Seung-Woo Kim [Wed, 27 Jan 2021 07:25:16 +0000 (16:25 +0900)]
misc: khadas-mcu: fan: enable as auto mode by default
Without sysfs contron, by default enable khadas fan as auto mode.
It will check cpu temperature per every 5 seconds.
Change-Id: I111b542ee62b2fdda0f65124f030db4f13b85c5f
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 19 Nov 2019 01:21:01 +0000 (10:21 +0900)]
arm64/ptrace: Add compat FPR register support
From aarch32 ptrace view, fpr register support is done with vfp
registers. As like aarch32 ptrace view, Add to suppot compat fpr
resister with vfp.
Change-Id: If5b4b6b5f33b7691ba9d3b65c1bffcf316e19588
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Mon, 25 Jan 2021 06:48:02 +0000 (15:48 +0900)]
amlogic: bt: Remove memory leak
The prdata is covered by pdata from bt_probe, so there is memory
leak for prdata. Remove the memory leak store prdata, and get
pdata from prdata.
This fixes following kmemleak issue:
unreferenced object 0xffffffc00c39e300 (size 64):
...
backtrace:
[<
ffffff90094318b8>] create_object+0x278/0x580
[<
ffffff900b06e90c>] kmemleak_alloc+0x74/0xa0
[<
ffffff9009409fa0>] kmem_cache_alloc_trace+0x328/0x5e8
[<
ffffff900a850b04>] bt_probe+0x20c/0x870
...
Change-Id: Ic3f2091d16806dba0855927d048747b40cb96f80
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Mon, 25 Jan 2021 06:44:20 +0000 (15:44 +0900)]
kmemleak: Fix bad memory access with scan stack for amlogic vmap
When AMLOGIC_VMAP is enabled, try_get_task_stack() returns address
of stasck instead of page address. This causes bad memory access
during kmemleak scan stack. Fix the bad memory access by using
aml_task_stack().
Note: Maybe, get_task_stack() needs to call aml_task_stack() is
required, but aml_task_stack() has no consideration for kmalloced
task stack, so just fix from kmemleak.
Change-Id: I58a2e324cb92cd692d2260c675e81d7d0715e96c
Fixes: commit
4d6ae4359385 ("mm: optimize thread stack usage on arm64 [1/1]")
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Mon, 25 Jan 2021 06:40:42 +0000 (15:40 +0900)]
amlogic: mm: Add aml_task_stack() in amlogic vmap
In kerne, there are several places to get stack page address of
task and when using AMLOGIC_VMAP, task_stack_page() does not
return page address. Add aml_task_stack() to get task stack page
for amlogic vmap.
Change-Id: I64cd827f98bec74357227dcc3ed546807b5406e3
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Fri, 22 Jan 2021 05:52:15 +0000 (14:52 +0900)]
arm64: dts: amlogic: g12 boards: Remove size 0 cma areas
The cma area with size 0 has no meaning and it adds unnecessary
reserve information. Remove size 0 cma areas.
Change-Id: I02f6091d7628e19aec3be928612e778c57648c9e
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Thu, 21 Jan 2021 06:22:52 +0000 (15:22 +0900)]
of: Fix wrong kmemleak ignore in reserved_mem
If size is 0, then kmemleak object found for ignore object is not
properly working and ignore should work for create kmemleak object.
Fix the wrong kmemleak ignore usages in of_reserved_mem.
This removes below kmemleak warnings:
kmemleak: Not scanning unknown object at 0xffffffc0f4807000
kmemleak: Not scanning unknown object at 0xffffffc0f4800000
kmemleak: Not scanning unknown object at 0xffffffc007400000
...
[<
ffffff900af159b0>] kmemleak_no_scan+0xd8/0xe8
[<
ffffff900ba72d1c>] kmemleak_init+0x260/0x504
..
kmemleak: Early log backtrace:
log_early+0x1d8/0x268
kmemleak_no_scan+0xbc/0xe8
fdt_init_reserved_mem+0x8b4/0x928
early_init_fdt_scan_reserved_mem+0x100/0x13c
arm64_memblock_init+0x310/0x388
...
Change-Id: Idac1f672b06373f6eb7485d63b60747f2cf9f5b5
Fixes: commit
47a87b6930cd ("kmemleak: shouldn't scan reserved memory")
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Wed, 20 Jan 2021 05:25:45 +0000 (14:25 +0900)]
amlogic/media: lcd: Fix division by zero
If no lcd is set by bootargs, it can not choose lcd type from
device tree and it causes division by zero. Fix the it by checking
division value.
This fixes below ubsan warnings:
UBSAN: Undefined behaviour in drivers/amlogic/media/vout/lcd/lcd_common.c:777:59
UBSAN: Undefined behaviour in drivers/amlogic/media/vout/lcd/lcd_common.c:778:43
UBSAN: Undefined behaviour in drivers/amlogic/media/vout/lcd/lcd_common.c:784:53
UBSAN: Undefined behaviour in drivers/amlogic/media/vout/lcd/lcd_common.c:786:59
UBSAN: Undefined behaviour in drivers/amlogic/media/vout/lcd/lcd_common.c:787:43
division by zero
...
[
ffffff9200003610+ 96][<
ffffff9009b70fac>] __ubsan_handle_divrem_overflow+0x8c/0xc8
[
ffffff9200003670+ 144][<
ffffff900a582eac>] lcd_timing_init_config+0x254/0x390
[
ffffff9200003700+ 544][<
ffffff900a5aeb50>] lcd_tablet_probe+0xfa0/0x3f50
[
ffffff9200003920+ 64][<
ffffff900a57a51c>] lcd_mode_probe+0x54/0x6c0
[
ffffff9200003960+ 272][<
ffffff900a57bf5c>] lcd_probe+0x984/0x1070
...
Change-Id: I6ad73fcd554715c1d7ac3cadf82ead251b596e1c
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Wed, 20 Jan 2021 02:00:11 +0000 (11:00 +0900)]
char: aml-gpiomem: Use allocated pointer for class registration
The class name for class_create() requires memory pointer not freed
until the class is destroy, but local array is used, so it causes
memory bad access. Use allocated pointer for class registration.
This fixes below kasan warning:
BUG: KASAN: out-of-bounds in strlcpy+0x48/0x88
Read of size 11 at addr
ffffffc00029f9c0 by task udevadm/2912
...
[<
ffffff900941ca9c>] check_memory_region+0x12c/0x1a0
[<
ffffff900941d0d4>] memcpy+0x34/0x68
[<
ffffff9009af8968>] strlcpy+0x48/0x88
[<
ffffff9009aeb74c>] kobject_uevent_env+0x55c/0x948
[<
ffffff9009aebb48>] kobject_uevent+0x10/0x18
[<
ffffff9009de5ca0>] uevent_store+0xf0/0xf8
...
Change-Id: I0e265a8b1b52e732de262a0058bd821419ca4fe8
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 19 Jan 2021 05:47:25 +0000 (14:47 +0900)]
usb: gadget: f_fs: Fix use-after-free for unbind with remaining io
If usb has stall, then there can be remaining submitted io and
unbinding f_fs with the remaining io, there is use-after-free.
Fix the use-after-free by checking endpoint after wait.
This fixes following kasan warning:
BUG: KASAN: use-after-free in ffs_epfile_io+0x654/0xb58
Read of size 4 at addr
ffffffc0a44e65dc by task mtp-responder/5117
...
[<
ffffff900a037794>] ffs_epfile_io+0x654/0xb58
[<
ffffff900a03818c>] ffs_epfile_read_iter+0x1ac/0x3e0
...
Allocated by task 3869:
...
__kmalloc+0x234/0x760
_ffs_func_bind+0x264/0x7c8
ffs_func_bind+0xe8/0x650
usb_add_function+0x13c/0x378
...
Freed by task 3869:
...
kfree+0xa4/0x750
ffs_func_unbind+0x150/0x248
purge_configs_funcs+0x1a0/0x310
...
