14 Dec, 2020
2 commits
-
This adds a UIO driver the ivshmem device, found in QEMU and the
Jailhouse hypervisor. It exposes the MMIO register region and all shared
memory section to userspace. Interrupts are configured in one-shot mode
so that userspace needs to re-enable them after each event via the
Interrupt Control register. The driver registers all possible MSI-X
vectors, coalescing them into the single notifier UIO provides.Note: Specification work for the interface is ongoing, so details may
still change.Signed-off-by: Jan Kiszka
-
This allows to tag memory regions read-only, denying userspace to map
them writable. Default remains read/write.Signed-off-by: Jan Kiszka
10 Nov, 2020
1 commit
-
Commit 8fd0e2a6df26 ("uio: free uio id after uio file node is freed")
triggered KASAN use-after-free failure at deletion of TCM-user
backstores [1].In uio_unregister_device(), struct uio_device *idev is passed to
uio_free_minor() to refer idev->minor. However, before uio_free_minor()
call, idev is already freed by uio_device_release() during call to
device_unregister().To avoid reference to idev->minor after idev free, keep idev->minor
value in a local variable. Also modify uio_free_minor() argument to
receive the value.[1]
BUG: KASAN: use-after-free in uio_unregister_device+0x166/0x190
Read of size 4 at addr ffff888105196508 by task targetcli/49158CPU: 3 PID: 49158 Comm: targetcli Not tainted 5.10.0-rc1 #1
Hardware name: Supermicro Super Server/X10SRL-F, BIOS 2.0 12/17/2015
Call Trace:
dump_stack+0xae/0xe5
? uio_unregister_device+0x166/0x190
print_address_description.constprop.0+0x1c/0x210
? uio_unregister_device+0x166/0x190
? uio_unregister_device+0x166/0x190
kasan_report.cold+0x37/0x7c
? kobject_put+0x80/0x410
? uio_unregister_device+0x166/0x190
uio_unregister_device+0x166/0x190
tcmu_destroy_device+0x1c4/0x280 [target_core_user]
? tcmu_release+0x90/0x90 [target_core_user]
? __mutex_unlock_slowpath+0xd6/0x5d0
target_free_device+0xf3/0x2e0 [target_core_mod]
config_item_cleanup+0xea/0x210
configfs_rmdir+0x651/0x860
? detach_groups.isra.0+0x380/0x380
vfs_rmdir.part.0+0xec/0x3a0
? __lookup_hash+0x20/0x150
do_rmdir+0x252/0x320
? do_file_open_root+0x420/0x420
? strncpy_from_user+0xbc/0x2f0
? getname_flags.part.0+0x8e/0x450
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f9e2bfc91fb
Code: 73 01 c3 48 8b 0d 9d ec 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 54 00 00 00 0f 05 3d 01 f0 ff ff 73 01 c3 48 8b 0d 6d ec 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007ffdd2baafe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
RAX: ffffffffffffffda RBX: 00007f9e2beb44a0 RCX: 00007f9e2bfc91fb
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f9e1c20be90
RBP: 00007ffdd2bab000 R08: 0000000000000000 R09: 00007f9e2bdf2440
R10: 00007ffdd2baaf37 R11: 0000000000000246 R12: 00000000ffffff9c
R13: 000055f9abb7e390 R14: 000055f9abcf9558 R15: 00007f9e2be7a780Allocated by task 34735:
kasan_save_stack+0x1b/0x40
__kasan_kmalloc.constprop.0+0xc2/0xd0
__uio_register_device+0xeb/0xd40
tcmu_configure_device+0x5a0/0xbc0 [target_core_user]
target_configure_device+0x12f/0x760 [target_core_mod]
target_dev_enable_store+0x32/0x50 [target_core_mod]
configfs_write_file+0x2bb/0x450
vfs_write+0x1ce/0x610
ksys_write+0xe9/0x1b0
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xa9Freed by task 49158:
kasan_save_stack+0x1b/0x40
kasan_set_track+0x1c/0x30
kasan_set_free_info+0x1b/0x30
__kasan_slab_free+0x110/0x150
slab_free_freelist_hook+0x5a/0x170
