|fip|rsv|normal|
But for slc, space is restricted by romboot. bl2 and
fip had to be stored discretely.
|bl2|bl2|bl2|bl2|rsv|fip|fip|fip|fip|normal|
If kernle want mtd driver use descrete mode.
1. bl_mode in dts should be set as 1.
2. fip_copies and fip_size should be the same as uboot which
was described by marco CONFIG_TPL_COPY_NUM&CONFIG_TPL_SIZE_PER_COPY.
3. And the tpl partition should be added in mtd partition table whose
offset and size are negligible.
when using, mtd0 is for bl2, mtd1 is for tpl(fip)
Change-Id: I0ed07168ba7497d674a7160f7966ebb484a123d5
Signed-off-by: Yonghui Yu <yonghui.yu@amlogic.com>
Yixun Lan [Thu, 25 May 2017 04:27:15 +0000 (12:27 +0800)]
Makefile: lock kernel version without localversion appended
PD#144946: Makefile: lock kernel version without localversion appended
after this change, we will lock kernel version to 4.x.y
but we can still get out the exact commit version from dmesg.
1) uname -r : 4.9.27
2) dmesg |grep "Linux version"
[ 0.000000@0] Linux version 4.9.27-638106-g5de5d7a ....
Change-Id: I35072b399af403d3a1737300a8786cf36063c668
Signed-off-by: Yixun Lan <yixun.lan@amlogic.com>
Sunny Luo [Fri, 5 May 2017 12:45:58 +0000 (20:45 +0800)]
spicc: add spicc driver for axg
PD#142470: add spicc driver for axg and fix spicc-b
interrupt number error
Change-Id: Ibbda6d8526c4141992fcbe307d6f1e0fbc570cfe
Signed-off-by: Sunny Luo <sunny.luo@amlogic.com>
Yue Wang [Fri, 12 May 2017 06:52:39 +0000 (14:52 +0800)]
usb: dts: set otg switch for board axg
PD#142470: set otg switch for board axg
Change-Id: I97500402a2747910d82b9928a55419d35ce2f826
Signed-off-by: Yue Wang <yue.wang@amlogic.com>
Yue Wang [Fri, 12 May 2017 01:55:03 +0000 (09:55 +0800)]
pcie: add pcie driver for axg
PD#142470: add pcie driver for axg
1. update dts of skt&s400
2. update pcie driver
Change-Id: Ic569e8fed1a4434e54847580299703f0fe07cd9b
Signed-off-by: Yue Wang <yue.wang@amlogic.com>
Yun Cai [Fri, 5 May 2017 06:41:21 +0000 (14:41 +0800)]
clk: update clk for axg
PD#142470:
1. add amlogic,axg-clkc.h for mesonaxg.dtsi
and fix clkc reg value
2. update pcie and hifi pll setting for axg
PD#142470: update hifi pll setting for axg
Change-Id: I34aac4ead8384e6a150ae8630034c247f53ac27a
Signed-off-by: Yun Cai <yun.cai@amlogic.com>
Matthew Shyu [Fri, 31 Mar 2017 10:33:40 +0000 (18:33 +0800)]
crypto: sha driver update
PD#142470: crypto: sha driver update for txlx and beyond
Change-Id: Ia5eb0c1750bedd0894e3db1e7f0796de23cce1dd
Signed-off-by: Matthew Shyu <matthew.shyu@amlogic.com>
Xuhua Zhang [Thu, 11 May 2017 11:18:13 +0000 (19:18 +0800)]
i2c: add i2c support for axg
PD#142470: i2c: add i2c support fot axg and fix i2c_ao error on axg
Change-Id: I15c00bc5833dd10c94562e939c6b53d0138ac231
Signed-off-by: Xuhua Zhang <xuhua.zhang@amlogic.com>
Jian Hu [Fri, 5 May 2017 06:04:24 +0000 (14:04 +0800)]
pwm: add pwm support for axg
PD#142470: pwm: add pwm support fot axg
the pwm groups's addresses are the same with txlx,
just add several macros to support axg.
Change-Id: Iaefa3c2a31fc8f43e4dc80448c6548c2df62fa8f
Signed-off-by: Jian Hu <jian.hu@amlogic.com>
Yun Cai [Sat, 27 May 2017 06:06:57 +0000 (14:06 +0800)]
dts: add dts for A113D socket and development boards
PD#142470: add axg_a113d_skt.dts axg_s400.dts and axg_s420.dts
Change-Id: If8c5b1e0fa5b6a21a91ce1323fa1107d608c4af7
Signed-off-by: Yun Cai <yun.cai@amlogic.com>
Yun Cai [Fri, 5 May 2017 06:41:21 +0000 (14:41 +0800)]
clk: add amlogic,axg-clkc.h for mesonaxg.dtsi
PD#142470: add amlogic,axg-clkc.h for mesonaxg.dtsi
and fix clkc reg value
Change-Id: Ib19288881241277b4146c89c49b6dce8639df411
Signed-off-by: Yun Cai <yun.cai@amlogic.com>
Xingyu Chen [Mon, 1 May 2017 15:47:31 +0000 (23:47 +0800)]
pinctrl: add pinctrl&gpio support for axg
PD#142470: add pinctrl&gpio support for axg
1. meson8b keeps the same pin numbers as the gxl/gxm/axg
2. using base address of registers(Eg: mux gpio irq)
instead of offset address in dts for gxl/gxm
Change-Id: Ib64f9dc0e234884ec9ccab7673da5f2a3fdc1a98
Signed-off-by: Xingyu Chen <xingyu.chen@amlogic.com>
Yun Cai [Sun, 30 Apr 2017 08:08:56 +0000 (16:08 +0800)]
clk: add clk tree for axg
PD#142470: add axg basic clk and hifi_pll/pcie_refpll/
mipi_host/vpu/ge2d/sd_emmc clks, add clkmsr
Change-Id: I487c6b2792389c5df230df5af7b246e83f37f479
Signed-off-by: Yun Cai <yun.cai@amlogic.com>
Yixun Lan [Mon, 22 May 2017 08:46:49 +0000 (16:46 +0800)]
defconfig: android: enable fence/sw_sync support [2/2]
PD#138714: defconfig: android: enable fence/sw_sync support
also enable config CONFIG_AMLOGIC_MEDIA_FB_OSD_SYNC_FENCE
Change-Id: I9d801c20123fc18726d5ee8a49b0c615b04e241d
Signed-off-by: Yixun Lan <yixun.lan@amlogic.com>
Yun Cai [Tue, 21 Mar 2017 08:49:38 +0000 (16:49 +0800)]
android: port fence driver from kernel-4.4 [1/2]
PD#138714: android: port fence from kernel-4.4 for booting android 8.0
Change-Id: I7c942cd5f990f7e0d5726eefe9c54b9cb6437e41
