In the case that the driver is configured from device-tree
i2s_reg_comp1 and i2s_reg_comp2 aren't initialised, breaking the driver.
Fix this by unconditionally setting these values before checking for quirks.
Fixes: a242cac1d3 ("ASoC: dwc: add quirk to override COMP_PARAM_1 register")
Signed-off-by: Jon Medhurst <tixy@linaro.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
'perf probe' through debuginfo__find_probes() in util/probe-finder.c
checks for the functions' frame descriptions in either .eh_frame section
of an ELF or the .debug_frame.
The check is based on whether either one of these sections is present.
Depending on distro, toolchain defaults, architetcutre, build flags,
etc., CFI might be found in either .eh_frame and/or .debug_frame.
Sometimes, it may happen that, .eh_frame, even if present, may not be
complete and may miss some descriptions.
Therefore, to be sure, to find the CFI covering an address we will
always have to investigate both if available.
For e.g., in powerpc, this may happen:
$ gcc -g bin.c -o bin
$ objdump --dwarf ./bin
<1><145>: Abbrev Number: 7 (DW_TAG_subprogram)
<146> DW_AT_external : 1
<146> DW_AT_name : (indirect string, offset: 0x9e): main
<14a> DW_AT_decl_file : 1
<14b> DW_AT_decl_line : 39
<14c> DW_AT_prototyped : 1
<14c> DW_AT_type : <0x57>
<150> DW_AT_low_pc : 0x100007b8
If the .eh_frame and .debug_frame are checked for the same binary, we
will find that, .eh_frame (although present) doesn't contain a
description for "main" function.
But, .debug_frame has a description:
000000d8 00000024 00000000 FDE cie=00000000 pc=100007b8..10000838
DW_CFA_advance_loc: 16 to 100007c8
DW_CFA_def_cfa_offset: 144
DW_CFA_offset_extended_sf: r65 at cfa+16
...
Due to this (since, perf checks whether .eh_frame is present and goes on
searching for that address inside that frame), perf is unable to process
the probes:
# perf probe -x ./bin main
Failed to get call frame on 0x100007b8
Error: Failed to add events.
To avoid this issue, we need to check both the sections (.eh_frame and
.debug_frame), which is done in this patch.
Note that, we can always force everything into both .eh_frame and
.debug_frame by:
$ gcc bin.c -fasynchronous-unwind-tables -fno-dwarf2-cfi-asm -g -o bin
Signed-off-by: Hemant Kumar <hemant@linux.vnet.ibm.com>
Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: linuxppc-dev@lists.ozlabs.org
Cc: Mark Wielaard <mjw@redhat.com>
Cc: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Cc: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Link: http://lkml.kernel.org/r/1454426806-13974-1-git-send-email-hemant@linux.vnet.ibm.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
futex.h's futex_atomic_cmpxchg_inatomic() does not use the
__futex_atomic_op() macro and needs its own PAN toggling. This was missed
when the feature was implemented.
Fixes: 338d4f49d6 ("arm64: kernel: Add support for Privileged Access Never")
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
intel_pt_process_auxtrace_info() creates a pt->unknown_thread thread
that eventually needs to be freed by the last thread__put() on it, when
its refcount hits zero, which may happen in
intel_pt_process_auxtrace_info() error handling path and triggers the
following segfault, which would happen as well at intel_pt_free, when
tools using this intel_pt codebase frees up resources:
# perf record -I -e intel_pt/tsc=1,noretcomp=1/u /bin/ls
0 a anaconda-ks.cfg bin perf.data perf.data.old perf-f23-bringup.todo
[ perf record: Woken up 1 times to write data ]
[ perf record: Captured and wrote 0.217 MB perf.data ]
#
# perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
Samples for 'instructions:u' event do not have IREGS attribute set. Cannot print 'iregs' field.
intel_pt_synth_events: failed to synthesize 'instructions' event type
Segmentation fault (core dumped)
#
The problem is: there's a union in 'struct thread' combines a list_head
and a rb_node. The standard life cycle of a thread is: init rb_node in
the constructor, insert it into machine->threads rbtree using rb_node,
move it to machine->dead_threads using list_head, clean in the last
thread__put: list_del_init(&thread->node).
In the above command, it clean a thread before adding it into list,
causes the above segfault.
Since pt->unknown_thread will never live in an rbtree, initialize its
list node so that when list_del_init() is done on it we don't segfault.
After this patch:
# perf script -F event,comm,pid,tid,time,addr,ip,sym,dso,iregs
Samples for 'instructions:u' event do not have IREGS attribute set. Cannot print 'iregs' field.
intel_pt_synth_events: failed to synthesize 'instructions' event type
0x248 [0x88]: failed to process type: 70
#
Reported-by: Tong Zhang <ztong@vt.edu>
Reported-by: Wang Nan <wangnan0@huawei.com>
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Link: http://lkml.kernel.org/r/1454296865-19749-1-git-send-email-wangnan0@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
The range of set_memory_* is currently restricted to the module address
range because of difficulties in breaking down larger block sizes.
vmalloc maps PAGE_SIZE pages so it is safe to use as well. Update the
function ranges and add a comment explaining why the range is restricted
the way it is.
Suggested-by: Laura Abbott <labbott@fedoraproject.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Oded Gabbay <oded.gabbay@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Reviewed-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Oded Gabbay <oded.gabbay@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Reviewed-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Oded Gabbay <oded.gabbay@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
The Allwinner sunxi specific interrupt controller cannot be compiled
for any architecture except arm:
drivers/irqchip/irq-sun4i.c:25:26: fatal error: asm/mach/irq.h: No such file or directory
compilation terminated.