Change-Id: I2bb9b07d93b1ac42432caaa2c2176d987b36b140
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Mon, 18 Jan 2021 07:16:24 +0000 (16:16 +0900)]
amlogic: drm/meson: Fix to use address type for 64bit
In arm64, physical address type is accessed as 64bit, but
there is 32bit variable for it, so there is out-of-bounds
access. Fix to use address type for 64bit.
This fixes following kasan wanring:
BUG: KASAN: stack-out-of-bounds in ion_phys+0xb4/0x180
Write of size 8 at addr
ffffffc0a152f700 by task enlightenment/4189
...
[<
ffffff900a3ddaec>] ion_phys+0xb4/0x180
[<
ffffff900a76cc4c>] am_meson_gem_object_get_phyaddr+0x114/0x148
[<
ffffff900a774808>] meson_plane_atomic_check+0x570/0xea8
...
Change-Id: I185601b2dd8f0bb9c700f87c2baaa9f6ebb183d8
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Fri, 15 Jan 2021 04:41:36 +0000 (13:41 +0900)]
amlogic: drm/meson: Fix plane state out-of-bounds access
For drm_plane_funcs callbacks, it was fixed to use meson specific
functions except reset callback. Not like other meson specific
callbacks, reset callback allocates drm_plane_state, so accessing
meson_plane_state from drm_plane state in other callbacks causes
out-of-bounds access. Fix plane state out-of-bounds access by using
meson specific reset callback using meson_plane_state based on
drm_atomic_helper_plane_reset().
This removes below kasan warning:
BUG: KASAN: slab-out-of-bounds in kmemdup+0x4c/0xb0
Read of size 128 at addr
ffffffc005a710c0 by task enlightenment/4376
...
[<
ffffff90093959ec>] kmemdup+0x4c/0xb0
[<
ffffff900a7714e8>] meson_plane_duplicate_state+0x40/0x90
[<
ffffff9009d406d4>] drm_atomic_get_plane_state+0xc4/0x230
[<
ffffff9009cf6284>] __drm_atomic_helper_set_config+0xdc/0x788
[<
ffffff9009cf6a0c>] drm_atomic_helper_set_config+0xdc/0x178
[<
ffffff900a775df8>] meson_crtc_set_mode+0x40/0x68
[<
ffffff9009d22d54>] drm_mode_set_config_internal+0xf4/0x348
[<
ffffff9009d249ec>] drm_mode_setcrtc+0x1d4/0x910
...
Allocated by task 1:
...
kmem_cache_alloc_trace+0x20c/0x6c8
drm_atomic_helper_plane_reset+0x6c/0xc8
drm_mode_config_reset+0x7c/0x310
am_meson_drm_bind+0x1fc/0x2f8
try_to_bring_up_master.part.1+0x70/0x128
component_master_add_with_match+0x1b8/0x230
am_meson_drv_probe+0x3c8/0x410
...
Change-Id: Ie7bfd41d797a0782cffa45801629981c25b01561
Fixes commit
1f1efcfdd85d ("drm: add multi-layer support [1/1]")
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Wed, 13 Jan 2021 07:52:58 +0000 (16:52 +0900)]
Staging: android: ion: fix to set cached element of pool always
The allocated memory with kmalloc() can have invalid value. To
avoid using the invalid value, always set cached element.
This removes below UBSAN warning:
UBSAN: Undefined behaviour in drivers/staging/android/ion/ion_page_pool.c:33:11
load of value 152 is not a valid value for type '_Bool'
...
[<
ffffff9009b89e48>] __ubsan_handle_load_invalid_value+0x80/0x90
[<
ffffff900a2c4044>] ion_page_pool_alloc+0x154/0x180
[<
ffffff900a2c5b60>] ion_system_heap_allocate+0x2b8/0xa68
[<
ffffff900a2c0688>] ion_alloc+0x238/0x9c8
...
Change-Id: I86e0ee70404bb074dad3b73dccec31ebcf2c7c72
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Wed, 13 Jan 2021 05:50:51 +0000 (14:50 +0900)]
clk: amlogic: g12a: fix divide by zero for default pll register
On reset register value 0x20000000 for some plls of g12, there are
divide by zero operations warned by UBSAN. For the case, calculate
pll rate as zero.
This removes below UBSAN warnings:
UBSAN: Undefined behaviour in drivers/amlogic/clk/g12a/g12a_clk-pll.c:155:74
...
UBSAN: Undefined behaviour in drivers/amlogic/clk/g12a/g12a_clk-pll.c:140:74
...
UBSAN: Undefined behaviour in drivers/amlogic/clk/g12a/g12a_clk-pll.c:145:25
division by zero
...
[<
ffffff9009b8de04>] __ubsan_handle_divrem_overflow+0x8c/0xc8
[<
ffffff900a37f140>] meson_g12a_pll_recalc_rate+0x8d0/0x930
[<
ffffff9009c4909c>] clk_register+0x724/0xe10
[<
ffffff900bab2fec>] g12a_clkc_init+0x640/0x7fc
...
Change-Id: I4f0c771502e2ae0291a9eaffbea7a03e617009af
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 12 Jan 2021 09:19:36 +0000 (18:19 +0900)]
net: rtl88xx: fix to check null adapter
UBSAN warns about null pointer accessin rtl88xx. Fix to check
null pointer for adapter to remove below warning:
UBSAN: Undefined behaviour in drivers/net/wireless/rtl8812au/os_dep/osdep_service.c:1187:2
member access within null pointer of type 'struct _adapter'
[...]
[<
ffffff9009b8d8b0>] __ubsan_handle_type_mismatch+0x28/0x30
[<
ffffff900330d2e4>] rtw_init_timer+0xbc/0xf0 [88XXau]
[<
ffffff90033150c8>] devobj_init+0x90/0x100 [88XXau]
[<
ffffff900331932c>] rtw_usb_primary_adapter_init+0x64c/0x1558 [88XXau]
[<
ffffff9009f77a1c>] usb_probe_interface+0x16c/0x4c8
[...]
Change-Id: I258df3b790d7b1be49a89706dca46a895c4461b8
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Tao Zeng [Wed, 28 Aug 2019 07:25:40 +0000 (15:25 +0800)]
mm: fix wrong kasan report [1/1]
PD#SWPL-13281
Problem:
There are 2 types of wrong kasan report after merge change of
save wasted slab.
1, slab-out-of-bounds, which is caused by krealloc set shadow
memory out-of-range, since tail of page was freed.
2, use-after-free, which is caused by kasan_free_pages called
after a page freed. Because this function already called in
free_page, so it marked shadow memory twice.
Solution:
1, make shadow do not out of range if a tail page was freed and
been realloc again.
2, remove call of kasan_free_pages.
Verify:
X301
Signed-off-by: Tao Zeng <tao.zeng@amlogic.com>
[sw0312.kim: fully apply amlogic vendor commit
becb83999e19 missed from merge]
Ref: https://github.com/hardkernel/linux/commit/
becb83999e19d2055458f08a2b7a44bd1170853e
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I71daa41038e156a9bacf26e27fc51792d558f819
Hoegeun Kwon [Mon, 11 Jan 2021 08:16:13 +0000 (17:16 +0900)]
NPU: Update DDK Version to 6.4.3CB
This DDK v6.4.3 from vendor kernel tree for support npu.
commit:
f5d5919889be (tag: khadas-vims-v0.9.7-release) Update DDK Version to 6.4.3CB
url: https://github.com/khadas/linux/commit/
f5d5919889becec2c0988bc6a6aa839012982e8a
Change-Id: I4ec74460ccb90a87158abe47c1b08cdeeed5dcdf
Signed-off-by: yan <yan-wyb@foxmail.com>
Signed-off-by: Hoegeun Kwon <hoegeun.kwon@samsung.com>
Hoegeun Kwon [Mon, 11 Jan 2021 06:15:55 +0000 (15:15 +0900)]
packaging: Remove define debug_package
Delete the debug package nil. A problem occurs when the cmake version
is upgraded.