Signed-off-by: Yun Cai <yun.cai@amlogic.com>
Yixun Lan [Mon, 22 May 2017 07:35:45 +0000 (15:35 +0800)]
defconfig: meson64: enable android binder diver
PD#138714: defconfig: meson64: enable android binder diver
Change-Id: I1b7f7837bef0de3a2d4d23ca6ed87b4a0bd9fbed
Signed-off-by: Yixun Lan <yixun.lan@amlogic.com>
Yixun Lan [Mon, 22 May 2017 07:30:24 +0000 (15:30 +0800)]
defconfig: meson64: enable low memory killer support
PD#138714: defconfig: meson64: enable low memory killer support
Change-Id: I921e8e16b9ba58c21788545b11285dceb4aae9a2
Signed-off-by: Yixun Lan <yixun.lan@amlogic.com>
Yixun Lan [Mon, 22 May 2017 05:57:13 +0000 (13:57 +0800)]
defconfig: meson64: enable anonymous shared memory support
PD#138714: defconfig: meson64: enable anonymous shared memory support
Change-Id: I9e35824ee2d5eeed6dfe798384bc11a96f414d21
Signed-off-by: Yixun Lan <yixun.lan@amlogic.com>
Victor Wan [Thu, 18 May 2017 06:52:37 +0000 (14:52 +0800)]
Merge branch 'android-4.9' into amlogic-4.9-dev
Nan Li [Fri, 12 May 2017 09:53:04 +0000 (17:53 +0800)]
sdio: add sdio driver support on m8b
PD#141217: add sdio dirver support on m8b
ultra high speed SDR104 85M
test on m8b_m200.
Change-Id: I1aea3a8d77039be92e1759cb06eac96ed2915524
Signed-off-by: Nan Li <nan.li@amlogic.com>
Tao Zeng [Thu, 4 May 2017 01:44:35 +0000 (09:44 +0800)]
mm: change secmon reserved memory to CMA
PD#143278: change secmon reserved memory to CMA
Change-Id: Ia09a9a1b578f1a10e81d9431f829c723c68811d9
Signed-off-by: Tao Zeng <tao.zeng@amlogic.com>
Nanxin Qin [Fri, 12 May 2017 07:09:16 +0000 (15:09 +0800)]
video_sink: codec_mm: update video keeper from amlogic-3.14-dev
PD#142538: merge code form
49c80e32 in the amlogic-3.14-dev
fixed the issue of blurred screen when playback 4k H264 after seek end.
Change-Id: Ic276dac8472fef086628aa28ded8748a7378d26a
Signed-off-by: Nanxin Qin <nanxin.qin@amlogic.com>
liang.zhao [Wed, 10 May 2017 02:35:45 +0000 (10:35 +0800)]
dts: enable i2c_ao for expand gpio
PD#138714: enable i2c_ao for expand gpio
1.change dts open i2c_ao
2.change meson64_defconfig
Change-Id: Ifc5d035aefc02af132c1423f1182069c14d791dc
Signed-off-by: Liang Zhao <liang.zhao@amlogic.com>
Tao Zeng [Fri, 12 May 2017 01:39:28 +0000 (09:39 +0800)]
mm: avoid PFN busy when cma allocate
PD#144028: mm: avoid PFN busy when cma allocate
1. add cma_suitable function to check if GFP flags are
suitable for fallback of CMA.
2. cma page free should be relink to migrate type of CMA
freelist, not to MOVABLE freelist.
3. for block dev page cache, add GPF_BDEV flag to avoid
it using CMA.
4. use CONFIG_AMLOGIC_MODIFY to wrap AMLOGIC modified kernel
code.
Change-Id: I09daf9d7e3e62086e7b13654667e2db692f7ca08
Signed-off-by: Tao Zeng <tao.zeng@amlogic.com>
Jian Hu [Fri, 12 May 2017 03:32:21 +0000 (11:32 +0800)]
pwm: fix pwm channel id definition for txlx
PD#143838: fix pwm channel id definition for txlx
For txlx previously, it may cause double channel pwm request failed.
Change-Id: I9787c4d79898edff88f4b27bc5fb5ff922f4faee
Signed-off-by: Jian Hu <jian.hu@amlogic.com>
Xing Wang [Wed, 10 May 2017 09:47:17 +0000 (17:47 +0800)]
audio: add tas5707 codec driver
PD#144051: audio: add codec driver
Change-Id: I2290cf5684e0a22e7dd8aede9aa4f67570d39860
Signed-off-by: Xing Wang <xing.wang@amlogic.com>
Pengcheng Chen [Thu, 11 May 2017 05:58:47 +0000 (13:58 +0800)]
osd: add hw cursor support in osd
PD#138714: osd: add hw cursor support in osd
Change-Id: I88ba3530cdc605ae5a0f0f31b21578b588c04ff1
Signed-off-by: Pengcheng Chen <pengcheng.chen@amlogic.com>
Pengcheng Chen [Thu, 11 May 2017 09:20:15 +0000 (17:20 +0800)]
osd: risk of sleep in atomic
PD#143300: risk of sleep in atomic
spinlock_irq_save call block_notifier_call_chain caused sleep
Change-Id: I2f11d06681ab0b2322f7c38572dadfb732be343b
Signed-off-by: Pengcheng Chen <pengcheng.chen@amlogic.com>
Yun Cai [Thu, 11 May 2017 09:29:03 +0000 (17:29 +0800)]
clk: m8b cpu_clk support more rates
PD#141217: m8b cpu_clk support more rates
Change-Id: I6ac361cd5e30fa3b51e2e58633952971d6e78206
Signed-off-by: Yun Cai <yun.cai@amlogic.com>
Xing Wang [Tue, 9 May 2017 07:40:29 +0000 (15:40 +0800)]
audio: fix pcm clock fmt for master mode
PD#141217: fix pcm clock format
Change-Id: I14a0a6cafddffe515dce44e79c6506c288cdb156
Signed-off-by: Xing Wang <xing.wang@amlogic.com>
Pengcheng Chen [Wed, 10 May 2017 01:03:09 +0000 (09:03 +0800)]
media: update some config info
PD#138714 media: update some config info
Change-Id: I1aca777f405de64163db14394ab36140d39da6f7
Signed-off-by: Pengcheng Chen <pengcheng.chen@amlogic.com>
Evoke Zhang [Thu, 11 May 2017 02:54:13 +0000 (10:54 +0800)]
vpu: optimize vpu_clkb gate control
PD#138714: vpu: optimize vpu_clkb gate control
Change-Id: Icf468db8218893de6c6ec0079d65d19279032281
Signed-off-by: Evoke Zhang <evoke.zhang@amlogic.com>
Lorenzo Colitti [Wed, 10 May 2017 14:54:04 +0000 (23:54 +0900)]
ANDROID: make PF_KEY SHA256 use RFC-compliant truncation.
