1. 12 Mar, 2017 20 commits
    • Theodore Ts'o's avatar
      ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea() · 7cf6b709
      Theodore Ts'o authored
      commit c755e251 upstream.
      
      The xattr_sem deadlock problems fixed in commit 2e81a4ee: "ext4:
      avoid deadlock when expanding inode size" didn't include the use of
      xattr_sem in fs/ext4/inline.c.  With the addition of project quota
      which added a new extra inode field, this exposed deadlocks in the
      inline_data code similar to the ones fixed by 2e81a4ee.
      
      The deadlock can be reproduced via:
      
         dmesg -n 7
         mke2fs -t ext4 -O inline_data -Fq -I 256 /dev/vdc 32768
         mount -t ext4 -o debug_want_extra_isize=24 /dev/vdc /vdc
         mkdir /vdc/a
         umount /vdc
         mount -t ext4 /dev/vdc /vdc
         echo foo > /vdc/a/foo
      
      and looks like this:
      
      [   11.158815]
      [   11.160276] =============================================
      [   11.161960] [ INFO: possible recursive locking detected ]
      [   11.161960] 4.10.0-rc3-00015-g011b30a8a3cf #160 Tainted: G        W
      [   11.161960] ---------------------------------------------
      [   11.161960] bash/2519 is trying to acquire lock:
      [   11.161960]  (&ei->xattr_sem){++++..}, at: [<c1225a4b>] ext4_expand_extra_isize_ea+0x3d/0x4cd
      [   11.161960]
      [   11.161960] but task is already holding lock:
      [   11.161960]  (&ei->xattr_sem){++++..}, at: [<c1227941>] ext4_try_add_inline_entry+0x3a/0x152
      [   11.161960]
      [   11.161960] other info that might help us debug this:
      [   11.161960]  Possible unsafe locking scenario:
      [   11.161960]
      [   11.161960]        CPU0
      [   11.161960]        ----
      [   11.161960]   lock(&ei->xattr_sem);
      [   11.161960]   lock(&ei->xattr_sem);
      [   11.161960]
      [   11.161960]  *** DEADLOCK ***
      [   11.161960]
      [   11.161960]  May be due to missing lock nesting notation
      [   11.161960]
      [   11.161960] 4 locks held by bash/2519:
      [   11.161960]  #0:  (sb_writers#3){.+.+.+}, at: [<c11a2414>] mnt_want_write+0x1e/0x3e
      [   11.161960]  #1:  (&type->i_mutex_dir_key){++++++}, at: [<c119508b>] path_openat+0x338/0x67a
      [   11.161960]  #2:  (jbd2_handle){++++..}, at: [<c123314a>] start_this_handle+0x582/0x622
      [   11.161960]  #3:  (&ei->xattr_sem){++++..}, at: [<c1227941>] ext4_try_add_inline_entry+0x3a/0x152
      [   11.161960]
      [   11.161960] stack backtrace:
      [   11.161960] CPU: 0 PID: 2519 Comm: bash Tainted: G        W       4.10.0-rc3-00015-g011b30a8a3cf #160
      [   11.161960] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.1-1 04/01/2014
      [   11.161960] Call Trace:
      [   11.161960]  dump_stack+0x72/0xa3
      [   11.161960]  __lock_acquire+0xb7c/0xcb9
      [   11.161960]  ? kvm_clock_read+0x1f/0x29
      [   11.161960]  ? __lock_is_held+0x36/0x66
      [   11.161960]  ? __lock_is_held+0x36/0x66
      [   11.161960]  lock_acquire+0x106/0x18a
      [   11.161960]  ? ext4_expand_extra_isize_ea+0x3d/0x4cd
      [   11.161960]  down_write+0x39/0x72
      [   11.161960]  ? ext4_expand_extra_isize_ea+0x3d/0x4cd
      [   11.161960]  ext4_expand_extra_isize_ea+0x3d/0x4cd
      [   11.161960]  ? _raw_read_unlock+0x22/0x2c
      [   11.161960]  ? jbd2_journal_extend+0x1e2/0x262
      [   11.161960]  ? __ext4_journal_get_write_access+0x3d/0x60
      [   11.161960]  ext4_mark_inode_dirty+0x17d/0x26d
      [   11.161960]  ? ext4_add_dirent_to_inline.isra.12+0xa5/0xb2
      [   11.161960]  ext4_add_dirent_to_inline.isra.12+0xa5/0xb2
      [   11.161960]  ext4_try_add_inline_entry+0x69/0x152
      [   11.161960]  ext4_add_entry+0xa3/0x848
      [   11.161960]  ? __brelse+0x14/0x2f
      [   11.161960]  ? _raw_spin_unlock_irqrestore+0x44/0x4f
      [   11.161960]  ext4_add_nondir+0x17/0x5b
      [   11.161960]  ext4_create+0xcf/0x133
      [   11.161960]  ? ext4_mknod+0x12f/0x12f
      [   11.161960]  lookup_open+0x39e/0x3fb
      [   11.161960]  ? __wake_up+0x1a/0x40
      [   11.161960]  ? lock_acquire+0x11e/0x18a
      [   11.161960]  path_openat+0x35c/0x67a
      [   11.161960]  ? sched_clock_cpu+0xd7/0xf2
      [   11.161960]  do_filp_open+0x36/0x7c
      [   11.161960]  ? _raw_spin_unlock+0x22/0x2c
      [   11.161960]  ? __alloc_fd+0x169/0x173
      [   11.161960]  do_sys_open+0x59/0xcc
      [   11.161960]  SyS_open+0x1d/0x1f
      [   11.161960]  do_int80_syscall_32+0x4f/0x61
      [   11.161960]  entry_INT80_32+0x2f/0x2f
      [   11.161960] EIP: 0xb76ad469
      [   11.161960] EFLAGS: 00000286 CPU: 0
      [   11.161960] EAX: ffffffda EBX: 08168ac8 ECX: 00008241 EDX: 000001b6
      [   11.161960] ESI: b75e46bc EDI: b7755000 EBP: bfbdb108 ESP: bfbdafc0
      [   11.161960]  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b
      Reported-by: default avatarGeorge Spelvin <linux@sciencehorizons.net>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7cf6b709
    • Sakari Ailus's avatar
      media: Properly pass through media entity types in entity enumeration · c4b6ff75
      Sakari Ailus authored
      commit 98d85f3c upstream.
      