Change-Id: I65190223d728492ad83f0cebfa7cb6b926d9c5bf
Signed-off-by: Hoegeun Kwon <hoegeun.kwon@samsung.com>
Jaehoon Chung [Thu, 7 Jan 2021 07:39:11 +0000 (16:39 +0900)]
amlogic: reboot: add fota as reboot paremeter
Add fota as reboot parameter.
To use it, defined MESON_FOTA_REBOOT as 3.
Change-Id: I06e725cf47e6d0de0add7336266679203dcf6a41
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Jaehoon Chung [Thu, 7 Jan 2021 06:30:45 +0000 (15:30 +0900)]
script: fix wrong exit location
Fix wrong exit location.
When using same config with previous config, it doesn't build and
immediately exit.
Change-Id: Idbc58c24fc7bd20863aee2e6d75d2e296a1d26cd
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Jaehoon Chung [Mon, 28 Dec 2020 00:10:00 +0000 (09:10 +0900)]
net: wireless: bcmdhd: remove unnecessary message
Remove unnecessary message when run "make clean".
- bcm SDIO driver configured
Change-Id: Ie0a48857c709a00f2aa73b425ad8f434fddf959e
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Seung-Woo Kim [Tue, 22 Dec 2020 07:27:46 +0000 (16:27 +0900)]
arm64: configs: tizen_*: Disable RAID6_PQ_BENCHMARK
Skip the algorithm benchmarking process of RAID6. This is helpful for
systems where fast kernel startup is important. Also, The option is not
crucial for the amlogic boards.
Change-Id: Ib83637d619ed779058403f24fc87ab0880f7d623
Signed-off-by: Junghoon Kim <jhoon20.kim@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Daniel Verkamp [Mon, 12 Nov 2018 23:26:52 +0000 (15:26 -0800)]
lib/raid6: add option to skip algo benchmarking
This is helpful for systems where fast startup time is important.
It is especially nice to avoid benchmarking RAID functions that are
never used (for example, BTRFS selects RAID6_PQ even if the parity RAID
mode is not in use).
This saves 250+ milliseconds of boot time on modern x86 and ARM systems
with a dozen or more available implementations.
The new option is defaulted to 'y' to match the previous behavior of
always benchmarking on init.
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Signed-off-by: Shaohua Li <shli@fb.com>
[sw0312.kim: cherry-pick mainline commit
be85f93ae2df to skip unnecessary raid6 benchmark during booting]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I70256f5cbfb61c0033a16d2eb57e10e0dd1e6768
Seung-Woo Kim [Tue, 22 Dec 2020 07:15:35 +0000 (16:15 +0900)]
arm64: dts: amlogic: odroid: Update gpiomem node as khadas's style
For multi-instance of gpiomem, khadas gpiomem uses seperated
gpiomem nodes with its own dev node name. Because gpiomem driver
is applied as khadas' style, so update from odroid dt files.
Change-Id: I98b802d30045b2936ab98d6e23b81e6aff8068d6
Fixes: commit
c167bac048f5 ("char: aml-gpiomem: Update to Khadas' multi-instance version")
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Fri, 18 Dec 2020 04:38:26 +0000 (13:38 +0900)]
treewide: Remove unnecessary executable attributes from source files
No need executable attributes for source files. Remove executable
attributes from source files.
Change-Id: Ide52ab63e927804ab10ed4e840959c8e7fef9242
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Joe Perches [Fri, 24 Feb 2017 06:29:40 +0000 (22:29 -0800)]
treewide: Remove remaining executable attributes from source files
These are the current source files that should not have
executable attributes set.
[ Normally this would be sent through Andrew Morton's tree
but his quilt tools don't like permission only patches. ]
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[sw0312.kim: backport mainline commit
6e5c8381d1db to remove unnecessary executable]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I921790c9b9e8be67f14d31f76f2002215771d889
Joe Perches [Mon, 12 Dec 2016 22:26:55 +0000 (14:26 -0800)]
treewide: Make remaining source files non-executable
.c and .h source files should not be executable, change
the permissions to 0644.
[ This would normally go through Andrew Morton, but his ancient
patch-based toolchain doesn't do permission changes ]
Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[sw0312.kim: cherry-pick mainline commit
fe6bce8d30a8 to remove unnecessary executable]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I1f9a2d12877632a1bace7f66200fe9d9b80e9bd7
Seung-Woo Kim [Fri, 18 Dec 2020 03:53:41 +0000 (12:53 +0900)]
script: add a build script for amlogic boards
Add a build script for amlogic boards.
For Odroid-C4/N2, it will create the below files.
- odroid/Image.gz
- meson64-odroidc4.dtb
- meson64-odroidn2_drm.dtb
- modules.img (with ${version}-TIZEN-amlogic-odroid+)
For Khadas VIM3/VIM3L, it will create the below files.
- kvim/Image.gz
- kvim3_linux.dtb
- kvim3l_linux.dtb
- modules.img (with ${version}-TIZEN-amlogic-kvim+)
For 'all' boards build, it will create the below files.
- odroid/Image.gz
- kvim/Image.gz
- meson64-odroidc4.dtb
- meson64-odroidn2_drm.dtb
- kvim3_linux.dtb
- kvim3l_linux.dtb
- modules.img (with ${version}-TIZEN-amlogic-odroid+ and ${version}-TIZEN-amlogic-kvim+)
Change-Id: I7bd9ae47576ab53d206b7c268f035b244a22f8e2
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Hoegeun Kwon <hoegeun.kwon@samsung.com>
[sw0312.kim: add to support 'all' board option]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Jaehoon Chung [Thu, 17 Dec 2020 07:57:06 +0000 (16:57 +0900)]
amlogic: reboot: add MESON_DOWNOLAD_REBOOT to enter thor mode
Add MESON_DOWNLOAD_REBOOT to enter thor mode.
Reuse the MESON_FASTBOOT_REBOOT value.
Change-Id: Ie3272062b103f131b8088191e4b534d4eff48819
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Seung-Woo Kim [Thu, 17 Dec 2020 03:37:18 +0000 (12:37 +0900)]
ASoc: meson: remove duplicated const
The macro SOC_*_DECL() already has const, so "const SOC_*_DECL()"
makes duplicated const. Remove the duplicated const.
Change-Id: I259251ff91c27344f723bf7da5003ffcff99d802
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Stephen Warren [Wed, 8 Jan 2020 18:54:14 +0000 (11:54 -0700)]
arm64: alternatives: use tpidr_el2 on VHE hosts
When upstream
6d99b68933fb was back-ported to upstream v4.9.x stable as
eea59020a7f2, the edits to arch/arm64/mm/proc.S were dropped because
proc.S didn't save/restore tpidr_el1 at all. Separately, in android-4.9,
0ec37136b90e ("UPSTREAM: arm64: move sp_el0 and tpidr_el1 into
cpu_suspend_ctx") modified proc.S to save/restore tpidir_el1. These two
paths were later merged together in android-4.9. The missing edits to
proc.S should have been added in during the merge, but were not. This
change restores those edits. The original upstream change description
of
6d99b68933fb follows; this is where the missing code appeared
originally.
Commit
6d99b68933fbcf51f84fcbba49246ce1209ec193 upstream.
Now that KVM uses tpidr_el2 in the same way as Linux's cpu_offset in
tpidr_el1, merge the two. This saves KVM from save/restoring tpidr_el1
on VHE hosts, and allows future code to blindly access per-cpu variables
without triggering world-switch.
Signed-off-by: James Morse <james.morse@arm.com>
Reviewed-by: Christoffer Dall <cdall@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Fixes:
eea59020a7f2 ("arm64: alternatives: use tpidr_el2 on VHE hosts")
Fixes:
0ec37136b90e ("UPSTREAM: arm64: move sp_el0 and tpidr_el1 into cpu_suspend_ctx")
Fixes:
4a5211fa1474 ("Merge 4.9.114 into android-4.9-p")
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[sw0312.kim: cherry-pick android-4.9-q commit
c337caddb549 to fix booting issue
- also fully applying linux-4.9.y commit
eea59020a7f2 ("arm64: alternatives: use tpidr_el2 on VHE hosts") skipped from khadas' revert]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Iad39e6f1fb662b95967e8ebd07a36844bf46cd2d
Jaehoon Chung [Wed, 16 Dec 2020 05:43:04 +0000 (14:43 +0900)]
mmc: card: replace to CONFIG_TIZEN instead of 0
Replace to CONFIG_TIZEN instead of 0.