kfree+0xc6/0x560
device_release+0x9b/0x210
kobject_put+0x13e/0x410
uio_unregister_device+0xf9/0x190
tcmu_destroy_device+0x1c4/0x280 [target_core_user]
target_free_device+0xf3/0x2e0 [target_core_mod]
config_item_cleanup+0xea/0x210
configfs_rmdir+0x651/0x860
vfs_rmdir.part.0+0xec/0x3a0
do_rmdir+0x252/0x320
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xa9The buggy address belongs to the object at ffff888105196000
which belongs to the cache kmalloc-2k of size 2048
The buggy address is located 1288 bytes inside of
2048-byte region [ffff888105196000, ffff888105196800)
The buggy address belongs to the page:
page:0000000098e6ca81 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105190
head:0000000098e6ca81 order:3 compound_mapcount:0 compound_pincount:0
flags: 0x17ffffc0010200(slab|head)
raw: 0017ffffc0010200 dead000000000100 dead000000000122 ffff888100043040
raw: 0000000000000000 0000000000080008 00000001ffffffff ffff88810eb55c01
page dumped because: kasan: bad access detected
page->mem_cgroup:ffff88810eb55c01Memory state around the buggy address:
ffff888105196400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff888105196480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888105196500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff888105196580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff888105196600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fbFixes: 8fd0e2a6df26 ("uio: free uio id after uio file node is freed")
Cc: stable
Signed-off-by: Shin'ichiro Kawasaki
Link: https://lore.kernel.org/r/20201102122819.2346270-1-shinichiro.kawasaki@wdc.com
Signed-off-by: Greg Kroah-Hartman
18 Sep, 2020
1 commit
-
uio_register_device() do two things.
1) get an uio id from a global pool, e.g. the id is
2) create file nodes like /sys/class/uio/uiouio_unregister_device() do two things.
1) free the uio id and return it to the global pool
2) free the file node /sys/class/uio/uioThere is a situation is that one worker is calling uio_unregister_device(),
and another worker is calling uio_register_device().
If the two workers are X and Y, they go as below sequence,
1) X free the uio id
2) Y get an uio id
3) Y create file node /sys/class/uio/uio
4) X free the file note /sys/class/uio/uio
Then it will failed at the 3rd step and cause the phenomenon we saw as it
is creating a duplicated file node.Failure reports as follows:
sysfs: cannot create duplicate filename '/class/uio/uio10'
Call Trace:
sysfs_do_create_link_sd.isra.2+0x9e/0xb0
sysfs_create_link+0x25/0x40
device_add+0x2c4/0x640
__uio_register_device+0x1c5/0x576 [uio]
adf_uio_init_bundle_dev+0x231/0x280 [intel_qat]
adf_uio_register+0x1c0/0x340 [intel_qat]
adf_dev_start+0x202/0x370 [intel_qat]
adf_dev_start_async+0x40/0xa0 [intel_qat]
process_one_work+0x14d/0x410
worker_thread+0x4b/0x460
kthread+0x105/0x140
? process_one_work+0x410/0x410
? kthread_bind+0x40/0x40
ret_from_fork+0x1f/0x40
Code: 85 c0 48 89 c3 74 12 b9 00 10 00 00 48 89 c2 31 f6 4c 89 ef
e8 ec c4 ff ff 4c 89 e2 48 89 de 48 c7 c7 e8 b4 ee b4 e8 6a d4 d7
ff 0b 48 89 df e8 20 fa f3 ff 5b 41 5c 41 5d 5d c3 66 0f 1f 84
---[ end trace a7531c1ed5269e84 ]---
c6xxvf b002:00:00.0: Failed to register UIO devices
c6xxvf b002:00:00.0: Failed to register UIO devicesSigned-off-by: Lang Dai
Link: https://lore.kernel.org/r/1600054002-17722-1-git-send-email-lang.dai@intel.com
Signed-off-by: Greg Kroah-Hartman
10 Jul, 2020
1 commit
-
We need the virtbox changes in here as well to build on top of.
