- 03 Jan, 2016 1 commit
-
-
Julia Lawall authored
The bma150_cfg structure is never modified, so declare it as const. Done with the help of Coccinelle. Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
- 20 Dec, 2015 1 commit
-
-
Dan Carpenter authored
We didn't check input_allocate_device() for failures so it could lead to a NULL deref. Fixes: 6b0f8f9c ('Input: add eGalaxTouch serial touchscreen driver') Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
- 19 Dec, 2015 3 commits
-
-
Elias Vanderstuyft authored
Currently the user can set ff_effects_max to zero with the EV_FF bit (and the FF_GAIN and/or FF_AUTOCENTER bits) set, in this case the uninitialized methods ff->set_gain and/or ff->set_autocenter can be dereferenced, resulting in a kernel oops. Check in uinput_create_device() and print a helpful message and return -EINVAL in case the check fails. Signed-off-by: Elias Vanderstuyft <elias.vds@gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
David Herrmann authored
Rework the uinput ABS validation to check passed absinfo data immediately, but do ABS initialization as last step in UI_DEV_CREATE. The behavior observed by user-space is not changed, as ABS initialization was never checked for errors. With this in place, the order of device initialization and abs configuration is no longer fixed. Userspace can initialize the device and afterwards set absinfo just fine. Signed-off-by: David Herrmann <dh.herrmann@gmail.com> Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Tested-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
Benjamin Tissoires authored
This adds two new ioctls, UINPUT_DEV_SETUP and UI_ABS_SETUP, that replaces the old device setup method (by write()'ing "struct uinput_user_dev" to the node). The old method is not easily extendable and requires huge payloads. Furthermore, overloading write() without properly versioned objects is error-prone. Therefore, we introduce two new ioctls to replace the old method. These ioctls support all features of the old method, plus a "resolution" field for absinfo. Furthermore, it's properly forward-compatible to new ABS codes and a growing "struct input_absinfo" structure. UI_ABS_SETUP also allows user-space to skip unknown axes if not set. There is no need to copy the whole array temporarily into the kernel, but instead the caller issues several ioctl where we copy each value manually. Signed-off-by: David Herrmann <dh.herrmann@gmail.com> Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Reviewed-by: David Herrmann <dh.herrmann@gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
- 17 Dec, 2015 9 commits
-
-
Dmitry Torokhov authored
Bring in changes to limit number of protocols we try on pass-though PS/2 ports so that probe ocmpletes faster.
-
Dmitry Torokhov authored
This makes Logitech PS2++ protocol implementation consistent with the naming in other protocols. Also mark the stub as "static inline" Reviewed-by: Hans de Goede <hdegoede@redhat.com> Tested-by: Marcin Sochacki <msochacki+kernel@gmail.com> Tested-by: Till <till2.schaefer@uni-dortmund.de> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
Dmitry Torokhov authored
PS/2 protocol is slow, and using it with pass-through port (where we encapsulate PS/2 into PS/2) is slower yet so it takes quite a bit of time to do full protocol discovery for device attached to a pass-through port. However, so far we have not see anything but trackpoints or basic PS/2 mice on pass-through ports, so let's limit protocols that we probe there to Trackpoint, IntelliMouse Explorer, IntelliMouse, and bare PS/2 protocol, and avoid other extended protocols, such as Synaptics, ALPS, etc. Reviewed-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Pali Rohár <pali.rohar@gmail.com> Tested-by: Marcin Sochacki <msochacki+kernel@gmail.com> Tested-by: Till <till2.schaefer@uni-dortmund.de> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
Dmitry Torokhov authored
In preparation of limiting protocols that we try on pass-through ports, let's rework initialization code and factor common code into psmouse_try_protocol() that accepts protocol type (instead of detec() function pointer) and can, for most protocols, perform both detection and initialization. Note that this removes option of forcing Lifebook protocol on devices that are not recognized by lifebook_detect() as having the hardware, but I do not recall anyone using this option. Reviewed-by: Hans de Goede <hdegoede@redhat.com> Tested-by: Marcin Sochacki <msochacki+kernel@gmail.com> Tested-by: Till <till2.schaefer@uni-dortmund.de> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
Dmitry Torokhov authored
We move protocol descriptions and psmouse_find_by_type() and pmouse_find_by_name() so that we can use them without forward declarations in the subsequent patches. Reviewed-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Pali Rohár <pali.rohar@gmail.com> Tested-by: Marcin Sochacki <msochacki+kernel@gmail.com> Tested-by: Till <till2.schaefer@uni-dortmund.de> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
Dmitry Torokhov authored
When Cypress protocol support is disabled cypress_init() is a stub that always returns -ENOSYS, so there is not point in testing for CONFIG_MOUSE_PS2_CYPRESS after we decided that we are dealing with a Cypress device. Also, we should only be calling cypress_detect() when set_properties argument is "true", like with other protocols. There is a slight change in behavior to make follow-up patches more uniform: when we detect Cypress but its initialization fails, instead of immediately returning PSMOUSE_PS2 protocol we now continue trying IntelliMouse [Explorer]. Given that Cypress devices only have issue with Sentelic probes probing Imtellimouse should be safe. Reviewed-by: Hans de Goede <hdegoede@redhat.com> Tested-by: Marcin Sochacki <msochacki+kernel@gmail.com> Tested-by: Till <till2.schaefer@uni-dortmund.de> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