It turns out that this header is actually not needed for the driver, so remove
it and allow compilation for other architectures like arm64.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Cc: linux-arm-kernel@lists.infradead.org
Cc: Jason Cooper <jason@lakedaemon.net>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Maxime Ripard <maxime.ripard@free-electrons.com>
Cc: Chen-Yu Tsai <wens@csie.org>
Cc: linux-sunxi@googlegroups.com
Link: http://lkml.kernel.org/r/1454348370-3816-2-git-send-email-andre.przywara@arm.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Fix this typo, consequently used over both files :)
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Acked-by: Lars-Peter Clausen <lars@metafoo.de>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Tested-by: Archit Taneja <architt@codeaurora.org>
This register includes a counter which is decremented by the chip on I2C
failures. Also, it is reset when powering down.
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Tested-by: Archit Taneja <architt@codeaurora.org>
The interrupts for EDID_READY or DDC_ERROR were never enabled in this
driver, so reading EDID always timed out when chip was powered down and
interrupts were used. Fix this and also remove clearing the interrupt
flags, they are cleared in POWER_DOWN mode anyhow (unlike the interrupt
enable flags) according to docs and my tests.
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Tested-by: Archit Taneja <architt@codeaurora.org>
The datatype __kernel_time_t is u32 on 32bit platform, so its subject to
overflows in the timeval/timespec to cputime conversion.
Currently the following functions are affected:
1. setitimer()
2. timer_create/timer_settime()
3. sys_clock_nanosleep
This can happen on MIPS32 and ARM32 with "Full dynticks CPU time accounting"
enabled, which is required for CONFIG_NO_HZ_FULL.
Enforce u64 conversion to prevent the overflow.
Fixes: 31c1fc8187 ("ARM: Kconfig: allow full nohz CPU accounting")
Signed-off-by: zengtao <prime.zeng@huawei.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Cc: <fweisbec@gmail.com>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/1454384314-154784-1-git-send-email-prime.zeng@huawei.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
The device power usage counter is increased by pm_runtime_get_noresume
but isn't decreased in err_add_host error path.
Fix this issue by calling pm_runtime_put_noidle() in the error path to
restore the device's power usage counter.
Signed-off-by: Jisheng Zhang <jszhang@marvell.com>
Acked-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Fixes: f5f17813ae ("mmc: sdhci-of-at91: add PM support)
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
The commit fixing the conversion of pxamci to slot-gpio API fixed the
inverted the logic of the read-only gpio. Unfortunately, the commit was
tested on a non-inverted gpio, and not on the inverted one. And the fix
did work partially, by luck.
This is the remaining missing part of the fix, trivial but still necessary.
Fixes: Fixes: 26d49fe719 ("mmc: pxamci: fix read-only gpio detection polarity")
Reported-by: Andrea Adami <andrea.adami@gmail.com>
Tested-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
Cc: stable@vger.kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Not every arch has io memory.
So, unbreak the build by fixing the dependencies.
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
This patch fixes the calculation of pcc_chan for non-zero id.
After the compiler ignores the (unsigned long) cast the
pcc_mbox_channels pointer is type-cast and then the type-cast
offset is added which results in address outside of the range
leading to the kernel crashing.
We might add braces and make it:
pcc_chan = (struct mbox_chan *)
((unsigned long) pcc_mbox_channels +
(id * sizeof(*pcc_chan)));
but let's go with array approach here and use id as index.
Tested on Juno board.
Signed-off-by: Alexey Klimov <alexey.klimov@arm.com>
Acked-by: Sudeep Holla <sudeep.holla@arm.com>
Acked-by: Ashwin Chaugule <ashwin.chaugule@linaro.org>
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Fix the code to fetch and decode the whole 32-bit instruction. This
only really matters with the `noulri' kernel parameter as all microMIPS
processors are supposed to have all the hardware registers we support.
Signed-off-by: Maciej W. Rozycki <macro@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/12281/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
In the regular MIPS instruction set RDHWR is encoded with the SPECIAL3
(011111) major opcode. Therefore it cannot trigger the CpU (Coprocessor
Unusable) exception, and certainly not for coprocessor 0, as the opcode
does not overlap with any of the older ISA reservations, i.e. LWC0
(110000), SWC0 (111000), LDC0 (110100) or SDC0 (111100). The closest
match might be SDC3 (111111), possibly causing a CpU #3 exception,
however our code does not handle it anyway. A quick check with a MIPS I
and a MIPS III processor:
CPU0 revision is: 00000220 (R3000)
CPU0 revision is: 00000440 (R4400SC)
indeed indicates that the RI (Reserved Instruction) exception is
triggered. It's only LL and SC that require emulation in the CpU #0
exception handler as they reuse the LWC0 and SWC0 opcodes respectively.
In the microMIPS instruction set RDHWR is mandatory and triggering the
RI exception is required on unimplemented or disabled register accesses.
Therefore emulating the microMIPS instruction in the CpU #0 exception
handler is not required either.
Signed-off-by: Maciej W. Rozycki <macro@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/12280/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Pull networking fixes from David Miller:
"This looks like a lot but it's a mixture of regression fixes as well
as fixes for longer standing issues.
1) Fix on-channel cancellation in mac80211, from Johannes Berg.
2) Handle CHECKSUM_COMPLETE properly in xt_TCPMSS netfilter xtables
module, from Eric Dumazet.
3) Avoid infinite loop in UDP SO_REUSEPORT logic, also from Eric
Dumazet.
4) Avoid a NULL deref if we try to set SO_REUSEPORT after a socket is
bound, from Craig Gallek.
5) GRO key comparisons don't take lightweight tunnels into account,
from Jesse Gross.
6) Fix struct pid leak via SCM credentials in AF_UNIX, from Eric
Dumazet.
7) We need to set the rtnl_link_ops of ipv6 SIT tunnels before we
register them, otherwise the NEWLINK netlink message is missing
the proper attributes. From Thadeu Lima de Souza Cascardo.
8) Several Spectrum chip bug fixes for mlxsw switch driver, from Ido
Schimmel
9) Handle fragments properly in ipv4 easly socket demux, from Eric
Dumazet.
