- 14 Dec, 2016 1 commit
-
-
Jiri Kosina authored
Merge branches 'for-4.10/asus', 'for-4.10/cp2112', 'for-4.10/i2c-hid-nopower', 'for-4.10/intel-ish', 'for-4.10/mayflash', 'for-4.10/microsoft-surface-3', 'for-4.10/multitouch', 'for-4.10/sony', 'for-4.10/udraw-ps3', 'for-4.10/upstream' and 'for-4.10/wacom/generic' into for-linus
-
- 12 Dec, 2016 3 commits
-
-
Benjamin Tissoires authored
commit ba18a931 ("Revert "HID: i2c-hid: Add support for ACPI GPIO interrupts"") removed the need for storing the irq in struct i2c_hid. But then commit de3c99488609 ("HID: i2c-hid: Disable IRQ before freeing buffers") forgot to update the location of the irq. Fix this by using the actual I2C client irq. Reported-by:
kbuild test robot <fengguang.wu@intel.com> Signed-off-by:
Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by:
Jiri Kosina <jkosina@suse.cz>
-
Jiri Kosina authored
Add a forgotten include that I've by mistake omitted when resolving merge conflict in ead0687fe30 ("HID: i2c-hid: support regulator power on/off"). Fixes: ead0687fe30 ("HID: i2c-hid: support regulator power on/off") Reported-by: -
João Paulo Rechi Vita authored
The HID report buffers that are initially allocated on i2c_hid_probe() might not be big enough to hold the HID reports from a specific device, in which case they will be freed and new ones will be allocated in i2c_hid_start(), at point which the device's report size is known. But at this point ihid->irq is already running, and may call i2c_hid_get_input() which passes ihid->inbuf to i2c_master_recv(). Since this handler runs in a separate thread, ihid->inbuf may be freed at this very moment, and i2c_master_recv() will write on memory which may be already owned by a different part of the kernel, corrupting its data. This problem has been observed on an Asus UX360UA laptop which has an I2C touchpad, and results in a complete system freeze or an unusable slowness with a lof of "BUG: unable to handle kernel paging request at <address>" warnings. Enabling SLUB debugging shows a use-after-free warning on memory allocated in i2c_hid_alloc_buffers() and freed in i2c_hid_free_buffers(): ============================================================================= BUG kmalloc-64 (Not tainted): Poison overwritten ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: 0xffff880264083273-0xffff88026408329e. first byte 0x0 instead of 0x6b INFO: Allocated in i2c_hid_alloc_buffers+0x25/0xa0 [i2c_hid] age=35793 cpu=2 pid=430 ___slab_alloc+0x41e/0x460 __slab_alloc+0x20/0x40 __kmalloc+0x210/0x280 i2c_hid_alloc_buffers+0x25/0xa0 [i2c_hid] i2c_hid_probe+0x12f/0x5e0 [i2c_hid] i2c_device_probe+0x10a/0x1b0 driver_probe_device+0x220/0x4a0 __device_attach_driver+0x71/0xa0 bus_for_each_drv+0x67/0xb0 __device_attach+0xdc/0x170 device_initial_probe+0x13/0x20 bus_probe_device+0x92/0xa0 device_add+0x4aa/0x670 device_register+0x1a/0x20 i2c_new_device+0x18e/0x230 acpi_i2c_add_device+0x1a0/0x210 INFO: Freed in i2c_hid_free_buffers+0x16/0x60 [i2c_hid] age=7552 cpu=1 pid=1473 __slab_free+0x221/0x330 kfree+0x139/0x160 i2c_hid_free_buffers+0x16/0x60 [i2c_hid] i2c_hid_start+0x2a9/0x2df [i2c_hid] mt_probe+0x160/0x22e [hid_multitouch] hid_device_probe+0xd7/0x150 [hid] driver_probe_device+0x220/0x4a0 __driver_attach+0x84/0x90 bus_for_each_dev+0x6c/0xc0 driver_attach+0x1e/0x20 bus_add_driver+0x1c3/0x280 driver_register+0x60/0xe0 __hid_register_driver+0x53/0x90 [hid] 0xffffffffc004f01e do_one_initcall+0xb3/0x1f0 do_init_module+0x5f/0x1d0 INFO: Slab 0xffffea0009902080 objects=20 used=20 fp=0x (null) flags=0x17fff8000004080 INFO: Object 0xffff880264083260 @offset=4704 fp=0x (null) Bytes b4 ffff880264083250: 8d e6 fe ff 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a ........ZZZZZZZZ Object ffff880264083260: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object ffff880264083270: 6b 6b 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 kkk............. Object ffff880264083280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff880264083290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Redzone ffff8802640832a0: bb bb bb bb bb bb bb bb ........ Padding ffff8802640833e0: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ CPU: 1 PID: 1503 Comm: python3 Tainted: G B 4.4.21+ #10 Hardware name: ASUSTeK COMPUTER INC. UX360UA/UX360UA, BIOS UX360UA.200 05/05/2016 0000000000000086 00000000622d48a2 ffff88026061ba38 ffffffff813f6044 ffff880264082010 ffff880264083260 ffff88026061ba78 ffffffff811e8eab 0000000000000008 ffff880200000001 ffff88026408329f ffff88026a007700 Call Trace: [<ffffffff813f6044>] dump_stack+0x63/0x8f [<ffffffff811e8eab>] print_trailer+0x14b/0x1f0 [<ffffffff811e94c1>] check_bytes_and_report+0xc1/0x100 [<ffffffff811e96c4>] check_object+0x1c4/0x240 [<ffffffff81293fde>] ? ext4_htree_store_dirent+0x3e/0x120 [<ffffffff811e9b44>] alloc_debug_processing+0x104/0x180 [<ffffffff811eb7be>] ___slab_alloc+0x41e/0x460 [<ffffffff81293fde>] ? ext4_htree_store_dirent+0x3e/0x120 [<ffffffff8124590b>] ? __getblk_gfp+0x2b/0x60 [<ffffffff8129b969>] ? ext4_getblk+0xa9/0x190 [<ffffffff811eb820>] __slab_alloc+0x20/0x40 [<ffffffff811ed320>] __kmalloc+0x210/0x280 [<ffffffff81293fde>] ? ext4_htree_store_dirent+0x3e/0x120 [<ffffffff812c1602>] ? ext4fs_dirhash+0xc2/0x2a0 [<ffffffff81293fde>] ext4_htree_store_dirent+0x3e/0x120 [<ffffffff812a4f47>] htree_dirblock_to_tree+0x187/0x1b0 [<ffffffff812a5fd2>] ext4_htree_fill_tree+0xb2/0x2e0 [<ffffffff811ebb7a>] ? kmem_cache_alloc_trace+0x1fa/0x220 [<ffffffff81293e45>] ? ext4_readdir+0x775/0x8b0 [<ffffffff81293cb1>] ext4_readdir+0x5e1/0x8b0 [<ffffffff81221c82>] iterate_dir+0x92/0x120 [<ffffffff81222118>] SyS_getdents+0x98/0x110 [<ffffffff81221d10>] ? iterate_dir+0x120/0x120 [<ffffffff818157f2>] entry_SYSCALL_64_fastpath+0x16/0x71 FIX kmalloc-64: Restoring 0xffff880264083273-0xffff88026408329e=0x6b FIX kmalloc-64: Marking all objects used Signed-off-by:
João Paulo Rechi Vita <jprvita@endlessm.com> Reviewed-by:
-
- 09 Dec, 2016 5 commits
-
-
Pan Bian authored
Function hid_post_reset() should return negative error codes on failures. However, in its implementation, it incorrectly returns 1. This patch fixes the bug, returning proper error codes on failures. Signed-off-by:
Pan Bian <bianpan2016@163.com> Signed-off-by:
-
Ping Cheng authored
post input_sync only when there are input events posted Signed-off-by:
Ping Cheng <ping.cheng@wacom.com> Reviewed-By:
Jason Gerecke <jason.gerecke@wacom.com> Signed-off-by:
-
Ping Cheng authored
Make sure everything reported from pad are registered Signed-off-by:
-
Ping Cheng authored
Sometime valid events may not be supported by the driver yet. Make sure we don't process them when the code is not ready. This fix prevents a kernel panic due to unsupported HID events. Signed-off-by:
-
Ping Cheng authored
It is unnecessary to return a value since nothing is expecting a value from it. Signed-off-by:
-
- 02 Dec, 2016 1 commit
-
-
Rasmus Villemoes authored
We have the %pU printf extension for doing exactly this. Saves some .text, and is likely also a little faster. Signed-off-by:
Rasmus Villemoes <linux@rasmusvillemoes.dk> Reviewed-by:
Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> Signed-off-by:
-
- 30 Nov, 2016 1 commit
-
-
Jiri Kosina authored
Since the gpio-as-irq support has been added, the driver now depends on proper support being available in gpiolib. Fixes: 13de9cca ("HID: cp2112: add IRQ chip handling") Reported-by:
-
- 29 Nov, 2016 3 commits
-
-
Brendan McGrath authored
Update the hid-asus module to add multitouch support for the Asus i2c touchpad. This patch aims to resolve the issue raised here: https://bugzilla.kernel.org/show_bug.cgi?id=120181 The issue is in relation to an Asus touchpad device which currently does not have multitouch support. The device currently falls through to the hid-generic driver which treats the device as a mouse. This patch aims to add the multitouch support. [jkosina@suse.cz: move most of the 'patch comment' into actual changelog] [jkosina@suse.cz: drop hunk that changes ->name of the driver] Reviewed-by:
Brendan McGrath <redmcg@redmandi.dyndns.org> Signed-off-by:
Victor Vlasenko <victor.vlasenko@sysgears.com> Signed-off-by:
Frederik Wenigwieser <frederik.wenigwieser@gmail.com> Signed-off-by:
-
Srinivas Pandruvada authored
Although unlikely but it is possible that when a connect or disconnect request is issued to the firmware, before the response comes, user terminates the client session. In this case when the response is arrived there is no matching client instance in the list of currently active clients. In this case, don't issue call to wake up a waiting client. Signed-off-by:
-
Roderick Colenbrander authored
Add support for USB based DS4 dongle device, which allows connecting a DS4 through Bluetooth, but hides Bluetooth from the host system. Signed-off-by:
Roderick Colenbrander <roderick.colenbrander@sony.com> Signed-off-by:
-
- 28 Nov, 2016 11 commits
-
-
Roderick Colenbrander authored
