OSDN Git Service
Amar Singhal [Tue, 10 Apr 2018 16:35:27 +0000 (09:35 -0700)]
Revert "reg: qcom: call regulatory callback for self managed hints"
This reverts commit
31e37a680dcbb02ba41d17972dba0b298cf1983d. Upstream
commit
aced43ce780d ("cfg80211: Call reg_notifier for self managed
hints conditionally") replaces this functionality.
Change-Id: Ic0c3a235aee2dc8ccb36014c60314217b98b5b97
CRs-Fixed:
2201959
Signed-off-by: Amar Singhal <asinghal@codeaurora.org>
Linux Build Service Account [Thu, 10 May 2018 08:25:18 +0000 (01:25 -0700)]
Merge "Merge android-4.4.131 (
d5d6526) into msm-4.4"
Linux Build Service Account [Wed, 9 May 2018 20:54:15 +0000 (13:54 -0700)]
Merge "diag: Add new WLAN_RSN event id"
Linux Build Service Account [Wed, 9 May 2018 12:09:47 +0000 (05:09 -0700)]
Merge "drm: msm: improve early splash mechanism"
Manoj Prabhu B [Fri, 4 May 2018 09:05:11 +0000 (14:35 +0530)]
diag: Add new WLAN_RSN event id
The patch adds new WLAN_RSN_INFO event as latest ID.
Change-Id: Ic76506632ea0aa61c79c52824556b6aaeb0b04e6
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Linux Build Service Account [Tue, 8 May 2018 20:46:01 +0000 (13:46 -0700)]
Merge "ipvs: use IPVS_CMD_ATTR_MAX for family.maxattr"
Linux Build Service Account [Tue, 8 May 2018 20:45:59 +0000 (13:45 -0700)]
Merge "power: smb-lib: Enable TypeC crude sensor PBS WA based on PMIC type"
Linux Build Service Account [Tue, 8 May 2018 20:45:58 +0000 (13:45 -0700)]
Merge "power: smb-lib: Add support for SW based OV detection"
Linux Build Service Account [Tue, 8 May 2018 20:45:58 +0000 (13:45 -0700)]
Merge "smb-lib: add support of DP/DM pulsing for fix 5V, 9V and 12V"
Linux Build Service Account [Tue, 8 May 2018 20:45:56 +0000 (13:45 -0700)]
Merge "ion: Consider ion pool pages as indirectly reclaimable"
Linux Build Service Account [Tue, 8 May 2018 20:45:55 +0000 (13:45 -0700)]
Merge "mm: treat indirectly reclaimable memory as free in overcommit logic"
Linux Build Service Account [Tue, 8 May 2018 20:45:54 +0000 (13:45 -0700)]
Merge "mm: treat indirectly reclaimable memory as available in MemAvailable"
Linux Build Service Account [Tue, 8 May 2018 20:45:53 +0000 (13:45 -0700)]
Merge "soc: qcom: glink_smem_native_xprt: Move rx_worker in irq handler"
Linux Build Service Account [Tue, 8 May 2018 20:45:52 +0000 (13:45 -0700)]
Merge "diag: Add new Diag IDs"
Linux Build Service Account [Tue, 8 May 2018 20:45:51 +0000 (13:45 -0700)]
Merge "input: touchscreen: synaptics_dsx: Fix buffer overflow"
Umang Agrawal [Tue, 17 Apr 2018 14:46:01 +0000 (20:16 +0530)]
power: smb-lib: Enable TypeC crude sensor PBS WA based on PMIC type
Enable TypeC crude sensor PBS WA based on PMIC type since it is
required for PM660 and PMI8998 only.
Change-Id: Ib4f170ddba893e5b96372eecee9b9b74cb2a97e2
Signed-off-by: Umang Agrawal <uagrawal@codeaurora.org>
Umang Agrawal [Mon, 16 Apr 2018 09:11:11 +0000 (14:41 +0530)]
power: smb-lib: Add support for SW based OV detection
Add support for software based USBIN OV detection, once
OV condition is detected, software will force USBIN to 5V
and continue charging with 5V.
Change-Id: Ie8f00f69db4ac6330d9da82b3455e4efab43861a
Signed-off-by: Umang Agrawal <uagrawal@codeaurora.org>
Umang Agrawal [Tue, 8 May 2018 11:42:30 +0000 (17:12 +0530)]
smb-lib: add support of DP/DM pulsing for fix 5V, 9V and 12V
This change will enable userspace to control adapter's output
voltage. Userspace can force adapter's output voltage to
5V/9V/12V.
Change-Id: I4a60a681c136df6864294dbd19849503a2be2e7b
Signed-off-by: Umang Agrawal <uagrawal@codeaurora.org>
Linux Build Service Account [Tue, 8 May 2018 11:21:31 +0000 (04:21 -0700)]
Merge "soc: qcom: glink_ssr: Initialize waitqueue in probe function"
Linux Build Service Account [Tue, 8 May 2018 11:21:29 +0000 (04:21 -0700)]
Merge "defconfig: msm: add bluetooth related defconfigs for gvm"
Linux Build Service Account [Tue, 8 May 2018 11:21:26 +0000 (04:21 -0700)]
Merge "ARM: dts: msm: add bluetooth chip device node for gvm"
Vijayanand Jitta [Wed, 18 Apr 2018 04:58:16 +0000 (10:28 +0530)]
ion: Consider ion pool pages as indirectly reclaimable
An issue is observed where mallocs are failing due to overcommit failure.
The failure happens when there is high ION page pool since ION page
pool is not considered reclaimable by the overcommit calculation code.
This change considers ion pool pages as indirectly reclaimable and thus
accounted as available memory in the overcommit calculation.
Change-Id: I8d63209b8c19286e55c407459ff124fdc58fdcc2
Signed-off-by: Vijayanand Jitta <vjitta@codeaurora.org>
Dhoat Harpal [Mon, 12 Mar 2018 11:42:13 +0000 (17:12 +0530)]
soc: qcom: glink_ssr: Initialize waitqueue in probe function
waitqueue is initialized on every call to notify_for_subsystem.
This leads to stability issue if one thread is waiting for completion
and another thread re-initializes it.
Waitqueue is initialized only in probe function.
CRs-Fixed:
2197181
Change-Id: I3509a7c4a197c727b2025c1aeb6a35690c3c8501
Signed-off-by: Dhoat Harpal <hdhoat@codeaurora.org>
Dhoat Harpal [Fri, 13 Apr 2018 13:36:42 +0000 (19:06 +0530)]
soc: qcom: glink_smem_native_xprt: Move rx_worker in irq handler
Tx_data cmd is processed in tasklet which is not guranteed to be
scheduled immidiatley. This decreases performance of glink.
Process tx_data command in irq handler.
CRs-Fixed:
2225619
Change-Id: Ida5e51b83fa46c76f72ae886260752baa8b942b9
Signed-off-by: Dhoat Harpal <hdhoat@codeaurora.org>
Vijayanand Jitta [Tue, 10 Apr 2018 23:27:47 +0000 (16:27 -0700)]
mm: treat indirectly reclaimable memory as free in overcommit logic
Indirectly reclaimable memory can consume a significant part of total
memory and it's actually reclaimable (it will be released under actual
memory pressure).This patch considers it as free in overcommit logic.