10) Don't ignore the ifindex key specifier on ipv6 output route
lookups, from Paolo Abeni"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (128 commits)
tcp: avoid cwnd undo after receiving ECN
irda: fix a potential use-after-free in ircomm_param_request
net: tg3: avoid uninitialized variable warning
net: nb8800: avoid uninitialized variable warning
net: vxge: avoid unused function warnings
net: bgmac: clarify CONFIG_BCMA dependency
net: hp100: remove unnecessary #ifdefs
net: davinci_cpdma: use dma_addr_t for DMA address
ipv6/udp: use sticky pktinfo egress ifindex on connect()
ipv6: enforce flowi6_oif usage in ip6_dst_lookup_tail()
netlink: not trim skb for mmaped socket when dump
vxlan: fix a out of bounds access in __vxlan_find_mac
net: dsa: mv88e6xxx: fix port VLAN maps
fib_trie: Fix shift by 32 in fib_table_lookup
net: moxart: use correct accessors for DMA memory
ipv4: ipconfig: avoid unused ic_proto_used symbol
bnxt_en: Fix crash in bnxt_free_tx_skbs() during tx timeout.
bnxt_en: Exclude rx_drop_pkts hw counter from the stack's rx_dropped counter.
bnxt_en: Ring free response from close path should use completion ring
net_sched: drr: check for NULL pointer in drr_dequeue
...
Pull libnvdimm fixes from Dan Williams:
"1/ Fixes to the libnvdimm 'pfn' device that establishes a reserved
area for storing a struct page array.
2/ Fixes for dax operations on a raw block device to prevent pagecache
collisions with dax mappings.
3/ A fix for pfn_t usage in vm_insert_mixed that lead to a null
pointer de-reference.
These have received build success notification from the kbuild robot
across 153 configs and pass the latest ndctl tests"
* 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
phys_to_pfn_t: use phys_addr_t
mm: fix pfn_t to page conversion in vm_insert_mixed
block: use DAX for partition table reads
block: revert runtime dax control of the raw block device
fs, block: force direct-I/O for dax-enabled block devices
devm_memremap_pages: fix vmem_altmap lifetime + alignment handling
libnvdimm, pfn: fix restoring memmap location
libnvdimm: fix mode determination for e820 devices
The FPU should not be left enabled after a task context switch. This
isn't usually a problem as the FPU enable bit is updated before
returning to userland, however it can potentially mask kernel bugs, and
in fact KVM assumes it won't happen and won't clear the FPU enable bit
before returning to the guest, which allows the guest to use stale FPU
context.
Interrupts and exceptions save and restore most bits of the CP0 Status
register which contains the FPU enable bit (CU1). When the kernel needs
to enable or disable the FPU (for example due to attempted FPU use by
userland, or the scheduler being invoked) both the actual Status
register and the saved value in the userland context are updated.
However this doesn't work correctly with full kernel preemption enabled,
since the FPU enable bit can be cleared from within an interrupt when
the scheduler is invoked, and only the userland context is updated, not
the interrupt context.
For example:
1) Enter kernel with FPU already enabled, TIF_USEDFPU=1, Status.CU1=1
saved.
2) Take a timer interrupt while in kernel mode, Status.CU1=1 saved.
3) Timer interrupt invokes scheduler to preempt the task, which clears
TIF_USEDFPU, disables the FPU in Status register (Status.CU1=0), and
the value stored in user context from step (1), but not the interrupt
context from step (2).
4) When the process is scheduled back in again Status.CU1=0.
5) The interrupt context from step (2) is restored, which sets
Status.CU1=1. So from user context point of view, preemption has
re-enabled FPU!
6) If the scheduler is invoked again (via preemption or voluntarily)
before returning to userland, TIF_USEDFPU=0 so the FPU is not
disabled before the task context switch.
7) The next task resumes from the context switch with FPU enabled!
The restoring of the Status register on return from interrupt/exception
is already selective about which bits to restore, leaving the interrupt
mask bits alone so enabling/disabling of CPU interrupt lines can
persist. Extend this to also leave both the CU1 bit (FPU enable) and the
FR bit (which specifies the FPU mode and gets changed with CU1). This
prevents a stale Status value being restored in step (5) above and
persisting through subsequent context switches.
Also switch to the use of definitions from asm/mipsregs.h while we're at
it.
Since this change also affects the restoration of Status register on the
path back to userland, it increases the sensitivity of the kernel to the
problem of the FPU being left enabled, allowing it to propagate to
userland, therefore a warning is also added to lose_fpu_inatomic() to
point out any future reoccurances before they do any damage.
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: Paul Burton <paul.burton@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/12303/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
start_thread() (called for execve(2)) clears the TIF_USEDFPU flag
without atomically disabling the FPU. With a preemptive kernel, an
unfortunately timed preemption after this could result in another
task (or KVM guest) being scheduled in with the FPU still enabled, since
lose_fpu_inatomic() only turns it off if TIF_USEDFPU is set.
Use lose_fpu(0) instead of the separate FPU / MSA management, which
should do the right thing (drop FPU properly and atomically without
saving state) and will be more future proof.
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Reviewed-by: Paul Burton <paul.burton@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/12302/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Since commit 4c21b8fd8f ("MIPS: seccomp: Handle indirect system calls
(o32)"), syscall_get_arguments() attempts to handle o32 indirect syscall
arguments by incrementing both the start argument number and the number
of arguments to fetch. However only the start argument number needs to
be incremented. The number of arguments does not change, they're just
shifted up by one, and in fact the output array is provided by the
caller and is likely only n entries long, so reading more arguments
overflows the output buffer.
In the case of seccomp, this results in it fetching 7 arguments starting
at the 2nd one, which overflows the unsigned long args[6] in
populate_seccomp_data(). This clobbers the $s0 register from
syscall_trace_enter() which __seccomp_phase1_filter() saved onto the
stack, into which syscall_trace_enter() had placed its syscall number
argument. This caused Chromium to crash.
Credit goes to Milko for tracking it down as far as $s0 being clobbered.
Fixes: 4c21b8fd8f ("MIPS: seccomp: Handle indirect system calls (o32)")
Reported-by: Milko Leporis <milko.leporis@imgtec.com>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: linux-mips@linux-mips.org
Cc: <stable@vger.kernel.org> # 3.15-
Patchwork: https://patchwork.linux-mips.org/patch/12213/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
dependent on patches from the recent merge cycle.
