- 18 May, 2017 10 commits
-
-
Peter Ujfalusi authored
We have one register for each EP to set the maximum packet size for both TX and RX. If for example an RX programming would happen before the previous TX transfer finishes we would reset the TX packet side. To fix this issue, only modify the TX or RX part of the register. Fixes: 550a7375 ("USB: Add MUSB and TUSB support") Signed-off-by:
Peter Ujfalusi <peter.ujfalusi@ti.com> Tested-by:
Tony Lindgren <tony@atomide.com> Signed-off-by:
Bin Liu <b-liu@ti.com> Cc: stable <stable@vger.kernel.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Tony Lindgren authored
Commit d8e5f0ec ("usb: musb: Fix hardirq-safe hardirq-unsafe lock order error") caused a regression where musb keeps trying to enable host mode with no cable connected. This seems to be caused by the fact that now phy is enabled earlier, and we are wrongly trying to force USB host mode on an OTG port. The errors we are getting are "trying to suspend as a_idle while active". For ports configured as OTG, we should not need to do anything to try to force USB host mode on it's OTG port. Trying to force host mode in this case just seems to completely confuse the musb state machine. Let's fix the issue by making musb_host_setup() attempt to force the mode only if port_mode is configured for host mode. Fixes: d8e5f0ec ("usb: musb: Fix hardirq-safe hardirq-unsafe lock order error") Cc: Johan Hovold <johan@kernel.org> Cc: stable <stable@vger.kernel.org> Reported-by:
Laurent Pinchart <laurent.pinchart@ideasonboard.com> Reported-by:
-
Thomas Petazzoni authored
platform_get_irq() returns an error code, but the xhci-plat driver ignores it and always returns -ENODEV. This is not correct, and prevents -EPROBE_DEFER from being propagated properly. CC: <stable@vger.kernel.org> Signed-off-by:
Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by:
Mathias Nyman <mathias.nyman@linux.intel.com> Signed-off-by:
-
Mathias Nyman authored
In 4.11 TRB completion codes were renamed to match spec. Completion codes for command ring stopped and endpoint stopped were mixed, leading to failures while handling a stopped command ring. Use the correct completion code for command ring stopped events. Fixes: 0b7c105a ("usb: host: xhci: rename completion codes to match spec") Cc: <stable@vger.kernel.org> # 4.11 Signed-off-by:
-
Matthias Lange authored
There is no reason to restrict allocations to the first 16MB ISA DMA addresses. It is causing problems in a virtualization setup with enabled IOMMU (x86_64). The result is that USB is not working in the VM. CC: <stable@vger.kernel.org> Signed-off-by:
Matthias Lange <matthias.lange@kernkonzept.com> Signed-off-by:
-
Alan Stern authored
With threaded interrupts, bottom-half handlers are called with interrupts enabled. Therefore they can't safely use spin_lock(); they have to use spin_lock_irqsave(). Lockdep warns about a violation occurring in xhci_irq(): ========================================================= [ INFO: possible irq lock inversion dependency detected ] 4.11.0-rc8-dbg+ #1 Not tainted --------------------------------------------------------- swapper/7/0 just changed the state of lock: (&(&ehci->lock)->rlock){-.-...}, at: [<ffffffffa0130a69>] ehci_hrtimer_func+0x29/0xc0 [ehci_hcd] but this lock took another, HARDIRQ-unsafe lock in the past: (hcd_urb_list_lock){+.....} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(hcd_urb_list_lock); local_irq_disable(); lock(&(&ehci->lock)->rlock); lock(hcd_urb_list_lock); <Interrupt> lock(&(&ehci->lock)->rlock); *** DEADLOCK *** no locks held by swapper/7/0. the shortest dependencies between 2nd lock and 1st lock: -> (hcd_urb_list_lock){+.....