- 09 Apr, 2021 28 commits
-
-
Hongren Zheng (Zenithal) authored
The old document for usbip protocol is misleading and hard to read: * Some fields in header are incorrect * Explanation of some fields are unclear or even wrong * Padding of header (namely all headers have the same length) is not explicitly pointed out, which is crucial for stream protocol like TCP Major changes: * Document the correct field as described in the codebase. * Document the padding in usbip headers. This is crucial for TCP stream hence these padding should be explicitly point out. In code these padding are implemented by a union of all headers. * Fix two FIXME related to usbip unlink and Document the behavior of unlink in different situation. * Clarify some field with more accurate explanation, like those fields associated with URB. Some constraints are extracted from code. * Delete specific transfer_flag doc in usbip as it should be documented by the URB doc in Documentation/driver-api/usb/URB.rst * Add data captured from wire as example Version change: From "PRELIMINARY DRAFT, MAY CONTAIN MISTAKES, 28 Jun 2011" To "Version 1, 31 Mar 2021" Co-developed-by:Alexandre Demers <alexandre.f.demers@gmail.com> Reviewed-by:
Randy Dunlap <rdunlap@infradead.org> Reviewed-by:
Shuah Khan <skhan@linuxfoundation.org> Signed-off-by:
Hongren Zheng <i@zenithal.me> Link: https://lore.kernel.org/r/YGNZHfmAbHO6fyAr@SunSigned-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Bixuan Cui authored
pm_runtime_get_sync will increment pm usage counter even it failed. thus a pairing decrement is needed. Fix it by replacing it with pm_runtime_resume_and_get to keep usage counter balanced. Reported-by:
Hulk Robot <hulkci@huawei.com> Signed-off-by:
Bixuan Cui <cuibixuan@huawei.com> Link: https://lore.kernel.org/r/20210408130831.56239-1-cuibixuan@huawei.comSigned-off-by:
-
Bixuan Cui authored
pm_runtime_get_sync will increment pm usage counter even it failed. thus a pairing decrement is needed. Fix it by replacing it with pm_runtime_resume_and_get to keep usage counter balanced. Reported-by:
-
Yang Yingliang authored
This driver's remove path calls cancel_delayed_work(). However, that function does not wait until the work function finishes. This means that the callback function may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling cancel_delayed_work_sync(), which ensures that the work is properly cancelled, no longer running, and unable to re-schedule itself. Reported-by:
Yang Yingliang <yangyingliang@huawei.com> Link: https://lore.kernel.org/r/20210407092947.3271507-1-yangyingliang@huawei.comSigned-off-by:
-
Zheng Yongjun authored
mutex lock can be initialized automatically with DEFINE_MUTEX() rather than explicitly calling mutex_init(). Reported-by:
Zheng Yongjun <zhengyongjun3@huawei.com> Link: https://lore.kernel.org/r/20210405101434.14878-1-zhengyongjun3@huawei.comSigned-off-by:
-
Colin Ian King authored
The call to platform_get_resource can potentially return a NULL pointer on failure, so add this check and return -EINVAL if it fails. Fixes: c4144247 ("usb: gadget: R8A66597 peripheral controller support.") Signed-off-by:
Colin Ian King <colin.king@canonical.com> Addresses-Coverity: ("Dereference null return") Link: https://lore.kernel.org/r/20210406184510.433497-1-colin.king@canonical.comSigned-off-by:
-
Heikki Krogerus authored
This patch adds the necessary PCI ID for Intel Alder Lake-M devices. Signed-off-by:
Heikki Krogerus <heikki.krogerus@linux.intel.com> Link: https://lore.kernel.org/r/20210408083144.69350-1-heikki.krogerus@linux.intel.comSigned-off-by:
-
Heikki Krogerus authored
The connectors may be registered after the ports, so the "connector" links need to be created for the ports also when ever a new connector gets registered. Signed-off-by:
-
Heikki Krogerus authored
Introducing usb_for_each_port(). It works the same way as usb_for_each_dev(), but instead of going through every USB device in the system, it walks through the USB ports in the system. Acked-by:
Alan Stern <stern@rowland.harvard.edu> Signed-off-by:
-
Heikki Krogerus authored
Creating link to the USB Type-C connector for every new port that is added when possible. Signed-off-by:
-
Heikki Krogerus authored
Adding functions that can be used to link/unlink ports - USB ports, TBT3/USB4 ports, DisplayPorts and so on - to the USB Type-C connectors they are attached to inside a system. The symlink that is created for the port device is named "connector". Initially only ACPI is supported. ACPI port object shares the _PLD (Physical Location of Device) with the USB Type-C connector that it's attached to. Signed-off-by:
-
Badhri Jagan Sridharan authored
power_supply_changed needs to be called to notify clients after the partner accepts the requested values for the pps case. Also, remove the redundant power_supply_changed at the end of the tcpm_reset_port as power_supply_changed is already called right after usb_type is changed. Fixes: f2a8aa05 ("typec: tcpm: Represent source supply through power_supply") Signed-off-by:
Badhri Jagan Sridharan <badhri@google.com> Cc: stable <stable@vger.kernel.org> Reviewed-by:
Adam Thomson <Adam.Thomson.Opensource@diasemi.com> Reviewed-by:
-
Badhri Jagan Sridharan authored
tcpm_pd_select_pps_apdo overwrites port->pps_data.min_volt, port->pps_data.max_volt, port->pps_data.max_curr even before port partner accepts the requests. This leaves incorrect values in current_limit and supply_voltage that get exported by "tcpm-source-psy-". Solving this problem by caching the request values in req_min_volt, req_max_volt, req_max_curr, req_out_volt, req_op_curr. min_volt, max_volt, max_curr gets updated once the partner accepts the request. current_limit, supply_voltage gets updated once local port's tcpm enters SNK_TRANSITION_SINK when the accepted current_limit and supply_voltage is enforced. Fixes: f2a8aa05 ("typec: tcpm: Represent source supply through power_supply") Signed-off-by:
-
Badhri Jagan Sridharan authored
tcpm_pd_build_request overwrites current_limit and supply_voltage even before port partner accepts the requests. This leaves stale values in current_limit and supply_voltage that get exported by "tcpm-source-psy-". Solving this problem by caching the request values of current limit/supply voltage in req_current_limit and req_supply_voltage. current_limit/supply_voltage gets updated once the port partner accepts the request. Fixes: f2a8aa05 ("typec: tcpm: Represent source supply through power_supply") Signed-off-by:
Guenter Roeck <linux@roeck-us.net> Reviewed-by:
-
Artur Petrosyan authored
When dwc2 core is in partial power down mode loading driver again causes driver fail. Because in that mode registers are not accessible. Added a flow of exiting the partial power down mode to avoid the driver reload failure. Acked-by:
Minas Harutyunyan <Minas.Harutyunyan@synopsys.com> Signed-off-by:
Artur Petrosyan <Arthur.Petrosyan@synopsys.com> Link: https://lore.kernel.org/r/20210408094615.8AE35A0094@mailhost.synopsys.comSigned-off-by:
-
Artur Petrosyan authored
Fixes the implementation of exiting from partial power down power saving mode when PC is resumed. Added port connection status checking which prevents exiting from Partial Power Down mode from _dwc2_hcd_resume() if not in Partial Power Down mode. Rearranged the implementation to get rid of many "if" statements. NOTE: Switch case statement is used for hibernation partial power down and clock gating mode determination. In this patch only Partial Power Down is implemented the Hibernation and clock gating implementations are planned to be added. Fixes: 6f6d7059 ("usb: dwc2: bus suspend/resume for hosts with DWC2_POWER_DOWN_PARAM_NONE") Cc: <stable@vger.kernel.org> Acked-by:
-
Artur Petrosyan authored
With current implementation the port power is being disabled, which is not required by the programming guide. Also, if there is a system which works only in "DWC2_POWER_DOWN_PARAM_NONE" (clock gating) mode the current implementation does not set Gate hclk bit in pcgctl register. Rearranges and updates the implementation of entering to partial power down power saving mode when PC is suspended to get rid of many "if" statements and removes disabling of port power. NOTE: Switch case statement is used for hibernation partial power down and clock gating mode determination. In this patch only Partial Power Down is implemented the Hibernation and clock gating implementations are planned to be added. Acked-by:
-
Artur Petrosyan authored
According to programming guide in host mode, port power must be turned on in session request interrupt handlers. Fixes: 21795c82 ("usb: dwc2: exit hibernation on session request") Cc: <stable@vger.kernel.org> Acked-by:
-
Artur Petrosyan authored
When core is in partial power down state and an external hub is connected, upper layer sends URB enqueue request, which results in port reset issue. Added exit from partial power down state to avoid port reset issue and process upper layer request correctly. Acked-by:
-