The DS4 side of hid-sony used the hid-core layer to assign buttons and axes based on the HID report descriptors. The default mapping was strange e.g. right stick using ABS_Z/ABS_RZ or the physical 'south button' being reported as BTN_EAST etcetera. This patch makes the DS4 side ofi the hid-sony driver comply to the Linux game controller spec as suggested in a discussion with Dmitry on the linux-input list. Currently the main user of the DS4 is the SDL2 library, which has a mapping table using vendor/device/version as a key. In order to not break SDL2 we discussed adjusting the version number, so it can have both mappings. This was discust on linux-input and we discussed privately with SDL2 developers. Signed-off-by:
-
Roderick Colenbrander authored
The dualshock 4 supports both analog sticks of which one uses ABS_X/_Y and a touchpad. In a recent discussion with Dmitry about some input-mt changes we proposed for disabling pointer emulation from input_mt_sync_frame, Dmitry mentioned ABS_X/_Y should report the same data as ABS_MT_POSITION_X/_Y. The current driver is mixing axes for different subdevices. It was suggested to make the touchpad its own sub-device. This patch turns the touchpad into its own device. In addition this patch also moves the button underneath the touchpad into the new device. It felt like this button should be part of the device. No known user space application (not even SDL2) seems to be using it. Signed-off-by:
-
Roderick Colenbrander authored
A previous patch moved most input initialization from sony_probe to sony_input_configured to avoid some race conditions. The driver has some special logic to prevent the device to get registered twice in case the user connects it both over Bluetooth and USB. When this condition happens sony_input_configured returns a failure, but sony_probe continues as hid_hw_start doesn't fail. As was discussed on linux-input, it is acceptable for this function to fail. This patch adds a check for the HID_CLAIMED_INPUT flag within sony_probe to determine whether initialization succeeded correctly. The flag is not set by the HID layer when sony_input_configured fails. Signed-off-by:
-
Benjamin Tissoires authored
The GPIO part doesn't provide interrupts when GPIO are toggled. So use a polling mechanism if someone requests a GPIO as an IRQ. Signed-off-by:
-
Benjamin Tissoires authored
Instead of forcing the level trigger of the IRQ, we can count on ACPI or OF to set it up for us. The first release of the HID over I2C specification mentioned that the level trigger needed to be active low. In the latest version of the specification, there is no such explicit mention, so it's better to not assume one. Signed-off-by:
-
Benjamin Tissoires authored
We already have in place a quirk for Windows 8 devices, but it looks like the Surface Cover are not conforming to it. Given that we are only interested in 3 feature reports (the ones that the Windows driver retrieves), we should be safe to unconditionally apply the quirk to everybody. In case there is an issue with a controller, we can always mark it as such in the transport driver, and hid-multitouch won't try to retrieve the feature report. Signed-off-by:
-
Benjamin Tissoires authored
There is no reasons to filter out keyboard and consumer control collections in hid-multitouch. With the previous hid-input fix, there is now a full support of the Type Cover and we can remove all specific bits from hid-core and hid-microsoft. hid-multitouch will automatically set HID_QUIRK_NO_INIT_REPORTS so we can also remove it from the list of ushbid quirks. Signed-off-by:
-
Benjamin Tissoires authored
The purpose of HID_QUIRK_MULTI_INPUT is to have an input device per report id. This is useful when the HID device presents several HID collections of different device types. The current implementation of hid-input creates one input node per id per type (input or output). This is problematic for the LEDs of a keyboard as they are often set through an output report. The current code creates one input node with all the keyboard keys, and one other with only the LEDs. To solve this, we use a two-passes way: - first, we initialize all input nodes and associate one per report id - then, we register all the input nodes Signed-off-by:
-
Benjamin Tissoires authored