} ops: 252 { HARDIRQ-ON-W at: __lock_acquire+0x602/0x1280 lock_acquire+0xd5/0x1c0 _raw_spin_lock+0x2f/0x40 usb_hcd_unlink_urb_from_ep+0x1b/0x60 [usbcore] xhci_giveback_urb_in_irq.isra.45+0x70/0x1b0 [xhci_hcd] finish_td.constprop.60+0x1d8/0x2e0 [xhci_hcd] xhci_irq+0xdd6/0x1fa0 [xhci_hcd] usb_hcd_irq+0x26/0x40 [usbcore] irq_forced_thread_fn+0x2f/0x70 irq_thread+0x149/0x1d0 kthread+0x113/0x150 ret_from_fork+0x2e/0x40 This patch fixes the problem. Signed-off-by:Alan Stern <stern@rowland.harvard.edu> Reported-and-tested-by:
Bart Van Assche <bart.vanassche@sandisk.com> CC: <stable@vger.kernel.org> Signed-off-by:
-
Peter Chen authored
According to xHCI spec Figure 30: Interrupt Throttle Flow Diagram If PCI Message Signaled Interrupts (MSI or MSI-X) are enabled, then the assertion of the Interrupt Pending (IP) flag in Figure 30 generates a PCI Dword write. The IP flag is automatically cleared by the completion of the PCI write. the MSI enabled HCs don't need to clear interrupt pending bit, but hcd->irq = 0 doesn't equal to MSI enabled HCD. At some Dual-role controller software designs, it sets hcd->irq as 0 to avoid HCD requesting interrupt, and they want to decide when to call usb_hcd_irq by software. Signed-off-by:Peter Chen <peter.chen@nxp.com> Signed-off-by:
-
Peter Chen authored
According to xHCI ch4.20 Scratchpad Buffers, the Scratchpad Buffer needs to be zeroed. ... The following operations take place to allocate Scratchpad Buffers to the xHC: ... b. Software clears the Scratchpad Buffer to '0' Cc: stable <stable@vger.kernel.org> Signed-off-by: -
Mathias Nyman authored
Intel Denverton microserver is Atom based and need the PME and CAS quirks as well. Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Mathias Nyman authored
Don't access any members of a URB after giving it back. URB might be freed by then already. Signed-off-by:
-
- 17 May, 2017 20 commits
-
-
Johan Hovold authored
Use the new define for the maximum number of SuperSpeed ports instead of a constant when allocating xHCI root hubs. Signed-off-by:
Johan Hovold <johan@kernel.org> Signed-off-by:
-
Johan Hovold authored
Add define for the maximum number of ports on a SuperSpeed hub as per USB 3.1 spec Table 10-5, and use it when verifying the retrieved hub descriptor. This specifically avoids benign attempts to update the DeviceRemovable mask for non-existing ports (should we get that far). Fixes: dbe79bbe ("USB 3.0 Hub Changes") Acked-by:
-
Johan Hovold authored
Add missing sanity check on the non-SuperSpeed hub-descriptor length in order to avoid parsing and leaking two bytes of uninitialised slab data through sysfs removable-attributes (or a compound-device debug statement). Note that we only make sure that the DeviceRemovable field is always present (and specifically ignore the unused PortPwrCtrlMask field) in order to continue support any hubs with non-compliant descriptors. As a further safeguard, the descriptor buffer is also cleared. Fixes: 1da177e4 ("Linux-2.6.12-rc2") Cc: stable <stable@vger.kernel.org> # 2.6.12 Signed-off-by:
-
Johan Hovold authored
A SuperSpeed hub descriptor does not have any variable-length fields so bail out when reading a short descriptor. This avoids parsing and leaking two bytes of uninitialised slab data through sysfs removable-attributes. Fixes: dbe79bbe ("USB 3.0 Hub Changes") Cc: stable <stable@vger.kernel.org> # 2.6.39 Cc: John Youn <John.Youn@synopsys.com> Acked-by:
-
Johan Hovold authored