      When the functions replaced media entity types, the range which was
      allowed for the types was incorrect. This meant that media entity types
      for specific devices were not passed correctly to the userspace through
      MEDIA_IOC_ENUM_ENTITIES. Fix it.
      
      Fixes: commit b2cd2744 ("[media] media-device: map new functions into old types for legacy API")
      Reported-and-tested-by: default avatarAntti Laakso <antti.laakso@intel.com>
      Signed-off-by: default avatarSakari Ailus <sakari.ailus@linux.intel.com>
      Acked-by: default avatarLaurent Pinchart <laurent.pinchart@ideasonboard.com>
      Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@s-opensource.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      c4b6ff75
    • Sean Young's avatar
      lirc_dev: LIRC_{G,S}ET_REC_MODE do not work · 81d50663
      Sean Young authored
      commit bd291208 upstream.
      
      Since "273b902a [media] lirc_dev: use LIRC_CAN_REC() define" these
      ioctls no longer work.
      Signed-off-by: default avatarSean Young <sean@mess.org>
      Reviewed-by: default avatarAndi Shyti <andi.shyti@samsung.com>
      Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@s-opensource.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      81d50663
    • Mauro Carvalho Chehab's avatar
      dvb-usb: don't use stack for firmware load · 1a0fc4b1
      Mauro Carvalho Chehab authored
      commit 43fab979 upstream.
      