When using the PF_KEY interface, SHA-256 hashes are hardcoded to
use 96-bit truncation. This is a violation of RFC4868, which
specifies 128-bit truncation, but will not be fixed upstream due
to backwards compatibility concerns and because the PF_KEY
interface is deprecated in favour of netlink XFRM (which allows
the app to specify an arbitrary truncation length).
Change the hardcoded truncation length from 96 to 128 so that
PF_KEY apps such as racoon will work with standards-compliant VPN
servers.
Bug:
34114242
Change-Id: Ie46bff4b6358f18117d0be241171d677d31d33f7
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Gao Xiang [Wed, 10 May 2017 15:01:15 +0000 (23:01 +0800)]
ANDROID: sdcardfs: fix sdcardfs_destroy_inode for the inode RCU approach
According to the following commits,
fs: icache RCU free inodes
vfs: fix the stupidity with i_dentry in inode destructors
sdcardfs_destroy_inode should be fixed for the fast path safety.
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
Change-Id: I84f43c599209d23737c7e28b499dd121cb43636d
Tao Zeng [Mon, 8 May 2017 09:09:30 +0000 (17:09 +0800)]
mm: clear reserved memory for ION
PD#143278: clear reserved memory for ION
Change-Id: Ie1acf50f5fdd49b0b8ad7ca493d986b161d959cc
Signed-off-by: Tao Zeng <tao.zeng@amlogic.com>
Yun Cai [Wed, 10 May 2017 05:22:38 +0000 (13:22 +0800)]
clk: fix m8b cpu_clk issue
PD#141217: cpu hang on while changing rate from 96M to 960M
Change-Id: Ib648cc22fdcbd490103ba3afab8d861a4c33a7e0
Signed-off-by: Yun Cai <yun.cai@amlogic.com>
Jiamin Ma [Wed, 10 May 2017 02:56:22 +0000 (10:56 +0800)]
dts: remove pstore node temporarily
PD#138714: remove pstore node temporarily.
Change-Id: I7d46d3eba758d1b7137876cc0a8b9d8c245b1f7a
Signed-off-by: Jiamin Ma <jiamin.ma@amlogic.com>
Yun Cai [Tue, 9 May 2017 01:33:16 +0000 (09:33 +0800)]
dts: add meson8b_skt.dts
PD#141217: add meson8b_skt.dts
Change-Id: Ib523fee8e76d8f386f7c74552441d241f5a19d64
Signed-off-by: Yun Cai <yun.cai@amlogic.com>
Zan Peng [Wed, 10 May 2017 02:44:52 +0000 (10:44 +0800)]
remote: optimizing remote driver for android
PD#138714: optimizing remote driver for android
1. remove unnecessary key that set into keybit
Change-Id: Id553d3f243ed30da923c0431fd220acc16528660
Signed-off-by: Zan Peng <zan.peng@amlogic.com>
Yizhou Jiang [Mon, 8 May 2017 08:50:12 +0000 (16:50 +0800)]
eth: fix ethernet function failure
PD#143005: eth failed when suspend/resume
Change-Id: I119469b295f2f588a5f5952fbae3d6ececb082cc
Signed-off-by: Yizhou Jiang <yizhou.jiang@amlogic.com>
Nanxin Qin [Sun, 7 May 2017 15:31:35 +0000 (23:31 +0800)]
dts: gxl/gxm: give up the reserved memory in the media drivers
PD#143278: the memory allocation through the CMA
Change-Id: Ife7c9ebb02ae71aea19c2d0fb8180e2df9f96e0d
Signed-off-by: Nanxin Qin <nanxin.qin@amlogic.com>
Qi Duan [Mon, 8 May 2017 12:59:11 +0000 (20:59 +0800)]
usb: usb gadget setting [1/1]
PD#138714: usb gadget setting
1.add rndis gadget for meson32 config
2.adjust dwc_otg_driver fifo for gadget
3.fix dwc_dma_free warning
4.dts: set otg switch for board q200,p400,p401
Change-Id: I29bba52bac85cecacf1e13c7cddbe5e280157fa2
Signed-off-by: Qi Duan <qi.duan@amlogic.com>
Qiufang Dai [Tue, 9 May 2017 02:58:06 +0000 (10:58 +0800)]
defconfig: meson64: enable update meson64_defconfig
PD#143930: PM / sleep: update meson64_defconfig for pm/sleep
Change-Id: Ia53f8327e61cc460e47754eb0de3541901408653
Signed-off-by: Qiufang Dai <qiufang.dai@amlogic.com>
Steve Muckle [Wed, 10 May 2017 01:05:15 +0000 (18:05 -0700)]
ANDROID: android-base.cfg: remove NETFILTER_XT_MATCH_QUOTA2_LOG
There are currently a couple different implementations for this
functionality. Until things are unified, remove the requirement
for this kernel config.
Bug:
37749708
Change-Id: I51cf883fd737412b0b9d3a1e570f92d9aa887f86
Signed-off-by: Steve Muckle <smuckle@google.com>
Daniel Roseberg [Tue, 9 May 2017 20:36:35 +0000 (13:36 -0700)]
ANDROID: sdcardfs: Don't iput if we didn't igrab
If we fail to get top, top is either NULL, or igrab found
that we're in the process of freeing that inode, and did
not grab it. Either way, we didn't grab it, and have no
business putting it.
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug:
38117720
Change-Id: Ie2f587483b9abb5144263156a443e89bc69b767b
Daniel Rosenberg [Tue, 25 Apr 2017 02:49:02 +0000 (19:49 -0700)]
ANDROID: sdcardfs: Call lower fs's revalidate
We should be calling the lower filesystem's revalidate
inside of sdcardfs's revalidate, as wrapfs does.