Change-Id: If131c42b517e01ef5171218aa29beaf3254400c7
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Jaehoon Chung [Mon, 14 Dec 2020 06:00:27 +0000 (15:00 +0900)]
ARM64: configs: enable CONFIG_TIZEN about kvims/odroidg12
Enable CONFIG_TIZEN about kvim3/odroidg12.
Change-Id: I9527dc3310d0656863d4f80dffb36af3d47a8149
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Jaehoon Chung [Mon, 14 Dec 2020 04:55:59 +0000 (13:55 +0900)]
platform: Kconfig: Add TIZEN configuration
Add TIZEN configuration.
If Tizen specific code is used somewhere, use this config.
It's useful to find where tizen specific codes are.
Change-Id: I068c4e8e943b35d89265384dd7ecf61c75ec3ae9
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Seung-Woo Kim [Thu, 10 Dec 2020 11:20:41 +0000 (20:20 +0900)]
arm64: configs: tizen_odroidg12: disable unnecessary btrfs options
The commit
ac70f5b01e79 ("arm64: configs: tizen_*: adjust
filesystem module config options") did not disable unnecessary
btrfs self test options. Disable the btrfs options.
Note: this should be squashed into the commit.
Change-Id: I50298f4dc902a55a140b04db7dc29367c40138e5
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Mon, 7 Dec 2020 01:54:27 +0000 (10:54 +0900)]
packaging: add rpm packaging spec
For Tizen packaging, add rpm packaging spec to build both odroid
and kvim boards.
Change-Id: I14815c8df90b6455bb1bd37b8111e9f206163040
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Mon, 7 Dec 2020 10:19:14 +0000 (19:19 +0900)]
drm: Kbuild: add meson_drm.h to the installed headers
To use meson drm in user, meson_drm.h should be installed.
Change-Id: I09ebba543ea53f7406d8de5c43979ca3d5f0b0f9
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Hoegeun Kwon [Tue, 17 Nov 2020 10:14:25 +0000 (19:14 +0900)]
WORKAROUND: arm64: configs: tizen_*: enable acm gadget and its dummy mode
To support tizen gadget mode of deviced, acm gadget is required
because it is always in device mode configuration. But there is issue
for using too mant gadget functions because of amlogic usb endpoint
fifo limitation. So, eanble acm gadget and its dummy mode.
Note: When usb device mode config is possible to set mtp and sdb only,
then this workaround can be removed.
Change-Id: Iacffadce2acdd78845002ff2db6b224a09f4bfe0
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Signed-off-by: Hoegeun Kwon <hoegeun.kwon@samsung.com>
Seung-Woo Kim [Fri, 4 Dec 2020 06:09:30 +0000 (15:09 +0900)]
WORKAROUND: usb: gadget: f_acm: Add dummy mode
With amlogic dwc2, only fixed bytes for fifo can be used because
it is set as 2848 bytes in sram. But Tizen default usb gadget mode
enables mtp, acm, and sdb, and for those interfaces, 3104 bytes
are required. Disabling acm gadget causes usb mode setting fail in
Tizen deviced, so add acm gadget dummy mode which enables acm
gadget in configuration, but not really using any endpoint fifo.
Note: once gadget mode is properly fixed, this change will not be
necessary, so it will be reverted after gadget mode modification
is done in deviced.
Change-Id: I6148a714520642050133b6c32bce666971869826
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Mon, 7 Dec 2020 03:06:55 +0000 (12:06 +0900)]
arm64: configs: tizen_*: adjust filesystem module config options
Tizen uses ext4, squashfs, btrfs and fat/dosfs. For feature test,
also enable extfat, f2fs, overlayfs and ecryptfs and disable all
other filesystems including network filesystem.
Change-Id: I51c380574eacf0f6557ebbd68e1754222619a509
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Hoegeun Kwon [Wed, 2 Dec 2020 09:42:36 +0000 (18:42 +0900)]
arm64: configs: tizen_*: Fix to build BLK_DEV_RAM as built-in
Fix to build BLK_DEV_RAM as built-in for Tizen ramdisk boot and
set size to 32MB for Tizen ramdisk/ramdisk-recovery.
Change-Id: I9b24953105f19746fa4c12fed75690f16e71e904
Signed-off-by: Hoegeun Kwon <hoegeun.kwon@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Hoegeun Kwon [Fri, 4 Dec 2020 04:30:53 +0000 (13:30 +0900)]
arm64: configs: tizen_*: Enable SECURITY_SMACK and disable all other LSM
It needs to enable configs related with SMACK for booting tizen
platform. Also, other LSMs are not required in Tizen, so disable
them.
Change-Id: I44680664404bd4e1fda6fc9e7d1b31910de435b1
Signed-off-by: Hoegeun Kwon <hoegeun.kwon@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Fri, 4 Dec 2020 06:01:50 +0000 (15:01 +0900)]
arm64: configs: tizen_kvims: Disable local git RELEASE version
No need to git hash value in kernel RELEASE version, so disable it.
Change-Id: I2b945f6a85b8b31ea6650eca4ad7370eca68c466
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Fri, 4 Dec 2020 04:44:42 +0000 (13:44 +0900)]
gpu/arm: utgard: do not use git version as driver version
Using git version as driver version causes repeated build
for the mali utgard driver even there is no change. Also,
git describe command takes time, so do not use git version.
Change-Id: I456e0296681bf6dd48b87b2067786b392504d8cb
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Fri, 4 Dec 2020 04:41:12 +0000 (13:41 +0900)]
amlogic: isp_module: find include directory only under source tree
For building, it takes too much time to find include directory
because find is called from top directory. Fix to find only under
source tree.
Change-Id: I0b77d6b6b68dba39d8b9c7f41dbc6570ff9c2a0c
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Ard Biesheuvel [Mon, 3 Dec 2018 19:58:05 +0000 (20:58 +0100)]
arm64: relocatable: fix inconsistencies in linker script and options
commit
3bbd3db86470c701091fb1d67f1fab6621debf50 upstream.
readelf complains about the section layout of vmlinux when building
with CONFIG_RELOCATABLE=y (for KASLR):
readelf: Warning: [21]: Link field (0) should index a symtab section.
readelf: Warning: [21]: Info field (0) should index a relocatable section.
Also, it seems that our use of '-pie -shared' is contradictory, and
thus ambiguous. In general, the way KASLR is wired up at the moment
is highly tailored to how ld.bfd happens to implement (and conflate)
PIE executables and shared libraries, so given the current effort to
support other toolchains, let's fix some of these issues as well.
- Drop the -pie linker argument and just leave -shared. In ld.bfd,
the differences between them are unclear (except for the ELF type
of the produced image [0]) but lld chokes on seeing both at the
same time.
- Rename the .rela output section to .rela.dyn, as is customary for
shared libraries and PIE executables, so that it is not misidentified
by readelf as a static relocation section (producing the warnings
above).
- Pass the -z notext and -z norelro options to explicitly instruct the
linker to permit text relocations, and to omit the RELRO program
header (which requires a certain section layout that we don't adhere
to in the kernel). These are the defaults for current versions of
ld.bfd.
- Discard .eh_frame and .gnu.hash sections to avoid them from being
emitted between .head.text and .text, screwing up the section layout.
These changes only affect the ELF image, and produce the same binary
image.
[0]
b9dce7f1ba01 ("arm64: kernel: force ET_DYN ELF type for ...")
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Peter Smith <peter.smith@linaro.org>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: backport stable linux-4.14.y commit
f21ce3cdff2f for gcc 9 built image size]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I0ddfedad20188dcd9d7b416370e95d175b595db0
Seung-Woo Kim [Thu, 3 Dec 2020 05:10:57 +0000 (14:10 +0900)]
arm64: configs: Add tizen_kvims from kvims_defconfig
Add tizen_kvims from kvims_defconfig, stored with the command
'make ARCH=arm64 savedefconfig'.