      As reported by Marc Duponcheel <marc@offline.be>, firmware load on
      dvb-usb is using the stack, with is not allowed anymore on default
      Kernel configurations:
      
      [ 1025.958836] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in cold state, will try to load a firmware
      [ 1025.958853] dvb-usb: downloading firmware from file 'dvb-usb-wt220u-zl0353-01.fw'
      [ 1025.958855] dvb-usb: could not stop the USB controller CPU.
      [ 1025.958856] dvb-usb: error while transferring firmware (transferred size: -11, block size: 3)
      [ 1025.958856] dvb-usb: firmware download failed at 8 with -22
      [ 1025.958867] usbcore: registered new interface driver dvb_usb_dtt200u
      
      [    2.789902] dvb-usb: downloading firmware from file 'dvb-usb-wt220u-zl0353-01.fw'
      [    2.789905] ------------[ cut here ]------------
      [    2.789911] WARNING: CPU: 3 PID: 2196 at drivers/usb/core/hcd.c:1584 usb_hcd_map_urb_for_dma+0x430/0x560 [usbcore]
      [    2.789912] transfer buffer not dma capable
      [    2.789912] Modules linked in: btusb dvb_usb_dtt200u(+) dvb_usb_af9035(+) btrtl btbcm dvb_usb dvb_usb_v2 btintel dvb_core bluetooth rc_core rfkill x86_pkg_temp_thermal intel_powerclamp coretemp crc32_pclmul aesni_intel aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd drm_kms_helper syscopyarea sysfillrect pcspkr i2c_i801 sysimgblt fb_sys_fops drm i2c_smbus i2c_core r8169 lpc_ich mfd_core mii thermal fan rtc_cmos video button acpi_cpufreq processor snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core snd_pcm snd_timer snd crc32c_intel ahci libahci libata xhci_pci ehci_pci xhci_hcd ehci_hcd usbcore usb_common dm_mirror dm_region_hash dm_log dm_mod
      [    2.789936] CPU: 3 PID: 2196 Comm: systemd-udevd Not tainted 4.9.0-gentoo #1
      [    2.789937] Hardware name: ASUS All Series/H81I-PLUS, BIOS 0401 07/23/2013
      [    2.789938]  ffffc9000339b690 ffffffff812bd397 ffffc9000339b6e0 0000000000000000
      [    2.789939]  ffffc9000339b6d0 ffffffff81055c86 000006300339b6a0 ffff880116c0c000
      [    2.789941]  0000000000000000 0000000000000000 0000000000000001 ffff880116c08000
      [    2.789942] Call Trace:
      [    2.789945]  [<ffffffff812bd397>] dump_stack+0x4d/0x66
      [    2.789947]  [<ffffffff81055c86>] __warn+0xc6/0xe0
      [    2.789948]  [<ffffffff81055cea>] warn_slowpath_fmt+0x4a/0x50
      [    2.789952]  [<ffffffffa006d460>] usb_hcd_map_urb_for_dma+0x430/0x560 [usbcore]
      [    2.789954]  [<ffffffff814ed5a8>] ? io_schedule_timeout+0xd8/0x110
      [    2.789956]  [<ffffffffa006e09c>] usb_hcd_submit_urb+0x9c/0x980 [usbcore]