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug:
35766959
Change-Id: I939d1c4192fafc1e21678aeab43fe3d588b8e2f4
Daniel Rosenberg [Mon, 24 Apr 2017 23:11:03 +0000 (16:11 -0700)]
ANDROID: sdcardfs: Avoid setting GIDs outside of valid ranges
When setting up the ownership of files on the lower filesystem,
ensure that these values are in reasonable ranges for apps. If
they aren't, default to AID_MEDIA_RW
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug:
37516160
Change-Id: I0bec76a61ac72aff0b993ab1ad04be8382178a00
Daniel Rosenberg [Mon, 24 Apr 2017 23:10:21 +0000 (16:10 -0700)]
ANDROID: sdcardfs: Copy meta-data from lower inode
From wrapfs commit
3ee9b365e38c ("Wrapfs: properly copy meta-data after
AIO operations from lower inode")
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug:
35766959
Change-Id: I9a789222e27a17b8d85ce61c45397d1839f9a675
Daniel Rosenberg [Fri, 21 Apr 2017 01:21:50 +0000 (18:21 -0700)]
Revert "Revert "Android: sdcardfs: Don't do d_add for lower fs""
This reverts commit
ffa75fdb9c408f49b9622b6d55752ed99ff61488.
Turns out we just needed the right hash.
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug:
37231161
Change-Id: I6a6de7f7df99ad42b20fa062913b219f64020c31
Daniel Rosenberg [Fri, 21 Apr 2017 01:05:02 +0000 (18:05 -0700)]
ANDROID: sdcardfs: Use filesystem specific hash
We weren't accounting for FS specific hash functions,
causing us to miss negative dentries for any FS that
had one.
Similar to a patch from esdfs
commit
75bd25a9476d ("esdfs: support lower's own hash")
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Change-Id: I32d1ba304d728e0ca2648cacfb4c2e441ae63608
Chenbo Feng [Wed, 19 Apr 2017 21:22:47 +0000 (14:22 -0700)]
ANDROID: Add untag hacks to inet_release function
To prevent protential risk of memory leak caused by closing socket with
out untag it from qtaguid module, the qtaguid module now do not hold any
socket file reference count. Instead, it will increase the sk_refcnt of
the sk struct to prevent a reuse of the socket pointer. And when a socket
is released. It will delete the tag if the socket is previously tagged so
no more resources is held by xt_qtaguid moudle. A flag is added to the untag
process to prevent possible kernel crash caused by fail to delete
corresponding socket_tag_entry list.
Bug:
36374484
Test: compile and run test under system/extra/test/iptables,
run cts -m CtsNetTestCases -t android.net.cts.SocketRefCntTest
Signed-off-by: Chenbo Feng <fengc@google.com>
Change-Id: Iea7c3bf0c59b9774a5114af905b2405f6bc9ee52
Greg Kroah-Hartman [Mon, 8 May 2017 07:56:55 +0000 (09:56 +0200)]
Merge 4.9.27 into android-4.9
Changes in 4.9.27:
timerfd: Protect the might cancel mechanism proper
Handle mismatched open calls
tpm_tis: use default timeout value if chip reports it as zero
scsi: storvsc: Workaround for virtual DVD SCSI version
hwmon: (it87) Avoid registering the same chip on both SIO addresses
8250_pci: Fix potential use-after-free in error path
ceph: try getting buffer capability for readahead/fadvise
cpu/hotplug: Serialize callback invocations proper
dm ioctl: prevent stack leak in dm ioctl call
Linux 4.9.27
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Pengcheng Chen [Mon, 8 May 2017 06:18:01 +0000 (14:18 +0800)]
PD#143509: osd_rdma: used pre-alloc memory instead kzalloc in osd_rdma_irq
Change-Id: I96516094aefe3bb78d6e5f891657d1e7ac55e632
Signed-off-by: Pengcheng Chen <pengcheng.chen@amlogic.com>
Greg Kroah-Hartman [Mon, 8 May 2017 05:48:32 +0000 (07:48 +0200)]
Linux 4.9.27
Adrian Salido [Thu, 27 Apr 2017 17:32:55 +0000 (10:32 -0700)]
dm ioctl: prevent stack leak in dm ioctl call
commit
4617f564c06117c7d1b611be49521a4430042287 upstream.
When calling a dm ioctl that doesn't process any data
(IOCTL_FLAGS_NO_PARAMS), the contents of the data field in struct
dm_ioctl are left initialized. Current code is incorrectly extending
the size of data copied back to user, causing the contents of kernel
stack to be leaked to user. Fix by only copying contents before data
and allow the functions processing the ioctl to override.
Signed-off-by: Adrian Salido <salidoa@google.com>
Reviewed-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sebastian Andrzej Siewior [Tue, 14 Mar 2017 15:06:45 +0000 (16:06 +0100)]
cpu/hotplug: Serialize callback invocations proper
commit
dc434e056fe1dada20df7ba07f32739d3a701adf upstream.
The setup/remove_state/instance() functions in the hotplug core code are
serialized against concurrent CPU hotplug, but unfortunately not serialized
against themself.
As a consequence a concurrent invocation of these function results in
corruption of the callback machinery because two instances try to invoke
callbacks on remote cpus at the same time. This results in missing callback
invocations and initiator threads waiting forever on the completion.
The obvious solution to replace get_cpu_online() with cpu_hotplug_begin()
is not possible because at least one callsite calls into these functions
from a get_online_cpu() locked region.
Extend the protection scope of the cpuhp_state_mutex from solely protecting
the state arrays to cover the callback invocation machinery as well.
Fixes:
5b7aa87e0482 ("cpu/hotplug: Implement setup/removal interface")
Reported-and-tested-by: Bart Van Assche <Bart.VanAssche@sandisk.com>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: hpa@zytor.com
Cc: mingo@kernel.org
Cc: akpm@linux-foundation.org
Cc: torvalds@linux-foundation.org
Link: http://lkml.kernel.org/r/20170314150645.g4tdyoszlcbajmna@linutronix.de
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Yan, Zheng [Tue, 25 Oct 2016 02:51:55 +0000 (10:51 +0800)]
ceph: try getting buffer capability for readahead/fadvise
commit
2b1ac852eb67a6e95595e576371d23519105559f upstream.
For readahead/fadvise cases, caller of ceph_readpages does not
hold buffer capability. Pages can be added to page cache while
there is no buffer capability. This can cause data integrity
issue.