Fix up the root-hub descriptor to accommodate the variable-length DeviceRemovable and PortPwrCtrlMask fields, while marking all ports as removable (and leaving the reserved bit zero unset). Also add a build-time constraint on VHCI_HC_PORTS which must never be greater than USB_MAXCHILDREN (but this was only enforced through a KConfig constant). This specifically fixes the descriptor layout whenever VHCI_HC_PORTS is greater than seven (default is 8). Fixes: 04679b34 ("Staging: USB/IP: add client driver") Cc: Takahiro Hirofuchi <hirofuchi@users.sourceforge.net> Cc: Valentina Manea <valentina.manea.m@gmail.com> Signed-off-by:
Shuah Khan <shuahkh@osg.samsung.com> Signed-off-by:
-
Johan Hovold authored
Flag the first and only port as removable while also leaving the remaining bits (including the reserved bit zero) unset in accordance with the specifications: "Within a byte, if no port exists for a given location, the bit field representing the port characteristics shall be 0." Also add a comment marking the legacy PortPwrCtrlMask field. Fixes: 1cd8fd28 ("usb: gadget: dummy_hcd: add SuperSpeed support") Fixes: 1da177e4 ("Linux-2.6.12-rc2") Cc: Tatyana Brokhman <tlinder@codeaurora.org> Signed-off-by:
-
Markus Heiser authored
Even if this file is not yet included in any toctree, it is parsed by Sphinx since it is named '.rst'. This patch fixes the following two ERRORs from Sphinx build: Documentation/usb/typec.rst:116: ERROR: Error in "kernel-doc" directive: invalid option block. .. kernel-doc:: drivers/usb/typec/typec.c :functions: typec_register_cable typec_unregister_cable typec_register_plug typec_unregister_plug Documentation/usb/typec.rst:139: ERROR: Error in "kernel-doc" directive: invalid option block. .. kernel-doc:: drivers/usb/typec/typec.c :functions: typec_set_data_role typec_set_pwr_role typec_set_vconn_role typec_set_pwr_opmode Signed-off-by:
Markus Heiser <markus.heiser@darmarit.de> Signed-off-by:
-
Johan Hovold authored
Document that the new companion-device lookup helper takes a reference to the companion device which needs to be dropped after use. Signed-off-by:
-
Johan Hovold authored
Make sure do drop the reference taken to the companion device during resume. Fixes: d4d75128 ("usb: host: ehci-platform: fix usb 1.1 device is not connected in system resume") Cc: stable <stable@vger.kernel.org> # 4.11 Signed-off-by:
Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com> Acked-by:
-
Chris Brandt authored
If multiple endpoints on a single device have pending IN URBs and one endpoint times out due to NAKs (perfectly legal), select a different endpoint URB to try. The existing code only checked to see another device address has pending URBs and ignores other IN endpoints on the current device address. This leads to endpoints never getting serviced if one endpoint is using NAK as a flow control method. Fixes: 5d304358 ("usb: r8a66597-hcd: host controller driver for R8A6659") Signed-off-by:
Chris Brandt <chris.brandt@renesas.com> Signed-off-by:
-
Chris Brandt authored
The timeout for BULK packets was 300ms which is a long time if other endpoints or devices are waiting for their turn. Changing it to 50ms greatly increased the overall performance for multi-endpoint devices. Fixes: 5d304358 ("usb: r8a66597-hcd: host controller driver for R8A6659") Signed-off-by:
-
Anton Bondarenko authored
Free memory allocated for address0_mutex if allocation of bandwidth_mutex failed. Fixes: feb26ac3 ("usb: core: hub: hub_port_init lock controller instead of bus") Signed-off-by:
Anton Bondarenko <anton.bondarenko.sama@gmail.com> Acked-by:
-
Johan Hovold authored