This patch is referenced from commit
d79f7aa496fc ("mm: treat indirectly
reclaimable memory as free in overcommit logic") on upstream, as node
based vmstat global_node_page_state is not present zone based vmstat
global_page_state is used instead.
Change-Id: I9af71c566c83e24cd12e7653782b1898ccc7d680
Signed-off-by: Vijayanand Jitta <vjitta@codeaurora.org>
Sreelakshmi Gownipalli [Mon, 23 Apr 2018 20:41:14 +0000 (13:41 -0700)]
diag: Add new Diag IDs
Update to latest diag IDs
Change-Id: I57a25f570484f2cd8255275015ca2c70294a78fb
Signed-off-by: Sreelakshmi Gownipalli <sgownipa@codeaurora.org>
Vijayanand Jitta [Tue, 10 Apr 2018 23:27:40 +0000 (16:27 -0700)]
mm: treat indirectly reclaimable memory as available in MemAvailable
Adjust /proc/meminfo MemAvailable calculation by adding the amount of
indirectly reclaimable memory (rounded to the PAGE_SIZE).
This change is referenced from commit
034ebf65c3c2 ("mm: treat indirectly
reclaimable memory as available in MemAvailable") on upstream, as node
based vmstat global_node_page_state is not present, zone based vmstat
global_page_state is used instead.
Change-Id: I7303d0f8ccd5993c7234a5187430d418d49e5763
Signed-off-by: Vijayanand Jitta <vjitta@codeaurora.org>
Linux Build Service Account [Tue, 8 May 2018 02:23:43 +0000 (19:23 -0700)]
Merge "irqchip: gic: print correct resume irq name"
Linux Build Service Account [Tue, 8 May 2018 02:23:40 +0000 (19:23 -0700)]
Merge "mm: introduce NR_INDIRECTLY_RECLAIMABLE_BYTES"
Linux Build Service Account [Tue, 8 May 2018 02:23:37 +0000 (19:23 -0700)]
Merge "taskstats: fix the length of cgroupstats_cmd_get_policy"
Song Gao [Mon, 7 May 2018 04:38:58 +0000 (12:38 +0800)]
defconfig: msm: add bluetooth related defconfigs for gvm
Currently, bluetooth are not enabled in gvm. It depends
on bluetooth power and rfkill related deconfigs.
Add these deconfigs to enable bluetooth in gvm.
Change-Id: Ib4b8d07e183852e77b02722584e5467127e68879
Signed-off-by: Song Gao <songg@codeaurora.org>
Song Gao [Mon, 7 May 2018 04:20:29 +0000 (12:20 +0800)]
ARM: dts: msm: add bluetooth chip device node for gvm
Currently, bluetooth chip reset function can not be
controlled through BT_EN gpio pin.
Add bluetooth chip device node along with bt-reset-gpio
to make this function workable.
Change-Id: I8cb9a274f4d5991587a299693d00609128742395
Signed-off-by: Song Gao <songg@codeaurora.org>
Linux Build Service Account [Mon, 7 May 2018 17:03:56 +0000 (10:03 -0700)]
Merge "ARM: dts: msm: update mem region on msm8996 auto boards"
Linux Build Service Account [Mon, 7 May 2018 07:58:54 +0000 (00:58 -0700)]
Merge "Android.bp: Initial header export bp for Android (qseecom only)"
Roman Gushchin [Tue, 10 Apr 2018 23:27:36 +0000 (16:27 -0700)]
mm: introduce NR_INDIRECTLY_RECLAIMABLE_BYTES
Patch series "indirectly reclaimable memory", v2.
This patchset introduces the concept of indirectly reclaimable memory
and applies it to fix the issue of when a big number of dentries with
external names can significantly affect the MemAvailable value.
This patch (of 3):
Introduce a concept of indirectly reclaimable memory and adds the
corresponding memory counter and /proc/vmstat item.
Indirectly reclaimable memory is any sort of memory, used by the kernel
(except of reclaimable slabs), which is actually reclaimable, i.e. will
be released under memory pressure.
The counter is in bytes, as it's not always possible to count such
objects in pages. The name contains BYTES by analogy to
NR_KERNEL_STACK_KB.
Link: http://lkml.kernel.org/r/20180305133743.12746-2-guro@fb.com
Signed-off-by: Roman Gushchin <guro@fb.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Mel Gorman <mgorman@techsingularity.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Git-Commit:
eb59254608bc1d42c4c6afdcdce9c0d3ce02b318
Git-Repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
Change-Id: Ie15abc33dcb13091e3acfa04dd55c664e1a24e70
Signed-off-by: Vijayanand Jitta <vjitta@codeaurora.org>
Linux Build Service Account [Sun, 6 May 2018 09:07:13 +0000 (02:07 -0700)]
Merge "ASoC: msm: qdsp6v2 : Add AFE port validation for MULTICHAN_HDMI_RX"
Linux Build Service Account [Sun, 6 May 2018 09:07:12 +0000 (02:07 -0700)]
Merge "ASoC: sdm660_cdc: Fix pop after PDR on SDM660 internal codec"
Linux Build Service Account [Sun, 6 May 2018 09:07:10 +0000 (02:07 -0700)]
Merge "ASoC: msm: add TDM routing for DTMF driver and dtmf fe dai to apq8096"
Linux Build Service Account [Sun, 6 May 2018 09:07:09 +0000 (02:07 -0700)]
Merge "ASoC: msm: qdsp6v2: enable DMA channel control"
Linux Build Service Account [Sun, 6 May 2018 09:07:07 +0000 (02:07 -0700)]
Merge "ARM: dts: msm: enable sensor node on msm8996 and apq8096"
Guchun Chen [Fri, 13 Apr 2018 09:29:40 +0000 (17:29 +0800)]
drm: msm: improve early splash mechanism
Early RVC will keep running even if all display's splash
in bootloader are stopped. So kernel splash handoff
mechanism needs to be modified to match the scenario.
CRs-Fixed:
2225630
Change-Id: I0e00403f6cae0401ea23465f78cf092abfa2a611
Signed-off-by: Guchun Chen <guchunc@codeaurora.org>
Guchun Chen [Fri, 20 Apr 2018 11:10:04 +0000 (19:10 +0800)]
drm: msm: read SDE registers for splash case
Read sde registers like layer mixer and ctrl information
from bootloader when early splash is enabled in bootloader.
These information will be updated to kernel resource
manager to let bootloader and kernel use the same hardware
setting.
CRs-Fixed:
2225630
Change-Id: I0e971de1992b380e30933f476b1a7e185ce0ad96
Signed-off-by: Guchun Chen <guchunc@codeaurora.org>
Signed-off-by: Camus Wong <camusw@codeaurora.org>
Guchun Chen [Wed, 25 Apr 2018 14:13:43 +0000 (22:13 +0800)]
drm: msm: hw ctl needs to care reserved pipe
When kernel operates hw ctls, early RVC in bootloader
can also co-exist to update hardware registers. So it's
needed to care the reserved pipe by early RVC before
kernel starts to handle ctl setup.
