IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Take vlan header length into account, when vlan id is stored as
vlan_tci. Otherwise tagged packets coming from macvtap will be
truncated.
Signed-off-by: Basil Gor <basil.gor@gmail.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The Kontron M2M development board, also known as the Fish River Island II,
has an optional daughter card providing access to the PCH_UART (EG20T) via
a ti_usb_3410_5052 uart to usb chip.
http://us.kontron.com/products/systems+and+platforms/m2m/m2m+smart+services+developer+kit.html
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
CC: Al Borchers <alborchers@steinerpoint.com>
CC: Peter Berger <pberger@brimson.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch removes some potentially problematic legacy code within
core_clear_initiator_node_from_tpg() that was originally intended to
release left over se_lun_acl setup during dynamic NodeACL+MappedLUN
generate when running with TPG demo-mode operation.
Since we now only ever expect to allocate and release se_lun_acl from
within target_core_fabric_configfs.c:target_fabric_make_mappedlun() and
target_fabric_drop_mappedlun() context respectively, this code for
demo-mode release is incorrect and needs to be removed.
Cc: Christoph Hellwig <hch@lst.de>
Cc: Andy Grover <agrover@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Since commit 3aba891d, bonding processes LACP frames (802.3ad
mode) with bond_handle_frame(). Currently a copy of the skb is
made and the original is left to be processed by other
rx_handlers and the rest of the network stack by returning
RX_HANDLER_ANOTHER. As there is no protocol handler for
PKT_TYPE_LACPDU, the frame is dropped and dev->rx_dropped
increased.
Fix this by making bond_handle_frame() return RX_HANDLER_CONSUMED
if bonding has processed the LACP frame.
Signed-off-by: Jiri Bohac <jbohac@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
In 2009 Philip Reiser notied that a few users of netlink connector
interface needed a capability check and added the idiom
cap_raised(nsp->eff_cap, CAP_SYS_ADMIN) to a few of them, on the premise
that netlink was asynchronous.
In 2011 Patrick McHardy noticed we were being silly because netlink is
synchronous and removed eff_cap from the netlink_skb_params and changed
the idiom to cap_raised(current_cap(), CAP_SYS_ADMIN).
Looking at those spots with a fresh eye we should be calling
capable(CAP_SYS_ADMIN). The only reason I can see for not calling capable
is that it once appeared we were not in the same task as the caller which
would have made calling capable() impossible.
In the initial user_namespace the only difference between between
cap_raised(current_cap(), CAP_SYS_ADMIN) and capable(CAP_SYS_ADMIN) are a
few sanity checks and the fact that capable(CAP_SYS_ADMIN) sets
PF_SUPERPRIV if we use the capability.
Since we are going to be using root privilege setting PF_SUPERPRIV seems
the right thing to do.
The motivation for this that patch is that in a child user namespace
cap_raised(current_cap(),...) tests your capabilities with respect to that
child user namespace not capabilities in the initial user namespace and
thus will allow processes that should be unprivielged to use the kernel
services that are only protected with cap_raised(current_cap(),..).
To fix possible user_namespace issues and to just clean up the code
replace cap_raised(current_cap(), CAP_SYS_ADMIN) with
capable(CAP_SYS_ADMIN).
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Philipp Reisner <philipp.reisner@linbit.com>
Acked-by: Serge E. Hallyn <serge.hallyn@canonical.com>
Acked-by: Andrew G. Morgan <morgan@kernel.org>
Cc: Vasiliy Kulikov <segoon@openwall.com>
Cc: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Cc: David Miller <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This reverts commit 8a83a00b0735190384a348156837918271034144.
It causes regressions for S390 devices, because it does an
unconditional DST drop on SKBs for vlans and the QETH device
needs the neighbour entry hung off the DST for certain things
on transmit.
Arnd can't remember exactly why he even needed this change.
Conflicts:
drivers/net/macvlan.c
net/8021q/vlan_dev.c
net/core/dev.c
Signed-off-by: David S. Miller <davem@davemloft.net>
The NEQ interrupt is only triggered when there was no previous pending
interrupt. If we request irq handling after an interrupt has occurred,
we will never get an interrupt until we call H_RESET_EVENTS.
Events seem to be cleared when we first register the NEQ. So, when we
requested irq handling right after registering it, a possible race with
an interrupt was much less likely. Now, there is a chance we may lose
this race and never get any events.
The fix here is to poll and acknowledge any events that might have
happened right after registering the irq handler.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Since the caller (PM resume code) is not the one holding rtnl, when taking the
'else' branch rtnl may be released at any moment, thereby defeating the whole
purpose of this code block.