* adc, imu and iio staging drivers
- !HAS_IOMEM dependency fixes
* dht11
- use boottime clock for time measurement to avoid incorrect measurements
due to clock updates.
* lidar
- correct a return value for short i2c transfers.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJWr72hAAoJEFSFNJnE9BaILWsP/3hVDegr+6TRoVgqqfk8USz2
Jb3omDrxvb1LDlMgR5sbwYMQw3JKg9Dn6ACPtsFJ4kdOHvZ/xQ5dzwKXuUTe9MfB
ij3gl1/wO6czUvdW0FYEKwMHORh/z5ILKaVS/lOPjeJnRPhFD4GNRo3nM6qQ/le8
nl/Q1RB1ONml0EKzWgQrcFAzdRessPU3ALsvXrmJQVn6Ah1fYcig46/jn/PZ8/iO
1/9lgROCo78vwHMvu1vuBI/pjfm0Ry/AB1WTGrjquMY4Q/kEwM18qE2I4lRfoQSd
3N9DvGkfhkmLpnqag3ujC5uVtMJK/SUlK5DPaAsLT7PtTuQ75UQfFZpy0syANfbD
lLVnKqMBbTWpetin8butW1OBgKaCWukq9zvFvsp1ZbbxJIEeYaIF6vdkcVyn66j/
O3u45zdbL0WrhvPZrQRbTa3jdXLVMe4psaBWF1fhBW/+8tYEpPzddHuE2miyVHP8
2uxg7H+UR7WRJyZ20BzF18G1AFjtAouzuVtWtPEAw2z8BbtMfAf9g+02xHhwYmVd
USdPfVHhAmYgFsgfRLRZRmbiSlg/SzBHK0RVS9ZwXsh3nnPvuYflfT/bCXxGvBzI
j8pVAAkfrnTItKuFQ2rTgQ23JUHdOdmwkYtrMa6bHuFCCN6kIH8BTVxwGexEhE5U
tBTWNHQxx/N1VhtY7BQG
=iF19
-----END PGP SIGNATURE-----
Merge tag 'iio-fixes-for-4.5b' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus
Jonathan writes:
Second set of IIO fixes for the 4.5 cycle. These ones are mostly
dependent on patches from the recent merge cycle.
* adc, imu and iio staging drivers
- !HAS_IOMEM dependency fixes
* dht11
- use boottime clock for time measurement to avoid incorrect measurements
due to clock updates.
* lidar
- correct a return value for short i2c transfers.
This set comprises those not dependent on patches in the 4.5 merge cycle.
A second set will follow shortly with ones that are.
* core in kernel interfaces
- fix a possible NULL dereference that is a theoretical possibility
via odd usage of iio_channel_release. Pretty much a hardening of
the interface, but observed in the wild with the twl4030_charger
driver.
* acpi-als
- report the data as processed as it is in lux. This fixes a wrong
use of the IIO ABI. However, old _raw version retained to avoid
breaking any userspace in the wild that is relying on that (none
known but it doesn't hurt us much to retain it)
* ade7753
- fix some error handling to avoid use of unitialized data.
* ltr501
- use a signed return type for ltr501_match_samp_freq so as to allow
returning of an error code.
* mcp4725
- set name field of struct iio_dev to ensure the sysfs name attribute
doesn't give NULL.
* mpl115
- temperature offset sign is wrong.
* stk8ba50
- IIO_TRIGGER dependency added
* ti_am335x_adc
- Label buffer as a software buffer. It's actually a hybrid of a
true hardware buffer feeding a kfifo, but the meaning of these fields
has changed a little recently and in this case it should be labeled
a software buffer ensure it is allowed to use the kfifo.
* vf610_adc
- HAS_IOMEM dependency
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJWr7r1AAoJEFSFNJnE9BaIEu4QAIb4FPipmsRLbNlPpngtYL9k
uH13UiZLdGRdZsif2S9B0S5L0+PG25UTzXbtgleUq4IxdY4LnSyfa+/V+Ifn3SPE
+F3Vr5Uqd9S/uRNNwJjgvSMf60s9J8Vm3PqFJ7aH8glJ7CRR4IbDAPJ7GXhUx4mt
o5VXYLIm178JbwC6zKu8AanYGtRADG6orLqMbjCEWksK0SAuCz772CLgUCLMFxHC
z1n/mdG8nadTZZDbuaHda5C5r9Baiqt/Wl7e/3gg7gHBl5LjcGUejlyD2VKRilpO
4exHIARkHqlx/fXBxUxRN9kDbRK+6cuxca8MHn01Kn/XM7D8XoeZ1orQm+bItyOL
9aHIoV2szS+VQMDE1oB+eKU8KZRGD0rLNKJRNumho+0lFtdbSZ0VqeBqn/wGYEBa
QyGjpjdVCltdZJ2BX4kaUGcCQeWnpqqLc6jrXuUN0qSzvHyspt3XsllCKrTWbvNu
oV1uDM+R8+YSsDQmgTpGuoTmpRHq2ED2lAJqRVan/Zi+Yk6gjxyDcIe1V4LbLdTt
asXxzxp/eYFfM/K5nJyyASp3jl66f8QoQaVDly5XjXsf400xQKa3PlahQLWx66JM
YfGJfHwhyzamO+mgiyuX1O4C7CO7uvHZgC/H+p7bB03GdtcUzjT1ZlBrR0JJlojg
crBzUtRyX26wUNTGxHXG
=27Pv
-----END PGP SIGNATURE-----
Merge tag 'iio-fixes-for-4.5a' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus
Jonathan writes:
First set of IIO fixes for the 4.5 cycle.
This set comprises those not dependent on patches in the 4.5 merge cycle.
A second set will follow shortly with ones that are.