CRs-Fixed:
2225630
Change-Id: I2df06350a44bd128dfb89cc0668c41d2edfb26a6
Signed-off-by: Guchun Chen <guchunc@codeaurora.org>
David Ng [Fri, 4 May 2018 02:36:14 +0000 (19:36 -0700)]
Android.bp: Initial header export bp for Android (qseecom only)
Initial Android blueprint makefile for kernel header export;
qseecom.h UAPI for now.
Change-Id: Ia0af480167e19d099789548a2229b46abbd977f8
Signed-off-by: David Ng <dave@codeaurora.org>
Guchun Chen [Wed, 25 Apr 2018 13:48:39 +0000 (21:48 +0800)]
ARM: dts: msm: update mem region on msm8996 auto boards
Due to early RVC will continue running during the whole device
bootup period, so RVC's reserved memory should be updated to
contiguous-region to avoid smmu fault.
CRs-Fixed:
2225630
Change-Id: I5d1510f4e9079f6ddd5630b0b736d0d49bc0992b
Signed-off-by: Guchun Chen <guchunc@codeaurora.org>
Guchun Chen [Thu, 12 Apr 2018 09:16:35 +0000 (17:16 +0800)]
ARM: dts: msm: add reserved plane node on msm8996 auto boards
Early RVC will enable vig0 layer if it's on in bootloader. So to
meet the purpose LK and kernel can access display hardware at the
same time, this pipe should be reserved in LK and set to not available
to others before RVC exits.
CRs-Fixed:
2225630
Change-Id: I1398db5750c01523e4b755fb4744a6fc976ee8da
Signed-off-by: Guchun Chen <guchunc@codeaurora.org>
Linux Build Service Account [Fri, 4 May 2018 23:11:21 +0000 (16:11 -0700)]
Merge "drm/msm/hdmi: partial revert for hdmi->power_on changes"
Linux Build Service Account [Fri, 4 May 2018 02:58:45 +0000 (19:58 -0700)]
Merge "ARM: dts: msm: Enable 802.11ad wifi device on msm8996 platform"
WANG Cong [Fri, 4 Nov 2016 00:14:03 +0000 (17:14 -0700)]
ipvs: use IPVS_CMD_ATTR_MAX for family.maxattr
family.maxattr is the max index for policy[], the size of
ops[] is determined with ARRAY_SIZE().
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Git-commit:
8fbfef7f505bba60fb57078b7621270ee57cd1c4
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Change-Id: I4a8cff16935c6b7edb3f4fa86faddd8258b0ef57
CRs-Fixed:
2236015
Signed-off-by: Jeff Johnson <jjohnson@codeaurora.org>
Timothy Sham [Thu, 26 Apr 2018 20:20:57 +0000 (16:20 -0400)]
ASoC: msm: add TDM routing for DTMF driver and dtmf fe dai to apq8096
Added DTMF mixer routing for QUAT_TDM_RX2 for automotive. Also added
the DTMF front-end dai to apq8096 driver.
Change-Id: I3652efd939774ff8cb7c40445747f0edbf6b3c7f
Signed-off-by: Timothy Sham <tsham@codeaurora.org>
WANG Cong [Thu, 3 Nov 2016 16:42:36 +0000 (09:42 -0700)]
taskstats: fix the length of cgroupstats_cmd_get_policy
cgroupstats_cmd_get_policy is [CGROUPSTATS_CMD_ATTR_MAX+1],
taskstats_cmd_get_policy[TASKSTATS_CMD_ATTR_MAX+1],
but their family.maxattr is TASKSTATS_CMD_ATTR_MAX.
CGROUPSTATS_CMD_ATTR_MAX is less than TASKSTATS_CMD_ATTR_MAX,
so we could end up accessing out-of-bound.
Change cgroupstats_cmd_get_policy to TASKSTATS_CMD_ATTR_MAX+1,
this is safe because the rest are initialized to 0's.
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit:
243d52126184b072a18fe2130ce0008f8aa3a340
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Change-Id: Ie03c41de881d8e0e88ba35f5369e4e955d8d8682
CRs-Fixed:
2234354
Signed-off-by: Jeff Johnson <jjohnson@codeaurora.org>
Linux Build Service Account [Thu, 3 May 2018 18:23:20 +0000 (11:23 -0700)]
Merge "sched/walt: Fix use after free in trace_sched_update_task_ravg()"
Srinivasarao P [Thu, 3 May 2018 10:22:09 +0000 (15:52 +0530)]
Merge android-4.4.131 (
d5d6526) into msm-4.4
* refs/heads/tmp-
d5d6526
Linux 4.4.131
serial: mctrl_gpio: Add missing module license
serial: mctrl_gpio: export mctrl_gpio_disable_ms and mctrl_gpio_init
x86/smpboot: Don't use mwait_play_dead() on AMD systems
x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
libceph: validate con->state at the top of try_write()
ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
ARM: amba: Don't read past the end of sysfs "driver_override" buffer
ARM: amba: Fix race condition with driver_override
ARM: amba: Make driver_override output consistent with other buses
scsi: sd: Defer spinning up drive while SANITIZE is in progress
kobject: don't use WARN for registration failures
mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
ALSA: hda/realtek - Add some fixes for ALC233
ALSA: hda: Hardening for potential Spectre v1
ALSA: seq: oss: Hardening for potential Spectre v1
ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
ALSA: control: Hardening for potential Spectre v1
ALSA: rme9652: Hardening for potential Spectre v1
ALSA: hdspm: Hardening for potential Spectre v1
ALSA: asihpi: Hardening for potential Spectre v1
ALSA: opl3: Hardening for potential Spectre v1
tty: Use __GFP_NOFAIL for tty_ldisc_get()
tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
tty: Don't call panic() at tty_ldisc_init()
drm/virtio: fix vq wait_event condition
virtio_console: free buffers after reset
virtio: add ability to iterate over vqs
ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
USB: Increment wakeup count on remote wakeup.
usb: core: Add quirk for HP v222w 16GB Mini
USB: serial: cp210x: add ID for NI USB serial console
USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
USB: serial: simple: add libtransistor console
usbip: vhci_hcd: Fix usb device and sockfd leaks
usbip: usbip_host: fix to hold parent lock for device_attach() calls
ext4: fix bitmap position validation
ext4: add validity checks for bitmap block numbers
ext4: set h_journal if there is a failure starting a reserved handle
ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
goldfish: pipe: ANDROID: Allocate memory with GFP_KERNEL.