Drop erroneous le16_to_cpu when returning the USB device speed which is already in host byte order. Found using sparse: warning: cast to restricted __le16 Fixes: 946b960d ("USB: add driver for iowarrior devices.") Cc: stable <stable@vger.kernel.org> # 2.6.21 Signed-off-by:
-
Johan Hovold authored
Add missing endianness conversion when applying the Alea timeout quirk. Found using sparse: warning: restricted __le16 degrades to integer Fixes: e4a886e8 ("hwrng: chaoskey - Fix URB warning due to timeout on Alea") Cc: stable <stable@vger.kernel.org> # 4.8 Cc: Bob Ham <bob.ham@collabora.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Keith Packard <keithp@keithp.com> Signed-off-by:
-
Jiri Slaby authored
After commit d705ff38 (tty: vt, cleanup and document con_scroll), in the coccinelle output, we can see: drivers/usb/misc/sisusbvga/sisusb_con.c:852:8-9: WARNING: return of 0/1 in function 'sisusbcon_scroll_area' with return type bool Return true instead of 1 in the function returning bool which was intended to do in d705ff38 but omitted. Signed-off-by:
Jiri Slaby <jslaby@suse.cz> Fixes: d705ff38 (tty: vt, cleanup and document con_scroll) Cc: Thomas Winischhofer <thomas@winischhofer.net> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: linux-usb@vger.kernel.org Signed-off-by:
-
Johan Hovold authored
Add missing endianness conversion when using the USB device-descriptor idProduct field to apply a hardware quirk. Fixes: 1ba47da5 ("uwb: add the i1480 DFU driver") Cc: stable <stable@vger.kernel.org> # 2.6.28 Signed-off-by:
-
Maksim Salau authored
get_version_reply is not freed if function returns with success. Fixes: 942a4873 ("usb: misc: legousbtower: Fix buffers on stack") Reported-by:
Heikki Krogerus <heikki.krogerus@linux.intel.com> Signed-off-by:
Maksim Salau <maksim.salau@gmail.com> Signed-off-by:
-
Vamsi Krishna Samavedam authored
Format specifier %p can leak kernel addresses while not valuing the kptr_restrict system settings. When kptr_restrict is set to (1), kernel pointers printed using the %pK format specifier will be replaced with Zeros. Debugging Note : &pK prints only Zeros as address. If you need actual address information, write 0 to kptr_restrict. echo 0 > /proc/sys/kernel/kptr_restrict [Found by poking around in a random vendor kernel tree, it would be nice if someone would actually send these types of patches upstream - gkh] Signed-off-by:
Vamsi Krishna Samavedam <vskrishn@codeaurora.org> Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Alan Stern authored
The ene_usb6250 sub-driver in usb-storage does USB I/O to buffers on the stack, which doesn't work with vmapped stacks. This patch fixes the problem by allocating a separate 512-byte buffer at probe time and using it for all of the offending I/O operations. Signed-off-by:
Andreas Hartmann <andihartmann@01019freenet.de> CC: <stable@vger.kernel.org> Signed-off-by:
-
Greg Kroah-Hartman authored
Merge tag 'fixes-for-v4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus Felipe writes: usb: fixes for v4.12-rc2 - New device ID for Intel Canonlake CPUs - fix for Isochronous performance regression on dwc3 - fix for out-of-bounds access on comp_desc on f_fs - fix for lost events on dwc3 in case of spurious interrupts
-
- 16 May, 2017 6 commits
-
-
Pan Bian authored
Function devm_clk_get() returns an ERR_PTR when it fails. However, in function kdwc3_probe(), its return value is not checked, which may result in a bad memory access bug. This patch fixes the bug. Signed-off-by:
Pan Bian <bianpan2016@163.com> Signed-off-by:
Felipe Balbi <felipe.balbi@linux.intel.com>
-
William Wu authored