Signed-off-by: Yan, Zheng <zyan@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Gabriel Krisman Bertazi [Wed, 28 Dec 2016 18:42:00 +0000 (16:42 -0200)]
8250_pci: Fix potential use-after-free in error path
commit
c130b666a9a711f985a0a44b58699ebe14bb7245 upstream.
Commit
f209fa03fc9d ("serial: 8250_pci: Detach low-level driver during
PCI error recovery") introduces a potential use-after-free in case the
pciserial_init_ports call in serial8250_io_resume fails, which may
happen if a memory allocation fails or if the .init quirk failed for
whatever reason). If this happen, further pci_get_drvdata will return a
pointer to freed memory.
This patch reworks the PCI recovery resume hook to restore the old priv
structure in this case, which should be ok, since the ports were already
detached. Such error during recovery causes us to give up on the
recovery.
Fixes:
f209fa03fc9d ("serial: 8250_pci: Detach low-level driver during PCI error recovery")
Reported-by: Michal Suchanek <msuchanek@suse.com>
Signed-off-by: Gabriel Krisman Bertazi <krisman@linux.vnet.ibm.com>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Guenter Roeck [Sun, 12 Mar 2017 13:18:58 +0000 (06:18 -0700)]
hwmon: (it87) Avoid registering the same chip on both SIO addresses
commit
8358378b22518d92424597503d3c1cd302a490b6 upstream.
IT8705F is known to respond on both SIO addresses. Registering it twice
may result in system lockups.
Reported-by: Russell King <linux@armlinux.org.uk>
Fixes:
e84bd9535e2b ("hwmon: (it87) Add support for second Super-IO chip")
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Cc: Jean Delvare <jdelvare@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stephen Hemminger [Tue, 7 Mar 2017 17:15:53 +0000 (09:15 -0800)]
scsi: storvsc: Workaround for virtual DVD SCSI version
commit
f1c635b439a5c01776fe3a25b1e2dc546ea82e6f upstream.
Hyper-V host emulation of SCSI for virtual DVD device reports SCSI
version 0 (UNKNOWN) but is still capable of supporting REPORTLUN.
Without this patch, a GEN2 Linux guest on Hyper-V will not boot 4.11
successfully with virtual DVD ROM device. What happens is that the SCSI
scan process falls back to doing sequential probing by INQUIRY. But the
storvsc driver has a previous workaround that masks/blocks all errors
reports from INQUIRY (or MODE_SENSE) commands. This workaround causes
the scan to then populate a full set of bogus LUN's on the target and
then sends kernel spinning off into a death spiral doing block reads on
the non-existent LUNs.
By setting the correct blacklist flags, the target with the DVD device
is scanned with REPORTLUN and that works correctly.
Patch needs to go in current 4.11, it is safe but not necessary in older
kernels.
Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Reviewed-by: K. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Maciej S. Szmigiero [Fri, 13 Jan 2017 21:37:00 +0000 (22:37 +0100)]
tpm_tis: use default timeout value if chip reports it as zero
commit
1d70fe9d9c3a4c627f9757cbba5d628687b121c1 upstream.
Since commit
1107d065fdf1 ("tpm_tis: Introduce intermediate layer for
TPM access") Atmel 3203 TPM on ThinkPad X61S (TPM firmware version 13.9)
no longer works. The initialization proceeds fine until we get and
start using chip-reported timeouts - and the chip reports C and D
timeouts of zero.
It turns out that until commit
8e54caf407b98e ("tpm: Provide a generic
means to override the chip returned timeouts") we had actually let
default timeout values remain in this case, so let's bring back this
behavior to make chips like Atmel 3203 work again.
Use a common code that was introduced by that commit so a warning is
printed in this case and /sys/class/tpm/tpm*/timeouts correctly says the
timeouts aren't chip-original.
This is a backport for 4.9 kernel version of the original commit, with
renaming of "TPM_TIS_ITPM_POSSIBLE" flag removed since it was only a
cosmetic change and not a part of the real bug fix.
Fixes:
1107d065fdf1 ("tpm_tis: Introduce intermediate layer for TPM access")
Cc: stable@vger.kernel.org
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sachin Prabhu [Fri, 3 Mar 2017 23:41:38 +0000 (15:41 -0800)]
Handle mismatched open calls
commit
38bd49064a1ecb67baad33598e3d824448ab11ec upstream.
A signal can interrupt a SendReceive call which result in incoming
responses to the call being ignored. This is a problem for calls such as
open which results in the successful response being ignored. This
results in an open file resource on the server.
The patch looks into responses which were cancelled after being sent and
in case of successful open closes the open fids.
For this patch, the check is only done in SendReceive2()
RH-bz: 1403319
Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Acked-by: Sachin Prabhu <sprabhu@redhat.com>
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Thomas Gleixner [Tue, 31 Jan 2017 14:24:03 +0000 (15:24 +0100)]
timerfd: Protect the might cancel mechanism proper
commit
1e38da300e1e395a15048b0af1e5305bd91402f6 upstream.
The handling of the might_cancel queueing is not properly protected, so
parallel operations on the file descriptor can race with each other and
lead to list corruptions or use after free.
Protect the context for these operations with a seperate lock.
The wait queue lock cannot be reused for this because that would create a
lock inversion scenario vs. the cancel lock. Replacing might_cancel with an
atomic (atomic_t or atomic bit) does not help either because it still can
race vs. the actual list operation.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: "linux-fsdevel@vger.kernel.org"
Cc: syzkaller <syzkaller@googlegroups.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1701311521430.3457@nanos
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Steve Muckle [Sun, 7 May 2017 21:03:43 +0000 (14:03 -0700)]
ANDROID: android-base.cfg: remove USB_OTG_WAKELOCK
CONFIG_USB_OTG_WAKELOCK is currently somewhat outdated
and as such is not applicable to all Android devices. Until
it is brought up to date, remove it from the base Android
kernel configuration.
Bug:
37750863
Change-Id: I93d1d7204b46c5fe9f98455be9276a5bb38f6382
Signed-off-by: Steve Muckle <smuckle@google.com>
Steve Muckle [Sat, 6 May 2017 01:36:51 +0000 (18:36 -0700)]
ANDROID: android-base.cfg: remove defunct options
INET6_DIAG_DESTROY and NETFILTER_TPROXY are not used anymore
so they should not be part of the base Android kernel configuration.