Change-Id: Iddd3a2750a1796b78f1649d551f279cf05a4c6e5
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Hoegeun Kwon [Thu, 3 Dec 2020 05:07:50 +0000 (14:07 +0900)]
arm64: configs: Add tizen_odroidg12_defconfig from odroidg12_defconfig
Add tizen_odroidg12_defconfig from odroidg12_defconfig, but
stored with the command 'make ARCH=arm64 savedefconfig'.
Note: the mali400 driver is added from Khadas's tree and not used
from odroidg12, so it is disabled.
Change-Id: Ibd5ccaf09b5628d484b53417054fd54dd742419c
Signed-off-by: Hoegeun Kwon <hoegeun.kwon@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Wed, 22 Jul 2020 06:48:24 +0000 (15:48 +0900)]
arm64: dts: VIM3/VIM3L: Set extcon state for dwc2_a cable as always true
Since this, extcon state for dwc2_a, dwc_otg udc becomes always
'USB=1'.
Change-Id: I45f5c31a9ca42b4049a10b4fd1b008d2ba1726a0
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Thu, 3 Dec 2020 03:55:02 +0000 (12:55 +0900)]
arm64: dts: mesong12_odroid_common: Set extcon state for dwc2_a cable as always true
Since this, extcon state for dwc2_a, dwc_otg udc becomes always
'USB=1'.
Note: odroid-c4/n2 connects usb_dwc2_a_id to usb connector id
and usb_dwc2_a_vbus to usb connector vbus, so usb connect event
can be detected including otg host and peripheral recognition.
But the detection is possible to after configuration gadget on
the udc, so in Tizen, it does not work because Tizen deviced
waits usb connection to configure gadget on the udc. Because of
this constraint in Tizen deviced, as a workaround, set extcon
state for dwc2_a usb cable as connected.
Change-Id: I755b3385f21d7ac49673afea291e4a43497be030
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Thu, 3 Dec 2020 03:53:43 +0000 (12:53 +0900)]
usb: dwc_otg: Set extcon state for usb cable as always true
To inform to userspace as enable usb features always, set extcon
state for usb cable as connected permanently. To enable this, add
g-extcon-always-on property on dt.
Note: ported from https://git.tizen.org/cgit/profile/common/platform/kernel/linux-artik7/commit/?h=tizen&id=
f7e1e93b230f61d66d6a3bc58d09c53dcd305e21
Change-Id: I16fb629ccec54f0ae46e697b56750c3021f01ccb
Signed-off-by: Dongwoo Lee <dwoo08.lee@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Wed, 2 Dec 2020 09:33:18 +0000 (18:33 +0900)]
amlogic: media_modules: demux: choose only one from sw/hw demux
Amlogic dvb sw_demux and hw_demux have same exported symbols and
it is used from dvb_ci. This causes warnings and dvb_ci.ko module
dependency is only set to the first built module, so here is no
need to build both demuxs. Choose only one from sw/hw demux
explictly.
Change-Id: Ib6cd7f5f3852e77fdacb0180471ce854e8b6f0b7
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Wed, 2 Dec 2020 06:44:43 +0000 (15:44 +0900)]
arm64: dts: VIM3/VIM3L: change dwc2 usb mode to device mode
Like kvim3/kvim3l android-pie kernel, change dwc2 usb mode to
device mode for usb sdb in Tizen.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Dongwoo Lee [Wed, 2 Dec 2020 06:44:37 +0000 (15:44 +0900)]
usb: gadget: f_fs: Do not use amlogic custom buffer
Since amlogic usb features customize ffs to fit for adb, it uses
fixed size of payload buffer and causes data overflow on sdb. To fix
it up, this patch makes not use amlogic customize.
Signed-off-by: Dongwoo Lee <dwoo08.lee@samsung.com>
Seung-Woo Kim [Tue, 1 Dec 2020 08:09:29 +0000 (17:09 +0900)]
gator: support kernel backtrace in kernel module
From Linux 4.9, walk_stackframe was unexported so it is not
possible to build gator as kernel module. Use save_stack_trace
instead for kernel backtrace as like higher gator version.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Chanwoo Choi [Tue, 1 Dec 2020 07:49:29 +0000 (16:49 +0900)]
gator: Update gator v5.23.1
Update gator with v5.23.1 except gator_src_md5.h. The generated
file is named as generated_gator_src_md5.h as higher gator version.
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Jaehoon Chung [Tue, 26 May 2020 07:52:19 +0000 (16:52 +0900)]
mmc: card: block: remove amlogic specific function call
Remove amlogic specific function call.
When called aml_emmc_partition_ops(), it's only used amlogic specific
platform.
Tizen doesn't need to call it.
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Hoegeun Kwon <hoegeun.kwon@samsung.com>
Seung-Woo Kim [Mon, 12 Dec 2016 08:35:26 +0000 (17:35 +0900)]
Smack: ignore private inode for file functions
The access to fd from anon_inode is always failed because there is
no set xattr operations. So this patch fixes to ignore private
inode including anon_inode for file functions.
It was only ignored for smack_file_receive() to share dma-buf fd,
but dma-buf has other functions like ioctl and mmap.
Reference: https://lkml.org/lkml/2015/4/17/16
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[sw0312.kim: backport mainline commit
83a1e53f3920 for Tizen security smack]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I31719d13885b63ebd643fe03565314ad7d65ee3c
Rafal Krypa [Fri, 9 Dec 2016 13:03:04 +0000 (14:03 +0100)]
Smack: fix d_instantiate logic for sockfs and pipefs
Since
4b936885a (v2.6.32) all inodes on sockfs and pipefs are disconnected.
It caused filesystem specific code in smack_d_instantiate to be skipped,
because all inodes on those pseudo filesystems were treated as root inodes.
As a result all sockfs inodes had the Smack label set to floor.
In most cases access checks for sockets use socket_smack data so the inode
label is not important. But there are special cases that were broken.
One example would be calling fcntl with F_SETOWN command on a socket fd.
Now smack_d_instantiate expects all pipefs and sockfs inodes to be
disconnected and has the logic in appropriate place.
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[sw0312.kim: backport mainline commit
805b65a80bed for Tizen security smack]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Ib60a38ea4173df99ef1998e4ef5eba215a63c38a
Casey Schaufler [Fri, 1 Jun 2018 17:45:12 +0000 (10:45 -0700)]
Smack: Fix memory leak in smack_inode_getsecctx
Fix memory leak in smack_inode_getsecctx
The implementation of smack_inode_getsecctx() made
incorrect assumptions about how Smack presents a security
context. Smack does not need to allocate memory to support
security contexts, so "releasing" a Smack context is a no-op.
The code made an unnecessary copy and returned that as a
context, which was never freed. The revised implementation
returns the context correctly.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reported-by: CHANDAN VN <chandan.vn@samsung.com>
Tested-by: CHANDAN VN <chandan.vn@samsung.com>
[sw0312.kim: cherry-pick mainline commit
0f8983cf97d3]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
jooseong lee [Thu, 3 Nov 2016 10:54:39 +0000 (11:54 +0100)]
Smack: Assign smack_known_web label for kernel thread's
Assign smack_known_web label for kernel thread's socket
Creating struct sock by sk_alloc function in various kernel subsystems
like bluetooth doesn't call smack_socket_post_create(). In such case,
received sock label is the floor('_') label and makes access deny.
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
[sw0312.kim: cherry-pick mainline commit
08382c9f6efe]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Wed, 2 Dec 2020 03:02:09 +0000 (12:02 +0900)]
gpu/arm: adjust file mode
Only set execute file mode for shell script and for code files,
remove the execute file mode.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 1 Dec 2020 09:57:43 +0000 (18:57 +0900)]
gpu/arm: Remove duplicated mali midgard driver
In the tree, there are two duplicated mali midgard driver in
drivers/gpu/arm/midgard and drivers/gpu/drm/bifrost/midgard with
different version. There is no reason to keep old release version,
so keep only the later version, r16p0, 11.13, to
drivers/gpu/arm/midgard.