Companion descriptor is only used for SuperSpeed endpoints, if the endpoints are HighSpeed or FullSpeed, the Companion descriptor will not allocated, so we can only access it if gadget is SuperSpeed. I can reproduce this issue on Rockchip platform rk3368 SoC which supports USB 2.0, and use functionfs for ADB. Kernel build with CONFIG_KASAN=y and CONFIG_SLUB_DEBUG=y report the following BUG: ================================================================== BUG: KASAN: slab-out-of-bounds in ffs_func_set_alt+0x224/0x3a0 at addr ffffffc0601f6509 Read of size 1 by task swapper/0/0 ============================================================================ BUG kmalloc-256 (Not tainted): kasan: bad access detected ---------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: Allocated in ffs_func_bind+0x52c/0x99c age=1275 cpu=0 pid=1 alloc_debug_processing+0x128/0x17c ___slab_alloc.constprop.58+0x50c/0x610 __slab_alloc.isra.55.constprop.57+0x24/0x34 __kmalloc+0xe0/0x250 ffs_func_bind+0x52c/0x99c usb_add_function+0xd8/0x1d4 configfs_composite_bind+0x48c/0x570 udc_bind_to_driver+0x6c/0x170 usb_udc_attach_driver+0xa4/0xd0 gadget_dev_desc_UDC_store+0xcc/0x118 configfs_write_file+0x1a0/0x1f8 __vfs_write+0x64/0x174 vfs_write+0xe4/0x200 SyS_write+0x68/0xc8 el0_svc_naked+0x24/0x28 INFO: Freed in inode_doinit_with_dentry+0x3f0/0x7c4 age=1275 cpu=7 pid=247 ... Call trace: [<ffffff900808aab4>] dump_backtrace+0x0/0x230 [<ffffff900808acf8>] show_stack+0x14/0x1c [<ffffff90084ad420>] dump_stack+0xa0/0xc8 [<ffffff90082157cc>] print_trailer+0x188/0x198 [<ffffff9008215948>] object_err+0x3c/0x4c [<ffffff900821b5ac>] kasan_report+0x324/0x4dc [<ffffff900821aa38>] __asan_load1+0x24/0x50 [<ffffff90089eb750>] ffs_func_set_alt+0x224/0x3a0 [<ffffff90089d3760>] composite_setup+0xdcc/0x1ac8 [<ffffff90089d7394>] android_setup+0x124/0x1a0 [<ffffff90089acd18>] _setup+0x54/0x74 [<ffffff90089b6b98>] handle_ep0+0x3288/0x4390 [<ffffff90089b9b44>] dwc_otg_pcd_handle_out_ep_intr+0x14dc/0x2ae4 [<ffffff90089be85c>] dwc_otg_pcd_handle_intr+0x1ec/0x298 [<ffffff90089ad680>] dwc_otg_pcd_irq+0x10/0x20 [<ffffff9008116328>] handle_irq_event_percpu+0x124/0x3ac [<ffffff9008116610>] handle_irq_event+0x60/0xa0 [<ffffff900811af30>] handle_fasteoi_irq+0x10c/0x1d4 [<ffffff9008115568>] generic_handle_irq+0x30/0x40 [<ffffff90081159b4>] __handle_domain_irq+0xac/0xdc [<ffffff9008080e9c>] gic_handle_irq+0x64/0xa4 ... Memory state around the buggy address: ffffffc0601f6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffc0601f6480: 00 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc >ffffffc0601f6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffffffc0601f6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffffc0601f6600: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 ================================================================== Signed-off-by:William Wu <william.wu@rock-chips.com> Signed-off-by:
-
Bogdan Mirea authored
Check for bad pointer that may result because of kthread_create failure. This check is needed since the gserial setup callback function (gs_console_setup()) is only freeing the info->con_buf in case of kthread_create failure which will result into bad info->console_thread pointer. Without checking info->console_thread pointer validity in the gserial_console_exit() function, before calling kthread_stop(), the rmmod will generate Kernel Oops. Signed-off-by:
Bogdan Mirea <Bogdan-Stefan_mirea@mentor.com> Signed-off-by:
-
Thinh Nguyen authored