goldfish: pipe: ANDROID: Do not crash
goldfish: pipe: ANDROID: remove redundant casting
goldfish: pipe: ANDROID: Add 'pipe' to pipe functions
goldfish: pipe: ANDROID: fix whitespace
goldfish: pipe: ANDROID: rename global variables
goldfish: pipe: ANDROID: remove a redundant target
goldfish: pipe: ANDROID: add blank lines
goldfish: pipe: ANDROID: replace 'BUG_ON' with 'BUILD_BUG_ON'
goldfish: pipe: ANDROID: use the 'BIT' macro for wakeup flags
goldfish: pipe: ANDROID: fix logging format strings
Linux 4.4.130
s390/uprobes: implement arch_uretprobe_is_alive()
s390/cio: update chpid descriptor after resource accessibility event
cdrom: information leak in cdrom_ioctl_media_changed()
scsi: mptsas: Disable WRITE SAME
ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
net: af_packet: fix race in PACKET_{R|T}X_RING
tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
net: fix deadlock while clearing neighbor proxy table
tipc: add policy for TIPC_NLA_NET_ADDR
llc: fix NULL pointer deref for SOCK_ZAPPED
llc: hold llc_sap before release_sock()
sctp: do not check port in sctp_inet6_cmp_addr
vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
pppoe: check sockaddr length in pppoe_connect()
packet: fix bitfield update race
team: fix netconsole setup over team
team: avoid adding twice the same option to the event list
tcp: don't read out-of-bounds opsize
llc: delete timers synchronously in llc_sk_free()
net: validate attribute sizes in neigh_dump_table()
l2tp: check sockaddr length in pppol2tp_connect()
KEYS: DNS: limit the length of option strings
bonding: do not set slave_dev npinfo before slave_enable_netpoll in bond_enslave
s390: correct module section names for expoline code revert
s390: correct nospec auto detection init order
s390: add sysfs attributes for spectre
s390: report spectre mitigation via syslog
s390: add automatic detection of the spectre defense
s390: move nobp parameter functions to nospec-branch.c
s390/entry.S: fix spurious zeroing of r0
s390: do not bypass BPENTER for interrupt system calls
s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*)
s390: introduce execute-trampolines for branches
s390: run user space and KVM guests with modified branch prediction
s390: add options to change branch prediction behaviour for the kernel
s390/alternative: use a copy of the facility bit mask
s390: add optimized array_index_mask_nospec
s390: scrub registers on kernel entry and KVM exit
KVM: s390: wire up bpb feature
s390: enable CPU alternatives unconditionally
s390: introduce CPU alternatives
Revert "ath10k: send (re)assoc peer command when NSS changed"
jbd2: fix use after free in kjournald2()
ath9k_hw: check if the chip failed to wake up
Input: drv260x - fix initializing overdrive voltage
r8152: add Linksys USB3GIGV1 id
staging: ion : Donnot wakeup kswapd in ion system alloc
perf: Return proper values for user stack errors
x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
cifs: do not allow creating sockets except with SMB1 posix exensions
UPSTREAM: tracing: always define trace_{irq,preempt}_{enable_disable}
ANDROID: staging: ion: Obey kptr_restrict
ANDROID: sdcardfs: Set s_root to NULL after putting
ANDROID: sdcardfs: d_make_root calls iput
ANDROID: sdcardfs: Check for private data earlier
Conflicts:
drivers/staging/android/ion/ion.c
drivers/staging/android/ion/ion_cma_heap.c
drivers/staging/android/ion/ion_system_heap.c
Change-Id: I8155103b3787bb800f85291cc7378a8e29a8436f
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Linux Build Service Account [Thu, 3 May 2018 09:07:35 +0000 (02:07 -0700)]
Merge "msm: ais: isp: Handling buffer use after getting it freed"
Linux Build Service Account [Thu, 3 May 2018 09:07:34 +0000 (02:07 -0700)]
Merge "gpio: No NULL owner"
Linux Build Service Account [Thu, 3 May 2018 09:07:28 +0000 (02:07 -0700)]
Merge "defconfig: Enable preemptirq tracing for msm8998 and sdm660"
Maulik Shah [Wed, 25 May 2016 10:38:12 +0000 (16:08 +0530)]
irqchip: gic: print correct resume irq name
Currently hwirq number is used to get descriptor for irq
in gic_show_resume_irq function which returns incorrect
irq descriptor.
Update it to use correct irq number using irq_find_mapping.
Change-Id: Ib61ebcb3d5e520566b157ee5781d11b70d0f513d
Signed-off-by: Maulik Shah <mkshah@codeaurora.org>
Gerrit - the friendly Code Review server [Thu, 3 May 2018 07:33:44 +0000 (00:33 -0700)]
Merge changes into msm-4.4
Abhijeet Dharmapurikar [Mon, 19 Aug 2013 22:03:14 +0000 (15:03 -0700)]
msm: show_resume_irq: print the irq name
Just printing the irq number is not informative. Update the code
to show the name of the interrupt's irq action.
Change-Id: Ia3e7d37948860b23d4390808769cd198656eba48
Signed-off-by: Abhijeet Dharmapurikar <adharmap@codeaurora.org>
Abhijeet Dharmapurikar [Mon, 13 Dec 2010 20:04:27 +0000 (12:04 -0800)]
GIC: Show interrupts that triggered wakeup
This change is to satisfy the logging requirement of
wakeup interrupts. Add code to log the trigger status
of wakeup interrupts. This helps in debugging
the cause of wakeup when the system is suspended
Change-Id: I0f724296f9133433cdbc3271a9b91c6fa992a2ff
Signed-off-by: Abhijeet Dharmapurikar <adharmap@codeaurora.org>
Abhijeet Dharmapurikar [Thu, 12 Aug 2010 00:18:28 +0000 (17:18 -0700)]
GIC: implement suspend and resume
While in suspend state, the system should not wake up due to triggering
of a non wakeup interrupt. Implement suspend and resume functions to be
called from power management code to switch enabled interrupts between
wakeup set or normal set.
Change-Id: Iaceae286707460eadc5f05c0baef72b43c942777
Signed-off-by: Abhijeet Dharmapurikar <adharmap@codeaurora.org>
Zhaoyang Liu [Wed, 18 Apr 2018 08:57:51 +0000 (16:57 +0800)]
ARM: dts: msm: Enable 802.11ad wifi device on msm8996 platform
Enable IEEE802.11AD WiFi device wil6210.
Change wil6210 PCIe parent for MSM8996 platform.
Change-Id: I58919c766c0e6f0090d309492de1ecf12718824d
Signed-off-by: Zhaoyang Liu <zhaoyang@codeaurora.org>
Pavankumar Kondeti [Tue, 13 Mar 2018 10:33:15 +0000 (16:03 +0530)]
sched/walt: Fix use after free in trace_sched_update_task_ravg()
commit
4d09122c1868 ("sched: Fix spinlock recursion in sched_exit()")
moved freeing of task's current and previous window arrays outside
the rq->lock. These arrays can be accessed from another CPU in parallel
and end up using freed memory. For example,
CPU#0 CPU#1
---------------------------------- -------------------------------
sched_exit() try_to_wake_up()--> The task wakes
up on CPU#0
task_rq_lock() set_task_cpu()
fixup_busy_time() --> waiting for
CPU#0's rq->lock
task_rq_unlock() fixup_busy_time()-->lock acquired
free_task_load_ptrs()
kfree(p->ravg.curr_window_cpu) update_task_ravg()-->called on
current of CPU#0
trace_sched_update_task_ravg()
--> access freed memory
p->ravg.curr_window_cpu = NULL;
To fix this issue, window array pointers must be set to NULL before
freeing the memory. Since this happens outside the lock, memory barriers
are needed on write and read paths. A much simpler alternative would be
skipping update_task_ravg() trace point for tasks that are marked as dead.
The window stats of dead tasks are not updated any ways. While at it, skip
this trace point for newly created tasks for which also window stats are
not updated.