      [    2.789958]  [<ffffffff812d0ebf>] ? copy_page_to_iter+0x14f/0x2b0
      [    2.789960]  [<ffffffff81126818>] ? pagecache_get_page+0x28/0x240
      [    2.789962]  [<ffffffff8118c2a0>] ? touch_atime+0x20/0xa0
      [    2.789964]  [<ffffffffa006f7c4>] usb_submit_urb+0x2c4/0x520 [usbcore]
      [    2.789967]  [<ffffffffa006feca>] usb_start_wait_urb+0x5a/0xe0 [usbcore]
      [    2.789969]  [<ffffffffa007000c>] usb_control_msg+0xbc/0xf0 [usbcore]
      [    2.789970]  [<ffffffffa067903d>] usb_cypress_writemem+0x3d/0x40 [dvb_usb]
      [    2.789972]  [<ffffffffa06791cf>] usb_cypress_load_firmware+0x4f/0x130 [dvb_usb]
      [    2.789973]  [<ffffffff8109dbbe>] ? console_unlock+0x2fe/0x5d0
      [    2.789974]  [<ffffffff8109e10c>] ? vprintk_emit+0x27c/0x410
      [    2.789975]  [<ffffffff8109e40a>] ? vprintk_default+0x1a/0x20
      [    2.789976]  [<ffffffff81124d76>] ? printk+0x43/0x4b
      [    2.789977]  [<ffffffffa0679310>] dvb_usb_download_firmware+0x60/0xd0 [dvb_usb]
      [    2.789979]  [<ffffffffa0679898>] dvb_usb_device_init+0x3d8/0x610 [dvb_usb]
      [    2.789981]  [<ffffffffa069e302>] dtt200u_usb_probe+0x92/0xd0 [dvb_usb_dtt200u]
      [    2.789984]  [<ffffffffa007420c>] usb_probe_interface+0xfc/0x270 [usbcore]
      [    2.789985]  [<ffffffff8138bf95>] driver_probe_device+0x215/0x2d0
      [    2.789986]  [<ffffffff8138c0e6>] __driver_attach+0x96/0xa0
      [    2.789987]  [<ffffffff8138c050>] ? driver_probe_device+0x2d0/0x2d0
      [    2.789988]  [<ffffffff81389ffb>] bus_for_each_dev+0x5b/0x90
      [    2.789989]  [<ffffffff8138b7b9>] driver_attach+0x19/0x20
      [    2.789990]  [<ffffffff8138b33c>] bus_add_driver+0x11c/0x220
      [    2.789991]  [<ffffffff8138c91b>] driver_register+0x5b/0xd0
      [    2.789994]  [<ffffffffa0072f6c>] usb_register_driver+0x7c/0x130 [usbcore]
      [    2.789994]  [<ffffffffa06a5000>] ? 0xffffffffa06a5000
      [    2.789996]  [<ffffffffa06a501e>] dtt200u_usb_driver_init+0x1e/0x20 [dvb_usb_dtt200u]
      [    2.789997]  [<ffffffff81000408>] do_one_initcall+0x38/0x140
      [    2.789998]  [<ffffffff8116001c>] ? __vunmap+0x7c/0xc0
      [    2.789999]  [<ffffffff81124fb0>] ? do_init_module+0x22/0x1d2
      [    2.790000]  [<ffffffff81124fe8>] do_init_module+0x5a/0x1d2
      [    2.790002]  [<ffffffff810c96b1>] load_module+0x1e11/0x2580
      [    2.790003]  [<ffffffff810c68b0>] ? show_taint+0x30/0x30
      [    2.790004]  [<ffffffff81177250>] ? kernel_read_file+0x100/0x190
      [    2.790005]  [<ffffffff810c9ffa>] SyS_finit_module+0xba/0xc0
      [    2.790007]  [<ffffffff814f13e0>] entry_SYSCALL_64_fastpath+0x13/0x94
      [    2.790008] ---[ end trace c78a74e78baec6fc ]---
      