* core in kernel interfaces
- fix a possible NULL dereference that is a theoretical possibility
via odd usage of iio_channel_release. Pretty much a hardening of
the interface, but observed in the wild with the twl4030_charger
driver.
* acpi-als
- report the data as processed as it is in lux. This fixes a wrong
use of the IIO ABI. However, old _raw version retained to avoid
breaking any userspace in the wild that is relying on that (none
known but it doesn't hurt us much to retain it)
* ade7753
- fix some error handling to avoid use of unitialized data.
* ltr501
- use a signed return type for ltr501_match_samp_freq so as to allow
returning of an error code.
* mcp4725
- set name field of struct iio_dev to ensure the sysfs name attribute
doesn't give NULL.
* mpl115
- temperature offset sign is wrong.
* stk8ba50
- IIO_TRIGGER dependency added
* ti_am335x_adc
- Label buffer as a software buffer. It's actually a hybrid of a
true hardware buffer feeding a kfifo, but the meaning of these fields
has changed a little recently and in this case it should be labeled
a software buffer ensure it is allowed to use the kfifo.
* vf610_adc
- HAS_IOMEM dependency
mn10300 uses an mmio-driven uart. This is not supported by speakup, so
prevent from enabling it.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
assembly fixes, the other things are mostly board related:
- A series of omap assembly code fixes to fix issues with rodata with
ARM_KERNMEM_PERMS enabled. We had several places writing to rodata,
which is bad. The fix in most cases is to load the value from data
section using a pointer. Let's also enable ARM_KERNMEM_PERMS so
DEBUG_RODATA gets selected by default. And while testing things,
I also added few more loadable driver modules to the defconfig that
I seem to need quite often.
- Fix a long standing omap5 RTC mystery and enable RTC where we need
to ensure the SoC msecure pin is high so we can write to the RTC
registers.
- Fix irq types for am437x
- A series of minor dts fixes for sbc-am57x and cl-som-am57x
- Fixes for torpedo dts to make WLAN behave and to remove a duplicate
i2c rate entry
This series also includes few minor changes that are not stricly
fixes, but would be good to get in during the early -rc cycle:
- Remove legacy mailbox platform data that is no longer needed
- Add the pdata-quirks needed for the new pwm-omap-dmtimer so
people can use it
- Enable ti,mbox-send-noirq that's needed by wkup_m3 driver
- Enable SPLIT and DWARF4 in omap2plus_defconfig as it makes the
initramfs quite a bit smaller
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWqT5XAAoJEBvUPslcq6Vz01kP/jdo4hXcvUgtG9W5yIxortiK
Sg2D0omkQzwgNHhh9K/ezOYaGwgRJ8grEkCYImlr7n/zGr7Mpt3eUiJC7gbV8xg4
nEPNxGoIQSQ3A0NVV+6gtnHHco4ajih/l7A+0UDZy/x375VExW46HS0KLWy2hov9
WgEJDNBIZBdBN3S3CJ2pO1+I4KHkk9vqaDHjfDaSnyQXRKxQTziubnk5KhfcYpMS
0fDY9BqJFDp0gbE3Dp3GOk/eEW+6XQAUFxK2i+rp3fmOhENBbbEAPWJ4qM8VFQr+
ITQdd2o/SXE3hnqoXLMpCBFPSBDD7UMoxIp3gtMu/YwRePw8zETeQKYuHwSO69oz
BKoKXJKg1WfiTquCzwijlqvOhMi0KzVSBi+X5MSQaUl+30qrHXdY4ecHvQAzp9vZ
OtkCLI5SLmxCRLQllssifey91IfaWEm01So/XgvSgqUVfTLrUcBU5emlgwK5NMy5
ya6NsOu0ME9k6GuGCWupGnVpUHlIAj4e60xisiVYI9GP4sN8aCey/RiOR+rWZW+C
YYYxttRqRlwKH1VHNow0aWCG15hNjWGW8XWCSNyJeCCigObEwQxBE1xfAwGeGZ5s
FA+ogfZesvPu/u1ychgF1e0w30P9AnWhTt1dTR7TNxLBqFsrbhWz+r0jOTzrlYaR
6l2eMQYPlQ4569rGIbdF
=NqvQ
-----END PGP SIGNATURE-----
Merge tag 'omap-for-v4.5/fixes-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes
Fixes for omaps with the most intrusive stuff being read-only data
assembly fixes, the other things are mostly board related:
- A series of omap assembly code fixes to fix issues with rodata with
ARM_KERNMEM_PERMS enabled. We had several places writing to rodata,
which is bad. The fix in most cases is to load the value from data
section using a pointer. Let's also enable ARM_KERNMEM_PERMS so
DEBUG_RODATA gets selected by default. And while testing things,
I also added few more loadable driver modules to the defconfig that
I seem to need quite often.
- Fix a long standing omap5 RTC mystery and enable RTC where we need
to ensure the SoC msecure pin is high so we can write to the RTC
registers.
- Fix irq types for am437x
- A series of minor dts fixes for sbc-am57x and cl-som-am57x
- Fixes for torpedo dts to make WLAN behave and to remove a duplicate
i2c rate entry
This series also includes few minor changes that are not stricly
fixes, but would be good to get in during the early -rc cycle:
- Remove legacy mailbox platform data that is no longer needed
- Add the pdata-quirks needed for the new pwm-omap-dmtimer so
people can use it
- Enable ti,mbox-send-noirq that's needed by wkup_m3 driver
- Enable SPLIT and DWARF4 in omap2plus_defconfig as it makes the
initramfs quite a bit smaller
* tag 'omap-for-v4.5/fixes-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: (23 commits)
ARM: dts: am57xx: sbc-am57x: correct Eth PHY settings
ARM: dts: am57xx: cl-som-am57x: fix CPSW EMAC pinmux
ARM: dts: am57xx: sbc-am57x: fix UART3 pinmux
ARM: dts: am57xx: cl-som-am57x: update SPI Flash frequency
ARM: dts: am57xx: cl-som-am57x: set HOST mode for USB2
ARM: dts: am57xx: sbc-am57x: fix SB-SOM EEPROM I2C address
ARM: dts: LogicPD Torpedo: Revert Duplicative Entries
ARM: dts: am437x: pixcir_tangoc: use correct flags for irq types
ARM: dts: am4372: fix irq type for arm twd and global timer
ARM: dts: Fix wl12xx missing clocks that cause hangs
ARM: OMAP: Add PWM dmtimer platform data quirks
ARM: omap2plus_defconfig: Enable ARM_KERNMEM_PERMS and few loadable modules
ARM: OMAP2+: Fix ppa_zero_params and ppa_por_params for rodata
ARM: OMAP2+: Fix l2_inv_api_params for rodata
ARM: OMAP2+: Fix save_secure_ram_context for rodata
ARM: OMAP2+: Fix l2dis_3630 for rodata
ARM: OMAP2+: Fix wait_dll_lock_timed for rodata
ARM: OMAP2+: Remove legacy mailbox device instantiation
ARM: dts: AM4372: Add ti,mbox-send-noirq to wkup_m3 mailbox
ARM: dts: AM33xx: Add ti,mbox-send-noirq to wkup_m3 mailbox
...