Dmitry Torokhov authored
The fact that we were calling focaltech_init() even when Focaltech support is disabled was confusing. Rearrange the code so that if support is disabled we continue to fall through the rest of protocol probing code until we get to full reset that Focaltech devices need to work properly. Also, replace focaltech_init() with a stub now that it is only called when protocol is enabled. Reviewed-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Pali Rohár <pali.rohar@gmail.com> Tested-by: Marcin Sochacki <msochacki+kernel@gmail.com> Tested-by: Till <till2.schaefer@uni-dortmund.de> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
Dmitry Torokhov authored
The module was using non-standard comment style with comment blocks often starting at the very beginning of a line instead of being aligned with the code. Let's switch to standard formatting. Reviewed-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Pali Rohár <pali.rohar@gmail.com> Tested-by: Marcin Sochacki <msochacki+kernel@gmail.com> Tested-by: Till <till2.schaefer@uni-dortmund.de> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
Dmitry Torokhov authored
Instead of a series mostly exclusive "if" statements testing protocol type of the mouse let's use "switch" statement. Reviewed-by: Hans de Goede <hdegoede@redhat.com> Reviewed-by: Pali Rohár <pali.rohar@gmail.com> Tested-by: Marcin Sochacki <msochacki+kernel@gmail.com> Tested-by: Till <till2.schaefer@uni-dortmund.de> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
- 16 Dec, 2015 2 commits
-
-
Damien Riegel authored
On this board, the touchscreen, an ads7843, is not handled directly by Linux but by a companion FPGA. This FPGA is memory-mapped and the IP design is very similar to the mk712. This commit adds the support for this IP. Signed-off-by: Damien Riegel <damien.riegel@savoirfairelinux.com> Acked-by: Rob Herring <robh@kernel.org> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
Böszörményi Zoltán authored
There are two EETI touchscreen drivers in the kernel (eeti_ts and egalax_ts) but both are for I2C-connected panels. This is for a different, serial and not multi-touch touchscreen panel. The protocol documentation is at http://www.eeti.com.tw/pdf/Software%20Programming%20Guide_v2.0.pdfSigned-off-by: Böszörményi Zoltán <zboszor@pr.hu> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
- 13 Dec, 2015 1 commit
-
-
Steve Twiss authored
Stop reporting KEY_SLEEP for a short key-press and report KEY_POWER instead This change applies to both DA9063 and DA9062 ONKEY drivers. A previous application used for testing by the developer required a KEY_SLEEP and KEY_POWER input_report_key event to distinguish between a short and long key-press of the power key. This is not the general convention and the typical solution is for KEY_POWER to be used in both cases: suspend and S/W power off. Signed-off-by: Steve Twiss <stwiss.opensource@diasemi.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
- 05 Dec, 2015 1 commit
-
-
Sander Vermin authored
On some devices the wake and enable pins of the pixcir touchscreen controller are connected to gpios and these must be controlled by the driver for the device to operate properly. Signed-off-by: Sander Vermin <sander@vermin.nl> Signed-off-by: Hans de Goede <hdegoede@redhat.com> Acked-by: Rob Herring <robh@kernel.org> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
- 03 Dec, 2015 5 commits
-
-
Peter Hutterer authored
These devices have a pen device and a touch device through the same serial protocol, split it up into two separate devices like we do for USB Wacom tablets too. Userspace already matches on the device name so we can't drop it completely. Compose the same basename based on capabilities and append the tool type, leading to a name like "Wacom Serial Penabled 2FG Touchscreen Pen". Note that this drops BTN_TOOL_FINGER, it is not needed once the tools are split out (and a touch device with BTN_TOOL_FINGER is interpreted as touchpad by most of userspace). Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Acked-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
Peter Hutterer authored
This is preparation work for splitting it up for two event nodes. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Acked-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
Peter Hutterer authored
If a device failed at the pen setup and gets a zero reply from the touch device, we need to return an error. Otherwise we have a device with nothing but a name and the EV_KEY and EV_ABS bits. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Acked-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
Peter Hutterer authored
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Acked-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> Reviewed-by: Ping Cheng <pingc@wacom.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
Peter Hutterer authored
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Acked-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> Reviewed-by: Ping Cheng <pingc@wacom.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
- 02 Dec, 2015 2 commits
-
-
Thierry Reding authored
These new helpers simplify implementing multi-driver modules and properly handle failure to register one driver by unregistering all previously registered drivers. Signed-off-by: Thierry Reding <treding@nvidia.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
Dmitry Torokhov authored
Merge with Linux 4.4-rc3 to bring in helpers for multiu-driver modules.