Change-Id: I4d7cb8a3cf7cf84270b09721140d35205643b7ab
Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org>
[spathi@codeaurora.org: moved changes to hmp.c since EAS is not supported]
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Linus Walleij [Tue, 16 Jan 2018 07:42:12 +0000 (08:42 +0100)]
gpio: No NULL owner
Sometimes a GPIO is fetched with NULL as parent device, and
that is just fine. So under these circumstances, avoid using
dev_name() to provide a name for the GPIO line.
Change-Id: Iacf2ef35d50118cd755e26ed4211c3c4b1289ff2
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Git-commit:
7d18f0a14aa6a0d6bad39111c1fb655f07f71d59
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Linux Build Service Account [Wed, 2 May 2018 20:38:40 +0000 (13:38 -0700)]
Merge "Merge android-4.4.129 (
b1c4836) into msm-4.4"
Linux Build Service Account [Wed, 2 May 2018 20:38:39 +0000 (13:38 -0700)]
Merge "ANDROID: sound: rawmidi: Hold lock around realloc"
Linux Build Service Account [Wed, 2 May 2018 20:38:38 +0000 (13:38 -0700)]
Merge "msm: ipa: using debug logging instead of error logging"
Linux Build Service Account [Wed, 2 May 2018 20:38:37 +0000 (13:38 -0700)]
Merge "mmc: core: power cycle card when sd card switch voltage operation fails"
Linux Build Service Account [Wed, 2 May 2018 20:38:36 +0000 (13:38 -0700)]
Merge "mmc: card: WARN_ON in cmdq completion context"
Linux Build Service Account [Wed, 2 May 2018 20:38:35 +0000 (13:38 -0700)]
Merge "defconfig: Enable cellular hints in regulatory cfg80211"
Greg Kroah-Hartman [Wed, 2 May 2018 18:10:46 +0000 (11:10 -0700)]
Merge 4.4.131 into android-4.4
Changes in 4.4.131
ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
ext4: set h_journal if there is a failure starting a reserved handle
ext4: add validity checks for bitmap block numbers
ext4: fix bitmap position validation
usbip: usbip_host: fix to hold parent lock for device_attach() calls
usbip: vhci_hcd: Fix usb device and sockfd leaks
USB: serial: simple: add libtransistor console
USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
USB: serial: cp210x: add ID for NI USB serial console
usb: core: Add quirk for HP v222w 16GB Mini
USB: Increment wakeup count on remote wakeup.
ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
virtio: add ability to iterate over vqs
virtio_console: free buffers after reset
drm/virtio: fix vq wait_event condition
tty: Don't call panic() at tty_ldisc_init()
tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
tty: Use __GFP_NOFAIL for tty_ldisc_get()
ALSA: opl3: Hardening for potential Spectre v1
ALSA: asihpi: Hardening for potential Spectre v1
ALSA: hdspm: Hardening for potential Spectre v1
ALSA: rme9652: Hardening for potential Spectre v1
ALSA: control: Hardening for potential Spectre v1
ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
ALSA: seq: oss: Hardening for potential Spectre v1
ALSA: hda: Hardening for potential Spectre v1
ALSA: hda/realtek - Add some fixes for ALC233
mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
kobject: don't use WARN for registration failures
scsi: sd: Defer spinning up drive while SANITIZE is in progress
ARM: amba: Make driver_override output consistent with other buses
ARM: amba: Fix race condition with driver_override
ARM: amba: Don't read past the end of sysfs "driver_override" buffer
ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
libceph: validate con->state at the top of try_write()
x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
x86/smpboot: Don't use mwait_play_dead() on AMD systems
serial: mctrl_gpio: export mctrl_gpio_disable_ms and mctrl_gpio_init
serial: mctrl_gpio: Add missing module license
Linux 4.4.131
Change-Id: I8be9780b3f588b6ca9499b2f31ee4be0dbc9ef77
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Greg Kroah-Hartman [Wed, 2 May 2018 14:53:43 +0000 (07:53 -0700)]
Linux 4.4.131
Romain Izard [Tue, 23 Feb 2016 14:54:54 +0000 (15:54 +0100)]
serial: mctrl_gpio: Add missing module license
commit
82a3f87f6e80e0bf7978152021eb8938976721cb upstream.
As the mctrl_gpio driver can be built as a module, it needs to have its
license specified with MODULE_LICENSE. Otherwise, it cannot access
required symbols exported through EXPORT_SYMBOL_GPL.
Signed-off-by: Romain Izard <romain.izard.pro@gmail.com>
Acked-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Daniel Wagner <wagi@monom.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Uwe Kleine-König [Sun, 13 Dec 2015 10:30:02 +0000 (11:30 +0100)]
serial: mctrl_gpio: export mctrl_gpio_disable_ms and mctrl_gpio_init
commit
4f71a2e0a282611e55bacb60b564eaef5d16c27b upstream.
To be able to make use of the mctrl-gpio helper from a module these
functions must be exported. This was forgotten in the commit introducing
support interrupt handling for these functions (while it was done for
mctrl_gpio_enable_ms, *sigh*).
Fixes:
ce59e48fdbad ("serial: mctrl_gpio: implement interrupt handling")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Cc: Daniel Wagner <wagi@monom.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Yazen Ghannam [Tue, 3 Apr 2018 14:02:28 +0000 (09:02 -0500)]
x86/smpboot: Don't use mwait_play_dead() on AMD systems
commit
da6fa7ef67f07108a1b0cb9fd9e7fcaabd39c051 upstream.
Recent AMD systems support using MWAIT for C1 state. However, MWAIT will
not allow deeper cstates than C1 on current systems.
play_dead() expects to use the deepest state available. The deepest state
available on AMD systems is reached through SystemIO or HALT. If MWAIT is
available, it is preferred over the other methods, so the CPU never reaches
the deepest possible state.
Don't try to use MWAIT to play_dead() on AMD systems. Instead, use CPUIDLE
to enter the deepest state advertised by firmware. If CPUIDLE is not
available then fallback to HALT.
Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Cc: stable@vger.kernel.org
Cc: Yazen Ghannam <Yazen.Ghannam@amd.com>
Link: https://lkml.kernel.org/r/20180403140228.58540-1-Yazen.Ghannam@amd.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Arnd Bergmann [Tue, 24 Apr 2018 21:19:51 +0000 (23:19 +0200)]
x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
commit
1a512c0882bd311c5b5561840fcfbe4c25b8f319 upstream.
A bugfix broke the x32 shmid64_ds and msqid64_ds data structure layout
(as seen from user space) a few years ago: Originally, __BITS_PER_LONG
was defined as 64 on x32, so we did not have padding after the 64-bit
__kernel_time_t fields, After __BITS_PER_LONG got changed to 32,
applications would observe extra padding.
In other parts of the uapi headers we seem to have a mix of those
expecting either 32 or 64 on x32 applications, so we can't easily revert
the path that broke these two structures.
Instead, this patch decouples x32 from the other architectures and moves
it back into arch specific headers, partially reverting the even older
commit
73a2d096fdf2 ("x86: remove all now-duplicate header files").
It's not clear whether this ever made any difference, since at least
glibc carries its own (correct) copy of both of these header files,
so possibly no application has ever observed the definitions here.
