1. 20 Aug, 2016 1 commit
  2. 17 Aug, 2016 16 commits
  3. 16 Aug, 2016 19 commits
  4. 14 Aug, 2016 4 commits
    • Paul Moore's avatar
      netlabel: add address family checks to netlbl_{sock,req}_delattr() · 7a85bf9e
      Paul Moore authored
      [ Upstream commit 0e0e3677 ]
      
      It seems risky to always rely on the caller to ensure the socket's
      address family is correct before passing it to the NetLabel kAPI,
      especially since we see at least one LSM which didn't. Add address
      family checks to the *_delattr() functions to help prevent future
      problems.
      
      Cc: <stable@vger.kernel.org>
      Reported-by: default avatarManinder Singh <maninder1.s@samsung.com>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      Signed-off-by: default avatarSasha Levin <alexander.levin@verizon.com>
      7a85bf9e
    • Javier Martinez Canillas's avatar
      s5p-mfc: Add release callback for memory region devs · 85470a56
      Javier Martinez Canillas authored
      [ Upstream commit 6311f126 ]
      
      When s5p_mfc_remove() calls put_device() for the reserved memory region
      devs, the driver core warns that the dev doesn't have a release callback:
      
      WARNING: CPU: 0 PID: 591 at drivers/base/core.c:251 device_release+0x8c/0x90
      Device 's5p-mfc-l' does not have a release() function, it is broken and must be fixed.
      
      Also, the declared DMA memory using dma_declare_coherent_memory() isn't
      relased so add a dev .release that calls dma_release_declared_memory().
      
      Cc: <stable@vger.kernel.org>
      Fixes: 6e83e6e2 ("[media] s5p-mfc: Fix kernel warning on memory init")
      Signed-off-by: default avatarJavier Martinez Canillas <javier@osg.samsung.com>
      Tested-by: default avatarMarek Szyprowski <m.szyprowski@samsung.com>
      Signed-off-by: default avatarSylwester Nawrocki <s.nawrocki@samsung.com>
      Signed-off-by: default avatarSasha Levin <alexander.levin@verizon.com>
      85470a56
    • Javier Martinez Canillas's avatar
      s5p-mfc: Set device name for reserved memory region devs · 1dd12c31
      Javier Martinez Canillas authored
      [ Upstream commit 29debab0 ]
      
      The devices don't have a name set, so makes dev_name() returns NULL which
      makes harder to identify the devices that are causing issues, for example:
      
      WARNING: CPU: 2 PID: 616 at drivers/base/core.c:251 device_release+0x8c/0x90
      Device '(null)' does not have a release() function, it is broken and must be fixed.
      
      And after setting the device name:
      
      WARNING: CPU: 0 PID: 591 at drivers/base/core.c:251 device_release+0x8c/0x90
      Device 's5p-mfc-l' does not have a release() function, it is broken and must be fixed.
      
      Cc: <stable@vger.kernel.org>
      Fixes: 6e83e6e2 ("[media] s5p-mfc: Fix kernel warning on memory init")
      Signed-off-by: default avatarJavier Martinez Canillas <javier@osg.samsung.com>
      Tested-by: default avatarMarek Szyprowski <m.szyprowski@samsung.com>
      Signed-off-by: default avatarSylwester Nawrocki <s.nawrocki@samsung.com>
      Signed-off-by: default avatarSasha Levin <alexander.levin@verizon.com>
      1dd12c31
    • Roderick Colenbrander's avatar
      HID: uhid: fix timeout when probe races with IO · fce67161
      Roderick Colenbrander authored
      [ Upstream commit 67f8ecc5 ]
      
      Many devices use userspace bluetooth stacks like BlueZ or Bluedroid in combination
      with uhid. If any of these stacks is used with a HID device for which the driver
      performs a HID request as part .probe (or technically another HID operation),
      this results in a deadlock situation. The deadlock results in a 5 second timeout
      for I/O operations in HID drivers, so isn't fatal, but none of the I/O operations
      have a chance of succeeding.
      
      The root cause for the problem is that uhid only allows for one request to be
      processed at a time per uhid instance and locks out other operations. This means
      that if a user space is creating a new HID device through 'UHID_CREATE', which
      ultimately triggers '.probe' through the HID layer. Then any HID request e.g. a
      read for calibration data would trigger a HID operation on uhid again, but it
      won't go out to userspace, because it is still stuck in UHID_CREATE.
      In addition bluetooth stacks are typically single threaded, so they wouldn't be
      able to handle any requests while waiting on uhid.
      
      Lucikly the UHID spec is somewhat flexible and allows for fixing the issue,
      without breaking user space. The idea which the patch implements as discussed
      with David Herrmann is to decouple adding of a hid device (which triggers .probe)
      from UHID_CREATE. The work will kick off roughly once UHID_CREATE completed (or
      else will wait a tiny bit of time in .probe for a lock). A HID driver has to call
      HID to call 'hid_hw_start()' as part of .probe once it is ready for I/O, which
      triggers UHID_START to user space. Any HID operations should function now within
      .probe and won't deadlock because userspace is stuck on UHID_CREATE.
      
      We verified this patch on Bluedroid with Android 6.0 and on desktop Linux with
      BlueZ stacks. Prior to the patch they had the deadlock issue.
      
      [jkosina@suse.cz: reword subject]
      Signed-off-by: default avatarRoderick Colenbrander <roderick.colenbrander@sony.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      Signed-off-by: default avatarSasha Levin <alexander.levin@verizon.com>
      fce67161