Signed-off-by: Benjamin Poirier <bpoirier@suse.de>
Tested-by: Jeff Pieper <jeffrey.e.pieper@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Merge PA-RISC compile fixes from Rolf Eike Beer:
"Since commit d66acc39c7ce ("bitops: Optimise get_order()") getorder.h
includes log2.h which leads to an include loop on PA-RISC, bringing a
bunch of other breakage to light. This patchset fixes the compilation
of the current state of 3.4 on HPPA.
Unchanged against the first version, just added an Ack by Grant."
* emailed from Rolf Eike Beer <eike-kernel@sf-tec.de>: (5 patches)
parisc: move definition of PAGE0 to asm/page.h
parisc: add missing include of asm/page.h to asm/pgtable.h
parisc: drop include of asm/pdc.h from asm/hardware.h
parisc: add missing forward declarations in asm/hardware.h
parisc: add missing includes in asm/spinlock.h
This was defined in asm/pdc.h which needs to include asm/page.h for
__PAGE_OFFSET. This leads to an include loop so that page.h eventually will
include pdc.h again. While this is no problem because of header guards, it is
a problem because some symbols may be undefined. Such an error is this:
In file included from include/linux/bitops.h:35:0,
from include/asm-generic/getorder.h:7,
from arch/parisc/include/asm/page.h:162,
from arch/parisc/include/asm/pdc.h:346,
from arch/parisc/include/asm/processor.h:16,
from arch/parisc/include/asm/spinlock.h:6,
from arch/parisc/include/asm/atomic.h:20,
from include/linux/atomic.h:4,
from include/linux/sysfs.h:20,
from include/linux/kobject.h:21,
from include/linux/device.h:17,
from include/linux/eisa.h:5,
from arch/parisc/kernel/pci.c:11:
arch/parisc/include/asm/bitops.h: In function ‘set_bit’:
arch/parisc/include/asm/bitops.h:82:2: error: implicit declaration of function ‘_atomic_spin_lock_irqsave’ [-Werror=implicit-function-declaration]
arch/parisc/include/asm/bitops.h:84:2: error: implicit declaration of function ‘_atomic_spin_unlock_irqrestore’ [-Werror=implicit-function-declaration]
Signed-off-by: Rolf Eike Beer <eike-kernel@sf-tec.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
__devexit functions are discarded without CONFIG_HOTPLUG, so they need
to be referenced carefully. A __devexit function may also not be called
from a __devinit function.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Bryan Wu <bryan.wu@canonical.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
With a previous patch, the usb_driver suspend/resume callbacks got
overridden and were never called if a usb_serial driver defined them.
This patch fixes the opticon driver to move the suspend/resume callbacks
into the usb_serial_driver structure where they will be properly called.
It then removes the unused usb_driver structure.
Cc: Johan Hovold <jhovold@gmail.com>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Cc: Julia Lawall <julia@diku.dk>
Cc: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
There are a number of device ids that the quatech2 driver supports that
are duplicated in the serqt_usb2 driver, so remove them from the
serqt_usb2 driver as they do not belong there.
Reported-by: Bill Pemberton <wfp5p@virginia.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Now that we have a "real" driver for the quatech devices, we can remove
the drivers/staging/quatech_usb2/ driver as it is no longer needed.
Thanks to Bill Pemberton for writing the new driver.
Cc: Richard Ash <richard@audacityteam.org>
Cc: Bill Pemberton <wfp5p@virginia.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add a copyright and license statement to the head of quatech.c source
file. No code change here.
Signed-off-by: Bill Pemberton <wfp5p@virginia.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This supports the Quatech USB 2 usb to serial adapters.
Signed-off-by: Bill Pemberton <wfp5p@virginia.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add a variant of rndis_bind_config to let gadget drivers change
rndis vendorID and manufacturer parameters.
Signed-off-by: Benoit Goby <benoit@android.com>
[make rndis_bind_config a static inline function]
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
f_rndis checks if rndis_string_defs[0].id is null to setup rndis
and allocate string ids when it is bound to the first configuration:
/* maybe allocate device-global string IDs */
if (rndis_string_defs[0].id == 0) {
/* ... and setup RNDIS itself */
status = rndis_init();
if (status < 0)
return status;
rndis_string_defs[0].id must be reset to 0 on unbind for rndis to be
correctly initialized on the next composite_bind.
Signed-off-by: Benoit Goby <benoit@android.com>
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This is needed to avoid name collisions on SoCs that have both usb
gadget and usb host, where usb0 may be the rndis interface or a usb
ethernet adapter.