Signed-off-by: Greg Kroah-Hartman
03 Jul, 2020
4 commits
-
uio_pdrv_genirq and uio_dmem_genirq interrupts are handled in
userspace. So the condition for the interrupt hasn't normally not been
cleared when top half returns. disable_irq_nosync is called in top half,
but since that normally is lazy the irq isn't actually disabled.For level triggered interrupts this will always result in a spurious
additional fire since the level in to the interrupt controller still is
active. The actual interrupt handler isn't run though since this
spurious irq is just recorded, and later on discared (for level).This commit disables lazy masking for level triggered interrupts. It
leaves edge triggered interrupts as before, because they work with the
lazy scheme.All other UIO drivers already seem to clear the interrupt cause at
driver levels.Example of double fire. First goes all the way up to
uio_pdrv_genirq_handler, second is terminated in handle_fasteoi_irq and
marked as pending.-0 [000] d... 8.245870: gic_handle_irq: irq 29
-0 [000] d.h. 8.245873: uio_pdrv_genirq_handler: disable irq 29
-0 [000] d... 8.245878: gic_handle_irq: irq 29
-0 [000] d.h. 8.245880: handle_fasteoi_irq: irq 29 PENDING
HInt-34 [001] d... 8.245897: uio_pdrv_genirq_irqcontrol: enable irq 29Tested on 5.7rc2 using uio_pdrv_genirq and a custom Xilinx MPSoC board.
Signed-off-by: Thommy Jakobsson
Link: https://lore.kernel.org/r/20200628141229.16121-1-thommyj@gmail.com
Signed-off-by: Greg Kroah-Hartman -
Similar to the changes made in 270579d95f82 ("uio_mf624: Align memory
regions to page size and set correct offsets"), this will allow
uio_pdrv_genirq devices to expose memory regions that is not page-aligned,
requiring the users to respect the offset sysfs attribute (as implemented
in libuio).Signed-off-by: Esben Haabendal
Link: https://lore.kernel.org/r/20200701145659.3978-4-esben@geanix.com
Signed-off-by: Greg Kroah-Hartman -
While e3a3c3a20555 ("UIO: fix uio_pdrv_genirq with device tree but no
interrupt") added support for using uio_pdrv_genirq for devices without
interrupt for device tree platforms, the removal of uio_pdrv in
26dac3c49d56 ("uio: Remove uio_pdrv and use uio_pdrv_genirq instead")
broke the support for non device tree platforms.This change fixes this, so that uio_pdrv_genirq can be used without
interrupt on all platforms.This still leaves the support that uio_pdrv had for custom interrupt
handler lacking, as uio_pdrv_genirq does not handle it (yet).Fixes: 26dac3c49d56 ("uio: Remove uio_pdrv and use uio_pdrv_genirq instead")
Signed-off-by: Esben Haabendal
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200701145659.3978-3-esben@geanix.com
Signed-off-by: Greg Kroah-Hartman -
Since e3a3c3a20555 ("UIO: fix uio_pdrv_genirq with device tree but no
interrupt"), the uio_pdrv_genirq has supported use without interrupt,
so the change in 7723f4c5ecdb ("driver core: platform: Add an error
message to") added false warnings for those cases.Fixes: 7723f4c5ecdb ("driver core: platform: Add an error message to platform_get_irq*()")
Signed-off-by: Esben Haabendal
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20200701145659.3978-2-esben@geanix.com
Signed-off-by: Greg Kroah-Hartman
15 May, 2020
1 commit
-
This driver calls sysfs_create_bin_file() in probe, but forgets to
call sysfs_remove_bin_file() in remove.
Add the missed call to fix it.Signed-off-by: Chuhong Yuan
Link: https://lore.kernel.org/r/20200507151343.792816-1-hslester96@gmail.com
Signed-off-by: Greg Kroah-Hartman
28 Apr, 2020
2 commits
-
Fix the following coccicheck warning:
drivers/uio/uio_dmem_genirq.c:47:5-8: Unneeded variable: "ret". Return
"0" on line 71Signed-off-by: Jason Yan
Link: https://lore.kernel.org/r/20200428063155.42349-1-yanaijie@huawei.com
Signed-off-by: Greg Kroah-Hartman -
The variable retval is being initialized with a value that is
never read and it is being updated later with a new value. The
initialization is redundant and can be removed.Addresses-Coverity: ("Unused value")
Signed-off-by: Colin Ian King
Link: https://lore.kernel.org/r/20200425124448.139532-1-colin.king@canonical.com
Signed-off-by: Greg Kroah-Hartman
18 Mar, 2020
2 commits
-
This change makes use of the new devm_uio_register_device() initializer.