The dwc3 driver can overwite its previous events if its top-half IRQ handler (TH) gets invoked again before processing the events in the cache. We see this as a hang in the file transfer and the host will attempt to reset the device. TH gets the event count and deasserts the interrupt line by writing DWC3_GEVNTSIZ_INTMASK to DWC3_GEVNTSIZ. If there's a new event coming between reading the event count and interrupt deassertion, dwc3 will lose previous pending events. More generally, we will see 0 event count, which should not affect anything. This shouldn't be possible in the current dwc3 implementation. However, through testing and reading the PCIe trace, the TH occasionally still gets invoked one more time after HW interrupt deassertion. (With PCIe legacy interrupts, TH is called repeatedly as long as the interrupt line is asserted). We suspect that there is a small detection delay in the SW. To avoid this issue, Check DWC3_EVENT_PENDING flag to determine if the events are processed in the bottom-half IRQ handler. If not, return IRQ_HANDLED and don't process new event. Cc: stable@vger.kernel.org Signed-off-by:
Thinh Nguyen <thinhn@synopsys.com> Signed-off-by:
-
Roger Quadros authored
Commit 08a36b54 ("usb: dwc3: gadget: simplify __dwc3_gadget_ep_queue()") caused a small change in the way ISO transfer is handled in the case when XferInProgress event happens on Isoc EP with an active transfer. This caused a performance degradation of 50%. e.g. using g_webcam on DUT and luvcview on host the video frame rate dropped from 16fps to 8fps @high-speed. Make the ISO transfer handling equivalent to that prior to that commit to get back the original ISO performance numbers. Fixes: 08a36b54 ("usb: dwc3: gadget: simplify __dwc3_gadget_ep_queue()") Signed-off-by:
Roger Quadros <rogerq@ti.com> Signed-off-by:
-
Heikki Krogerus authored
Intel Cannonlake PCH has the same DWC3 than Intel Sunrisepoint. Add the new IDs to the supported devices. Signed-off-by:
-
- 13 May, 2017 4 commits
-
-
Linus Torvalds authored
-
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/inputLinus Torvalds authored
Pull some more input subsystem updates from Dmitry Torokhov: "An updated xpad driver with a few more recognized device IDs, and a new psxpad-spi driver, allowing connecting Playstation 1 and 2 joypads via SPI bus" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: cros_ec_keyb - remove extraneous 'const' Input: add support for PlayStation 1/2 joypads connected via SPI Input: xpad - add USB IDs for Mad Catz Brawlstick and Razer Sabertooth Input: xpad - sync supported devices with xboxdrv Input: xpad - sort supported devices by USB ID
-
git://git.infradead.org/linux-ubifsLinus Torvalds authored
Pull UBI/UBIFS updates from Richard Weinberger: - new config option CONFIG_UBIFS_FS_SECURITY - minor improvements - random fixes * tag 'upstream-4.12-rc1' of git://git.infradead.org/linux-ubifs: ubi: Add debugfs file for tracking PEB state ubifs: Fix a typo in comment of ioctl2ubifs & ubifs2ioctl ubifs: Remove unnecessary assignment ubifs: Fix cut and paste error on sb type comparisons ubi: fastmap: Fix slab corruption ubifs: Add CONFIG_UBIFS_FS_SECURITY to disable/enable security labels ubi: Make mtd parameter readable ubi: Fix section mismatch
-
git://git.kernel.org/pub/scm/linux/kernel/git/rw/umlLinus Torvalds authored
Pull UML fixes from Richard Weinberger: "No new stuff, just fixes" * 'for-linus-4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml: um: Add missing NR_CPUS include um: Fix to call read_initrd after init_bootmem um: Include kbuild.h instead of duplicating its macros um: Fix PTRACE_POKEUSER on x86_64 um: Set number of CPUs um: Fix _print_addr()
-