      So, allocate the structure dynamically.
      Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@s-opensource.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      1a0fc4b1
    • Antti Palosaari's avatar
      cxd2820r: fix gpio null pointer dereference · aa315c96
      Antti Palosaari authored
      commit 0ffb94b6 upstream.
      
      Setting GPIOs during probe causes null pointer deference when
      GPIOLIB was not selected by Kconfig. Initialize driver private
      field before calling set gpios.
      
      It is regressing bug since 4.9.
      
      Fixes: 07fdf7d9 ("[media] cxd2820r: add I2C driver bindings")
      Reported-by: default avatarChris Rankin <rankincj@gmail.com>
      Tested-by: default avatarChris Rankin <rankincj@gmail.com>
      Tested-by: default avatarHåkan Lennestål <hakan.lennestal@gmail.com>
      Signed-off-by: default avatarAntti Palosaari <crope@iki.fi>
      Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@s-opensource.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      aa315c96
    • Randy Dunlap's avatar
      media: fix dm1105.c build error · a1403c57
      Randy Dunlap authored
      commit e3bb3cdd upstream.
      
      Fix dm1105 build error when CONFIG_I2C_ALGOBIT=m and
      CONFIG_DVB_DM1105=y.
      
      drivers/built-in.o: In function `dm1105_probe':
      dm1105.c:(.text+0x2836e7): undefined reference to `i2c_bit_add_bus'
      Signed-off-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Reported-by: default avatarkbuild test robot <fengguang.wu@intel.com>
      Cc: Javier Martinez Canillas <javier@osg.samsung.com>
      Signed-off-by: default avatarHans Verkuil <hans.verkuil@cisco.com>
      Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@s-opensource.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a1403c57
    • Guennadi Liakhovetski's avatar
      uvcvideo: Fix a wrong macro · 0dafb020
      Guennadi Liakhovetski authored
      commit 17c341ec upstream.
      
      Don't mix up UVC_BUF_STATE_* and VB2_BUF_STATE_* codes.
      
      Fixes: 6998b6fb ("[media] uvcvideo: Use videobuf2-vmalloc")
      Signed-off-by: default avatarGuennadi Liakhovetski <guennadi.liakhovetski@intel.com>
      Signed-off-by: default avatarLaurent Pinchart <laurent.pinchart@ideasonboard.com>
      Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@s-opensource.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0dafb020
    • Nicolas Iooss's avatar
      am437x-vpfe: always assign bpp variable · 895bff91
      Nicolas Iooss authored
      commit 6ebf7577 upstream.
      
      In vpfe_s_fmt(), when the sensor format and the requested format were
      the same, bpp was assigned to vpfe->bpp without being initialized first.
      
      Grab the bpp value that is currently used by using __vpfe_get_format()
      instead of its wrapper, vpfe_try_fmt().
      
      This use of uninitialized variable has been found by compiling the
      kernel with clang.
      
      Fixes: 417d2e50 ("[media] media: platform: add VPFE capture driver
      support for AM437X")
      Signed-off-by: default avatarNicolas Iooss <nicolas.iooss_linux@m4x.org>
      Signed-off-by: default avatarHans Verkuil <hans.verkuil@cisco.com>
      Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@s-opensource.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      895bff91
    • Zhang Rui's avatar
      mmc: sdhci-acpi: support deferred probe · 4dc45504
      Zhang Rui authored
      commit e28d6f04 upstream.
      
      With commit 67bf5156 ("gpio / ACPI: fix returned error from
      acpi_dev_gpio_irq_get()"), mmc_gpiod_request_cd() returns -EPROBE_DEFER if
      GPIO is not ready when sdhci-acpi driver is probed, and sdhci-acpi driver
      should be probed again later in this case.
      
      This fixes an order issue when both GPIO and sdhci-acpi drivers are built
      as modules.
      
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=177101Tested-by: default avatarJonas Aaberg <cja@gmx.net>
      Signed-off-by: default avatarZhang Rui <rui.zhang@intel.com>
      Acked-by: default avatarAdrian Hunter <adrian.hunter@intel.com>
      Signed-off-by: default avatarUlf Hansson <ulf.hansson@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4dc45504
    • Paul Burton's avatar
      MIPS: Handle microMIPS jumps in the same way as MIPS32/MIPS64 jumps · 70d4818d
      Paul Burton authored
      commit 096a0de4 upstream.
      
      is_jump_ins() checks for plain jump ("j") instructions since commit
      e7438c4b ("MIPS: Fix sibling call handling in get_frame_info") but
      that commit didn't make the same change to the microMIPS code, leaving
      it inconsistent with the MIPS32/MIPS64 code. Handle the microMIPS
      encoding of the jump instruction too such that it behaves consistently.
      Signed-off-by: default avatarPaul Burton <paul.burton@imgtec.com>
      Fixes: e7438c4b ("MIPS: Fix sibling call handling in get_frame_info")
      Cc: Tony Wu <tung7970@gmail.com>
      Cc: linux-mips@linux-mips.org
      Patchwork: https://patchwork.linux-mips.org/patch/14533/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      70d4818d
    • Paul Burton's avatar
      MIPS: Calculate microMIPS ra properly when unwinding the stack · 6f6914d7
      Paul Burton authored
      commit bb9bc468 upstream.
      
