31 Dec, 2019
1 commit
-
This converts the USB3503 to pick GPIO descriptors from the
device tree instead of iteratively picking out GPIO number
references and then referencing these from the global GPIO
numberspace.The USB3503 is only used from device tree among the in-tree
platforms. If board files would still desire to use it they can
provide machine descriptor tables.Make sure to preserve semantics such as the reset delay
introduced by Stefan.Cc: Chunfeng Yun
Cc: Marek Szyprowski
Cc: Stefan Agner
Cc: Krzysztof Kozlowski
Signed-off-by: Linus Walleij
[mszyprow: invert the logic behind reset GPIO line]
Signed-off-by: Marek Szyprowski
Link: https://lore.kernel.org/r/20191211145226.25074-1-m.szyprowski@samsung.com
Signed-off-by: Greg Kroah-Hartman
10 Dec, 2019
2 commits
-
Make sure to use the current alternate setting when verifying the
interface descriptors to avoid binding to an invalid interface.Failing to do so could cause the driver to misbehave or trigger a WARN()
in usb_submit_urb() that kernels with panic_on_warn set would choke on.Fixes: 03270634e242 ("USB: Add ADU support for Ontrak ADU devices")
Cc: stable # 2.6.19
Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191210112601.3561-3-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
Make sure to use the current alternate setting when verifying the
interface descriptors to avoid binding to an invalid interface.Failing to do so could cause the driver to misbehave or trigger a WARN()
in usb_submit_urb() that kernels with panic_on_warn set would choke on.Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable
Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191210112601.3561-4-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman
21 Nov, 2019
1 commit
-
Adjust indentation from spaces to tab (+optional two spaces) as in
coding style with command like:
$ sed -e 's/^ /\t/' -i */KconfigSigned-off-by: Krzysztof Kozlowski
Link: https://lore.kernel.org/r/20191121132901.29186-1-krzk@kernel.org
Signed-off-by: Greg Kroah-Hartman
11 Nov, 2019
1 commit
-
In case of a timeout or if a signal aborts a read
communication with the device needs to be ended
lest we overwrite an active URB the next time we
do IO to the device, as the URB may still be active.Signed-off-by: Oliver Neukum
Cc: stable
Link: https://lore.kernel.org/r/20191107142856.16774-1-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman
07 Nov, 2019
18 commits
-
The work item can operate on
1. stale memory left over from the last transfer
the actual length of the data transfered needs to be checked
2. memory already freed
the error handling in appledisplay_probe() needs
to cancel the work in that caseReported-and-tested-by: syzbot+495dab1f175edc9c2f13@syzkaller.appspotmail.com
Signed-off-by: Oliver Neukum
Cc: stable
Link: https://lore.kernel.org/r/20191106124902.7765-1-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman -
Drop some superfluous newlines before conditionals which made the code
harder to read.Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191105084152.16322-15-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
Drop superfluous brackets around single-line blocks.
Also add missing white space around operators in a for-expression being
modified.Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191105084152.16322-14-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
Drop space between function identifiers and opening parenthesis, which
was no longer even used consistently within the driver.Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191105084152.16322-13-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
The endianness is already encoded in the type specifier so drop the
redundant little-endian comments from the message structs.Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191105084152.16322-12-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
Drop the packed attributes from the two message structs whose fields
are naturally aligned and do not have any padding.Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191105084152.16322-11-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
Clean up the pointer declarations in the driver data, whose style wasn't
even consistent with the rest of the driver.Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191105084152.16322-10-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
Drop the tower_abort_transfers() function which is now only called from
release and instead explicitly kill the two URBs.This incidentally also fixes the outdated comment about freeing memory.
Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191105084152.16322-9-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
Stop also the interrupt-out URB unconditionally in
tower_abort_transfers() which is called from release() (for connected
devices). Calling usb_kill_urb() for an idle URB is perfectly fine.Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191105084152.16322-8-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
Drop the redundant interrupt-in-running flag, which tried to keep track
of when the interrupt-in URB was in flight. This isn't needed since we
can stop the URB unconditionally in tower_abort_transfers() and the URB
can not be submitted while usb_kill_urb() is running anyway.Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191105084152.16322-7-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
User space already sees -ENODEV in case it tries to do I/O post
disconnect, no need to spam the logs with printk messages that don't
even include any device-id information.Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191105084152.16322-6-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
Drop redundant open_count check in release; the open count is used as a
flag and is only set to 0 or 1.Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191105084152.16322-5-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
Zero the driver data at allocation rather than depend on explicit
zeroing, which easy to miss.Also drop an unnecessary driver-data pointer initialisation.
Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191105084152.16322-4-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
Drop redundant NULL check from tower_abort_transfers(), which is never
called with a NULL argument.Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191105084152.16322-3-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
The MODULE_LICENSE macro is unconditionally defined in module.h, no need
to ifdef its use.Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191105084152.16322-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
Drop space between function identifiers and opening parenthesis, which
was no longer even used consistently within the driver.Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191105103638.4929-4-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
The open count will always be exactly one when release is called, so
drop the redundant sanity check.Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191105103638.4929-3-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
Since commit d4ead16f50f9 ("USB: prevent char device open/deregister
race") core prevents further calls to open() after usb_deregister_dev()
returns so there's no need to use the interface data for
synchronisation.This effectively reverts commit 54d2bc068fd2 ("USB: fix locking in
idmouse") with respect to the open-disconnect race.Note that the driver already uses a present flag to suppress I/O post
disconnect (even if all USB I/O take place at open).Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191105103638.4929-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman
04 Nov, 2019
3 commits
-
The USB2422 uses a different package that the USB251x and only comes in
a variant with 2 downstream ports. Other than that it is software
compatible.Tested-by: Carsten Stelling
Signed-off-by: Uwe Kleine-König
Link: https://lore.kernel.org/r/20191023105250.16537-3-u.kleine-koenig@pengutronix.de
Signed-off-by: Greg Kroah-Hartman -
The five removed symbols are unused since they were introduced in commit
3ec72a2a1e5d ("usb: misc: add USB251xB/xBi Hi-Speed Hub Controller
Driver") back in 2017.Signed-off-by: Uwe Kleine-König
Link: https://lore.kernel.org/r/20191023105250.16537-1-u.kleine-koenig@pengutronix.de
Signed-off-by: Greg Kroah-Hartman -
We need the USB fixes in here to build on top of.
Signed-off-by: Greg Kroah-Hartman
29 Oct, 2019
3 commits
-
USB control-message timeouts are specified in milliseconds, not jiffies.
Waiting 83 minutes for a transfer to complete is a bit excessive.Fixes: 2824bd250f0b ("[PATCH] USB: add ldusb driver")
Cc: stable # 2.6.13
Reported-by: syzbot+a4fbb3bb76cda0ea4e58@syzkaller.appspotmail.com
Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191022153127.22295-1-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
A recent info-leak bug manifested itself along with warning about a
negative buffer overflow:ldusb 1-1:0.28: Read buffer overflow, -131383859965943 bytes dropped
when it was really a rather large positive one.
A sanity check that prevents this has now been put in place, but let's
fix up the size format specifiers, which should all be unsigned.Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191022143203.5260-3-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
The custom ring-buffer implementation was merged without any locking or
explicit memory barriers, but a spinlock was later added by commit
9d33efd9a791 ("USB: ldusb bugfix").The lock did not cover the update of the tail index once the entry had
been processed, something which could lead to memory corruption on
weakly ordered architectures or due to compiler optimisations.Specifically, a completion handler running on another CPU might observe
the incremented tail index and update the entry before ld_usb_read() is
done with it.Fixes: 2824bd250f0b ("[PATCH] USB: add ldusb driver")
Fixes: 9d33efd9a791 ("USB: ldusb bugfix")
Cc: stable # 2.6.13
Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191022143203.5260-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman
28 Oct, 2019
1 commit
-
We want the USB fixes in here as well.