Based on a suggestion from H.J. Lu, I tried out the tool from
https://github.com/hjl-tools/linux-header to find other such
bugs, which pointed out the same bug in statfs(), which also has
a separate (correct) copy in glibc.
Fixes:
f4b4aae18288 ("x86/headers/uapi: Fix __BITS_PER_LONG value for x32 builds")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: "H . J . Lu" <hjl.tools@gmail.com>
Cc: Jeffrey Walton <noloader@gmail.com>
Cc: stable@vger.kernel.org
Cc: "H. Peter Anvin" <hpa@zytor.com>
Link: https://lkml.kernel.org/r/20180424212013.3967461-1-arnd@arndb.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ilya Dryomov [Tue, 24 Apr 2018 17:10:55 +0000 (19:10 +0200)]
libceph: validate con->state at the top of try_write()
commit
9c55ad1c214d9f8c4594ac2c3fa392c1c32431a7 upstream.
ceph_con_workfn() validates con->state before calling try_read() and
then try_write(). However, try_read() temporarily releases con->mutex,
notably in process_message() and ceph_con_in_msg_alloc(), opening the
window for ceph_con_close() to sneak in, close the connection and
release con->sock. When try_write() is called on the assumption that
con->state is still valid (i.e. not STANDBY or CLOSED), a NULL sock
gets passed to the networking stack:
BUG: unable to handle kernel NULL pointer dereference at
0000000000000020
IP: selinux_socket_sendmsg+0x5/0x20
Make sure con->state is valid at the top of try_write() and add an
explicit BUG_ON for this, similar to try_read().
Cc: stable@vger.kernel.org
Link: https://tracker.ceph.com/issues/23706
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Jason Dillaman <dillaman@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Nicolin Chen [Sun, 8 Apr 2018 23:57:35 +0000 (16:57 -0700)]
ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
commit
c656941df9bc80f7ec65b92ca73c42f8b0b62628 upstream.
When the desired ratio is less than 256, the savesub (tolerance)
in the calculation would become 0. This will then fail the loop-
search immediately without reporting any errors.
But if the ratio is smaller enough, there is no need to calculate
the tolerance because PM divisor alone is enough to get the ratio.
So a simple fix could be just to set PM directly instead of going
into the loop-search.
Reported-by: Marek Vasut <marex@denx.de>
Signed-off-by: Nicolin Chen <nicoleotsuka@gmail.com>
Tested-by: Marek Vasut <marex@denx.de>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Geert Uytterhoeven [Tue, 10 Apr 2018 13:21:45 +0000 (15:21 +0200)]
ARM: amba: Don't read past the end of sysfs "driver_override" buffer
commit
d2ffed5185df9d8d9ccd150e4340e3b6f96a8381 upstream.
When printing the driver_override parameter when it is 4095 and 4094
bytes long, the printing code would access invalid memory because we
need count + 1 bytes for printing.
Cfr. commits
4efe874aace57dba ("PCI: Don't read past the end of sysfs
"driver_override" buffer") and
bf563b01c2895a4b ("driver core: platform:
Don't read past the end of "driver_override" buffer").
Fixes:
3cf385713460eb2b ("ARM: 8256/1: driver coamba: add device binding path 'driver_override'")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Todd Kjos <tkjos@google.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Geert Uytterhoeven [Tue, 10 Apr 2018 13:21:44 +0000 (15:21 +0200)]
ARM: amba: Fix race condition with driver_override
commit
6a7228d90d42bcacfe38786756ba62762b91c20a upstream.
The driver_override implementation is susceptible to a race condition
when different threads are reading vs storing a different driver
override. Add locking to avoid this race condition.
Cfr. commits
6265539776a0810b ("driver core: platform: fix race
condition with driver_override") and
9561475db680f714 ("PCI: Fix race
condition with driver_override").
Fixes:
3cf385713460eb2b ("ARM: 8256/1: driver coamba: add device binding path 'driver_override'")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Todd Kjos <tkjos@google.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Geert Uytterhoeven [Tue, 10 Apr 2018 13:21:43 +0000 (15:21 +0200)]
ARM: amba: Make driver_override output consistent with other buses
commit
5f53624662eaac89598641cee6cd54fc192572d9 upstream.
For AMBA devices with unconfigured driver override, the
"driver_override" sysfs virtual file is empty, while it contains
"(null)" for platform and PCI devices.
Make AMBA consistent with other buses by dropping the test for a NULL
pointer.
Note that contrary to popular belief, sprintf() handles NULL pointers
fine; they are printed as "(null)".
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: stable <stable@vger.kernel.org>
Reviewed-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mahesh Rajashekhara [Tue, 17 Apr 2018 11:33:12 +0000 (17:03 +0530)]
scsi: sd: Defer spinning up drive while SANITIZE is in progress
commit
505aa4b6a8834a2300971c5220c380c3271ebde3 upstream.
A drive being sanitized will return NOT READY / ASC 0x4 / ASCQ
0x1b ("LOGICAL UNIT NOT READY. SANITIZE IN PROGRESS").
Prevent spinning up the drive until this condition clears.
[mkp: tweaked commit message]
Signed-off-by: Mahesh Rajashekhara <mahesh.rajashekhara@microsemi.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dmitry Vyukov [Wed, 11 Apr 2018 15:22:43 +0000 (17:22 +0200)]
kobject: don't use WARN for registration failures
commit
3e14c6abbfb5c94506edda9d8e2c145d79375798 upstream.
This WARNING proved to be noisy. The function still returns an error
and callers should handle it. That's how most of kernel code works.
Downgrade the WARNING to pr_err() and leave WARNINGs for kernel bugs.
Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Reported-by: syzbot+209c0f67f99fec8eb14b@syzkaller.appspotmail.com
Reported-by: syzbot+7fb6d9525a4528104e05@syzkaller.appspotmail.com
Reported-by: syzbot+2e63711063e2d8f9ea27@syzkaller.appspotmail.com
Reported-by: syzbot+de73361ee4971b6e6f75@syzkaller.appspotmail.com
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Joakim Tjernlund [Thu, 1 Mar 2018 13:39:41 +0000 (14:39 +0100)]
mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
commit
7b70eb14392a7cf505f9b358d06c33b5af73d1e7 upstream.
Currently it is possible to read and/or write to suspend EB's.
Writing /dev/mtdX or /dev/mtdblockX from several processes may
break the flash state machine.
Taken from cfi_cmdset_0001 driver.
Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
Cc: <stable@vger.kernel.org>
Reviewed-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Joakim Tjernlund [Thu, 1 Mar 2018 13:39:40 +0000 (14:39 +0100)]
mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
commit
46a16a2283f9e678a4e26829175e0c37a5191860 upstream.
Some Micron chips does not work well wrt Erase suspend for
boot blocks. This avoids the issue by not allowing Erase suspend
for the boot blocks for the 28F00AP30(1GBit) chip.
Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
Cc: <stable@vger.kernel.org>
Reviewed-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Joakim Tjernlund [Thu, 1 Mar 2018 13:39:39 +0000 (14:39 +0100)]
mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
commit
6510bbc88e3258631831ade49033537081950605 upstream.
Currently it is possible to read and/or write to suspend EB's.
Writing /dev/mtdX or /dev/mtdblockX from several processes may
break the flash state machine.
Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
Cc: <stable@vger.kernel.org>
Reviewed-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Kailang Yang [Wed, 25 Apr 2018 07:31:52 +0000 (15:31 +0800)]
ALSA: hda/realtek - Add some fixes for ALC233
commit
ea04a1dbf8b1d6af759d58e705636fde48583f8f upstream.
Fill COEF to change EAPD to verb control.
Assigned codec type.
This is an additional fix over
92f974df3460 ("ALSA: hda/realtek - New
vendor ID for ALC233").
[ More notes:
according to Kailang, the chip is 10ec:0235 bonding for ALC233b,
which is equivalent with ALC255. It's only used for Lenovo.
The chip needs no alc_process_coef_fw() for headset unlike ALC255. ]
Signed-off-by: Kailang Yang <kailang@realtek.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Tue, 24 Apr 2018 05:50:50 +0000 (07:50 +0200)]
ALSA: hda: Hardening for potential Spectre v1
commit
69fa6f19b95597618ab30438a27b67ad93daa7c7 upstream.
As recently Smatch suggested, one place in HD-audio hwdep ioctl codes
may expand the array directly from the user-space value with
speculation:
sound/pci/hda/hda_local.h:467 get_wcaps() warn: potential spectre issue 'codec->wcaps'
As get_wcaps() itself is a fairly frequently called inline function,
and there is only one single call with a user-space value, we replace
only the latter one to open-code locally with array_index_nospec()
hardening in this patch.
BugLink: https://marc.info/?l=linux-kernel&m=152411496503418&w=2
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Tue, 24 Apr 2018 05:31:54 +0000 (07:31 +0200)]
ALSA: seq: oss: Hardening for potential Spectre v1
commit
8d218dd8116695ecda7164f97631c069938aa22e upstream.
As Smatch recently suggested, a few places in OSS sequencer codes may
expand the array directly from the user-space value with speculation,
namely there are a significant amount of references to either
info->ch[] or dp->synths[] array:
sound/core/seq/oss/seq_oss_event.c:315 note_on_event() warn: potential spectre issue 'info->ch' (local cap)
sound/core/seq/oss/seq_oss_event.c:362 note_off_event() warn: potential spectre issue 'info->ch' (local cap)
sound/core/seq/oss/seq_oss_synth.c:470 snd_seq_oss_synth_load_patch() warn: potential spectre issue 'dp->synths' (local cap)
sound/core/seq/oss/seq_oss_event.c:293 note_on_event() warn: potential spectre issue 'dp->synths'
sound/core/seq/oss/seq_oss_event.c:353 note_off_event() warn: potential spectre issue 'dp->synths'
sound/core/seq/oss/seq_oss_synth.c:506 snd_seq_oss_synth_sysex() warn: potential spectre issue 'dp->synths'
sound/core/seq/oss/seq_oss_synth.c:580 snd_seq_oss_synth_ioctl() warn: potential spectre issue 'dp->synths'
Although all these seem doing only the first load without further
reference, we may want to stay in a safer side, so hardening with
array_index_nospec() would still make sense.
We may put array_index_nospec() at each place, but here we take a
different approach:
- For dp->synths[], change the helpers to retrieve seq_oss_synthinfo
pointer directly instead of the array expansion at each place
- For info->ch[], harden in a normal way, as there are only a couple
of places
As a result, the existing helper, snd_seq_oss_synth_is_valid() is
replaced with snd_seq_oss_synth_info(). Also, we cover MIDI device
where a similar array expansion is done, too, although it wasn't
reported by Smatch.
BugLink: https://marc.info/?l=linux-kernel&m=152411496503418&w=2
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Tue, 24 Apr 2018 05:26:59 +0000 (07:26 +0200)]
ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
commit
f5e94b4c6ebdabe0f602d796e0430180927521a0 upstream.
When get_synthdev() is called for a MIDI device, it returns the fixed
midi_synth_dev without the use refcounting. OTOH, the caller is
supposed to unreference unconditionally after the usage, so this would
lead to unbalanced refcount.
This patch corrects the behavior and keep up the refcount balance also
for the MIDI synth device.
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
David Henningsson [Sat, 21 Apr 2018 12:57:40 +0000 (14:57 +0200)]
ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
commit
f853dcaae2f5bbe021161e421bd1576845bae8f6 upstream.
It looks like a simple mistake that this struct member
was forgotten.
Audio_tstamp isn't used much, and on some archs (such as x86) this
ioctl is not used by default, so that might be the reason why this
has slipped for so long.
Fixes:
4eeaaeaea1ce ("ALSA: core: add hooks for audio timestamps")
Signed-off-by: David Henningsson <diwic@ubuntu.com>
Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Cc: <stable@vger.kernel.org> # v3.8+
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Tue, 24 Apr 2018 05:45:56 +0000 (07:45 +0200)]
ALSA: control: Hardening for potential Spectre v1
commit
088e861edffb84879cf0c0d1b02eda078c3a0ffe upstream.
As recently Smatch suggested, a few places in ALSA control core codes
may expand the array directly from the user-space value with
speculation:
sound/core/control.c:1003 snd_ctl_elem_lock() warn: potential spectre issue 'kctl->vd'
sound/core/control.c:1031 snd_ctl_elem_unlock() warn: potential spectre issue 'kctl->vd'
sound/core/control.c:844 snd_ctl_elem_info() warn: potential spectre issue 'kctl->vd'
sound/core/control.c:891 snd_ctl_elem_read() warn: potential spectre issue 'kctl->vd'
sound/core/control.c:939 snd_ctl_elem_write() warn: potential spectre issue 'kctl->vd'
Although all these seem doing only the first load without further
reference, we may want to stay in a safer side, so hardening with
array_index_nospec() would still make sense.
In this patch, we put array_index_nospec() to the common
snd_ctl_get_ioff*() helpers instead of each caller. These helpers are
also referred from some drivers, too, and basically all usages are to
calculate the array index from the user-space value, hence it's better
to cover there.
BugLink: https://marc.info/?l=linux-kernel&m=152411496503418&w=2
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Tue, 24 Apr 2018 06:04:41 +0000 (08:04 +0200)]
ALSA: rme9652: Hardening for potential Spectre v1
commit
f526afcd8f71945c23ce581d7864ace93de8a4f7 upstream.
As recently Smatch suggested, one place in RME9652 driver may expand
the array directly from the user-space value with speculation:
sound/pci/rme9652/rme9652.c:2074 snd_rme9652_channel_info() warn: potential spectre issue 'rme9652->channel_map' (local cap)
This patch puts array_index_nospec() for hardening against it.
BugLink: https://marc.info/?l=linux-kernel&m=152411496503418&w=2
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Tue, 24 Apr 2018 06:03:14 +0000 (08:03 +0200)]
ALSA: hdspm: Hardening for potential Spectre v1
commit
10513142a7114d251670361ad40cba2c61403406 upstream.
As recently Smatch suggested, a couple of places in HDSP MADI driver
may expand the array directly from the user-space value with
speculation:
sound/pci/rme9652/hdspm.c:5717 snd_hdspm_channel_info() warn: potential spectre issue 'hdspm->channel_map_out' (local cap)
sound/pci/rme9652/hdspm.c:5734 snd_hdspm_channel_info() warn: potential spectre issue 'hdspm->channel_map_in' (local cap)
This patch puts array_index_nospec() for hardening against them.
