23 Feb, 2017
40 commits
-
The patch updates the document by adding more information to describe the
DT proporties used by the Freescale Quadspi driver and the childs nodes.For the child node for SPI NOR flash, we add the required property
("spi-max-frequency"), and refer to spi-nor-flash.txt for the optional
properties.Signed-off-by: Huang Shijie
(cherry picked from commit d7b296f51eb077b0c77580ad63ffd69ce722bf6c) -
We need a DT property to store the dummy cycles for DDR Quad read.
This is a common feature for the SPI NOR flash, such as Spansion and Micron
chips.Add this file to describe this specific SPI NOR flash features which will
be referred by the SPI NOR flash drivers.Signed-off-by: Huang Shijie
(cherry picked from commit dfbe3eb5c7c2c3967c0f1bf32c0279136da7bfce) -
This patch adds the DDR quad read support by the following:
[1] add SPI_NOR_DDR_QUAD read mode.
[2] add DDR Quad read opcodes:
SPINOR_OP_READ_1_4_4_D / SPINOR_OP_READ4_1_4_4_D[3] add set_ddr_quad_mode() to initialize for the DDR quad read.
Currently it only works for Spansion NOR.[3] about the dummy cycles.
We set the dummy with 8 for DDR quad read by default.
The m25p80.c can not support the DDR quad read, but the SPI NOR controller
can set the dummy value in its child DT node, and the SPI NOR framework
can parse it out.Signed-off-by: Han Xu
-
add an empty sentinel entry to avoid the struct of_device_id is not
terminated with a NULL entry issue.Signed-off-by: Han Xu
(cherry picked from commit 2b1ce5ec442dde8801b6b2d059d22f5dce7c9c76) -
fix the bch setting issue when system suspend/resume, the bch geometry
only need to be saved to debugfs in driver initial stageSigned-off-by: Han Xu
(cherry picked from commit 3b4f7178854e428fb5ef08d554b13abe4f27c533) -
The erase threshold should be set to ecc_strength for these platforms.
Signed-off-by: Han Xu
(cherry picked from commit f46d113a02f5375c38fc9aba88c587fd672a30c4) -
The cod change updated the NAND driver BCH ECC layout algorithm to
support large oob size NAND chips(oob > 1024 bytes) and proposed a new
way to set ECC layout.Current implementation requires each chunk size larger than oob size so
the bad block marker (BBM) can be guaranteed located in data chunk. The
ECC layout always using the unbalanced layout(Ecc for both meta and
Data0 chunk), but for the NAND chips with oob larger than 1k, the driver
cannot support because BCH doesn’t support GF 15 for 2K chunk.The change keeps the data chunk no larger than 1k and adjust the ECC
strength or ECC layout to locate the BBM in data chunk. General idea for
large oob NAND chips is1.Try all ECC strength from the minimum value required by NAND spec to
the maximum one that works, any ECC makes the BBM locate in data chunk
can be chosen.2.If none of them works, using separate ECC for meta, which will add one
extra ecc with the same ECC strength as other data chunks. This extra
ECC can guarantee BBM located in data chunk, of course, we need to check
if oob can afford it.Previous code has two methods for ECC layout setting, the
legacy_set_geometry and set_geometry_by_ecc_info, the difference
between these two methods is, legacy_set_geometry set the chunk size
larger chan oob size and then set the maximum ECC strength that oob can
afford. While the set_geometry_by_ecc_info set chunk size and ECC
strength according to NAND spec. It has been proved that the first
method cannot provide safe ECC strength for some modern NAND chips, so
in current code,1. Driver read NAND parameters first and then chose the proper ECC
layout setting method.2. If the oob is large or NAND required data chunk larger than oob size,
chose set_geometry_for_large_oob, otherwise use set_geometry_by_ecc_info3. legacy_set_geometry only used for some NAND chips does not contains
necessary information. So this is only a backup plan, it is NOT
recommended to use these NAND chips.Signed-off-by: Han Xu
(cherry picked from commit 78e8beff734adb72185405ae2cb55e0097eb96cb) -
save the bch layout setting in debugfs for the upper layer applications,
such as kobs-ng.Signed-off-by: Han Xu
(cherry picked from commit 8a373e796c21f4e9b714039e5f0b7d9388ef5a32) -
i.MX6UL also has the DEBUG1 register which can be used for bitflip
detection for erased page.Signed-off-by: Han Xu
(cherry picked from commit 8df8d10edc8909e19e60f0cc1dd65c1fe706ab67) -
This patch adds missing parentheses around the argument of the macro
WROD to avoid any potential macro expansion issue.Signed-off-by: Liu Ying
-
This patch adds missing parentheses around the arguments of the macro
ipu_ch_param_addr/ipu_ch_param_set_field(_io)/ipu_ch_param_mod_field(_io)/
ipu_ch_param_read_field(_io) to avoid any potential macro expansion issue.Signed-off-by: Liu Ying
-
This patch adds missing parentheses around the argument of the macro
idma_is_valid and idma_mask to avoid any potential macro expansion issue.Signed-off-by: Liu Ying
-
We don't have to touch fbi->modelist in ldb_init(), because mxcfb_register()
may initialize the list and add a video mode to the list for us.This patch fixes the following issue reported by Coverity:
INIT_LIST_HEAD(&fbi->modelist);
Uninitialized scalar variable (UNINIT)
uninit_use_in_call: Using uninitialized value fb_vm. Field fb_vm.name is
uninitialized when calling fb_add_videomode.