Artur Petrosyan authored
Before changing to connector B exiting from Partial Power Down is required. - Added exiting from Partial Power Down mode when connector ID status changes to "connId B". Because if connector ID status changed to B connector while core was in partial power down mode, HANG would accrue from a soft reset. Acked-by:
-
Artur Petrosyan authored
Adds Partial Power Down exiting flow when set port feature reset is received in suspended state. Acked-by:
-
Artur Petrosyan authored
Added flow of exiting Partial Power Down in "dwc2_port_resume()" function when core receives resume. NOTE: Switch case statement is used for hibernation partial power down and clock gating mode determination. In this patch only Partial Power Down is implemented the Hibernation and clock gating implementations are planned to be added. Acked-by:
-
Artur Petrosyan authored
Adds flow of entering Partial Power Down in "dwc2_port_suspend()" function when core receives suspend. NOTE: Switch case statement is used for hibernation partial power down and clock gating mode determination. In this patch only Partial Power Down is implemented the Hibernation and clock gating implementations are planned to be added. Acked-by:
-
Artur Petrosyan authored
Earlier "dwc2_port_suspend()" and "dwc2_port_resume()" functions were implemented without proper description and host or device mode difference. - Added "dwc2_port_suspend" and "dwc2_port_resume" functions to "core.h" header file. - Updated function description in documentation. Acked-by:
-
Artur Petrosyan authored
According to programming guide added host partial power down exit flow in wakeup detected interrupt handler. Acked-by:
-
Artur Petrosyan authored
These are wrapper functions which are calling device or host enter/exit partial power down functions. This change is done because we need to separate device and host partial power down functions as the programming flow has a lot of difference between host and device. With this update during partial power down exit driver relies on backup value of "GOTGCTL_CURMODE_HOST" to determine the mode of core before entering to PPD. Acked-by:
-
Artur Petrosyan authored
For host mode Partial Power Down entering and exiting separate functions are needed to implement the logic. Earlier the logic was implemented in one function. Which was confusing the readability. Also both host and device implementations were in the same function. - Added host partial power down functions which must be called by dwc2_enter_partial_power_down()/dwc2_exit_partial_power_down() functions. Added function names: dwc2_host_enter_partial_power_down() dwc2_host_exit_partial_power_down() NOTE: There is a checkpatch "CHECK" warning on "udelay(100)". The delay is needed to properly exit gadget Partial Power Down A delay less than 100 doesn't work. Acked-by:
-
Artur Petrosyan authored
For device mode Partial Power Down entering and exiting separate functions are needed to implement the logic. Earlier the logic was implemented in one function. Which was confusing the readability. Also both host and device implementations were in the same function. - Added device partial power down functions which must be called by dwc2_enter_partial_power_down()/dwc2_exit_partial_power_down() functions. - Added "in_ppd" flag in "dwc2_hsotg" struct to indicate the core state after entering into partial power down mode. Added function names: dwc2_gadget_enter_partial_power_down() dwc2_gadget_exit_partial_power_down() NOTE: There is a checkpatch "CHECK" warning on "udelay(100)". The delay is needed to properly exit gadget Partial Power Down A delay less than 100 doesn't work. Acked-by:
-
- 06 Apr, 2021 4 commits
-
-
Mathias Nyman authored
The same values are parsed several times from transfer and event TRBs by different functions in the same call path, all while processing one transfer event. As the TRBs are in DMA memory and can be accessed by the xHC host we want to avoid this to prevent double-fetch issues. To resolve this pass the already parsed values to the different functions in the path of parsing a transfer event Signed-off-by:
Mathias Nyman <mathias.nyman@linux.intel.com> Link: https://lore.kernel.org/r/20210406070208.3406266-5-mathias.nyman@linux.intel.comSigned-off-by:
-
Mathias Nyman authored
The Max Interrupters supported by the controller is given in a 10bit wide bitfield, but the driver uses a fixed 128 size array to index these interrupters. Klockwork reports a possible array out of bounds case which in theory is possible. In practice this hasn't been hit as a common number of Max Interrupters for new controllers is 8, not even close to 128. This needs to be fixed anyway Signed-off-by:
-
Mathias Nyman authored
Don't dereference ctrl_ctx before checking it's valid. Issue reported by Klockwork Signed-off-by:
-
Mathias Nyman authored
return if rhub->ports is null after rhub->ports = kcalloc_node() Klockwork reported issue Signed-off-by:
-
- 05 Apr, 2021 3 commits
-
-
Heikki Krogerus authored
This is only to make the handling of the class consistent with the two other susbsystems - the alt mode bus and the mux class. Signed-off-by:
-
Heikki Krogerus authored
Adding a header file for each subsystem - the connector class, alt mode bus and the class for the muxes. Signed-off-by:
-
Greg Kroah-Hartman authored
We want the USB fixes in here as well and it resolves a merge issue with xhci-mtk.c Signed-off-by:
-
- 04 Apr, 2021 2 commits
-
-
Linus Torvalds authored
-
Zheyu Ma authored
For each device, the nosy driver allocates a pcilynx structure. A use-after-free might happen in the following scenario: 1. Open nosy device for the first time and call ioctl with command NOSY_IOC_START, then a new client A will be malloced and added to doubly linked list. 2. Open nosy device for the second time and call ioctl with command NOSY_IOC_START, then a new client B will be malloced and added to doubly linked list. 3. Call ioctl with command NOSY_IOC_START for client A, then client A will be readded to the doubly linked list. Now the doubly linked list is messed up. 4. Close the first nosy device and nosy_release will be called. In nosy_release, client A will be unlinked and freed. 5. Close the second nosy device, and client A will be referenced, resulting in UAF. The root cause of this bug is that the element in the doubly linked list is reentered into the list. Fix this bug by adding a check before inserting a client. If a client is already in the linked list, don't insert it. The following KASAN report reveals it: BUG: KASAN: use-after-free in nosy_release+0x1ea/0x210 Write of size 8 at addr ffff888102ad7360 by task poc CPU: 3 PID: 337 Comm: poc Not tainted 5.12.0-rc5+ #6 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: nosy_release+0x1ea/0x210 __fput+0x1e2/0x840 task_work_run+0xe8/0x180 exit_to_user_mode_prepare+0x114/0x120 syscall_exit_to_user_mode+0x1d/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xae Allocated by task 337: nosy_open+0x154/0x4d0 misc_open+0x2ec/0x410 chrdev_open+0x20d/0x5a0 do_dentry_open+0x40f/0xe80 path_openat+0x1cf9/0x37b0 do_filp_open+0x16d/0x390 do_sys_openat2+0x11d/0x360 __x64_sys_open+0xfd/0x1a0 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xae Freed by task 337: kfree+0x8f/0x210 nosy_release+0x158/0x210 __fput+0x1e2/0x840 task_work_run+0xe8/0x180 exit_to_user_mode_prepare+0x114/0x120 syscall_exit_to_user_mode+0x1d/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xae The buggy address belongs to the object at ffff888102ad7300 which belongs to the cache kmalloc-128 of size 128 The buggy address is located 96 bytes inside of 128-byte region [ffff888102ad7300, ffff888102ad7380) [ Modified to use 'list_empty()' inside proper lock - Linus ] Link: https://lore.kernel.org/lkml/1617433116-5930-1-git-send-email-zheyuma97@gmail.com/Reported-and-tested-by:马哲宇 (Zheyu Ma) <zheyuma97@gmail.com> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
- 03 Apr, 2021 3 commits
-
-
git://github.com/openrisc/linuxLinus Torvalds authored
Pull OpenRISC fix from Stafford Horne: "Fix duplicate header include in Litex SOC driver" * tag 'for-linus' of git://github.com/openrisc/linux: soc: litex: Remove duplicated header file inclusion
-
git://git.kernel.dk/linux-blockLinus Torvalds authored
POull io_uring fix from Jens Axboe: "Just fixing a silly braino in a previous patch, where we'd end up failing to compile if CONFIG_BLOCK isn't enabled. Not that a lot of people do that, but kernel bot spotted it and it's probably prudent to just flush this out now before -rc6. Sorry about that, none of my test compile configs have !CONFIG_BLOCK" * tag 'io_uring-5.12-2021-04-03' of git://git.kernel.dk/linux-block: io_uring: fix !CONFIG_BLOCK compilation failure
-
Zhen Lei authored
The header file <linux/errno.h> is already included above and can be removed here. Signed-off-by:
Zhen Lei <thunder.leizhen@huawei.com> Signed-off-by:
Mateusz Holenko <mholenko@antmicro.com> Signed-off-by:
Stafford Horne <shorne@gmail.com>
-