Bug:
37749708
Change-Id: I59d0bf7d33a3b46e1f67f93f0b8e49eebbfce89c
Signed-off-by: Steve Muckle <smuckle@google.com>
Victor Wan [Fri, 5 May 2017 12:40:45 +0000 (20:40 +0800)]
Merge branch 'android-4.9' into amlogic-4.9-dev
Qiufang Dai [Fri, 5 May 2017 05:46:43 +0000 (13:46 +0800)]
PM / sleep: core suspend for m8b
PD#141217: core pm suspend driver for m8b.
Change-Id: I105eb6fb7765e5879feefc0beed07b852825c572
Signed-off-by: Qiufang Dai <qiufang.dai@amlogic.com>
Jianxin Pan [Fri, 5 May 2017 05:33:03 +0000 (13:33 +0800)]
timer: local timer not correct when cpu hotplug for m8b
PD#141217: local timer not correct when cpu off and on
Change-Id: I0c9006fb5ca91ea7767b0f2b9a8a2fb9d37c9eee
Signed-off-by: Jianxin Pan <jianxin.pan@amlogic.com>
Bo Yang [Fri, 5 May 2017 07:01:31 +0000 (15:01 +0800)]
jtag: fix mistake on state setup
PD#141217: jtag: fix mistake on state setup
Change-Id: If58925679b73a5af0f767797897fd0805644d356
Signed-off-by: Bo Yang <bo.yang@amlogic.com>
KeLe Bai [Thu, 4 May 2017 05:50:53 +0000 (13:50 +0800)]
di: enable cma
PD#143278: use cma instead of reserved memory
Change-Id: Ic7629c8efeb4ffb02e6c7ca9af70948a95578a7f
Signed-off-by: KeLe Bai <kele.bai@amlogic.com>
Pengcheng Chen [Thu, 4 May 2017 02:33:44 +0000 (10:33 +0800)]
osd: enable cma for osd
PD#143278: enable cma for osd
Change-Id: Ie5d82b070759e7bdea0323b3f06ea65bfa842b46
Signed-off-by: Pengcheng Chen <pengcheng.chen@amlogic.com>
Evoke Zhang [Thu, 4 May 2017 10:50:44 +0000 (18:50 +0800)]
hdmitx: correct 1080i vinfo field_height to 540
PD#143444: correct 1080i vinfo field_height to 540
Change-Id: Ie20516f7462bf001946a219bd2fb8e4de36ef8d8
Signed-off-by: Evoke Zhang <evoke.zhang@amlogic.com>
Bo Yang [Wed, 3 May 2017 08:43:55 +0000 (16:43 +0800)]
jtag: remodify jtag control mode
PD#141217: jtag: remodify jtag control mode
Jtag can be configured by boot parameter or device tree.
The boot parameter is prior to device tree.
If the gpios usded by jtag are in conflict with other module,
jtag will be failed to setup successfully.
It's not forced to remove the conflict.
The mmc_notify.h fot jtag is removed.
A new notify framework for jtag will be added in the future.
Change-Id: Iaedf3d4eb712192906b9cfe046a0cd408bfc169f
Signed-off-by: Bo Yang <bo.yang@amlogic.com>
Zongdong Jiao [Wed, 3 May 2017 06:03:49 +0000 (14:03 +0800)]
hdmitx: hpd: trigger a HPD signal
PD#142803: trigger HPD signal to start reading EDID
Change-Id: I438e8159f76a7338079e5a9a2120225491549feb
Signed-off-by: Zongdong Jiao <zongdong.jiao@amlogic.com>
Tao Zeng [Thu, 4 May 2017 02:59:13 +0000 (10:59 +0800)]
PD#143278: mm: increase default cma area size
1. default cma area size is 7, not enough for aml;
2. open cma debug sysfs.
Change-Id: I7937b3e1ca30b061ee7e0e00d8aea9abf712dc39
Signed-off-by: Tao Zeng <tao.zeng@amlogic.com>
Konrad Leszczynski [Wed, 24 Feb 2016 10:47:12 +0000 (10:47 +0000)]
ANDROID: usb: gadget: f_audio_source: disable the CPU C-states upon playback
Due to the issue with the isoc transfers being interrupted
by the CPU going into the idle state, the C-states will be
disabled for the playback time.
Change-Id: If4e52673606923d7e33a1d1dbe0192b8ad24f78c
Signed-off-by: Konrad Leszczynski <konrad.leszczynski@intel.com>
Signed-off-by: Russ Weight <russell.h.weight@intel.com>
Witold Sciuk [Sat, 13 Feb 2016 10:08:37 +0000 (11:08 +0100)]
ANDROID: usb: gadget: f_mtp: Set 0xFFFFFFFF in mtp header ContainerLength field
Value 0xFFFFFFFF should be set according specification
of MTP for large files when fileSize + mtpHeader is greater
than 0xFFFFFFFF.