This cleans up the exit path quite nicely, and removes the remove function
of the driver.Signed-off-by: Alexandru Ardelean
Link: https://lore.kernel.org/r/20200306161853.25368-2-alexandru.ardelean@analog.com
Signed-off-by: Greg Kroah-Hartman -
This change adds a resource managed equivalent of uio_register_device().
Not adding devm_uio_unregister_device(), since the intent is to discourage
it's usage. Having such a function may allow some bad driver designs. Most
users of devm_*register*() functions rarely use the unregister equivalents.Signed-off-by: Alexandru Ardelean
Link: https://lore.kernel.org/r/20200306161853.25368-1-alexandru.ardelean@analog.com
Signed-off-by: Greg Kroah-Hartman
14 Jan, 2020
2 commits
-
When deferring the probe routine just return without displaying an
error.Signed-off-by: Oscar Ravadilla
Link: https://lore.kernel.org/r/20200108001648.2949-1-oscar.ravadilla@alliedtelesis.co.nz
Signed-off-by: Greg Kroah-Hartman -
The driver may sleep while holding a spinlock.
The function call path (from bottom to top) in Linux 4.19 is:kernel/irq/manage.c, 523:
synchronize_irq in disable_irq
drivers/uio/uio_dmem_genirq.c, 140:
disable_irq in uio_dmem_genirq_irqcontrol
drivers/uio/uio_dmem_genirq.c, 134:
_raw_spin_lock_irqsave in uio_dmem_genirq_irqcontrolsynchronize_irq() can sleep at runtime.
To fix this bug, disable_irq() is called without holding the spinlock.
This bug is found by a static analysis tool STCheck written by myself.
Signed-off-by: Jia-Ju Bai
Link: https://lore.kernel.org/r/20191218094405.6009-1-baijiaju1990@gmail.com
Signed-off-by: Greg Kroah-Hartman
14 Nov, 2019
1 commit
-
This change also does a bit of a unification for the IRQ init code.
But the actual problem is that UIO_IRQ_NONE == 0, so for the DT case where
UIO_IRQ_NONE gets assigned to `uioinfo->irq`, a 2nd initialization will get
triggered (for the IRQ) and this one will exit via `goto bad1`.As far as things seem to go, the only case where UIO_IRQ_NONE seems valid,
is when using a device-tree. The driver has some legacy support for old
platform_data structures. It looks like, for platform_data a non-existent
IRQ is an invalid case (or was considered an invalid case).
Which is why -ENXIO is treated only when a DT is used.Signed-off-by: Dragos Bogdan
Signed-off-by: Alexandru Ardelean
Acked-by: Damian Hobson-Garcia
Link: https://lore.kernel.org/r/20191105073212.16719-1-alexandru.ardelean@analog.com
Signed-off-by: Greg Kroah-Hartman
19 Sep, 2019
1 commit
-
Pull char/misc driver updates from Greg KH:
"Here is the big char/misc driver pull request for 5.4-rc1.As has been happening in previous releases, more and more individual
driver subsystem trees are ending up in here. Now if that is good or
bad I can't tell, but hopefully it makes your life easier as it's more
of an aggregation of trees together to one merge point for you.Anyway, lots of stuff in here:
- habanalabs driver updates
- thunderbolt driver updates
- misc driver updates
- coresight and intel_th hwtracing driver updates
- fpga driver updates
- extcon driver updates
- some dma driver updates
- char driver updates
- android binder driver updates
- nvmem driver updates
- phy driver updates
- parport driver fixes
- pcmcia driver fix
- uio driver updates
- w1 driver updates
- configfs fixes
- other assorted driver updatesAll of these have been in linux-next for a long time with no reported
issues"* tag 'char-misc-5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (200 commits)
misc: mic: Use PTR_ERR_OR_ZERO rather than its implementation
habanalabs: correctly cast variable to __le32
habanalabs: show correct id in error print
habanalabs: stop using the acronym KMD
habanalabs: display card name as sensors header
habanalabs: add uapi to retrieve aggregate H/W events
habanalabs: add uapi to retrieve device utilization
habanalabs: Make the Coresight timestamp perpetual
habanalabs: explicitly set the queue-id enumerated numbers
habanalabs: print to kernel log when reset is finished
habanalabs: replace __le32_to_cpu with le32_to_cpu
habanalabs: replace __cpu_to_le32/64 with cpu_to_le32/64
habanalabs: Handle HW_IP_INFO if device disabled or in reset
habanalabs: Expose devices after initialization is done
habanalabs: improve security in Debug IOCTL
habanalabs: use default structure for user input in Debug IOCTL
habanalabs: Add descriptive name to PSOC app status register
habanalabs: Add descriptive names to PSOC scratch-pad registers
habanalabs: create two char devices per ASIC
habanalabs: change device_setup_cdev() to be more generic
...