fb_add_videomode(&fb_vm, &fbi->modelist);
fb_videomode_to_var(&fbi->var, &fb_vm);Signed-off-by: Liu Ying
-
The function fbi_to_pixfmt() could access the pointer fbi->device provided
by it's input parameter fbi, so let's make sure the pointer isn't dangling.This patch fixes the following issue reported by Coverity:
Uninitialized pointer read (UNINIT)
uninit_use_in_call: Using uninitialized value tmp_fbi.device when calling
fbi_to_pixfmt.
switch (fbi_to_pixfmt(&tmp_fbi, true)) {
case IPU_PIX_FMT_YUV420P2:
case IPU_PIX_FMT_YVU420P:Signed-off-by: Liu Ying
-
Resources(kmem and DMA) should be freed correctly in the bailout path of
ioctrl FBIO_ALLOC. We should also delete mem->list from fb_alloc_list
in the bailout path if necessary.The kmem leakage issue is reported by Coverity:
if (get_user(size, argp))
Resource leak (RESOURCE_LEAK)
leaked_storage: Variable mem going out of scope leaks the storage it points to.
return -EFAULT;Signed-off-by: Liu Ying
-
It has to be successful to find a relevant background framebuffer for a
foreground framebuffer. So, we should return error code if it happens
to fail.This patch fixes the following issue reported by Coverity:
Dereference after null check (FORWARD_NULL)
var_deref_op: Dereferencing null pointer fbi_tmp.
if (fbi_tmp->var.vmode & FB_VMODE_INTERLACED)
var->vmode |= FB_VMODE_INTERLACED;
else
var->vmode &= ~FB_VMODE_INTERLACED;Signed-off-by: Liu Ying
-
The driver takes the pointer fbi as the driver data, so fbi cannot be a NULL
pointer in ->remove(). Let's remove the unnecessary NULL pointer check on
fbi.This patch fixes the following issue reported by Coverity:
deref_ptr: Directly dereferencing pointer fbi.
struct mxcfb_info *mxc_fbi = fbi->par;Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking fbi suggests that it may be null, but it has
already been dereferenced on all paths leading to the check.
if (!fbi)
return 0;Signed-off-by: Liu Ying
-
After allocating memory for m2m, we should null check for m2m instead of pair.
In fsl_asrc_close(), null-checking pair suggests that it may be null, but it
has already been dereferenced before the null check. pair will be alloceted
in fsl_asrc_open(), pair is null means that open dev file failed, and
close should not be called in user space. So remove null check for pair.buf_len should not greater than ASRC_DMA_BUFFER_SIZE, otherwith dma buffer will
be overrun.Reported by Coverity.
Signed-off-by: Zidan Wang
(cherry picked from commit b0dc15375b12b6c1bf46b9071b92267b827d8ce0) -
check the return value for snd_pcm_hw_constraint_integer().
Reported by Coverity.Signed-off-by: Zidan Wang
(cherry picked from commit 26f8fea617fcebd8835f660534a988c58b9f0517) -
fix mqs_priv->name overrun issue. Reported by Coverity.
Signed-off-by: Zidan Wang
(cherry picked from commit ef1c59f93981b15412a0207d5517a26901bb2ecd) -
rate_tx and rate_rx are always greater than or equal to 0, so remove the
no effect comparison. Reported by Coverity.Signed-off-by: Zidan Wang
(cherry picked from commit d5957250784a27cf6f6f421d8a6e0ba45b4bbc18) -
init fm_np to avoid wild pointer. Reported by Coverity.
Signed-off-by: Zidan Wang
(cherry picked from commit dea49f320f33e1f723301a0bfa18573c0f7b5fb1) -
fix missing break in switch. Reported by Coverity.
Signed-off-by: Zidan Wang
(cherry picked from commit 302516a1dfca5758a34cbed939c9976679febb0c) -
fix missing break in switch. Reported by Coverity.