BugLink: https://marc.info/?l=linux-kernel&m=152411496503418&w=2
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Tue, 24 Apr 2018 06:01:48 +0000 (08:01 +0200)]
ALSA: asihpi: Hardening for potential Spectre v1
commit
f9d94b57e30fd1575b4935045b32d738668aa74b upstream.
As recently Smatch suggested, a couple of places in ASIHPI driver may
expand the array directly from the user-space value with speculation:
sound/pci/asihpi/hpimsginit.c:70 hpi_init_response() warn: potential spectre issue 'res_size' (local cap)
sound/pci/asihpi/hpioctl.c:189 asihpi_hpi_ioctl() warn: potential spectre issue 'adapters'
This patch puts array_index_nospec() for hardening against them.
BugLink: https://marc.info/?l=linux-kernel&m=152411496503418&w=2
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Tue, 24 Apr 2018 05:56:07 +0000 (07:56 +0200)]
ALSA: opl3: Hardening for potential Spectre v1
commit
7f054a5bee0987f1e2d4e59daea462421c76f2cb upstream.
As recently Smatch suggested, one place in OPL3 driver may expand the
array directly from the user-space value with speculation:
sound/drivers/opl3/opl3_synth.c:476 snd_opl3_set_voice() warn: potential spectre issue 'snd_opl3_regmap'
This patch puts array_index_nospec() for hardening against it.
BugLink: https://marc.info/?l=linux-kernel&m=152411496503418&w=2
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tetsuo Handa [Wed, 25 Apr 2018 11:12:31 +0000 (20:12 +0900)]
tty: Use __GFP_NOFAIL for tty_ldisc_get()
commit
bcdd0ca8cb8730573afebcaae4138f8f4c8eaa20 upstream.
syzbot is reporting crashes triggered by memory allocation fault injection
at tty_ldisc_get() [1]. As an attempt to handle OOM in a graceful way, we
have tried commit
5362544bebe85071 ("tty: don't panic on OOM in
tty_set_ldisc()"). But we reverted that attempt by commit
a8983d01f9b7d600
("Revert "tty: don't panic on OOM in tty_set_ldisc()"") due to reproducible
crash. We should spend resource for finding and fixing race condition bugs
rather than complicate error paths for 2 * sizeof(void *) bytes allocation
failure.
[1] https://syzkaller.appspot.com/bug?id=
489d33fa386453859ead58ff5171d43772b13aa3
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reported-by: syzbot <syzbot+40b7287c2dc987c48c81@syzkaller.appspotmail.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Vegard Nossum <vegard.nossum@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Jiri Slaby <jslaby@suse.com>
Cc: Peter Hurley <peter@hurleysoftware.com>
Cc: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tony Lindgren [Sat, 7 Apr 2018 17:19:51 +0000 (10:19 -0700)]
tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
commit
b2d89ad9c9682e795ed6eeb9ed455789ad6cedf1 upstream.
At least on droid 4 with control channel in ADM mode, there is no response
to Modem Status Command (MSC). Currently gsmtty_modem_update() expects to
have data in dlci->modem_rx unless debug & 2 is set. This means that on
droid 4, things only work if debug & 2 is set.
Let's fix the issue by ignoring empty dlci->modem_rx for ADM mode. In
the AMD mode, CMD_MSC will never respond and gsm_process_modem() won't
get called to set dlci->modem_rx.
And according to ts_127010v140000p.pdf, MSC is only relevant if basic
option is chosen, so let's test for that too.
Fixes:
ea3d8465ab9b ("tty: n_gsm: Allow ADM response in addition to UA for control dlci")
Cc: linux-serial@vger.kernel.org
Cc: Alan Cox <alan@llwyncelyn.cymru>
Cc: Dan Williams <dcbw@redhat.com>
Cc: Jiri Prchal <jiri.prchal@aksignal.cz>
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Marcel Partap <mpartap@gmx.net>
Cc: Merlijn Wajer <merlijn@wizzup.org>
Cc: Michael Nazzareno Trimarchi <michael@amarulasolutions.com>
Cc: Michael Scott <michael.scott@linaro.org>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: Peter Hurley <peter@hurleysoftware.com>
Cc: Russ Gorby <russ.gorby@intel.com>
Cc: Sascha Hauer <s.hauer@pengutronix.de>
Cc: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tony Lindgren [Sat, 7 Apr 2018 17:19:50 +0000 (10:19 -0700)]
tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
commit
e9ec22547986dd32c5c70da78107ce35dbff1344 upstream.
Commit
ea3d8465ab9b ("tty: n_gsm: Allow ADM response in addition to UA for
control dlci") added support for DLCI to stay in Asynchronous Disconnected
Mode (ADM). But we still get long delays waiting for commands to other
DLCI to complete:
--> 5) C: SABM(P)
Q> 0) C: UIH(F)
Q> 0) C: UIH(F)
Q> 0) C: UIH(F)
...
This happens because gsm_control_send() sets cretries timer to T2 that is
by default set to 34. This will cause resend for T2 times for the control
frame. In ADM mode, we will never get a response so the control frame, so
retries are just delaying all the commands.
Let's fix the issue by setting DLCI_MODE_ADM flag after detecting the ADM
mode for the control DLCI. Then we can use that in gsm_control_send() to
set retries to 1. This means the control frame will be sent once allowing
the other end at an opportunity to switch from ADM to ABM mode.
Note that retries will be decremented in gsm_control_retransmit() so
we don't want to set it to 0 here.
Fixes:
ea3d8465ab9b ("tty: n_gsm: Allow ADM response in addition to UA for control dlci")
Cc: linux-serial@vger.kernel.org
Cc: Alan Cox <alan@llwyncelyn.cymru>
Cc: Dan Williams <dcbw@redhat.com>
Cc: Jiri Prchal <jiri.prchal@aksignal.cz>
Cc: Jiri Slaby <jslaby@suse.cz>
Cc: Marcel Partap <mpartap@gmx.net>
Cc: Merlijn Wajer <merlijn@wizzup.org>
Cc: Michael Nazzareno Trimarchi <michael@amarulasolutions.com>
Cc: Michael Scott <michael.scott@linaro.org>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: Peter Hurley <peter@hurleysoftware.com>
Cc: Russ Gorby <russ.gorby@intel.com>
Cc: Sascha Hauer <s.hauer@pengutronix.de>
Cc: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tetsuo Handa [Thu, 5 Apr 2018 10:40:16 +0000 (19:40 +0900)]
tty: Don't call panic() at tty_ldisc_init()
commit
903f9db10f18f735e62ba447147b6c434b6af003 upstream.
syzbot is reporting kernel panic [1] triggered by memory allocation failure
at tty_ldisc_get() from tty_ldisc_init(). But since both tty_ldisc_get()
and caller of tty_ldisc_init() can cleanly handle errors, tty_ldisc_init()
does not need to call panic() when tty_ldisc_get() failed.
[1] https://syzkaller.appspot.com/bug?id=
883431818e036ae6a9981156a64b821110f39187
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jiri Slaby <jslaby@suse.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>