According to https://msdn.microsoft.com/en-us/library/windows/hardware/mt604195(v=vs.85).aspx external buttons have some weird usage mapping: - Button 2 Indicates Button State for external button for primary (default left) clicking. - Button 3 Indicates Button State for external button for secondary (default right) clicking. So in the current state, the buttons are mapped to right and middle. Move the usage by one to correctly map the external buttons. Tested-by:
Chris Chiu <chiu@endlessm.com> Signed-off-by:
-
Benjamin Tissoires authored
One more device requiring a quirk :/ Reported-by:
Christian-Nils Boda <christian-nils.boda@gadz.org> Signed-off-by:
-
Benjamin Tissoires authored
One more device requiring a quirk :/ [jkosina@suse.cz: update comment based on Bastien's remark] Signed-off-by:
Bastien Nocera <hadess@hadess.net> Signed-off-by:
-
- 24 Nov, 2016 2 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hidLinus Torvalds authored
Pull HID fixes from Jiri Kosina: - DMA-on-stack fixes for a couple drivers, from Benjamin Tissoires - small memory sanitization fix for sensor-hub driver, from Song Hongyan * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: hid-sensor-hub: clear memory to avoid random data HID: rmi: make transfer buffers DMA capable HID: magicmouse: make transfer buffers DMA capable HID: lg: make transfer buffers DMA capable HID: cp2112: make transfer buffers DMA capable
-
Nicolas Schichan authored
Otherwise each individual rotator char would be printed in a new line: (...) [ 0.642350] - [ 0.644374] | [ 0.646367] - (...) Signed-off-by:
Nicolas Schichan <nicolas.schichan@gmail.com> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
- 23 Nov, 2016 11 commits
-
-
git://git.linux-nfs.org/projects/anna/linux-nfsLinus Torvalds authored
Pull NFS client bugfixes from Anna Schumaker: "Most of these fix regressions or races, but there is one patch for stable that Arnd sent me Stable bugfix: - Hide array-bounds warning Bugfixes: - Keep a reference on lock states while checking - Handle NFS4ERR_OLD_STATEID in nfs4_reclaim_open_state - Don't call close if the open stateid has already been cleared - Fix CLOSE rases with OPEN - Fix a regression in DELEGRETURN" * tag 'nfs-for-4.9-4' of git://git.linux-nfs.org/projects/anna/linux-nfs: NFSv4.x: hide array-bounds warning NFSv4.1: Keep a reference on lock states while checking NFSv4.1: Handle NFS4ERR_OLD_STATEID in nfs4_reclaim_open_state NFSv4: Don't call close if the open stateid has already been cleared NFSv4: Fix CLOSE races with OPEN NFSv4.1: Fix a regression in DELEGRETURN
-
git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tileLinus Torvalds authored
Pull arch/tile bugfix from Chris Metcalf: "This fixes a bug that causes reboots after 208 days of uptime :-)" * 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile: tile: avoid using clocksource_cyc2ns with absolute cycle count
-
Chris Metcalf authored
For large values of "mult" and long uptimes, the intermediate result of "cycles * mult" can overflow 64 bits. For example, the tile platform calls clocksource_cyc2ns with a 1.2 GHz clock; we have mult = 853, and after 208.5 days, we overflow 64 bits. Since clocksource_cyc2ns() is intended to be used for relative cycle counts, not absolute cycle counts, performance is more importance than accepting a wider range of cycle values. So, just use mult_frac() directly in tile's sched_clock(). Commit 4cecf6d4 ("sched, x86: Avoid unnecessary overflow in sched_clock") by Salman Qazi results in essentially the same generated code for x86 as this change does for tile. In fact, a follow-on change by Salman introduced mult_frac() and switched to using it, so the C code was largely identical at that point too. Peter Zijlstra then added mul_u64_u32_shr() and switched x86 to use it. This is, in principle, better; by optimizing the 64x64->64 multiplies to be 32x32->64 multiplies we can potentially save some time. However, the compiler piplines the 64x64->64 multiplies pretty well, and the conditional branch in the generic mul_u64_u32_shr() causes some bubbles in execution, with the result that it's pretty much a wash. If tilegx provided its own implementation of mul_u64_u32_shr() without the conditional branch, we could potentially save 3 cycles, but that seems like small gain for a fair amount of additional build scaffolding; no other platform currently provides a mul_u64_u32_shr() override, and tile doesn't currently have an <asm/div64.h> header to put the override in. Additionally, gcc currently has an optimization bug that prevents it from recognizing the opportunity to use a 32x32->64 multiply, and so the result would be no better than the existing mult_frac() until such time as the compiler is fixed. For now, just using mult_frac() seems like the right answer. Cc: stable@kernel.org [v3.4+] Signed-off-by:
Chris Metcalf <cmetcalf@mellanox.com>
-
Song Hongyan authored
When user tried to read some fields like hysteresis from IIO sysfs on some systems, it fails. The reason is that this field is a byte field and caller of sensor_hub_get_feature() passes a buffer of 4 bytes. Here the function sensor_hub_get_feature() copies the single byte from the report to the caller buffer and returns "1" as the number of bytes copied. So caller can use the return value. But this is done by multiple callers, so if we just change the sensor_hub_get_feature so that caller buffer is initialized with 0s then we don't to change all functions. Signed-off-by:
Song Hongyan <hongyan.song@intel.com> Acked-by:
Jonathan Cameron <jic23@kernel.org> Signed-off-by:
-
Daniel Keller authored
Adding support for not JP versions of the Microsoft Surface 4 Type Cover Pro [jkosina@suse.cz: The identical patch has been sent by Jeff Farthing, so I am including his signoff as well] Signed-off-by:
Jeff Farthing <jeff@jfarthing.com> Signed-off-by:
Daniel Keller <daniel.keller@gcd.de> Signed-off-by:
-
Benjamin Tissoires authored
Kernel v4.9 strictly enforces DMA capable buffers, so we need to remove buffers allocated on the stack. Signed-off-by:
-
Benjamin Tissoires authored
Kernel v4.9 strictly enforces DMA capable buffers, so we need to remove buffers allocated on the stack. Signed-off-by:
-
Benjamin Tissoires authored
Kernel v4.9 strictly enforces DMA capable buffers, so we need to remove buffers allocated on the stack. [jkosina@suse.cz: fix up second usage of hid_hw_raw_request(), spotted by 0day build bot] Signed-off-by:
-
Benjamin Tissoires authored
Kernel v4.9 strictly enforces DMA capable buffers, so we need to remove buffers allocated on the stack. Use a spinlock to prevent concurrent accesses to the buffer. Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull perf fixes from Ingo Molnar: "Six fixes for bugs that were found via fuzzing, and a trivial hw-enablement patch for AMD Family-17h CPU PMUs" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86/intel/uncore: Allow only a single PMU/box within an events group perf/x86/intel: Cure bogus unwind from PEBS entries perf/x86: Restore TASK_SIZE check on frame pointer perf/core: Fix address filter parser perf/x86: Add perf support for AMD family-17h processors perf/x86/uncore: Fix crash by removing bogus event_list[] handling for SNB client uncore IMC perf/core: Do not set cpuctx->cgrp for unscheduled cgroups
-
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Linus Torvalds authored
Pull crypto fixes from Herbert Xu: "The last push broke algif_hash for all shash implementations, so this is a follow-up to fix that. This also fixes a problem in the crypto scatterwalk that triggers a BUG_ON with certain debugging options due to the new vmalloced-stack code" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: scatterwalk - Remove unnecessary aliasing check in map_and_copy crypto: algif_hash - Fix result clobbering in recvmsg
-
- 22 Nov, 2016 2 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linuxLinus Torvalds authored
Pull thermal management fix from Zhang Rui: "We only have one urgent fix this time. Commit 3105f234 ("thermal/powerclamp: correct cpu support check"), which is shipped in 4.9-rc3, fixed a problem introduced by commit b721ca0d ("thermal/powerclamp: remove cpu whitelist"). But unfortunately, it broke intel_powerclamp driver module auto- loading at the same time. Thus we need this change to add back module auto-loading for 4.9" * 'for-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux: thermal/powerclamp: add back module device table
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsiLinus Torvalds authored
Pull SCSI fixes from James Bottomley: "Two small fixes. One prevents timeouts on mpt3sas when trying to use the secure erase protocol which causes the erase protocol to be aborted. The second is a regression in a prior fix which causes all commands to abort during PCI extended error recovery, which is incorrect because PCI EEH is independent from what's happening on the FC transport" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: qla2xxx: do not abort all commands in the adapter during EEH recovery scsi: mpt3sas: Fix secure erase premature termination
-