MTP Specification, Appendix H - USB Optimizations
Patchset: mtp
Change-Id: I6213de052914350be2f87b73f8135f9c0cd05d7c
Signed-off-by: Witold Sciuk <witold.sciuk@intel.com>
Signed-off-by: Konrad Leszczynski <konrad.leszczynski@intel.com>
Signed-off-by: Russ Weight <russell.h.weight@intel.com>
Greg Kroah-Hartman [Wed, 3 May 2017 15:51:28 +0000 (08:51 -0700)]
Merge 4.9.26 into android-4.9
Changes in 4.9.26:
Revert "mmc: sdhci-msm: Enable few quirks"
ping: implement proper locking
sparc64: kern_addr_valid regression
sparc64: Fix kernel panic due to erroneous #ifdef surrounding pmd_write()
net: neigh: guard against NULL solicit() method
net: phy: handle state correctly in phy_stop_machine
kcm: return immediately after copy_from_user() failure
bpf: improve verifier packet range checks
net/mlx5: Avoid dereferencing uninitialized pointer
l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6
l2tp: purge socket queues in the .destruct() callback
net/packet: fix overflow in check for tp_frame_nr
net/packet: fix overflow in check for tp_reserve
l2tp: take reference on sessions being dumped
l2tp: fix PPP pseudo-wire auto-loading
net: ipv4: fix multipath RTM_GETROUTE behavior when iif is given
sctp: listen on the sock only when it's state is listening or closed
tcp: clear saved_syn in tcp_disconnect()
ipv6: Fix idev->addr_list corruption
net-timestamp: avoid use-after-free in ip_recv_error
net: vrf: Fix setting NLM_F_EXCL flag when adding l3mdev rule
sh_eth: unmap DMA buffers when freeing rings
dp83640: don't recieve time stamps twice
gso: Validate assumption of frag_list segementation
net: ipv6: RTF_PCPU should not be settable from userspace
netpoll: Check for skb->queue_mapping
ip6mr: fix notification device destruction
net/mlx5: Fix driver load bad flow when having fw initializing timeout
net/mlx5e: Fix small packet threshold
net/mlx5e: Fix ETHTOOL_GRXCLSRLALL handling
macvlan: Fix device ref leak when purging bc_queue
net: ipv6: regenerate host route if moved to gc list
net: phy: fix auto-negotiation stall due to unavailable interrupt
ipv6: check skb->protocol before lookup for nexthop
tcp: memset ca_priv data to 0 properly
ipv6: check raw payload size correctly in ioctl
ALSA: oxfw: fix regression to handle Stanton SCS.1m/1d
ALSA: firewire-lib: fix inappropriate assignment between signed/unsigned type
ALSA: seq: Don't break snd_use_lock_sync() loop by timeout
ARC: [plat-eznps] Fix build error
MIPS: KGDB: Use kernel context for sleeping threads
MIPS: cevt-r4k: Fix out-of-bounds array access
MIPS: Avoid BUG warning in arch_check_elf
p9_client_readdir() fix
ASoC: intel: Fix PM and non-atomic crash in bytcr drivers
Input: i8042 - add Clevo P650RS to the i8042 reset list
nfsd: check for oversized NFSv2/v3 arguments
nfsd4: minor NFSv2/v3 write decoding cleanup
nfsd: stricter decoding of write-like NFSv2/v3 ops
ceph: fix recursion between ceph_set_acl() and __ceph_setattr()
macsec: avoid heap overflow in skb_to_sgvec
net: can: usb: gs_usb: Fix buffer on stack
ARCv2: save r30 on kernel entry as gcc uses it for code-gen
ftrace/x86: Fix triple fault with graph tracing and suspend-to-ram
Linux 4.9.26
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Greg Kroah-Hartman [Wed, 3 May 2017 15:36:50 +0000 (08:36 -0700)]
Linux 4.9.26
Josh Poimboeuf [Thu, 13 Apr 2017 22:53:55 +0000 (17:53 -0500)]
ftrace/x86: Fix triple fault with graph tracing and suspend-to-ram
commit
34a477e5297cbaa6ecc6e17c042a866e1cbe80d6 upstream.
On x86-32, with CONFIG_FIRMWARE and multiple CPUs, if you enable function
graph tracing and then suspend to RAM, it will triple fault and reboot when
it resumes.
The first fault happens when booting a secondary CPU:
startup_32_smp()
load_ucode_ap()
prepare_ftrace_return()
ftrace_graph_is_dead()
(accesses 'kill_ftrace_graph')
The early head_32.S code calls into load_ucode_ap(), which has an an
ftrace hook, so it calls prepare_ftrace_return(), which calls
ftrace_graph_is_dead(), which tries to access the global
'kill_ftrace_graph' variable with a virtual address, causing a fault
because the CPU is still in real mode.
The fix is to add a check in prepare_ftrace_return() to make sure it's
running in protected mode before continuing. The check makes sure the
stack pointer is a virtual kernel address. It's a bit of a hack, but
it's not very intrusive and it works well enough.
For reference, here are a few other (more difficult) ways this could
have potentially been fixed:
- Move startup_32_smp()'s call to load_ucode_ap() down to *after* paging
is enabled. (No idea what that would break.)
- Track down load_ucode_ap()'s entire callee tree and mark all the
functions 'notrace'. (Probably not realistic.)
- Pause graph tracing in ftrace_suspend_notifier_call() or bringup_cpu()
or __cpu_up(), and ensure that the pause facility can be queried from
real mode.
Reported-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Tested-by: Paul Menzel <pmenzel@molgen.mpg.de>
Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: "Rafael J . Wysocki" <rjw@rjwysocki.net>
Cc: linux-acpi@vger.kernel.org
Cc: Borislav Petkov <bp@alien8.de>
Cc: Len Brown <lenb@kernel.org>
Link: http://lkml.kernel.org/r/5c1272269a580660703ed2eccf44308e790c7a98.1492123841.git.jpoimboe@redhat.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Vineet Gupta [Mon, 9 Jan 2017 03:45:48 +0000 (19:45 -0800)]
ARCv2: save r30 on kernel entry as gcc uses it for code-gen
commit
ecd43afdbe72017aefe48080631eb625e177ef4d upstream.
This is not exposed to userspace debugers yet, which can be done
independently as a seperate patch !
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Maksim Salau [Sun, 23 Apr 2017 17:31:40 +0000 (20:31 +0300)]
net: can: usb: gs_usb: Fix buffer on stack
commit
b05c73bd1e3ec60357580eb042ee932a5ed754d5 upstream.
Allocate buffers on HEAP instead of STACK for local structures
that are to be sent using usb_control_msg().
Signed-off-by: Maksim Salau <maksim.salau@gmail.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Jason A. Donenfeld [Fri, 21 Apr 2017 21:14:48 +0000 (23:14 +0200)]
macsec: avoid heap overflow in skb_to_sgvec
commit
4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee upstream.
While this may appear as a humdrum one line change, it's actually quite
important. An sk_buff stores data in three places:
1. A linear chunk of allocated memory in skb->data. This is the easiest
one to work with, but it precludes using scatterdata since the memory
must be linear.
2. The array skb_shinfo(skb)->frags, which is of maximum length
MAX_SKB_FRAGS. This is nice for scattergather, since these fragments
can point to different pages.
3. skb_shinfo(skb)->frag_list, which is a pointer to another sk_buff,
which in turn can have data in either (1) or (2).
The first two are rather easy to deal with, since they're of a fixed
maximum length, while the third one is not, since there can be
potentially limitless chains of fragments. Fortunately dealing with
frag_list is opt-in for drivers, so drivers don't actually have to deal
with this mess. For whatever reason, macsec decided it wanted pain, and
so it explicitly specified NETIF_F_FRAGLIST.
Because dealing with (1), (2), and (3) is insane, most users of sk_buff
doing any sort of crypto or paging operation calls a convenient function
called skb_to_sgvec (which happens to be recursive if (3) is in use!).