04 Sep, 2019
1 commit
-
When probed via DT, the uio_pdrv_genirq driver currently uses the name
of the node and exposes that as name of the UIO device to userspace.This doesn't work for systems where multiple nodes with the same name
(but different unit addresses) are present, or for systems where the
node names are auto-generated by a third-party tool.This patch adds the possibility to read the UIO name from the optional
"linux,uio-name" property.Signed-off-by: Daniel Mack
Link: https://lore.kernel.org/r/20190815212807.25058-1-daniel@zonque.org
Signed-off-by: Greg Kroah-Hartman
02 Aug, 2019
1 commit
-
Platform drivers now have the option to have the platform core create
and remove any needed sysfs attribute files. So take advantage of that
and do not register "by hand" a sysfs group of attributes.Link: https://lore.kernel.org/r/20190731124349.4474-3-gregkh@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman
31 Jul, 2019
1 commit
-
We don't need dev_err() messages when platform_get_irq() fails now that
platform_get_irq() prints an error message itself when something goes
wrong. Let's remove these prints with a simple semantic patch.//
@@
expression ret;
struct platform_device *E;
@@ret =
(
platform_get_irq(E, ...)
|
platform_get_irq_byname(E, ...)
);if ( \( ret < 0 \| ret
While we're here, remove braces on if statements that only have one
statement (manually).Cc: Greg Kroah-Hartman
Cc: Greg Kroah-Hartman
Signed-off-by: Stephen Boyd
Link: https://lore.kernel.org/r/20190730181557.90391-46-swboyd@chromium.org
Signed-off-by: Greg Kroah-Hartman
19 Jun, 2019
1 commit
-
Based on 2 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license version 2 as
published by the free software foundationthis program is free software you can redistribute it and or modify
it under the terms of the gnu general public license version 2 as
published by the free software foundation #extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference in 4122 file(s).
Signed-off-by: Thomas Gleixner
Reviewed-by: Enrico Weigelt
Reviewed-by: Kate Stewart
Reviewed-by: Allison Randal
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190604081206.933168790@linutronix.de
Signed-off-by: Greg Kroah-Hartman
05 Jun, 2019
1 commit
-
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license version 2 as
published by the free software foundation this program is
distributed in the hope that it will be useful but without any
warranty without even the implied warranty of merchantability or
fitness for a particular purpose see the gnu general public license
for more details you should have received a copy of the gnu general
public license along with this program if not write to the free
software foundation inc 59 temple place suite 330 boston ma 02111
1307 usaextracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference in 136 file(s).