Signed-off-by: Zidan Wang
(cherry picked from commit ec9d74d9258e3320ec68a1f977932cb20ace4ca2) -
init codec_np to avoid wild pointer. Reported by Coverity.
Signed-off-by: Zidan Wang
(cherry picked from commit 76665930654867cf38a86ba747a9f8a5bf2665e2) -
…urn value of set_fmt()
init asrc_np to avoid wild pointer and check return value of
set_fmt(). Reported by Coverity.Signed-off-by: Zidan Wang <zidan.wang@freescale.com>
(cherry picked from commit 4ccc87a93e180e09b6494fd6c6d81b07dc054e9b) -
init sii902x_np to avoid wild pointer. Reported by Coverity.
Signed-off-by: Zidan Wang
(cherry picked from commit 780e27683c38f785ea7f7e07e83b00ffd3c22d78) -
init codec_np to avoid wild pointer. Reported by Coverity.
Signed-off-by: Zidan Wang
(cherry picked from commit 8e27b90c9adf5033038a40e0b61a7ffe4c971290) -
check return value for set_fmt and set_sysclk function, and init
codec_np to avoid wild pointer. Reported by coverity.Signed-off-by: Zidan Wang
(cherry picked from commit 68021ab9ada4a7f3037993a3887453e12271d4ed) -
The local variable div_ratio could be less than zero, so let's define
it as type of int32_t instead of uint32_t.This issue is reported by Coverity:
Unsigned compared against 0 (NO_EFFECT)
unsigned_compare: This less-than-zero comparison of an unsigned value
is never true. div_ratio < 0U.
if (div_ratio > 0xFF || div_ratio < 0) {
dev_dbg(ipu->dev, "value of pixel_clk extends normal range\n");
return -EINVAL;
}Signed-off-by: Liu Ying
-
This patch converts macro tri_cur_buf_mask/shift to function to address the
following issue reported by Coverity:
Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
result_independent_of_operands: dma_chan * 2 != 63 is always true regardless of
the values of its operands. This occurs as the logical first operand of '?:'.Signed-off-by: Liu Ying
-
A minor improvement for _ipu_is_smfc_chan() to address the following
issue reported by Coverity:
Unsigned compared against 0 (NO_EFFECT)
unsigned_compare: This greater-than-or-equal-to-zero comparison of an
unsigned value is always true. dma_chan >= 0U.
return ((dma_chan >= 0) && (dma_chan -
This patch fixes the following issue reported by Coverity:
if (IS_ERR(clk))
freed_arg: kfree frees clk. [Note: The source code implementation of the
function has been overridden by a builtin model.]
kfree(clk);Use after free (USE_AFTER_FREE)
use_after_free: Using freed pointer clk.
return clk;Signed-off-by: Liu Ying
-
This patch fixes the following issue reported by Coverity:
if (IS_ERR(clk))
freed_arg: kfree frees clk. [Note: The source code implementation of the
function has been overridden by a builtin model.]
kfree(clk);Use after free (USE_AFTER_FREE)
use_after_free: Using freed pointer clk.
return clk;Signed-off-by: Liu Ying
-
This patch fixes the following issue reported by Coverity:
Constant expression result (CONSTANT_EXPRESSION_RESULT)
always_true_or: The "or" condition disp != 0 || disp != 1 will always be true
because disp cannot be equal to two different values at the same time, so it
must be not equal to at least one of them.
if ((disp != 0) || (disp != 1))
return;Signed-off-by: Liu Ying
-
We should do the bailout dance correctly for the ioctrl IPU_ALLOC:
- Free the mem pointer.
- Free the DMA.
- Delete the mem->list from the ipu_alloc_list.The potential memory leakage issue on the mem pointer is reported by Coverity:
if (get_user(size, argp))
Resource leak (RESOURCE_LEAK)
leaked_storage: Variable mem going out of scope leaks the storage it points to.
return -EFAULT;Signed-off-by: Liu Ying
-
Comparing unsigned integer with 0 is meaningless. So
remove this kind of integer comparing.Signed-off-by: Fancy Fang
-
The code slice in the 'v4l2_fmt_to_pxp_fmt()' function:
"
else if (v4l2_pix_fmt == V4L2_PIX_FMT_RGB555)
pxp_fmt = PXP_PIX_FMT_RGB555;
"
appears twice continuously. And the second code slice
will become dead code which is never executed. So
remove the second one.Signed-off-by: Fancy Fang
-
After coverity code check, it reports dereference NULL return value
complain, so fix it.Signed-off-by: Bai Ping
-
Check if data->usbmisc_data is NULL before dereference it in probe.
Acked-by: Peter Chen
Signed-off-by: Li Jun