This takes a sk_buff as input, and writes into its output pointer an
array of scattergather list items. Sometimes people like to declare a
fixed size scattergather list on the stack; othertimes people like to
allocate a fixed size scattergather list on the heap. However, if you're
doing it in a fixed-size fashion, you really shouldn't be using
NETIF_F_FRAGLIST too (unless you're also ensuring the sk_buff and its
frag_list children arent't shared and then you check the number of
fragments in total required.)
Macsec specifically does this:
size += sizeof(struct scatterlist) * (MAX_SKB_FRAGS + 1);
tmp = kmalloc(size, GFP_ATOMIC);
*sg = (struct scatterlist *)(tmp + sg_offset);
...
sg_init_table(sg, MAX_SKB_FRAGS + 1);
skb_to_sgvec(skb, sg, 0, skb->len);
Specifying MAX_SKB_FRAGS + 1 is the right answer usually, but not if you're
using NETIF_F_FRAGLIST, in which case the call to skb_to_sgvec will
overflow the heap, and disaster ensues.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Yan, Zheng [Wed, 19 Apr 2017 02:01:48 +0000 (10:01 +0800)]
ceph: fix recursion between ceph_set_acl() and __ceph_setattr()
commit
8179a101eb5f4ef0ac9a915fcea9a9d3109efa90 upstream.
ceph_set_acl() calls __ceph_setattr() if the setacl operation needs
to modify inode's i_mode. __ceph_setattr() updates inode's i_mode,
then calls posix_acl_chmod().
The problem is that __ceph_setattr() calls posix_acl_chmod() before
sending the setattr request. The get_acl() call in posix_acl_chmod()
can trigger a getxattr request. The reply of the getxattr request
can restore inode's i_mode to its old value. The set_acl() call in
posix_acl_chmod() sees old value of inode's i_mode, so it calls
__ceph_setattr() again.
Link: http://tracker.ceph.com/issues/19688
Reported-by: Jerry Lee <leisurelysw24@gmail.com>
Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Tested-by: Luis Henriques <lhenriques@suse.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
J. Bruce Fields [Fri, 21 Apr 2017 19:26:30 +0000 (15:26 -0400)]
nfsd: stricter decoding of write-like NFSv2/v3 ops
commit
13bf9fbff0e5e099e2b6f003a0ab8ae145436309 upstream.
The NFSv2/v3 code does not systematically check whether we decode past
the end of the buffer. This generally appears to be harmless, but there
are a few places where we do arithmetic on the pointers involved and
don't account for the possibility that a length could be negative. Add
checks to catch these.
Reported-by: Tuomas Haanpää <thaan@synopsys.com>
Reported-by: Ari Kauppi <ari@synopsys.com>
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
J. Bruce Fields [Tue, 25 Apr 2017 20:21:34 +0000 (16:21 -0400)]
nfsd4: minor NFSv2/v3 write decoding cleanup
commit
db44bac41bbfc0c0d9dd943092d8bded3c9db19b upstream.
Use a couple shortcuts that will simplify a following bugfix.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
J. Bruce Fields [Fri, 21 Apr 2017 20:10:18 +0000 (16:10 -0400)]
nfsd: check for oversized NFSv2/v3 arguments
commit
e6838a29ecb484c97e4efef9429643b9851fba6e upstream.
A client can append random data to the end of an NFSv2 or NFSv3 RPC call
without our complaining; we'll just stop parsing at the end of the
expected data and ignore the rest.
Encoded arguments and replies are stored together in an array of pages,
and if a call is too large it could leave inadequate space for the
reply. This is normally OK because NFS RPC's typically have either
short arguments and long replies (like READ) or long arguments and short
replies (like WRITE). But a client that sends an incorrectly long reply
can violate those assumptions. This was observed to cause crashes.
Also, several operations increment rq_next_page in the decode routine
before checking the argument size, which can leave rq_next_page pointing
well past the end of the page array, causing trouble later in
svc_free_pages.
So, following a suggestion from Neil Brown, add a central check to
enforce our expectation that no NFSv2/v3 call has both a large call and
a large reply.
As followup we may also want to rewrite the encoding routines to check
more carefully that they aren't running off the end of the page array.
We may also consider rejecting calls that have any extra garbage
appended. That would be safer, and within our rights by spec, but given
the age of our server and the NFS protocol, and the fact that we've
never enforced this before, we may need to balance that against the
possibility of breaking some oddball client.
Reported-by: Tuomas Haanpää <thaan@synopsys.com>
Reported-by: Ari Kauppi <ari@synopsys.com>
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dmitry Torokhov [Thu, 13 Apr 2017 22:36:31 +0000 (15:36 -0700)]
Input: i8042 - add Clevo P650RS to the i8042 reset list
commit
7c5bb4ac2b76d2a09256aec8a7d584bf3e2b0466 upstream.
Clevo P650RS and other similar devices require i8042 to be reset in order
to detect Synaptics touchpad.
Reported-by: Paweł Bylica <chfast@gmail.com>
Tested-by: Ed Bordin <edbordin@gmail.com>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=190301
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Mon, 24 Apr 2017 12:09:55 +0000 (14:09 +0200)]
ASoC: intel: Fix PM and non-atomic crash in bytcr drivers
commit
6e4cac23c5a648d50b107d1b53e9c4e1120c7943 upstream.
The FE setups of Intel SST bytcr_rt5640 and bytcr_rt5651 drivers carry
the ignore_suspend flag, and this prevents the suspend/resume working
properly while the stream is running, since SST core code has the
check of the running streams and returns -EBUSY. Drop these
superfluous flags for fixing the behavior.
Also, the bytcr_rt5640 driver lacks of nonatomic flag in some FE
definitions, which leads to the kernel Oops at suspend/resume like:
BUG: scheduling while atomic: systemd-sleep/3144/0x00000003
Call Trace:
dump_stack+0x5c/0x7a
__schedule_bug+0x55/0x70
__schedule+0x63c/0x8c0
schedule+0x3d/0x90
schedule_timeout+0x16b/0x320
? del_timer_sync+0x50/0x50
? sst_wait_timeout+0xa9/0x170 [snd_intel_sst_core]
? sst_wait_timeout+0xa9/0x170 [snd_intel_sst_core]
? remove_wait_queue+0x60/0x60
? sst_prepare_and_post_msg+0x275/0x960 [snd_intel_sst_core]
? sst_pause_stream+0x9b/0x110 [snd_intel_sst_core]
....
This patch addresses these appropriately, too.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Acked-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>