Signed-off-by: Thomas Gleixner
Reviewed-by: Alexios Zavras
Reviewed-by: Allison Randal
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190530000436.384967451@linutronix.de
Signed-off-by: Greg Kroah-Hartman
24 May, 2019
1 commit
-
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license as published by
the free software foundation either version 2 of the license or at
your option any later version this program is distributed in the
hope that it will be useful but without any warranty without even
the implied warranty of merchantability or fitness for a particular
purpose see the gnu general public license for more details you
should have received a copy of the gnu general public license along
with this program if not write to the free software foundation inc
675 mass ave cambridge ma 02139 usaextracted by the scancode license scanner the SPDX license identifier
GPL-2.0-or-later
has been chosen to replace the boilerplate/reference in 441 file(s).
Signed-off-by: Thomas Gleixner
Reviewed-by: Michael Ellerman (powerpc)
Reviewed-by: Richard Fontana
Reviewed-by: Allison Randal
Reviewed-by: Kate Stewart
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190520071858.739733335@linutronix.de
Signed-off-by: Greg Kroah-Hartman
21 May, 2019
1 commit
-
Add SPDX license identifiers to all Make/Kconfig files which:
- Have no license information of any form
These files fall under the project license, GPL v2 only. The resulting SPDX
license identifier is:GPL-2.0-only
Signed-off-by: Thomas Gleixner
Signed-off-by: Greg Kroah-Hartman
28 Mar, 2019
1 commit
-
Fix sparse warnings:
drivers/uio/uio_fsl_elbc_gpcm.c:71:1: warning:
symbol 'dev_attr_reg_br' was not declared. Should it be static?
drivers/uio/uio_fsl_elbc_gpcm.c:72:1: warning:
symbol 'dev_attr_reg_or' was not declared. Should it be static?Signed-off-by: YueHaibing
Reviewed-by: Mukesh Ojha
31 Jan, 2019
3 commits
-
In uio_dev_add_attributes() error handing case, idev is used after
device_unregister(), in which 'idev' has been released, touch idev cause
use-after-free.Fixes: a93e7b331568 ("uio: Prevent device destruction while fds are open")
Signed-off-by: Liu Jian
Reviewed-by: Hamish Martin
Signed-off-by: Greg Kroah-Hartman -
'idev' is malloced in __uio_register_device() and leak free it before
leaving from the uio_get_minor() error handing case, it will cause
memory leak.Fixes: a93e7b331568 ("uio: Prevent device destruction while fds are open")
Signed-off-by: Liu Jian
Reviewed-by: Hamish Martin
Signed-off-by: Greg Kroah-Hartman -
Userspace code using uio_pci_generic may enable bus-mastering by
directly manipulating a PCI device's command register. If a userspace
program enables bus-mastering but exits/crashes uncleanly, bus-
mastering will still be enabled and stale DMA addresses may be
programmed and live in the device.Disable bus-mastering unconditionally on last close of a UIO PCI fd
to avoid this. If the device did not have bus-mastering enabled,
pci_clear_master() is a no-op.Signed-off-by: Venkatesh Srinivas
Reviewed-by: Bjorn Helgaas
Reviewed-by: Catherine Sullivan
Acked-by: Michael S. Tsirkin
Signed-off-by: Greg Kroah-Hartman
22 Jan, 2019
2 commits
-
It is not necessary to check idev->info several times under
mutex lock, so just remove redundant check.Signed-off-by: Chengguang Xu
Signed-off-by: Greg Kroah-Hartman -
Should jump to lable err_infoopen when idev->info is NULL
in uio_open().Signed-off-by: Chengguang Xu
Signed-off-by: Greg Kroah-Hartman
29 Dec, 2018
1 commit
-
Pull char/misc driver updates from Greg KH:
"Here is the big set of char and misc driver patches for 4.21-rc1.Lots of different types of driver things in here, as this tree seems
to be the "collection of various driver subsystems not big enough to
have their own git tree" lately.Anyway, some highlights of the changes in here:
- binderfs: is it a rule that all driver subsystems will eventually
grow to have their own filesystem? Binder now has one to handle the
use of it in containerized systems.This was discussed at the Plumbers conference a few months ago and
knocked into mergable shape very fast by Christian Brauner. Who
also has signed up to be another binder maintainer, showing a
distinct lack of good judgement :)- binder updates and fixes
- mei driver updates
- fpga driver updates and additions
- thunderbolt driver updates
- soundwire driver updates
- extcon driver updates
- nvmem driver updates
- hyper-v driver updates
- coresight driver updates
- pvpanic driver additions and reworking for more device support
- lp driver updates. Yes really, it's _finally_ moved to the proper
parallal port driver model, something I never thought I would see
happen. Good stuff.- other tiny driver updates and fixes.