      get_frame_info() calculates the offset of the return address within a
      stack frame simply by dividing a the bottom 16 bits of the instruction,
      treated as a signed integer, by the size of a long. Whilst this works
      for MIPS32 & MIPS64 ISAs where the sw or sd instructions are used, it's
      incorrect for microMIPS where encodings differ. The result is that we
      typically completely fail to unwind the stack on microMIPS.
      
      Fix this by adjusting is_ra_save_ins() to calculate the return address
      offset, and take into account the various different encodings there in
      the same place as we consider whether an instruction is storing the
      ra/$31 register.
      
      With this we are now able to unwind the stack for kernels targetting the
      microMIPS ISA, for example we can produce:
      
          Call Trace:
          [<80109e1f>] show_stack+0x63/0x7c
          [<8011ea17>] __warn+0x9b/0xac
          [<8011ea45>] warn_slowpath_fmt+0x1d/0x20
          [<8013fe53>] register_console+0x43/0x314
          [<8067c58d>] of_setup_earlycon+0x1dd/0x1ec
          [<8067f63f>] early_init_dt_scan_chosen_stdout+0xe7/0xf8
          [<8066c115>] do_early_param+0x75/0xac
          [<801302f9>] parse_args+0x1dd/0x308
          [<8066c459>] parse_early_options+0x25/0x28
          [<8066c48b>] parse_early_param+0x2f/0x38
          [<8066e8cf>] setup_arch+0x113/0x488
          [<8066c4f3>] start_kernel+0x57/0x328
          ---[ end trace 0000000000000000 ]---
      
      Whereas previously we only produced:
      
          Call Trace:
          [<80109e1f>] show_stack+0x63/0x7c
          ---[ end trace 0000000000000000 ]---
      Signed-off-by: default avatarPaul Burton <paul.burton@imgtec.com>
      Fixes: 34c2f668 ("MIPS: microMIPS: Add unaligned access support.")
      Cc: Leonid Yegoshin <leonid.yegoshin@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Patchwork: https://patchwork.linux-mips.org/patch/14532/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      6f6914d7
    • Paul Burton's avatar
      MIPS: Fix is_jump_ins() handling of 16b microMIPS instructions · f4ab4d6f
      Paul Burton authored
      commit 67c75057 upstream.
      
      is_jump_ins() checks 16b instruction fields without verifying that the
      instruction is indeed 16b, as is done by is_ra_save_ins() &
      is_sp_move_ins(). Add the appropriate check.
      Signed-off-by: default avatarPaul Burton <paul.burton@imgtec.com>
      Fixes: 34c2f668 ("MIPS: microMIPS: Add unaligned access support.")
      Cc: Leonid Yegoshin <leonid.yegoshin@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Patchwork: https://patchwork.linux-mips.org/patch/14531/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f4ab4d6f
    • Paul Burton's avatar
      MIPS: Fix get_frame_info() handling of microMIPS function size · 6ec5e28d
      Paul Burton authored
      commit b6c7a324 upstream.
      
      get_frame_info() is meant to iterate over up to the first 128
      instructions within a function, but for microMIPS kernels it will not
      reach that many instructions unless the function is 512 bytes long since
      we calculate the maximum number of instructions to check by dividing the
      function length by the 4 byte size of a union mips_instruction. In
      microMIPS kernels this won't do since instructions are variable length.
      
