commit c130b666a9a711f985a0a44b58699ebe14bb7245 upstream.
Commit f209fa03fc9d ("serial: 8250_pci: Detach low-level driver during
PCI error recovery") introduces a potential use-after-free in case the
pciserial_init_ports call in serial8250_io_resume fails, which may
happen if a memory allocation fails or if the .init quirk failed for
whatever reason). If this happen, further pci_get_drvdata will return a
pointer to freed memory.
This patch reworks the PCI recovery resume hook to restore the old priv
structure in this case, which should be ok, since the ports were already
detached. Such error during recovery causes us to give up on the
recovery.
Fixes: f209fa03fc9d ("serial: 8250_pci: Detach low-level driver during PCI error recovery")
Reported-by: Michal Suchanek <msuchanek@suse.com>
Signed-off-by: Gabriel Krisman Bertazi <krisman@linux.vnet.ibm.com>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 05dab43230fdc0d14ca885b473a2740fe017ecb1 upstream.
When an EEH occurs during device initialization, the port timeout logic
can cause excessive delays as MMIO reads will fail. Depending on where
they are experienced, these delays can lead to a prolonged reset,
causing an unnecessary triggering of other timeout logic in the SCSI
stack or user applications.
To expedite recovery, the port timeout logic is updated to decay the
timeout at a much faster rate when in the presence of a likely EEH
frozen event.
Signed-off-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
Acked-by: Uma Krishnan <ukrishn@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1d3324c382b1a617eb567e3650dcb51f22dfec9a upstream.
The EEH reset handler is ignorant to the current state of the driver
when processing a frozen event and initiating a device reset. This can
be an issue if an EEH event occurs while a user or stack initiated reset
is executing. More specifically, if an EEH occurs while the SCSI host
reset handler is active, the reset initiated by the EEH thread will
likely collide with the host reset thread. This can leave the device in
an inconsistent state, or worse, cause a system crash.
As a remedy, the EEH handler is updated to evaluate the device state and
take appropriate action (proceed, wait, or disconnect host). The host
reset handler is also updated to handle situations where an EEH occurred
during a host reset. In such situations, the host reset handler will
delay reporting back a success to give the EEH reset an opportunity to
complete.
Signed-off-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
Acked-by: Uma Krishnan <ukrishn@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit bbbfae962b7c221237c0f92547ee0c83f7204747 upstream.
When a port link is established, the AFU sends a 'link up' interrupt.
After the link is up, corresponding initialization steps are performed
on the card. Following that, when the card is ready for I/O, the AFU
sends 'login succeeded' interrupt. Today, cxlflash invokes
scsi_scan_host() upon receipt of both interrupts.
SCSI commands sent to the port prior to the 'login succeeded' interrupt
will fail with 'port not available' error. This is not desirable.
Moreover, when async_scan is active for the host, subsequent scan calls
are terminated with error. Due to this, the scsi_scan_host() call
performed after 'login succeeded' interrupt could portentially return
error and the devices may not be scanned properly.
To avoid this problem, scsi_scan_host() should be called only after the
'login succeeded' interrupt.
Signed-off-by: Uma Krishnan <ukrishn@linux.vnet.ibm.com>
Acked-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e434e04110704eb91acfecbd0fb8ca8e2da9c29b upstream.
The tg3_set_eeprom() function correctly initializes the 'start' variable,
but gcc generates a false warning:
drivers/net/ethernet/broadcom/tg3.c: In function 'tg3_set_eeprom':
drivers/net/ethernet/broadcom/tg3.c:12057:4: warning: 'start' may be used uninitialized in this function [-Wmaybe-uninitialized]
I have not come up with a way to restructure the code in a way that
avoids the warning without making it less readable, so this adds an
initialization for the declaration to shut up that warning.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit fddcca5107051adf9e4481d2a79ae0616577fd2c upstream.
When map_word gets too large, we use a lot of kernel stack, and for
MTD_MAP_BANK_WIDTH_32, this means we use more than the recommended
1024 bytes in a number of functions:
drivers/mtd/chips/cfi_cmdset_0020.c: In function 'cfi_staa_write_buffers':
drivers/mtd/chips/cfi_cmdset_0020.c:651:1: warning: the frame size of 1336 bytes is larger than 1024 bytes [-Wframe-larger-than=]
drivers/mtd/chips/cfi_cmdset_0020.c: In function 'cfi_staa_erase_varsize':
drivers/mtd/chips/cfi_cmdset_0020.c:972:1: warning: the frame size of 1208 bytes is larger than 1024 bytes [-Wframe-larger-than=]
drivers/mtd/chips/cfi_cmdset_0001.c: In function 'do_write_buffer':
drivers/mtd/chips/cfi_cmdset_0001.c:1835:1: warning: the frame size of 1240 bytes is larger than 1024 bytes [-Wframe-larger-than=]
This can be avoided if all operations on the map word are done
indirectly and the stack gets reused between the calls. We can
mostly achieve this by selecting MTD_COMPLEX_MAPPINGS whenever
MTD_MAP_BANK_WIDTH_32 is set, but for the case that no other
bank width is enabled, we also need to use a non-constant
map_bankwidth() to convince the compiler to use less stack.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
[Brian: this patch mostly achieves its goal by forcing
MTD_COMPLEX_MAPPINGS (and the accompanying indirection) for 256-bit
mappings; the rest of the change is mostly a wash, though it helps
reduce stack size slightly. If we really care about supporting
256-bit mappings though, we should consider rewriting some of this
code to avoid keeping and assigning so many 256-bit objects on the
stack.]
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 2630628b2dbc3fc320aafaf84836119e4e3d62f1 upstream.
Apparently we now implicitly get definitions for BITS_PER_PAGE and
BITS_PER_PAGE_MASK from the pid_namespace.h
Instead of renaming our defines, I chose to define only if not yet
defined, but to double check the value if already defined.
Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
Signed-off-by: Lars Ellenberg <lars.ellenberg@linbit.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b268c34e5ee92a4cc3099b0caaf26e6bfbdf0f18 upstream.
The awacs sound driver produces a false-positive warning in ppc64_defconfig:
sound/ppc/awacs.c: In function 'snd_pmac_awacs_init':
include/sound/control.h:219:9: warning: 'master_vol' may be used uninitialized in this function [-Wmaybe-uninitialized]
I haven't come up with a good way to rewrite the code to avoid the
warning, so here is a bad one: I initialize the variable before
the conditionall initialization so gcc no longer has to worry about
it.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 6e4cac23c5a648d50b107d1b53e9c4e1120c7943 upstream.
The FE setups of Intel SST bytcr_rt5640 and bytcr_rt5651 drivers carry
the ignore_suspend flag, and this prevents the suspend/resume working
properly while the stream is running, since SST core code has the
check of the running streams and returns -EBUSY. Drop these
superfluous flags for fixing the behavior.
Also, the bytcr_rt5640 driver lacks of nonatomic flag in some FE
definitions, which leads to the kernel Oops at suspend/resume like:
BUG: scheduling while atomic: systemd-sleep/3144/0x00000003
Call Trace:
dump_stack+0x5c/0x7a
__schedule_bug+0x55/0x70
__schedule+0x63c/0x8c0
schedule+0x3d/0x90
schedule_timeout+0x16b/0x320
? del_timer_sync+0x50/0x50
? sst_wait_timeout+0xa9/0x170 [snd_intel_sst_core]
? sst_wait_timeout+0xa9/0x170 [snd_intel_sst_core]
? remove_wait_queue+0x60/0x60
? sst_prepare_and_post_msg+0x275/0x960 [snd_intel_sst_core]
? sst_pause_stream+0x9b/0x110 [snd_intel_sst_core]
....
This patch addresses these appropriately, too.
[tiwai: applied only to bytcr_rt5640 as bytcr_rt5651 isn't present in
4.4.x yet]
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Acked-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: <stable@vger.kernel.org> # v4.1+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 38bd49064a1ecb67baad33598e3d824448ab11ec upstream.
A signal can interrupt a SendReceive call which result in incoming
responses to the call being ignored. This is a problem for calls such as
open which results in the successful response being ignored. This
results in an open file resource on the server.
The patch looks into responses which were cancelled after being sent and
in case of successful open closes the open fids.
For this patch, the check is only done in SendReceive2()
RH-bz: 1403319
Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
Acked-by: Sachin Prabhu <sprabhu@redhat.com>
Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1e38da300e1e395a15048b0af1e5305bd91402f6 upstream.
The handling of the might_cancel queueing is not properly protected, so
parallel operations on the file descriptor can race with each other and
lead to list corruptions or use after free.
Protect the context for these operations with a seperate lock.
The wait queue lock cannot be reused for this because that would create a
lock inversion scenario vs. the cancel lock. Replacing might_cancel with an
atomic (atomic_t or atomic bit) does not help either because it still can
race vs. the actual list operation.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: "linux-fsdevel@vger.kernel.org"
Cc: syzkaller <syzkaller@googlegroups.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1701311521430.3457@nanos
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
On UFS based targets, sometimes we are seeing unclocked
access issues where UFS register is being accessed while
clocks are turned off. This change is to add states in
hold and release contexts which will help to debug such
issues further.
Change-Id: I255f3516471ed74b9d93320f5442adffaf312102
Signed-off-by: Asutosh Das <asutoshd@codeaurora.org>
Signed-off-by: Sayali Lokhande <sayalil@codeaurora.org>
CONFIG_USB_OTG_WAKELOCK is currently somewhat outdated
and as such is not applicable to all Android devices. Until
it is brought up to date, remove it from the base Android
kernel configuration.
Bug: 37750863
Change-Id: I5b1c0bef24476cc503a60003bf48ffb59eea8c94
Signed-off-by: Steve Muckle <smuckle@google.com>
This fix removes dependency between real time message mask
table and build time message mask table. Also this fix
synchronizes retrieval and modification of real time message
mask table.
CRs-Fixed: 2015227
Change-Id: Id0a0964337ec4645d7061fc35120dfa061a990ff
Signed-off-by: Gopikrishna Mogasati <gmogas@codeaurora.org>
INET6_DIAG_DESTROY and NETFILTER_TPROXY are not used anymore
so they should not be part of the base Android kernel configuration.
Bug: 37749708
Change-Id: Iab263a5723f1810e2133919b8db93cc2bb986624
Signed-off-by: Steve Muckle <smuckle@google.com>
Even with proper ESR pulse qualification threshold and ESR pulse
amplitude, ESR pulses are still seen occasionally on devices
that use battery with debug battery id. Disable ESR pulldown when
debug battery id is found. This helps saving power by stopping
ESR pulses.
Change-Id: I2b9588ec39a2268123d94c06517b0dbb43d66fc7
Signed-off-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
Privilege Access Never (PAN) enforces the usage of
copy_to_user/copy_from_user and friends when kernel accesses data from
user space. If user space memory is accessed outside of these functions
a kernel panic occurs.
Change-Id: Ic32ad8ecb6d921293fca74664116098723afc436
Signed-off-by: Olav Haugan <ohaugan@codeaurora.org>
Add GPU clock plan for speed bin 2 of MSM8996Pro target.
This is initial change for supporting GPU speed bin 2.
CRs-Fixed: 1082439
Change-Id: Ifb21ae3baa3df001d944aa2c9db36dffa2a29504
Signed-off-by: Hareesh Gundu <hareeshg@codeaurora.org>
Check whether array index is within the bounds in
seemp_logk_get_bit_from_vector().
Change-Id: Idccf75736582b2390540f4d7b3351c018937186a
Signed-off-by: Yida Wang <yidaw@codeaurora.org>
Fix issues where we are referring to a null pointer
and uninitialized variable.
Change-Id: I9289a41fdef57a916781ad246ca06bfd2e031807
Signed-off-by: Wei Ding <weiding@codeaurora.org>
The mtp_ctrl_request function is responding to
every os descriptor sent by host,There by enumerating
the device with mtp composition. Once mtp is disabled,
need to clear the function instances on unbind.
Change-Id: I6679a1c1009df291a85ba8dcc34997d757c320b9
Signed-off-by: Sai krishna juturi <jsaikrishna@codeaurora.org>
For a BADD device, the audioformat structure was directly
being populated without initialising the format type
descriptor. This can lead to a crash later when the
format type and rates are being parsed but the NULL fmt
desc is dereferenced. Fix this by allocating a dummy copy
of fmt desc for BADD 3.0 devices and populating
necessary fields.
Change-Id: I80f33b0e400a9c522a800e989228da134100bb55
Signed-off-by: Ajay Agarwal <ajaya@codeaurora.org>
OnSemi buck regulator is used to provide the supply for
graphics rail. The programmable output voltage range is
from 0.6 V to 1.4 V in 6.25 mV steps.
Change-Id: I5f4ec11075b7f658ffa0af13dde5694b03c1495c
Signed-off-by: Kiran Gunda <kgunda@codeaurora.org>
Need consider both SINK and SOURCE max supported TMDS
clock. For the devices, if we set TMDS clock larger than
device caps, it could not display well. SINK max TMDS
clock could read from HDMI VSDB and HF-VSDB in EDID.
CRs-Fixed: 2035529
Change-Id: I1f31f2a05d0502367b877c4d324cbc131b2366d5
Signed-off-by: zhaoyuan <yzhao@codeaurora.org>
Camss throttle clock is always on which is consuming power.
To avoid this add support to dynamically enable and disable
clock.
Change-Id: I2eddb414f5c1a22ab42154d28a05e41e64cb5bc9
Signed-off-by: Shilpa Mamidi <shilpam@codeaurora.org>
Fixing issues where we are referring to a null pointer.
Change-Id: I6ae18f61a9dc65fbec5650baf9b1d1fb7ad59262
Signed-off-by: Samyukta Mogily <smogily@codeaurora.org>
Sync up msm-auto-perf_defconfig with msm-auto_defconfig
Change-Id: Ief53b4c287ca3efbe8f82779a8d4e9f524b06fd8
Signed-off-by: Wei Li <weili@codeaurora.org>
Do not call copy_from_user in ioctl handler if CONFIG_COMPAT
is defined.
In 64 bit kernel and 32 bit userspace, ioctl call invokes
compat_ioctl. First copy_from_user is done in compat_ioctl then
pointer is passed to unlocked_ioctl for actual processing. In
unlocked_ioctl again copy_from_user is called on kernel pointer.
Change-Id: I2334379f48e30b58757f0fe5e238e8df5753eea8
Signed-off-by: Trishansh Bhardwaj <tbhardwa@codeaurora.org>