-
- 30 Nov, 2015 6 commits
-
-
Linus Torvalds authored
-
git://people.freedesktop.org/~airlied/linuxLinus Torvalds authored
Pull nouveau and radeon fixes from Dave Airlie: "Just some nouveau and radeon/amdgpu fixes. The nouveau fixes look large as the firmware context files are regenerated, but the actual change is quite small" * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: drm/radeon: make some dpm errors debug only drm/nouveau/volt/pwm/gk104: fix an off-by-one resulting in the voltage not being set drm/nouveau/nvif: allow userspace access to its own client object drm/nouveau/gr/gf100-: fix oops when calling zbc methods drm/nouveau/gr/gf117-: assume no PPC if NV_PGRAPH_GPC_GPM_PD_PES_TPC_ID_MASK is zero drm/nouveau/gr/gf117-: read NV_PGRAPH_GPC_GPM_PD_PES_TPC_ID_MASK from correct GPC drm/nouveau/gr/gf100-: split out per-gpc address calculation macro drm/nouveau/bios: return actual size of the buffer retrieved via _ROM drm/nouveau/instmem: protect instobj list with a spinlock drm/nouveau/pci: enable c800 magic for some unknown Samsung laptop drm/nouveau/pci: enable c800 magic for Clevo P157SM drm/radeon: make rv770_set_sw_state failures non-fatal drm/amdgpu: move dependency handling out of atomic section v2 drm/amdgpu: optimize scheduler fence handling drm/amdgpu: remove vm->mutex drm/amdgpu: add mutex for ba_va->valids/invalids drm/amdgpu: adapt vce session create interface changes drm/amdgpu: vce use multiple cache surface starting from stoney drm/amdgpu: reset vce trap interrupt flag
-
git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linuxLinus Torvalds authored
Pull RTC fixes from Alexandre Belloni: "Two fixes for the ds1307 alarm and wakeup" * tag 'rtc-4.4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux: rtc: ds1307: fix alarm reading at probe time rtc: ds1307: fix kernel splat due to wakeup irq handling
-
git://git.linux-mips.org/pub/scm/ralf/upstream-linusLinus Torvalds authored
Pull MIPS fix from Ralf Baechle: "Just a fix for empty loops that may be removed by non-antique GCC" * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: MIPS: Fix delay loops which may be removed by GCC.