Signed-off-by: Olof Johansson <olof@lixom.net>
- sama5d4: error in DBGU index
- addition of phy properties in several boards
- at91sam9n12ek fix a panel compatible string
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAABAgAGBQJWqdjFAAoJEAf03oE53VmQG30H/R9luD6d9ebmhaOE7ay40HAy
RrG8wtRQ/zgxf37SntoJxyVxxXWsDsb7sOR1LRXiT7FEGWr3Eip7B1uwmasC8pky
ich2Yj5pGVUH+qscm26GDGyHbNwIrFOQyl1t/R6upVpITlXa0bpaEIXx3RejH8PN
Wk4pMZg/4OkUXlcmYNU0Rz8ban8GfJ428bkLxMKeUXUAjvevNlWqTvOqC+QIrzUC
w3iDoXfhc81sqrOzBzW44H28g7rh//d3TAfzMbM1BJti880QkP+CksG5qHvogI5f
olN4+9QmV9tLXOr2K6iUkM8dwzHYW/3PPBR1CHODjSLP0rQ2Assy+DPxyO64Rtk=
=jJrB
-----END PGP SIGNATURE-----
Merge tag 'at91-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nferre/linux-at91 into fixes
First fixes for 4.5. Only DT changes:
- sama5d4: error in DBGU index
- addition of phy properties in several boards
- at91sam9n12ek fix a panel compatible string
* tag 'at91-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nferre/linux-at91:
ARM: dts: at91: sama5d4 xplained: fix phy0 IRQ type
ARM: dts: at91: sama5d4 xplained: properly mux phy interrupt
ARM: dts: at91: sama5d4ek: add phy address and IRQ for macb0
ARM: dts: at91: sama5d2 xplained: add phy address and IRQ for macb0
ARM: dts: at91: at91sam9n12ek: fix panel compatible string
ARM: dts: at91: sama5d4: fix instance id of DBGU
Signed-off-by: Olof Johansson <olof@lixom.net>
The NVIDIA bootloader, nvtboot, expects the "chosen" node to be present
in the device-tree blob and if it is not then it fails to boot the kernel.
Add the chosen node so we can boot the kernel on Tegra132 Norrin with the
nvtboot bootloader.
Signed-off-by: Jon Hunter <jonathanh@nvidia.com>
Acked-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
This platform recently moved to multi-platform, so missed the global
fixup by commit e324654294 ("ARM: use "depends on" for SoC configs
instead of "if" after prompt"). Fix it now.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
This platform was recently added, so missed the global fixup by
commit e324654294 ("ARM: use "depends on" for SoC configs instead
of "if" after prompt"). Fix it now.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: Marc Gonzalez <marc_gonzalez@sigmadesigns.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
This newly added code missed the global fixup by commit 75305275a7
("ARM: use const and __initconst for smp_operations"). So fix it now.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: Marc Gonzalez <marc_gonzalez@sigmadesigns.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
This newly added code missed the global fixup by commit 75305275a7
("ARM: use const and __initconst for smp_operations"). So fix it now.
Also, add missing "static" qualifier.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
At first, commit 4b7f48d395 ("bus: uniphier-system-bus: add UniPhier
System Bus driver") introduced this driver as a tristate one.
Then, commit 326ea45aa8 ("bus: uniphier: allow only built-in
driver") temporarily made it boolean in order to fix a link error
in case it is compiled as a module.
The root cause was fixed by commit b80443c221 ("of/platform: export
of_default_bus_match_table").
Now this driver can really be a module.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
Wall time obtained from ktime_get_real_ns is susceptible to sudden jumps due to
user setting the time or due to NTP. Boot time is constantly increasing time
better suited for comparing two timestamps.
Signed-off-by: Abhilash Jindal <klock.android@gmail.com>
Reviewed-by: Harald Geyer <harald@ccbib.org>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
The bulk of ATA host state machine is implemented by
ata_sff_hsm_move(). The function is called from either the interrupt
handler or, if polling, a work item. Unlike from the interrupt path,
the polling path calls the function without holding the host lock and
ata_sff_hsm_move() selectively grabs the lock.
This is completely broken. If an IRQ triggers while polling is in
progress, the two can easily race and end up accessing the hardware
and updating state machine state at the same time. This can put the
state machine in an illegal state and lead to a crash like the
following.
kernel BUG at drivers/ata/libata-sff.c:1302!
invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN
Modules linked in:
CPU: 1 PID: 10679 Comm: syz-executor Not tainted 4.5.0-rc1+ #300
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff88002bd00000 ti: ffff88002e048000 task.ti: ffff88002e048000
RIP: 0010:[<ffffffff83a83409>] [<ffffffff83a83409>] ata_sff_hsm_move+0x619/0x1c60
...