Also, config option for choosing a version is removed.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 1 Dec 2020 09:55:58 +0000 (18:55 +0900)]
char: aml-gpiomem: Update to Khadas' multi-instance version
The Khadas VIM3/VIM3L has two aml-gpiomem nodes, so it needs multi
instance driver version. Update to Khadas' multi-instance version.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Wed, 2 Dec 2020 04:35:32 +0000 (13:35 +0900)]
Revert "fs/proc: make cmdline writable"
This reverts commit
341b13d1ba7f5d10830a7236b257bed780602917
and commit
7970fede1d941cbda83ac6f875b1f99b9af5a8f9 and commit
129e951a369446eb40d23264caf20bddcd1929e3.
Writing /proc/cmdline is not required and the feature causes too
much stack frame usage. To remove the FRAME_WARN issue for
frame-larger-than, revert writing /proc/cmdline feature commits.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Thu, 12 Mar 2020 10:01:18 +0000 (19:01 +0900)]
amlogic: media_modules: fix too big stack usage for gcc 9 build
Too big stack usage causes build issue for gcc 9. Fix too big stack
usage by replacing kzalloc() instead of array in stack.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 1 Dec 2020 07:15:56 +0000 (16:15 +0900)]
amlogic: dtv_demod: remove set/get_property()
After the commit
c0d4c1a37d7a ("media: dvb_frontend: get rid of
get_property() callback") and the commit
43619b35587e ("media:
dvb_frontend: get rid of set_property() callback"), there is no
set/get_property() callback in struct dvb_frontend_ops. Remove
the set/get_property() from amlogic media drivers.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 1 Dec 2020 07:41:43 +0000 (16:41 +0900)]
amlogic: nand: pass a nand_chip object to nand_release()
After the commit
6624691037da ("mtd: rawnand: Pass a nand_chip
object to nand_release()"), it should send nand_chip object to
nand_release().
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 1 Dec 2020 03:13:43 +0000 (12:13 +0900)]
net: bcmdhd: remoev default config for choice value.
Choice value does not support default config option, so remove
default config for the choice value.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Wed, 28 Oct 2020 05:52:03 +0000 (14:52 +0900)]
gpu/arm: mali: utgard: fix sizeof-pointer-memaccess build issue in gcc 9
This fixes sizeof-pointer-memaccess for strncpy().
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 1 Dec 2020 01:34:58 +0000 (10:34 +0900)]
gpu/arm: mali: utgard: add automatically generated file to ignore list
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Jaehoon Chung [Tue, 1 Dec 2020 01:37:06 +0000 (10:37 +0900)]
gator: gitignore: add ignore rule about gator_src_md5 header
Add ignore rule about generated_gator_src_md5 header.
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Dave Martin [Thu, 6 Jun 2019 10:33:43 +0000 (11:33 +0100)]
arm64: Silence gcc warnings about arch ABI drift
Since GCC 9, the compiler warns about evolution of the
platform-specific ABI, in particular relating for the marshaling of
certain structures involving bitfields.
The kernel is a standalone binary, and of course nobody would be
so stupid as to expose structs containing bitfields as function
arguments in ABI. (Passing a pointer to such a struct, however
inadvisable, should be unaffected by this change. perf and various
drivers rely on that.)
So these warnings do more harm than good: turn them off.
We may miss warnings about future ABI drift, but that's too bad.
Future ABI breaks of this class will have to be debugged and fixed
the traditional way unless the compiler evolves finer-grained
diagnostics.
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
[sw0312.kim: backport mainline commit
ebcc5928c5d9 for gcc 9 build]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Fri, 27 Nov 2020 02:37:30 +0000 (11:37 +0900)]
Merge hardkernel's branch 'odroidg12-4.9.y' into khadas's khadas-vims-4.9.y.
khadas's base is commit
86f9ab4cb492 ("Merge tag 'v4.9.241' into
khadas-vims-4.9.y") and tagged as khadas-vims-v0.9.6-release.
hardkernel's base is
6ad97dceb7a0 ("ODROID-HC4:remove pwm-fan
pinctrl(PWM_C : GPIOC_4 remove)") and tagged as
hardkernel-4.9.236-104.
Note: during the fixing Conflicts, non amlogic related parts
are from wrong port for stable version with android common
kernel. It is fixed as like android common kernel's branch
android-4.9-q.
Most of amlogic driver conflicts is fixed with hardkernel's
tree because it has recent version.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
ckkim [Fri, 6 Nov 2020 08:14:32 +0000 (17:14 +0900)]
ODROID-HC4:remove pwm-fan pinctrl(PWM_C : GPIOC_4 remove)
Signed-off-by: ckkim <changkon12@gmail.com>
Change-Id: I36ddb1889cc1d181372c8925e58726d71a615d4e
Nick Xie [Sat, 7 Nov 2020 02:30:09 +0000 (10:30 +0800)]
Merge tag 'v4.9.241' into khadas-vims-4.9.y
This is the 4.9.241 stable release
Nick Xie [Sat, 7 Nov 2020 02:30:05 +0000 (10:30 +0800)]
Merge tag 'v4.9.240' into khadas-vims-4.9.y
This is the 4.9.240 stable release
Nick Xie [Sat, 7 Nov 2020 02:30:00 +0000 (10:30 +0800)]
Merge tag 'v4.9.239' into khadas-vims-4.9.y
This is the 4.9.239 stable release
Signed-off-by: Nick Xie <nick@khadas.com>
Nick Xie [Sat, 7 Nov 2020 02:27:45 +0000 (10:27 +0800)]
Merge tag 'v4.9.238' into khadas-vims-4.9.y
This is the 4.9.238 stable release
Nick Xie [Sat, 7 Nov 2020 02:27:41 +0000 (10:27 +0800)]
Merge tag 'v4.9.237' into khadas-vims-4.9.y
This is the 4.9.237 stable release
Nick Xie [Sat, 7 Nov 2020 02:27:38 +0000 (10:27 +0800)]
Merge tag 'v4.9.236' into khadas-vims-4.9.y
This is the 4.9.236 stable release
Nick Xie [Sat, 7 Nov 2020 02:27:34 +0000 (10:27 +0800)]
Merge tag 'v4.9.235' into khadas-vims-4.9.y
This is the 4.9.235 stable release
Nick Xie [Sat, 7 Nov 2020 02:27:30 +0000 (10:27 +0800)]
Merge tag 'v4.9.234' into khadas-vims-4.9.y
This is the 4.9.234 stable release
Signed-off-by: Nick Xie <nick@khadas.com>
Nick Xie [Sat, 7 Nov 2020 02:26:54 +0000 (10:26 +0800)]
Merge tag 'v4.9.233' into khadas-vims-4.9.y
This is the 4.9.233 stable release
Dongjin Kim [Thu, 5 Nov 2020 08:17:13 +0000 (17:17 +0900)]
Revert "ODROID-COMMON: osd: Adjust osd scaler and vout serve to fit in KODI"
This reverts commit
6f7138e3ac2a900a0720be31d486fcb8514fe5ed.
Change-Id: Ib57697cf7668460ab81bf951d0dee1e003adba44
Dongjin Kim [Thu, 5 Nov 2020 08:16:40 +0000 (17:16 +0900)]
Revert "ODROID-COMMON:osd: Adjust osd scaler and vout serve to fit in KODI. Only works in S922(N2/N2+)."
This reverts commit
0427609dc95c93d0989b1b2dea84b9c41f2ba4ba.
Change-Id: Idcf054d6da7a2602dbac904ae2a6ec6da0ee00bf
ckkim [Wed, 4 Nov 2020 03:15:28 +0000 (12:15 +0900)]
ODROID-N2/N2+:no soundcard error fix.