Signed-off-by: Greg Kroah-Hartman
19 Oct, 2019
1 commit
-
Fix broken read implementation, which could be used to trigger slab info
leaks.The driver failed to check if the custom ring buffer was still empty
when waking up after having waited for more data. This would happen on
every interrupt-in completion, even if no data had been added to the
ring buffer (e.g. on disconnect events).Due to missing sanity checks and uninitialised (kmalloced) ring-buffer
entries, this meant that huge slab info leaks could easily be triggered.Note that the empty-buffer check after wakeup is enough to fix the info
leak on disconnect, but let's clear the buffer on allocation and add a
sanity check to read() to prevent further leaks.Fixes: 2824bd250f0b ("[PATCH] USB: add ldusb driver")
Cc: stable # 2.6.13
Reported-by: syzbot+6fe95b826644f7f12b0b@syzkaller.appspotmail.com
Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191018151955.25135-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman
16 Oct, 2019
3 commits
-
The problem is that sizeof() is unsigned long so negative error codes
are type promoted to high positive values and the condition becomes
false.Fixes: 1d427be4a39d ("USB: legousbtower: fix slab info leak at probe")
Signed-off-by: Dan Carpenter
Acked-by: Johan Hovold
Link: https://lore.kernel.org/r/20191011141115.GA4521@mwanda
Signed-off-by: Greg Kroah-Hartman -
If disconnect() races with release() after a process has been
interrupted, release() could end up returning early and the driver would
fail to free its driver data.Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable
Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191010125835.27031-3-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
If disconnect() races with release() after a process has been
interrupted, release() could end up returning early and the driver would
fail to free its driver data.Fixes: 2824bd250f0b ("[PATCH] USB: add ldusb driver")
Cc: stable # 2.6.13
Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191010125835.27031-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman
14 Oct, 2019
1 commit
-
we want the USB fixes in here as well.
Signed-off-by: Greg Kroah-Hartman
10 Oct, 2019
5 commits
-
The driver was using its struct usb_interface pointer as an inverted
disconnected flag, but was setting it to NULL without making sure all
code paths that used it were done with it.Before commit ef61eb43ada6 ("USB: yurex: Fix protection fault after
device removal") this included the interrupt-in completion handler, but
there are further accesses in dev_err and dev_dbg statements in
yurex_write() and the driver-data destructor (sic!).Fix this by unconditionally stopping also the control URB at disconnect
and by using a dedicated disconnected flag.Note that we need to take a reference to the struct usb_interface to
avoid a use-after-free in the destructor whenever the device was
disconnected while the character device was still open.Fixes: aadd6472d904 ("USB: yurex.c: remove dbg() usage")
Fixes: 45714104b9e8 ("USB: yurex.c: remove err() usage")
Cc: stable # 3.5: ef61eb43ada6
Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191009153848.8664-6-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
Replace the one remaining printk with pr_err().
Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191009104846.5925-7-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
Drop the redundant iowarrior mutex introduced by commit 925ce689bb31
("USB: autoconvert trivial BKL users to private mutex") which replaced
an earlier BKL use.The lock serialised calls to open() against other open() and ioctl(),
but neither is needed.Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191009104846.5925-6-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
Drop the redundant disconnect mutex which was introduced after the
open-disconnect race had been addressed generally in USB core by commit
d4ead16f50f9 ("USB: prevent char device open/deregister race").Specifically, the rw-semaphore in core guarantees that all calls to
open() will have completed and that no new calls to open() will occur
after usb_deregister_dev() returns. Hence there is no need use the
driver data as an inverted disconnected flag.Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191009104846.5925-5-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman -
Make sure to stop also the asynchronous write URBs on disconnect() to
avoid use-after-free in the completion handler after driver unbind.Fixes: 946b960d13c1 ("USB: add driver for iowarrior devices.")
Cc: stable # 2.6.21: 51a2f077c44e ("USB: introduce usb_anchor")
Signed-off-by: Johan Hovold
Link: https://lore.kernel.org/r/20191009104846.5925-4-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman