Update the latest macro definitions of event code and log code
ranges.
Change-Id: Ice3827c13cbb3a5ec30139079561cf527620fcef
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Select a random global GPU address for the "scratch" buffer that is used
by the ringbuffer for various tasks.
Change-Id: Ic0dedbaddda71dbf9cb2adab3c6c33a24d6a604c
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Harshitha Sai Neelati <hsaine@codeaurora.org>
To prepare to allow global buffers to allocate a semi-random GPU address
move from a sequential allocator to a bitmap based one.
Change-Id: Ic0dedbadba36c4c7b7839528103997724eac7d6d
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Harshitha Sai Neelati <hsaine@codeaurora.org>
Execute user profiling in an indirect buffer. This ensures that addresses
and values specified directly from the user don't end up in the
ringbuffer.
Change-Id: Ic0dedbadedcaab29ce5738a39c1ff6269261bae4
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Signed-off-by: Harshitha Sai Neelati <hsaine@codeaurora.org>
If a command is using a profiling buffer, make sure that the offset
is within the bounds of the specified memory descriptor.
Change-Id: Ic0dedbadc77e8eccd957136467bd0c56a1af2dab
Signed-off-by: Jordan Crouse <jcrouse@codeaurora.org>
Print error message if process kill on remote subsystem failed.
Validate channel ID before dereferencing the channel info struct.
When trying to release process on DSP, print failure message only
when the subsystem is up, to avoid flooding of kernel logs for
daemons.
Change-Id: I1b7325d686f6e8699e6f98f529c5dff85cce630d
Acked-by: Thyagarajan Venkatanarayanan <venkatan@qti.qualcomm.com>
Signed-off-by: Tharun Kumar Merugu <mtharu@codeaurora.org>
To support remote wakeup of MSM8996, a GPIO needs
to be configured as a wakeup interrupt source.
WLAN firmware can toggle this pin to wakeup the
Host when wireless wakeup is triggered.
Change-Id: Id13652f262f37649bb35196f21ae1ff90b7a637a
Signed-off-by: Rajasekaran Kalidoss <rkalidos@codeaurora.org>
Make change to validate if there exists enough space to write a
struct qseecom_param_memref instead of a unit32 value, in the
request buffer in __qseecom_update_qteec_req_buf.
Change-Id: I4e092f7aa2b23648c2cedfada311828b9ceb35dc
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Change spin_lock api to spin_lock_bh to provide synchronization
between bottom halves and threads.
Change-Id: Ia964796e3d91ebce60238ad110086ba06a1026c1
Signed-off-by: Amandeep Singh <amansing@codeaurora.org>
Return error number in the diag callback to handle it in calback's
error handling sequence. This potentially fixes a memory leak when
device is reenumerated multiple times such as during SSR.
Change-Id: I841d07dfa2f3231e54c5145f27dda977fa8c9f97
Signed-off-by: Amandeep Singh <amansing@codeaurora.org>
Remove irq release call while switching to RDDM as the same
is done during the function removal sequence.
Change-Id: I0013c304f739269014caa565c15d851ee2c39aa4
Signed-off-by: Amandeep Singh <amansing@codeaurora.org>
Check card structure for NULL pointer before dereferencing it to
check for asynchronous interrupt support.
Change-Id: Ie433d076c4624616a0fceb02b7d9754116669da4
Signed-off-by: Amandeep Singh <amansing@codeaurora.org>
Interface change to expose QMI send related APIs for WLAN driver.
This patch is to provide API interface to ease compilation issues
among various branches of kernel and WLAN driver. The actual
implementation will be in a separate patch.
Change-Id: I691eedd37a9f855191a3944c2ffd6acfbe65f9ba
Signed-off-by: Yue Ma <yuem@codeaurora.org>
* refs/heads/tmp-da6d147
Linux 4.4.192
net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
net: fix skb use after free in netpoll
Revert "x86/apic: Include the LDR when clearing out APIC registers"
spi: bcm2835aux: fix corruptions for longer spi transfers
spi: bcm2835aux: remove dangerous uncontrolled read of fifo
spi: bcm2835aux: unifying code between polling and interrupt driven code
spi: bcm2835aux: ensure interrupts are enabled for shared handler
libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
KVM: arm/arm64: Only skip MMIO insn once
ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
IB/mlx4: Fix memory leaks
Tools: hv: kvp: eliminate 'may be used uninitialized' warning
ravb: Fix use-after-free ravb_tstamp_skb
wimax/i2400m: fix a memory leak bug
net: kalmia: fix memory leaks
cx82310_eth: fix a memory leak bug
net: myri10ge: fix memory leaks
cxgb4: fix a memory leak bug
gpio: Fix build error of function redefinition
ibmveth: Convert multicast list size for little-endian system
Bluetooth: btqca: Add a short delay before downloading the NVM
net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context
Change-Id: I5109a0608129d345ee2a16a1315ef2edab23545a
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Currently diag get log mask is using structure with
num_items which is not being used. The patch updates
structure for diag get log mask request.
Change-Id: I1d4d110ca1793e1c8bedcab33e2626f02af37926
Signed-off-by: Hardik Arya <harya@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl13bQ8ACgkQONu9yGCS
aT7MNA/8CJJOI1UwUD2bmGsPg5OMOkAhucsIS1U2NH0OiPRbYbHRKiau8ML5FHAk
9MMEjndZoDxokndbBFAao/oq+8uXrzokxfoLAvzSm6ICIv8x5tI81v2yjVh8EPk3
6/2fJ68ugovSgAyMZlIK9Z/UeoJAoLPVqSlp7h0ecP00DOvEe5Vs347MfabNiNHP
OrKCd0myMieBdAy2idEOs/s97q0WbwPhrEELQFCDOEhTTdDMGMP14/X7TdFHELVf
G927erT6ztErLQHe8BUYmeQvxrLVoL9IV0vOMh98rbWxHD32/jqxO5yVY77oHH0b
lDT8nH2s+6pa3b3bZkVnEYKN9omE/O8QJVBHMuRGbWFjwyXJfAE7rMxVul6tUn/d
I96wBHD4kskGeXXcgb4zc/TSVo2WFJDvnnIgRs7hvUjPTAJ+iwJHXg9yjgu4BP7Z
uP14eTTv0CILtcKpkcRtjdmr64crJ/YdedZxlJut8nM5s7ui0waytpxzoaKIKg7i
j/QiRIYRikTTOqeABRw6/EZeYnieSdh1xrozI1fnKdikzU0nSx5Qxk7dsR4pTxrd
0699ba+TZHaJ+4eSYPxm+CejAXom9MBBgyLevT9ZkGu2wk3nPJ5GZU0olMcV1WXo
yN6/Xid8aXQBFOXw3Ex9pUI/qrV0fGEhZwFuOyCNFy1/lqMv2TY=
=s9Vs
-----END PGP SIGNATURE-----
Merge 4.4.192 into android-4.4
Changes in 4.4.192
net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context
net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
Bluetooth: btqca: Add a short delay before downloading the NVM
ibmveth: Convert multicast list size for little-endian system
gpio: Fix build error of function redefinition
cxgb4: fix a memory leak bug
net: myri10ge: fix memory leaks
cx82310_eth: fix a memory leak bug
net: kalmia: fix memory leaks
wimax/i2400m: fix a memory leak bug
ravb: Fix use-after-free ravb_tstamp_skb
Tools: hv: kvp: eliminate 'may be used uninitialized' warning
IB/mlx4: Fix memory leaks
ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
KVM: arm/arm64: Only skip MMIO insn once
libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
spi: bcm2835aux: ensure interrupts are enabled for shared handler
spi: bcm2835aux: unifying code between polling and interrupt driven code
spi: bcm2835aux: remove dangerous uncontrolled read of fifo
spi: bcm2835aux: fix corruptions for longer spi transfers
Revert "x86/apic: Include the LDR when clearing out APIC registers"
net: fix skb use after free in netpoll
net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
Linux 4.4.192
Change-Id: I5e02cd84379aa9da7da5ed9545e939e0ca13197f
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 3b25528e1e355c803e73aa326ce657b5606cda73 ]
The devicetree binding lists the phy phy as optional. As such, the
driver should not bail out if it can't find a regulator. Instead it
should just skip the remaining regulator related code and continue
on normally.
Skip the remainder of phy_power_on() if a regulator supply isn't
available. This also gets rid of the bogus return code.
Fixes: 2e12f53663 ("net: stmmac: dwmac-rk: Use standard devicetree property for phy regulator")
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 950b07c14e8c59444e2359f15fd70ed5112e11a0 ]
This reverts commit 558682b5291937a70748d36fd9ba757fb25b99ae.
Chris Wilson reports that it breaks his CPU hotplug test scripts. In
particular, it breaks offlining and then re-onlining the boot CPU, which
we treat specially (and the BIOS does too).
The symptoms are that we can offline the CPU, but it then does not come
back online again:
smpboot: CPU 0 is now offline
smpboot: Booting Node 0 Processor 0 APIC 0x0
smpboot: do_boot_cpu failed(-1) to wakeup CPU#0
Thomas says he knows why it's broken (my personal suspicion: our magic
handling of the "cpu0_logical_apicid" thing), but for 5.3 the right fix
is to just revert it, since we've never touched the LDR bits before, and
it's not worth the risk to do anything else at this stage.
[ Hotpluging of the boot CPU is special anyway, and should be off by
default. See the "BOOTPARAM_HOTPLUG_CPU0" config option and the
cpu0_hotplug kernel parameter.
In general you should not do it, and it has various known limitations
(hibernate and suspend require the boot CPU, for example).
But it should work, even if the boot CPU is special and needs careful
treatment - Linus ]
Link: https://lore.kernel.org/lkml/156785100521.13300.14461504732265570003@skylake-alporthouse-com/
Reported-by: Chris Wilson <chris@chris-wilson.co.uk>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Bandan Das <bsd@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 73b114ee7db1750c0b535199fae383b109bd61d0 ]
On long running tests with a mcp2517fd can controller it showed that
on rare occations the data read shows corruptions for longer spi transfers.
Example of a 22 byte transfer:
expected (as captured on logic analyzer):
FF FF 78 00 00 00 08 06 00 00 91 20 77 56 84 85 86 87 88 89 8a 8b
read by the driver:
FF FF 78 00 00 00 08 06 00 00 91 20 77 56 84 88 89 8a 00 00 8b 9b
To fix this use BCM2835_AUX_SPI_STAT_RX_LVL to determine when we may
read data from the fifo reliably without any corruption.
Surprisingly the only values ever empirically read in
BCM2835_AUX_SPI_STAT_RX_LVL are 0x00, 0x10, 0x20 and 0x30.
So whenever the mask is not 0 we can read from the fifo in a safe manner.
The patch has now been tested intensively and we are no longer
able to reproduce the "RX" issue any longer.
Fixes: 1ea29b39f4 ("spi: bcm2835aux: add bcm2835 auxiliary spi device...")
Reported-by: Hubert Denkmair <h.denkmair@intence.de>
Signed-off-by: Martin Sperl <kernel@martin.sperl.org>
Acked-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit c7de8500fd8ecbb544846dd5f11dca578c3777e1 ]
This read of the fifo is a potential candidate for a race condition
as the spi transfer is not necessarily finished and so can lead to
an early read of the fifo that still misses data.
So it has been removed.
Fixes: 1ea29b39f4 ("spi: bcm2835aux: add bcm2835 auxiliary spi device...")
Suggested-by: Hubert Denkmair <h.denkmair@intence.de>
Signed-off-by: Martin Sperl <kernel@martin.sperl.org>
Acked-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 7188a6f0eee3f1fae5d826cfc6d569657ff950ec ]
Sharing more code between polling and interrupt-driven mode.
Signed-off-by: Martin Sperl <kernel@martin.sperl.org>
Acked-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit bc519d9574618e47a0c788000fb78da95e18d953 ]
The BCM2835 AUX SPI has a shared interrupt line (with AUX UART).
Downstream fixes this with an AUX irqchip to demux the IRQ sources and a
DT change which breaks compatibility with older kernels. The AUX irqchip
was already rejected for upstream[1] and the DT change would break
working systems if the DTB is updated to a newer one. The latter issue
was brought to my attention by Alex Graf.
The root cause however is a bug in the shared handler. Shared handlers
must check that interrupts are actually enabled before servicing the
interrupt. Add a check that the TXEMPTY or IDLE interrupts are enabled.
[1] https://patchwork.kernel.org/patch/9781221/
Cc: Alexander Graf <agraf@suse.de>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Mark Brown <broonie@kernel.org>
Cc: Eric Anholt <eric@anholt.net>
Cc: Stefan Wahren <stefan.wahren@i2se.com>
Cc: Florian Fainelli <f.fainelli@gmail.com>
Cc: Ray Jui <rjui@broadcom.com>
Cc: Scott Branden <sbranden@broadcom.com>
Cc: bcm-kernel-feedback-list@broadcom.com
Cc: linux-spi@vger.kernel.org
Cc: linux-rpi-kernel@lists.infradead.org
Cc: linux-arm-kernel@lists.infradead.org
Signed-off-by: Rob Herring <robh@kernel.org>
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 2113c5f62b7423e4a72b890bd479704aa85c81ba ]
If after an MMIO exit to userspace a VCPU is immediately run with an
immediate_exit request, such as when a signal is delivered or an MMIO
emulation completion is needed, then the VCPU completes the MMIO
emulation and immediately returns to userspace. As the exit_reason
does not get changed from KVM_EXIT_MMIO in these cases we have to
be careful not to complete the MMIO emulation again, when the VCPU is
eventually run again, because the emulation does an instruction skip
(and doing too many skips would be a waste of guest code :-) We need
to use additional VCPU state to track if the emulation is complete.
As luck would have it, we already have 'mmio_needed', which even
appears to be used in this way by other architectures already.
Fixes: 0d640732dbeb ("arm64: KVM: Skip MMIO insn after emulation")
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 86968ef21596515958d5f0a40233d02be78ecec0 ]
Calling ceph_buffer_put() in __ceph_setxattr() may end up freeing the
i_xattrs.prealloc_blob buffer while holding the i_ceph_lock. This can be
fixed by postponing the call until later, when the lock is released.
The following backtrace was triggered by fstests generic/117.
BUG: sleeping function called from invalid context at mm/vmalloc.c:2283
in_atomic(): 1, irqs_disabled(): 0, pid: 650, name: fsstress
3 locks held by fsstress/650:
#0: 00000000870a0fe8 (sb_writers#8){.+.+}, at: mnt_want_write+0x20/0x50
#1: 00000000ba0c4c74 (&type->i_mutex_dir_key#6){++++}, at: vfs_setxattr+0x55/0xa0
#2: 000000008dfbb3f2 (&(&ci->i_ceph_lock)->rlock){+.+.}, at: __ceph_setxattr+0x297/0x810
CPU: 1 PID: 650 Comm: fsstress Not tainted 5.2.0+ #437
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58-prebuilt.qemu.org 04/01/2014
Call Trace:
dump_stack+0x67/0x90
___might_sleep.cold+0x9f/0xb1
vfree+0x4b/0x60
ceph_buffer_release+0x1b/0x60
__ceph_setxattr+0x2b4/0x810
__vfs_setxattr+0x66/0x80
__vfs_setxattr_noperm+0x59/0xf0
vfs_setxattr+0x81/0xa0
setxattr+0x115/0x230
? filename_lookup+0xc9/0x140
? rcu_read_lock_sched_held+0x74/0x80
? rcu_sync_lockdep_assert+0x2e/0x60
? __sb_start_write+0x142/0x1a0
? mnt_want_write+0x20/0x50
path_setxattr+0xba/0xd0
__x64_sys_lsetxattr+0x24/0x30
do_syscall_64+0x50/0x1c0
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7ff23514359a
Signed-off-by: Luis Henriques <lhenriques@suse.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 5c1baaa82cea2c815a5180ded402a7cd455d1810 ]
In mlx4_ib_alloc_pv_bufs(), 'tun_qp->tx_ring' is allocated through
kcalloc(). However, it is not always deallocated in the following execution
if an error occurs, leading to memory leaks. To fix this issue, free
'tun_qp->tx_ring' whenever an error occurs.
Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
Acked-by: Leon Romanovsky <leonro@mellanox.com>
Link: https://lore.kernel.org/r/1566159781-4642-1-git-send-email-wenwen@cs.uga.edu
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 89eb4d8d25722a0a0194cf7fa47ba602e32a6da7 ]
When building hv_kvp_daemon GCC-8.3 complains:
hv_kvp_daemon.c: In function ‘kvp_get_ip_info.constprop’:
hv_kvp_daemon.c:812:30: warning: ‘ip_buffer’ may be used uninitialized in this function [-Wmaybe-uninitialized]
struct hv_kvp_ipaddr_value *ip_buffer;
this seems to be a false positive: we only use ip_buffer when
op == KVP_OP_GET_IP_INFO and it is only unset when op == KVP_OP_ENUMERATE.
Silence the warning by initializing ip_buffer to NULL.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit cfef46d692efd852a0da6803f920cc756eea2855 ]
When a Tx timestamp is requested, a pointer to the skb is stored in the
ravb_tstamp_skb struct. This was done without an skb_get. There exists
the possibility that the skb could be freed by ravb_tx_free (when
ravb_tx_free is called from ravb_start_xmit) before the timestamp was
processed, leading to a use-after-free bug.
Use skb_get when filling a ravb_tstamp_skb struct, and add appropriate
frees/consumes when a ravb_tstamp_skb struct is freed.
Fixes: c156633f13 ("Renesas Ethernet AVB driver proper")
Signed-off-by: Tho Vu <tho.vu.wh@rvc.renesas.com>
Signed-off-by: Kazuya Mizuguchi <kazuya.mizuguchi.ks@renesas.com>
Signed-off-by: Simon Horman <horms+renesas@verge.net.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 44ef3a03252844a8753479b0cea7f29e4a804bdc ]
In i2400m_barker_db_init(), 'options_orig' is allocated through kstrdup()
to hold the original command line options. Then, the options are parsed.
However, if an error occurs during the parsing process, 'options_orig' is
not deallocated, leading to a memory leak bug. To fix this issue, free
'options_orig' before returning the error.
Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