Change-Id: I71319cf50a1fd07b9ec48edc62e2a0bbcf565ba9
Mauro Ribeiro [Fri, 30 Oct 2020 13:39:19 +0000 (22:39 +0900)]
Merge "ODROID-COMMON:osd: Adjust osd scaler and vout serve to fit in KODI. Only works in S922(N2/N2+)." into odroidg12-4.9.y
Deokgyu Yang [Fri, 30 Oct 2020 06:46:07 +0000 (15:46 +0900)]
ODROID-COMMON: drivers/spi: Set the 64 bits per word by default
The existing force64b routine might not work properly under specific
conditions. This patch fixes that bug of 64 bits per word and forces
use that option. It will improve SPI performance significantly.
Signed-off-by: Deokgyu Yang <secugyu@gmail.com>
Change-Id: I85a58d425303ea1765b7b83ee5dd5f0a7f4203fc
ckkim [Thu, 29 Oct 2020 09:24:13 +0000 (18:24 +0900)]
ODROID-COMMON:osd: Adjust osd scaler and vout serve to fit in KODI. Only works in S922(N2/N2+).
Change-Id: I7a16dd2cbde63d8b716aab17d85fb9dc1157e2ff
Greg Kroah-Hartman [Thu, 29 Oct 2020 08:05:46 +0000 (09:05 +0100)]
Linux 4.9.241
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20201027134902.130312227@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Lorenzo Colitti [Tue, 25 Aug 2020 05:55:05 +0000 (14:55 +0900)]
usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets.
[ Upstream commit
7974ecd7d3c0f42a98566f281e44ea8573a2ad88 ]
Currently, enabling f_ncm at SuperSpeed Plus speeds results in an
oops in config_ep_by_speed because ncm_set_alt passes in NULL
ssp_descriptors. Fix this by re-using the SuperSpeed descriptors.
This is safe because usb_assign_descriptors calls
usb_copy_descriptors.
Tested: enabled f_ncm on a dwc3 gadget and 10Gbps link, ran iperf
Reviewed-by: Maciej Żenczykowski <maze@google.com>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Christian Eggers [Tue, 28 Jul 2020 09:29:59 +0000 (11:29 +0200)]
eeprom: at25: set minimum read/write access stride to 1
commit
284f52ac1c6cfa1b2e5c11b84653dd90e4e91de7 upstream.
SPI eeproms are addressed by byte.
Signed-off-by: Christian Eggers <ceggers@arri.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200728092959.24600-1-ceggers@arri.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Oliver Neukum [Mon, 28 Sep 2020 14:17:55 +0000 (23:17 +0900)]
USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync().
commit
37d2a36394d954413a495da61da1b2a51ecd28ab upstream.
syzbot is reporting hung task at wdm_flush() [1], for there is a circular
dependency that wdm_flush() from flip_close() for /dev/cdc-wdm0 forever
waits for /dev/raw-gadget to be closed while close() for /dev/raw-gadget
cannot be called unless close() for /dev/cdc-wdm0 completes.
Tetsuo Handa considered that such circular dependency is an usage error [2]
which corresponds to an unresponding broken hardware [3]. But Alan Stern
responded that we should be prepared for such hardware [4]. Therefore,
this patch changes wdm_flush() to use wait_event_interruptible_timeout()
which gives up after 30 seconds, for hardware that remains silent must be
ignored. The 30 seconds are coming out of thin air.
Changing wait_event() to wait_event_interruptible_timeout() makes error
reporting from close() syscall less reliable. To compensate it, this patch
also implements wdm_fsync() which does not use timeout. Those who want to
be very sure that data has gone out to the device are now advised to call
fsync(), with a caveat that fsync() can return -EINVAL when running on
older kernels which do not implement wdm_fsync().
This patch also fixes three more problems (listed below) found during
exhaustive discussion and testing.
Since multiple threads can concurrently call wdm_write()/wdm_flush(),
we need to use wake_up_all() whenever clearing WDM_IN_USE in order to
make sure that all waiters are woken up. Also, error reporting needs
to use fetch-and-clear approach in order not to report same error for
multiple times.
Since wdm_flush() checks WDM_DISCONNECTING, wdm_write() should as well
check WDM_DISCONNECTING.
In wdm_flush(), since locks are not held, it is not safe to dereference
desc->intf after checking that WDM_DISCONNECTING is not set [5]. Thus,
remove dev_err() from wdm_flush().
[1] https://syzkaller.appspot.com/bug?id=
e7b761593b23eb50855b9ea31e3be5472b711186
[2] https://lkml.kernel.org/r/
27b7545e-8f41-10b8-7c02-
e35a08eb1611@i-love.sakura.ne.jp
[3] https://lkml.kernel.org/r/
79ba410f-e0ef-2465-b94f-
6b9a4a82adf5@i-love.sakura.ne.jp
[4] https://lkml.kernel.org/r/
20200530011040.GB12419@rowland.harvard.edu
[5] https://lkml.kernel.org/r/
c85331fc-874c-6e46-a77f-
0ef1dc075308@i-love.sakura.ne.jp
Reported-by: syzbot <syzbot+854768b99f19e89d7f81@syzkaller.appspotmail.com>
Cc: stable <stable@vger.kernel.org>
Co-developed-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/r/20200928141755.3476-1-penguin-kernel@I-love.SAKURA.ne.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Vincent Mailhol [Fri, 2 Oct 2020 15:41:51 +0000 (00:41 +0900)]
usb: cdc-acm: add quirk to blacklist ETAS ES58X devices
commit
a4f88430af896bf34ec25a7a5f0e053fb3d928e0 upstream.
The ES58X devices has a CDC ACM interface (used for debug
purpose). During probing, the device is thus recognized as USB Modem
(CDC ACM), preventing the etas-es58x module to load:
usbcore: registered new interface driver etas_es58x
usb 1-1.1: new full-speed USB device number 14 using xhci_hcd
usb 1-1.1: New USB device found, idVendor=108c, idProduct=0159, bcdDevice= 1.00
usb 1-1.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-1.1: Product: ES581.4
usb 1-1.1: Manufacturer: ETAS GmbH
usb 1-1.1: SerialNumber: 2204355
cdc_acm 1-1.1:1.0: No union descriptor, testing for castrated device
cdc_acm 1-1.1:1.0: ttyACM0: USB ACM device
Thus, these have been added to the ignore list in
drivers/usb/class/cdc-acm.c
N.B. Future firmware release of the ES58X will remove the CDC-ACM
interface.