      Fix this by instead checking whether the pointer to the current
      instruction has reached the end of the function, and use max_insns as a
      simple constant to check the number of iterations against.
      Signed-off-by: default avatarPaul Burton <paul.burton@imgtec.com>
      Fixes: 34c2f668 ("MIPS: microMIPS: Add unaligned access support.")
      Cc: Leonid Yegoshin <leonid.yegoshin@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Patchwork: https://patchwork.linux-mips.org/patch/14530/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      6ec5e28d
    • Paul Burton's avatar
      MIPS: Prevent unaligned accesses during stack unwinding · f9bba20e
      Paul Burton authored
      commit a3552dac upstream.
      
      During stack unwinding we call a number of functions to determine what
      type of instruction we're looking at. The union mips_instruction pointer
      provided to them may be pointing at a 2 byte, but not 4 byte, aligned
      address & we thus cannot directly access the 4 byte wide members of the
      union mips_instruction. To avoid this is_ra_save_ins() copies the
      required half-words of the microMIPS instruction to a correctly aligned
      union mips_instruction on the stack, which it can then access safely.
      The is_jump_ins() & is_sp_move_ins() functions do not correctly perform
      this temporary copy, and instead attempt to directly dereference 4 byte
      fields which may be misaligned and lead to an address exception.
      
      Fix this by copying the instruction halfwords to a temporary union
      mips_instruction in get_frame_info() such that we can provide a 4 byte
      aligned union mips_instruction to the is_*_ins() functions and they do
      not need to deal with misalignment themselves.
      Signed-off-by: default avatarPaul Burton <paul.burton@imgtec.com>
      Fixes: 34c2f668 ("MIPS: microMIPS: Add unaligned access support.")
      Cc: Leonid Yegoshin <leonid.yegoshin@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Patchwork: https://patchwork.linux-mips.org/patch/14529/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f9bba20e
    • Paul Burton's avatar
      MIPS: Clear ISA bit correctly in get_frame_info() · 953f8054
      Paul Burton authored
      commit ccaf7caf upstream.
      
      get_frame_info() can be called in microMIPS kernels with the ISA bit
      already clear. For example this happens when unwind_stack_by_address()
      is called because we begin with a PC that has the ISA bit set & subtract
      the (odd) offset from the preceding symbol (which does not have the ISA
      bit set). Since get_frame_info() unconditionally subtracts 1 from the PC
      in microMIPS kernels it incorrectly misaligns the address it then
      attempts to access code at, leading to an address error exception.
      
      Fix this by using msk_isa16_mode() to clear the ISA bit, which allows
      get_frame_info() to function regardless of whether it is provided with a
      PC that has the ISA bit set or not.
      Signed-off-by: default avatarPaul Burton <paul.burton@imgtec.com>
      Fixes: 34c2f668 ("MIPS: microMIPS: Add unaligned access support.")
      Cc: Leonid Yegoshin <leonid.yegoshin@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Patchwork: https://patchwork.linux-mips.org/patch/14528/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      953f8054
    • Felix Fietkau's avatar
      MIPS: Lantiq: Keep ethernet enabled during boot · 734696a2
      Felix Fietkau authored
      commit 774f0c64 upstream.
      
      Disabling ethernet during reboot (only to enable it again when the
      ethernet driver attaches) can put the chip into a faulty state where it
      corrupts the header of all incoming packets.
      
      This happens if packets arrive during the time window where the core is
      disabled, and it can be easily reproduced by rebooting while sending a
      flood ping to the broadcast address.
      
      Fixes: 95135bfa ("MIPS: Lantiq: Deactivate most of the devices by default")
      Signed-off-by: default avatarFelix Fietkau <nbd@nbd.name>
      Acked-by: default avatarJohn Crispin <john@phrozen.org>
      Cc: hauke.mehrtens@lantiq.com
      Cc: linux-mips@linux-mips.org
      Patchwork: https://patchwork.linux-mips.org/patch/15078/Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      734696a2
    • James Cowgill's avatar
      MIPS: OCTEON: Fix copy_from_user fault handling for large buffers · 1764303e
      James Cowgill authored
      commit 884b4269 upstream.
      