All of these have been in linux-next for a while with no reported
issues"* tag 'char-misc-4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (116 commits)
MAINTAINERS: add another Android binder maintainer
intel_th: msu: Fix an off-by-one in attribute store
stm class: Add a reference to the SyS-T document
stm class: Fix a module refcount leak in policy creation error path
char: lp: use new parport device model
char: lp: properly count the lp devices
char: lp: use first unused lp number while registering
char: lp: detach the device when parallel port is removed
char: lp: introduce list to save port number
bus: qcom: remove duplicated include from qcom-ebi2.c
VMCI: Use memdup_user() rather than duplicating its implementation
char/rtc: Use of_node_name_eq for node name comparisons
misc: mic: fix a DMA pool free failure
ptp: fix an IS_ERR() vs NULL check
genwqe: Fix size check
binder: implement binderfs
binder: fix use-after-free due to ksys_close() during fdget()
bus: fsl-mc: remove duplicated include files
bus: fsl-mc: explicitly define the fsl_mc_command endianness
misc: ti-st: make array read_ver_cmd static, shrinks object size
...
11 Dec, 2018
1 commit
-
This fixes the problem where uio application was unable to
use multple queues on restart. The root cause is that the callbacks
are cleared on disconnect. Change to setting up callbacks
everytime in open.Fixes: cdfa835c6e5e ("uio_hv_generic: defer opening vmbus until first use")
Reported-by: Mohammed Gamal
Signed-off-by: Stephen Hemminger
Signed-off-by: Greg Kroah-Hartman
27 Nov, 2018
1 commit
-
When the device is unregistered, it should wake up the blocking waiters.
Otherwise, they will sleep forever.Signed-off-by: Zhaolong Zhang
Signed-off-by: Greg Kroah-Hartman
26 Nov, 2018
1 commit
-
We want the char/misc fixes in here as well.
Signed-off-by: Greg Kroah-Hartman
12 Nov, 2018
2 commits
-
We should get 'driver_data' from 'struct device' directly. Going via
platform_device is an unneeded step back and forth.Signed-off-by: Wolfram Sang
Signed-off-by: Greg Kroah-Hartman -
I was trying to solve a double free but I introduced a more serious
NULL dereference bug. The problem is that if there is an IRQ which
triggers immediately, then we need "info->uio_dev" but it's not set yet.This patch puts the original initialization back to how it was and just
sets info->uio_dev to NULL on the error path so it should solve both
the Oops and the double free.Fixes: f019f07ecf6a ("uio: potential double frees if __uio_register_device() fails")
Reported-by: Mathias Thore
Signed-off-by: Dan Carpenter
Cc: stable
Tested-by: Mathias Thore
Signed-off-by: Greg Kroah-Hartman
03 Oct, 2018
2 commits
-
In preparation to remove the node name pointer from struct device_node,
convert printf users to use the %pOFn format specifier.Cc: Greg Kroah-Hartman
Signed-off-by: Rob Herring
Signed-off-by: Greg Kroah-Hartman -
Fixes the following sparse warning:
drivers/uio/uio.c:277:6: warning:
symbol 'uio_class_registered' was not declared. Should it be static?Fixes: ae61cf5b9913 ("uio: ensure class is registered before devices")
Signed-off-by: Wei Yongjun
Signed-off-by: Greg Kroah-Hartman
26 Sep, 2018
1 commit
-
This fixes two design flaws in hv_uio_generic.
Since hv_uio_probe is called from vmbus_probe with lock held
it potentially can cause sleep in an atomic section because
vmbus_open will wait for response from host.The hv_uio_generic driver could not handle applications
exiting and restarting because the vmbus channel was
persistent. Change the semantics so that the buffers are
allocated on probe, but not attached to host until
device is opened.Signed-off-by: Stephen Hemminger
Signed-off-by: Greg Kroah-Hartman