-
git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68kLinus Torvalds authored
Pull m68k fixes from Geert Uytterhoeven: "Summary: - Add missing initialization of max_pfn, which is needed to make selftests/vm/mlock2-tests succeed, - Wire up new mlock2 syscall" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k: m68k: Wire up mlock2 m68knommu: Add missing initialization of max_pfn and {min,max}_low_pfn m68k/mm: sun3 - Add missing initialization of max_pfn and {min,max}_low_pfn m68k/mm: m54xx - Add missing initialization of max_pfn m68k/mm: motorola - Add missing initialization of max_pfn
-
git://ftp.arm.linux.org.uk/~rmk/linux-armLinus Torvalds authored
Pull ARM fixes from Russell King: "Just two changes this time around: - wire up the new mlock2 syscall added during the last merge window - fix a build problem with certain configurations provoked by making CONFIG_OF user selectable" * 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm: ARM: 8454/1: OF implies OF_FLATTREE ARM: wire up mlock2 syscall
-
- 29 Nov, 2015 9 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pendingLinus Torvalds authored
Pull SCSI target fixes from Nicholas Bellinger: - fix tcm-user backend driver expired cmd time processing (agrover) - eliminate kref_put_spinlock_irqsave() for I/O completion (bart) - fix iscsi login kthread failure case hung task regression (nab) - fix COMPARE_AND_WRITE completion use-after-free race (nab) - fix COMPARE_AND_WRITE with SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC non zero SGL offset data corruption. (Jan + Doug) - fix >= v4.4-rc1 regression for tcm_qla2xxx enable configfs attribute (Himanshu + HCH) * git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: target/stat: print full t10_wwn.model buffer target: fix COMPARE_AND_WRITE non zero SGL offset data corruption qla2xxx: Fix regression introduced by target configFS changes kref: Remove kref_put_spinlock_irqsave() target: Invoke release_cmd() callback without holding a spinlock target: Fix race for SCF_COMPARE_AND_WRITE_POST checking iscsi-target: Fix rx_login_comp hang after login failure iscsi-target: return -ENOMEM instead of -1 in case of failed kmalloc() target/user: Do not set unused fields in tcmu_ops target/user: Fix time calc in expired cmd processing
-
git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linuxLinus Torvalds authored
Pull thermal management fixes from Zhang Rui: "Specifics: - several fixes and cleanups on Rockchip thermal drivers. - add the missing support of RK3368 SoCs in Rockchip driver. - small fixes on of-thermal, power_allocator, rcar driver, IMX, and QCOM drivers, and also compilation fixes, on thermal.h, when thermal is not selected" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux: imx: thermal: use CPU temperature grade info for thresholds thermal: fix thermal_zone_bind_cooling_device prototype Revert "thermal: qcom_spmi: allow compile test" thermal: rcar_thermal: remove redundant operation thermal: of-thermal: Reduce log level for message when can't fine thermal zone thermal: power_allocator: Use temperature reading from tz thermal: rockchip: Support the RK3368 SoCs in thermal driver thermal: rockchip: consistently use int for temperatures thermal: rockchip: Add the sort mode for adc value increment or decrement thermal: rockchip: improve the conversion function thermal: rockchip: trivial: fix typo in commit thermal: rockchip: better to compatible the driver for different SoCs dt-bindings: rockchip-thermal: Support the RK3368 SoCs compatible
-
David Disseldorp authored
Cut 'n paste error saw it only process sizeof(t10_wwn.vendor) characters. Signed-off-by: David Disseldorp <ddiss@suse.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
-
Jan Engelhardt authored
target_core_sbc's compare_and_write functionality suffers from taking data at the wrong memory location when writing a CAW request to disk when a SGL offset is non-zero. This can happen with loopback and vhost-scsi fabric drivers when SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC is used to map existing user-space SGL memory into COMPARE_AND_WRITE READ/WRITE payload buffers. Given the following sample LIO subtopology, % targetcli ls /loopback/ o- loopback ................................. [1 Target] o- naa.6001405ebb8df14a ....... [naa.60014059143ed2b3] o- luns ................................... [2 LUNs] o- lun0 ................ [iblock/ram0 (/dev/ram0)] o- lun1 ................ [iblock/ram1 (/dev/ram1)] % lsscsi -g [3:0:1:0] disk LIO-ORG IBLOCK 4.0 /dev/sdc /dev/sg3 [3:0:1:1] disk LIO-ORG IBLOCK 4.0 /dev/sdd /dev/sg4 the following bug can be observed in Linux 4.3 and 4.4~rc1: % perl -e 'print chr$_ for 0..255,reverse 0..255' >rand % perl -e 'print "\0" x 512' >zero % cat rand >/dev/sdd % sg_compare_and_write -i rand -D zero --lba 0 /dev/sdd % sg_compare_and_write -i zero -D rand --lba 0 /dev/sdd Miscompare reported % hexdump -Cn 512 /dev/sdd 00000000 0f 0e 0d 0c 0b 0a 09 08 07 06 05 04 03 02 01 00 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 * 00000200 Rather than writing all-zeroes as instructed with the -D file, it corrupts the data in the sector by splicing some of the original bytes in. The page of the first entry of cmd->t_data_sg includes the CDB, and sg->offset is set to a position past the CDB. I presume that sg->offset is also the right choice to use for subsequent sglist members. Signed-off-by: Jan Engelhardt <jengelh@netitwork.de> Tested-by: Douglas Gilbert <dgilbert@interlog.com> Cc: <stable@vger.kernel.org> # v3.12+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
-
Himanshu Madhani authored
this patch fixes following regression # targetcli [Errno 13] Permission denied: '/sys/kernel/config/target/qla2xxx/21:00:00:0e:1e:08:c7:20/tpgt_1/enable' Fixes: 2eafd729 ("target: use per-attribute show and store methods") Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Signed-off-by: Giridhar Malavali <giridhar.malavali@qlogic.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
-
Bart Van Assche authored
The last user is gone. Hence remove this function. Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Christoph Hellwig <hch@lst.de> Cc: Joern Engel <joern@logfs.org> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
-
Bart Van Assche authored
This patch fixes the following kernel warning because it avoids that IRQs are disabled while ft_release_cmd() is invoked (fc_seq_set_resp() invokes spin_unlock_bh()): WARNING: CPU: 3 PID: 117 at kernel/softirq.c:150 __local_bh_enable_ip+0xaa/0x110() Call Trace: [<ffffffff814f71eb>] dump_stack+0x4f/0x7b [<ffffffff8105e56a>] warn_slowpath_common+0x8a/0xc0 [<ffffffff8105e65a>] warn_slowpath_null+0x1a/0x20 [<ffffffff81062b2a>] __local_bh_enable_ip+0xaa/0x110 [<ffffffff814ff229>] _raw_spin_unlock_bh+0x39/0x40 [<ffffffffa03a7f94>] fc_seq_set_resp+0xe4/0x100 [libfc] [<ffffffffa02e604a>] ft_free_cmd+0x4a/0x90 [tcm_fc] [<ffffffffa02e6972>] ft_release_cmd+0x12/0x20 [tcm_fc] [<ffffffffa042bd66>] target_release_cmd_kref+0x56/0x90 [target_core_mod] [<ffffffffa042caf0>] target_put_sess_cmd+0xc0/0x110 [target_core_mod] [<ffffffffa042cb81>] transport_release_cmd+0x41/0x70 [target_core_mod] [<ffffffffa042d975>] transport_generic_free_cmd+0x35/0x420 [target_core_mod] Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com> Acked-by: Joern Engel <joern@logfs.org> Reviewed-by: Andy Grover <agrover@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Hannes Reinecke <hare@suse.de> Cc: Sagi Grimberg <sagig@mellanox.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
-
Nicholas Bellinger authored
This patch addresses a race + use after free where the first stage of COMPARE_AND_WRITE in compare_and_write_callback() is rescheduled after the backend sends the secondary WRITE, resulting in second stage compare_and_write_post() callback completing in target_complete_ok_work() before the first can return. Because current code depends on checking se_cmd->se_cmd_flags after return from se_cmd->transport_complete_callback(), this results in first stage having SCF_COMPARE_AND_WRITE_POST set, which incorrectly falls through into second stage CAW processing code, eventually triggering a NULL pointer dereference due to use after free. To address this bug, pass in a new *post_ret parameter into se_cmd->transport_complete_callback(), and depend upon this value instead of ->se_cmd_flags to determine when to return or fall through into ->queue_status() code for CAW. Cc: Sagi Grimberg <sagig@mellanox.com> Cc: <stable@vger.kernel.org> # v3.12+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
-
Nicholas Bellinger authored
This patch addresses a case where iscsi_target_do_tx_login_io() fails sending the last login response PDU, after the RX/TX threads have already been started. The case centers around iscsi_target_rx_thread() not invoking allow_signal(SIGINT) before the send_sig(SIGINT, ...) occurs from the failure path, resulting in RX thread hanging indefinately on iscsi_conn->rx_login_comp. Note this bug is a regression introduced by: commit e5419865 Author: Nicholas Bellinger <nab@linux-iscsi.org> Date: Wed Jul 22 23:14:19 2015 -0700 iscsi-target: Fix iscsit_start_kthreads failure OOPs To address this bug, complete ->rx_login_complete for good measure in the failure path, and immediately return from RX thread context if connection state did not actually reach full feature phase (TARG_CONN_STATE_LOGGED_IN). Cc: Sagi Grimberg <sagig@mellanox.com> Cc: <stable@vger.kernel.org> # v3.10+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
-