      If copy_from_user is called with a large buffer (>= 128 bytes) and the
      userspace buffer refers partially to unreadable memory, then it is
      possible for Octeon's copy_from_user to report the wrong number of bytes
      have been copied. In the case where the buffer size is an exact multiple
      of 128 and the fault occurs in the last 64 bytes, copy_from_user will
      report that all the bytes were copied successfully but leave some
      garbage in the destination buffer.
      
      The bug is in the main __copy_user_common loop in octeon-memcpy.S where
      in the middle of the loop, src and dst are incremented by 128 bytes. The
      l_exc_copy fault handler is used after this but that assumes that
      "src < THREAD_BUADDR($28)". This is not the case if src has already been
      incremented.
      
      Fix by adding an extra fault handler which rewinds the src and dst
      pointers 128 bytes before falling though to l_exc_copy.
      
      Thanks to the pwritev test from the strace test suite for originally
      highlighting this bug!
      
      Fixes: 5b3b1688 ("MIPS: Add Cavium OCTEON processor support ...")
      Signed-off-by: default avatarJames Cowgill <James.Cowgill@imgtec.com>
      Acked-by: default avatarDavid Daney <david.daney@cavium.com>
      Reviewed-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: linux-mips@linux-mips.org
      Patchwork: https://patchwork.linux-mips.org/patch/14978/Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      1764303e
    • Mirko Parthey's avatar
      MIPS: BCM47XX: Fix button inversion for Asus WL-500W · f2b15d50
      Mirko Parthey authored
      commit bdfdaf1a upstream.
      
      The Asus WL-500W buttons are active high, but the software treats them
      as active low. Fix the inverted logic.
      
      Fixes: 3be97255 ("MIPS: BCM47XX: Import buttons database from OpenWrt")
      Signed-off-by: default avatarMirko Parthey <mirko.parthey@web.de>
      Acked-by: default avatarRafał Miłecki <rafal@milecki.pl>
      Cc: Hauke Mehrtens <hauke@hauke-m.de>
      Cc: linux-mips@linux-mips.org
      Patchwork: https://patchwork.linux-mips.org/patch/15295/Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f2b15d50
    • Ralf Baechle's avatar
      MIPS: Fix special case in 64 bit IP checksumming. · 890fb4e3
      Ralf Baechle authored
      commit 66fd848c upstream.
      
      For certain arguments such as saddr = 0xc0a8fd60, daddr = 0xc0a8fda1,
      len = 80, proto = 17, sum = 0x7eae049d there will be a carry when
      folding the intermediate 64 bit checksum to 32 bit but the code doesn't
      add the carry back to the one's complement sum, thus an incorrect result
      will be generated.
      Reported-by: default avatarMark Zhang <bomb.zhang@gmail.com>
      Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Reviewed-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      890fb4e3
    • Purna Chandra Mandal's avatar
      MIPS: pic32mzda: Fix linker error for pic32_get_pbclk() · 87592def
      Purna Chandra Mandal authored
      commit a726f1d2 upstream.
      
      Early clock API pic32_get_pbclk() is defined in early_clk.c and used by
      time.c and early_console.c. When CONFIG_EARLY_PRINTK isn't set,
      early_clk.c isn't compiled and time.c fails to link.
      
      Fix it by compiling early_clk.c always. Also sort files in alphabetical
      order.
      
      Fixes: 6e4ad1b4 ("MIPS: pic32mzda: fix getting timer clock rate.")
      Reported-by: default avatarHarvey Hunt <harvey.hunt@imgtec.com>
      Signed-off-by: default avatarPurna Chandra Mandal <purna.mandal@microchip.com>
      Reviewed-by: default avatarHarvey Hunt <harvey.hunt@imgtec.com>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: Joshua Henderson <digitalpeer@digitalpeer.com>
      Cc: linux-mips@linux-mips.org
      Patchwork: https://patchwork.linux-mips.org/patch/13383/Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      87592def
  2. 26 Feb, 2017 20 commits