Call Trace:
<IRQ>
[<ffffffff83a84c31>] __ata_sff_port_intr+0x1e1/0x3a0 drivers/ata/libata-sff.c:1584
[<ffffffff83a85611>] ata_bmdma_port_intr+0x71/0x400 drivers/ata/libata-sff.c:2877
[< inline >] __ata_sff_interrupt drivers/ata/libata-sff.c:1629
[<ffffffff83a85bf3>] ata_bmdma_interrupt+0x253/0x580 drivers/ata/libata-sff.c:2902
[<ffffffff81479f98>] handle_irq_event_percpu+0x108/0x7e0 kernel/irq/handle.c:157
[<ffffffff8147a717>] handle_irq_event+0xa7/0x140 kernel/irq/handle.c:205
[<ffffffff81484573>] handle_edge_irq+0x1e3/0x8d0 kernel/irq/chip.c:623
[< inline >] generic_handle_irq_desc include/linux/irqdesc.h:146
[<ffffffff811a92bc>] handle_irq+0x10c/0x2a0 arch/x86/kernel/irq_64.c:78
[<ffffffff811a7e4d>] do_IRQ+0x7d/0x1a0 arch/x86/kernel/irq.c:240
[<ffffffff86653d4c>] common_interrupt+0x8c/0x8c arch/x86/entry/entry_64.S:520
<EOI>
[< inline >] rcu_lock_acquire include/linux/rcupdate.h:490
[< inline >] rcu_read_lock include/linux/rcupdate.h:874
[<ffffffff8164b4a1>] filemap_map_pages+0x131/0xba0 mm/filemap.c:2145
[< inline >] do_fault_around mm/memory.c:2943
[< inline >] do_read_fault mm/memory.c:2962
[< inline >] do_fault mm/memory.c:3133
[< inline >] handle_pte_fault mm/memory.c:3308
[< inline >] __handle_mm_fault mm/memory.c:3418
[<ffffffff816efb16>] handle_mm_fault+0x2516/0x49a0 mm/memory.c:3447
[<ffffffff8127dc16>] __do_page_fault+0x376/0x960 arch/x86/mm/fault.c:1238
[<ffffffff8127e358>] trace_do_page_fault+0xe8/0x420 arch/x86/mm/fault.c:1331
[<ffffffff8126f514>] do_async_page_fault+0x14/0xd0 arch/x86/kernel/kvm.c:264
[<ffffffff86655578>] async_page_fault+0x28/0x30 arch/x86/entry/entry_64.S:986
Fix it by ensuring that the polling path is holding the host lock
before entering ata_sff_hsm_move() so that all hardware accesses and
state updates are performed under the host lock.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-and-tested-by: Dmitry Vyukov <dvyukov@google.com>
Link: http://lkml.kernel.org/g/CACT4Y+b_JsOxJu2EZyEf+mOXORc_zid5V1-pLZSroJVxyWdSpw@mail.gmail.com
Cc: stable@vger.kernel.org
This is a partial revert of commit ed8d1cf07c ("[media] Export I2C
module alias information in missing drivers") that exported the module
aliases for the I2C drivers that were missing to make autoload to work.
But there is a bug report [0] that auto load of the ir-kbd-i2c driver
cause the Hauppauge HD-PVR driver to not behave correctly.
This is a hdpvr latent bug that was just exposed by ir-kbd-i2c module
autoloading working and will also happen if the I2C driver is built-in
or a user calls modprobe to load the module and register the driver.
But there is a regression experimented by users so until the real bug
is fixed, let's not export the module alias for the ir-kbd-i2c driver
even when this just masks the actual issue.
[0]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810726
Fixes: ed8d1cf07c ("[media] Export I2C module alias information in missing drivers")
Cc: <stable@vger.kernel.org> # 4.3+
Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
Fixes segmentation fault using, for instance:
(gdb) run record -I -e intel_pt/tsc=1,noretcomp=1/u /bin/ls
Starting program: /home/acme/bin/perf record -I -e intel_pt/tsc=1,noretcomp=1/u /bin/ls
Missing separate debuginfos, use: dnf debuginfo-install glibc-2.22-7.fc23.x86_64
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0 x00000000004b9ea5 in tracepoint_error (e=0x0, err=13, sys=0x19b1370 "sched", name=0x19a5d00 "sched_switch") at util/parse-events.c:410
(gdb) bt
#0 0x00000000004b9ea5 in tracepoint_error (e=0x0, err=13, sys=0x19b1370 "sched", name=0x19a5d00 "sched_switch") at util/parse-events.c:410
#1 0x00000000004b9fc5 in add_tracepoint (list=0x19a5d20, idx=0x7fffffffb8c0, sys_name=0x19b1370 "sched", evt_name=0x19a5d00 "sched_switch", err=0x0, head_config=0x0)
at util/parse-events.c:433
#2 0x00000000004ba334 in add_tracepoint_event (list=0x19a5d20, idx=0x7fffffffb8c0, sys_name=0x19b1370 "sched", evt_name=0x19a5d00 "sched_switch", err=0x0, head_config=0x0)
at util/parse-events.c:498
#3 0x00000000004bb699 in parse_events_add_tracepoint (list=0x19a5d20, idx=0x7fffffffb8c0, sys=0x19b1370 "sched", event=0x19a5d00 "sched_switch", err=0x0, head_config=0x0)
at util/parse-events.c:936
#4 0x00000000004f6eda in parse_events_parse (_data=0x7fffffffb8b0, scanner=0x19a49d0) at util/parse-events.y:391
#5 0x00000000004bc8e5 in parse_events__scanner (str=0x663ff2 "sched:sched_switch", data=0x7fffffffb8b0, start_token=258) at util/parse-events.c:1361
#6 0x00000000004bca57 in parse_events (evlist=0x19a5220, str=0x663ff2 "sched:sched_switch", err=0x0) at util/parse-events.c:1401
#7 0x0000000000518d5f in perf_evlist__can_select_event (evlist=0x19a3b90, str=0x663ff2 "sched:sched_switch") at util/record.c:253
#8 0x0000000000553c42 in intel_pt_track_switches (evlist=0x19a3b90) at arch/x86/util/intel-pt.c:364
#9 0x00000000005549d1 in intel_pt_recording_options (itr=0x19a2c40, evlist=0x19a3b90, opts=0x8edf68 <record+232>) at arch/x86/util/intel-pt.c:664
#10 0x000000000051e076 in auxtrace_record__options (itr=0x19a2c40, evlist=0x19a3b90, opts=0x8edf68 <record+232>) at util/auxtrace.c:539
#11 0x0000000000433368 in cmd_record (argc=1, argv=0x7fffffffde60, prefix=0x0) at builtin-record.c:1264
#12 0x000000000049bec2 in run_builtin (p=0x8fa2a8 <commands+168>, argc=5, argv=0x7fffffffde60) at perf.c:390
#13 0x000000000049c12a in handle_internal_command (argc=5, argv=0x7fffffffde60) at perf.c:451
#14 0x000000000049c278 in run_argv (argcp=0x7fffffffdcbc, argv=0x7fffffffdcb0) at perf.c:495
#15 0x000000000049c60a in main (argc=5, argv=0x7fffffffde60) at perf.c:618
(gdb)
Intel PT attempts to find the sched:sched_switch tracepoint but that seg
faults if tracefs is not readable, because the error reporting structure
is null, as errors are not reported when automatically adding
tracepoints. Fix by checking before using.