`lsusb -v` of the three devices variant (ES581.4, ES582.1 and
ES584.1):
Bus 001 Device 011: ID 108c:0159 Robert Bosch GmbH ES581.4
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 1.10
bDeviceClass 2 Communications
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x108c Robert Bosch GmbH
idProduct 0x0159
bcdDevice 1.00
iManufacturer 1 ETAS GmbH
iProduct 2 ES581.4
iSerial 3 2204355
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 0x0035
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 5 Bus Powered Configuration
bmAttributes 0x80
(Bus Powered)
MaxPower 100mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 3
bInterfaceClass 2 Communications
bInterfaceSubClass 2 Abstract (modem)
bInterfaceProtocol 0
iInterface 4 ACM Control Interface
CDC Header:
bcdCDC 1.10
CDC Call Management:
bmCapabilities 0x01
call management
bDataInterface 0
CDC ACM:
bmCapabilities 0x06
sends break
line coding and serial state
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0010 1x 16 bytes
bInterval 10
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x82 EP 2 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x03 EP 3 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Device Status: 0x0000
(Bus Powered)
Bus 001 Device 012: ID 108c:0168 Robert Bosch GmbH ES582
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 2 Communications
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x108c Robert Bosch GmbH
idProduct 0x0168
bcdDevice 1.00
iManufacturer 1 ETAS GmbH
iProduct 2 ES582
iSerial 3 0108933
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 0x0043
bNumInterfaces 2
bConfigurationValue 1
iConfiguration 0
bmAttributes 0x80
(Bus Powered)
MaxPower 500mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 1
bInterfaceClass 2 Communications
bInterfaceSubClass 2 Abstract (modem)
bInterfaceProtocol 1 AT-commands (v.25ter)
iInterface 0
CDC Header:
bcdCDC 1.10
CDC ACM:
bmCapabilities 0x02
line coding and serial state
CDC Union:
bMasterInterface 0
bSlaveInterface 1
CDC Call Management:
bmCapabilities 0x03
call management
use DataInterface
bDataInterface 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 16
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 10 CDC Data
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Device Qualifier (for other device speed):
bLength 10
bDescriptorType 6
bcdUSB 2.00
bDeviceClass 2 Communications
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
bNumConfigurations 1
Device Status: 0x0000
(Bus Powered)
Bus 001 Device 013: ID 108c:0169 Robert Bosch GmbH ES584.1
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 2 Communications
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x108c Robert Bosch GmbH
idProduct 0x0169
bcdDevice 1.00
iManufacturer 1 ETAS GmbH
iProduct 2 ES584.1
iSerial 3 0100320
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 0x0043
bNumInterfaces 2
bConfigurationValue 1
iConfiguration 0
bmAttributes 0x80
(Bus Powered)
MaxPower 500mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 1
bInterfaceClass 2 Communications
bInterfaceSubClass 2 Abstract (modem)
bInterfaceProtocol 1 AT-commands (v.25ter)
iInterface 0
CDC Header:
bcdCDC 1.10
CDC ACM:
bmCapabilities 0x02
line coding and serial state
CDC Union:
bMasterInterface 0
bSlaveInterface 1
CDC Call Management:
bmCapabilities 0x03
call management
use DataInterface
bDataInterface 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 16
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 10 CDC Data
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Device Qualifier (for other device speed):
bLength 10
bDescriptorType 6
bcdUSB 2.00
bDeviceClass 2 Communications
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
bNumConfigurations 1
Device Status: 0x0000
(Bus Powered)
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201002154219.4887-8-mailhol.vincent@wanadoo.fr
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Valentin Vidic [Sun, 18 Oct 2020 18:42:55 +0000 (20:42 +0200)]
net: korina: cast KSEG0 address to pointer in kfree
[ Upstream commit
3bd57b90554b4bb82dce638e0668ef9dc95d3e96 ]
Fixes gcc warning:
passing argument 1 of 'kfree' makes pointer from integer without a cast
Fixes:
3af5f0f5c74e ("net: korina: fix kfree of rx/tx descriptor array")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Valentin Vidic <vvidic@valentin-vidic.from.hr>
Link: https://lore.kernel.org/r/20201018184255.28989-1-vvidic@valentin-vidic.from.hr
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Zekun Shen [Tue, 23 Jun 2020 22:11:05 +0000 (18:11 -0400)]
ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n()
[ Upstream commit
bad60b8d1a7194df38fd7fe4b22f3f4dcf775099 ]
The idx in __ath10k_htt_rx_ring_fill_n function lives in
consistent dma region writable by the device. Malfunctional
or malicious device could manipulate such idx to have a OOB
write. Either by
htt->rx_ring.netbufs_ring[idx] = skb;
or by
ath10k_htt_set_paddrs_ring(htt, paddr, idx);
The idx can also be negative as it's signed, giving a large
memory space to write to.
It's possibly exploitable by corruptting a legit pointer with
a skb pointer. And then fill skb with payload as rougue object.
Part of the log here. Sometimes it appears as UAF when writing
to a freed memory by chance.
[ 15.594376] BUG: unable to handle page fault for address:
ffff887f5c1804f0
[ 15.595483] #PF: supervisor write access in kernel mode
[ 15.596250] #PF: error_code(0x0002) - not-present page
[ 15.597013] PGD 0 P4D 0
[ 15.597395] Oops: 0002 [#1] SMP KASAN PTI
[ 15.597967] CPU: 0 PID: 82 Comm: kworker/u2:2 Not tainted 5.6.0 #69
[ 15.598843] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014
[ 15.600438] Workqueue: ath10k_wq ath10k_core_register_work [ath10k_core]
[ 15.601389] RIP: 0010:__ath10k_htt_rx_ring_fill_n
(linux/drivers/net/wireless/ath/ath10k/htt_rx.c:173) ath10k_core
Signed-off-by: Zekun Shen <bruceshenzk@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200623221105.3486-1-bruceshenzk@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Eli Billauer [Fri, 31 Jul 2020 05:46:50 +0000 (08:46 +0300)]
usb: core: Solve race condition in anchor cleanup functions
[ Upstream commit
fbc299437c06648afcc7891e6e2e6638dd48d4df ]
usb_kill_anchored_urbs() is commonly used to cancel all URBs on an
anchor just before releasing resources which the URBs rely on. By doing
so, users of this function rely on that no completer callbacks will take
place from any URB on the anchor after it returns.
However if this function is called in parallel with __usb_hcd_giveback_urb
processing a URB on the anchor, the latter may call the completer
callback after usb_kill_anchored_urbs() returns. This can lead to a
kernel panic due to use after release of memory in interrupt context.
The race condition is that __usb_hcd_giveback_urb() first unanchors the URB
and then makes the completer callback. Such URB is hence invisible to
usb_kill_anchored_urbs(), allowing it to return before the completer has
been called, since the anchor's urb_list is empty.
Even worse, if the racing completer callback resubmits the URB, it may
remain in the system long after usb_kill_anchored_urbs() returns.
Hence list_empty(&anchor->urb_list), which is used in the existing
while-loop, doesn't reliably ensure that all URBs of the anchor are gone.
A similar problem exists with usb_poison_anchored_urbs() and
usb_scuttle_anchored_urbs().
This patch adds an external do-while loop, which ensures that all URBs
are indeed handled before these three functions return. This change has
no effect at all unless the race condition occurs, in which case the
loop will busy-wait until the racing completer callback has finished.
This is a rare condition, so the CPU waste of this spinning is
negligible.
The additional do-while loop relies on usb_anchor_check_wakeup(), which
returns true iff the anchor list is empty, and there is no
__usb_hcd_giveback_urb() in the system that is in the middle of the
unanchor-before-complete phase. The @suspend_wakeups member of
struct usb_anchor is used for this purpose, which was introduced to solve
another problem which the same race condition causes, in commit
6ec4147e7bdb ("usb-anchor: Delay usb_wait_anchor_empty_timeout wake up
till completion is done").
The surely_empty variable is necessary, because usb_anchor_check_wakeup()
must be called with the lock held to prevent races. However the spinlock
must be released and reacquired if the outer loop spins with an empty
URB list while waiting for the unanchor-before-complete passage to finish:
The completer callback may very well attempt to take the very same lock.
To summarize, using usb_anchor_check_wakeup() means that the patched
functions can return only when the anchor's list is empty, and there is
no invisible URB being processed. Since the inner while loop finishes on
the empty list condition, the new do-while loop will terminate as well,
except for when the said race condition occurs.
Signed-off-by: Eli Billauer <eli.billauer@gmail.com>
Acked-by: Oliver Neukum <oneukum@suse.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/r/20200731054650.30644-1-eli.billauer@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Wang Yufen [Mon, 20 Jul 2020 09:36:05 +0000 (17:36 +0800)]
brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach
[ Upstream commit
6c151410d5b57e6bb0d91a735ac511459539a7bf ]
When brcmf_proto_msgbuf_attach fail and msgbuf->txflow_wq != NULL,
we should destroy the workqueue.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wang Yufen <wangyufen@huawei.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/1595237765-66238-1-git-send-email-wangyufen@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
Jan Kara [Wed, 4 Mar 2020 13:01:44 +0000 (14:01 +0100)]
reiserfs: Fix memory leak in reiserfs_parse_options()
[ Upstream commit
e9d4709fcc26353df12070566970f080e651f0c9 ]
When a usrjquota or grpjquota mount option is used multiple times, we
will leak memory allocated for the file name. Make sure the last setting
is used and all the previous ones are properly freed.
Reported-by: syzbot+c9e294bbe0333a6b7640@syzkaller.appspotmail.com
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
projects / platform / kernel / linux-amlogic.git / log