Committer note:
This doesn't take place in a kernel that supports
perf_event_attr.context_switch, that is the default way that will be
used for tracking context switches, only in older kernels, like 4.2, in
a machine with Intel PT (e.g. Broadwell) for non-priviledged users.
Further info from a similar patch by Wang:
The error is in tracepoint_error: it assumes the 'e' parameter is valid.
However, there are many situation a parse_event() can be called without
parse_events_error. See result of
$ grep 'parse_events(.*NULL)' ./tools/perf/ -r'
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Tong Zhang <ztong@vt.edu>
Cc: Wang Nan <wangnan0@huawei.com>
Cc: stable@vger.kernel.org # v4.4+
Fixes: 196581717d ("perf tools: Enhance parsing events tracepoint error output")
Link: http://lkml.kernel.org/r/1453809921-24596-2-git-send-email-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Although ALSA timer code got hardening for races, it still causes
use-after-free error. This is however rather a corrupted linked list,
not actually the concurrent accesses. Namely, when timer start is
triggered twice, list_add_tail() is called twice, too. This ends
up with the link corruption and triggers KASAN error.
The simplest fix would be replacing list_add_tail() with
list_move_tail(), but fundamentally it's the problem that we don't
check the double start/stop correctly. So, the right fix here is to
add the proper checks to snd_timer_start() and snd_timer_stop() (and
their variants).
BugLink: http://lkml.kernel.org/r/CACT4Y+ZyPRoMQjmawbvmCEDrkBD2BQuH7R09=eOkf5ESK8kJAw@mail.gmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
ALSA sequencer may open/close and control ALSA timer instance
dynamically either via sequencer events or direct ioctls. These are
done mostly asynchronously, and it may call still some timer action
like snd_timer_start() while another is calling snd_timer_close().
Since the instance gets removed by snd_timer_close(), it may lead to
a use-after-free.
This patch tries to address such a race by protecting each
snd_timer_*() call via the existing spinlock and also by avoiding the
access to timer during close call.
BugLink: http://lkml.kernel.org/r/CACT4Y+Z6RzW5MBr-HUdV-8zwg71WQfKTdPpYGvOeS7v4cyurNQ@mail.gmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
There are potential deadlocks in PCM OSS emulation code while
accessing read/write and mmap concurrently. This comes from the
infamous mmap_sem usage in copy_from/to_user(). Namely,
snd_pcm_oss_write() ->
&runtime->oss.params_lock ->
copy_to_user() ->
&mm->mmap_sem
mmap() ->
&mm->mmap_sem ->
snd_pcm_oss_mmap() ->
&runtime->oss.params_lock
Since we can't avoid taking params_lock from mmap code path, use
trylock variant and aborts with -EAGAIN as a workaround of this AB/BA
deadlock.
BugLink: http://lkml.kernel.org/r/CACT4Y+bVrBKDG0G2_AcUgUQa+X91VKTeS4v+wN7BSHwHtqn3kQ@mail.gmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
NULL user-space buffer can be passed even in a normal path, thus it's
not good to spew a kernel warning with stack trace at each time.
Just drop snd_BUG_ON() macro usage there.
BugLink: http://lkml.kernel.org/r/CACT4Y+YfVJ3L+q0i-4vyQVyyPD7V=OMX0PWPi29x9Bo3QaBLdw@mail.gmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The virmidi driver has an open race at closing its assigned rawmidi
device, and this may lead to use-after-free in
snd_seq_deliver_single_event().
Plug the hole by properly protecting the linked list deletion and
calling in the right order in snd_virmidi_input_close().
BugLink: http://lkml.kernel.org/r/CACT4Y+Zd66+w12fNN85-425cVQT=K23kWbhnCEcMB8s3us-Frw@mail.gmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The DMA-330 has an "irq_abort" interrupt line on which it signals faults
separately from the "irq[n:0]" channel interrupts. On Juno, this is
wired up to SPI 92; add it to the DT so that DMAC faults are correctly
reported for the driver to reset the thing, rather than leaving it
locked up and waiting to time out.
CC: Liviu Dudau <liviu.dudau@arm.com>
CC: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
for_each_compatible_node performs an of_node_get on each iteration, so
to break out of the loop an of_node_put is required.
Found using Coccinelle. The semantic patch used for this is as follows:
// <smpl>
@@
expression e;
local idexpression n;
@@
for_each_compatible_node(n, ...) {
... when != of_node_put(n)
when != e = n
(
return n;
+ of_node_put(n);
? return ...;
)
...
}
// </smpl>
Acked-by: Liviu Dudau <Liviu.Dudau@arm.com>
Signed-off-by: Amitoj Kaur Chawla <amitoj1606@gmail.com>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