Signed-off-by: Mike Lockwood <lockwood@android.com>
Signed-off-by: Benoit Goby <benoit@android.com>
[make gether_setup a static inline function]
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove geserial_setup from the init section. The android gadget
driver calls it after probe, after userspace has configured the
gadget driver.
Signed-off-by: Benoit Goby <benoit@android.com>
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add iSerialNumber to usb_composite_driver to allow setting a default value.
This is useful when the module is compiled-in. Then the composite_bind
is executed at kernel boot and string id for iSerialNumber can be overridden
even if there is no iSerialNumber kernel commandline parameter.
If the string id is not overridden, then get_string will never attempt to
look for the alternative string contents using cdev->serial_override.
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Enable module parameters to be modified at runtime, especially
if the module is compiled-in.
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reset config->interface in usb_add_config, as it may contain pointers to
functions from a previous session if config is removed and re-added.
Signed-off-by: Benoit Goby <benoit@android.com>
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add usb_remove_config to unbind a configuration and remove it from
the configs list. This allows implementing composite gadget drivers that
can disconnect themself from the bus and that will later be re-enumerated
with a different configuration.
Gadget drivers must call usb_gadget_disconnect before calling this
function to disable the pullup, disconnect the device from the host,
and prevent the host from enumerating the device while we are changing
the gadget configuration.
Signed-off-by: Benoit Goby <benoit@android.com>
[change return type of [usb_]remove_config]
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
As pointed out by Dan Carpenter, the check for NULL for the id variable
is no longer needed, especially as we just dereferenced it a few lines
earlier, causing an oops if it really was NULL.
This was caused by 62bb84ed0e4d: "usb: gadget: ci13xxx: convert to
platform device".
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
As pointed out by Dan Carpenter, we should not be trying to call
dev_err() on a structure that was previously determined to be NULL,
that's just foolish and asking for trouble.
So just delete the message, it's not going to do anyone any good to have
it anyway.
This problem was caused by 0f089094cde5: "usb: gadget: ci13xxx: replace
home-brewed logging with dev_{err,warn,info}"
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Initialization of irqenable, irqstatus registers is the common
operation done in this function for all OMAP platforms, viz. OMAP1,
OMAP2+. The latter _gpio_rmw()'s which supposedly got introduced
wrongly to take care of OMAP2+ platforms were overwriting initially
programmed OMAP1 value breaking functionality on OMAP1.
Somehow incorrect assumption was made that each _gpio_rmw()'s were
mutually exclusive. On close observation it is found that the first
_gpio_rmw() which is supposedly done to take care of OMAP1 platform
is generic enough and takes care of OMAP2+ platform as well.
Therefore remove the latter _gpio_rmw() to irqenable as they are
redundant now.
Writing to ctrl and debounce_en registers for OMAP2+ platforms are
modified to match the original(pre-cleanup) code where the registers
are initialized with 0. In the cleanup series since we are using
_gpio_rmw(reg, 0, 1), instead of __raw_writel(), we are just reading
and writing the same values to ctrl and debounce_en. This is not an
issue for debounce_en register because it has 0x0 as the default value.
But in the case of ctrl register the default value is 0x2 (GATINGRATIO
= 0x1) so that we end up writing 0x2 instead of intended 0 value.
Therefore changing back to __raw_writel() as this is sufficient for
this case besides simpler to understand.
Also, change irqstatus initalization logic that avoids comparison
with bool, besides making it fit in a single line.
Cc: stable@vger.kernel.org
Cc: Tony Lindgren <tony@atomide.com>
Cc: Kevin Hilman <khilman@ti.com>
Cc: Santosh Shilimkar <santosh.shilimkar@ti.com>
Cc: Grant Likely <grant.likely@secretlab.ca>
Reported-by: Janusz Krzysztofik <jkrzyszt@tis.icnet.pl>
Tested-by: Janusz Krzysztofik <jkrzyszt@tis.icnet.pl>
Signed-off-by: Tarun Kanti DebBarma <tarun.kanti@ti.com>
Signed-off-by: Kevin Hilman <khilman@ti.com>
Fix a use-after-free in the TMF path, where cmd may have been already
freed by virtscsi_complete_free when wait_for_completion restarts
executing virtscsi_tmf. Technically a race, but in practice the command
will always be freed long before the completion waiter is awoken.
The fix is to make callers specifying a completion responsible for
freeing the command in all cases.
Signed-off-by: Hu Tao <hutao@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Commit 6f381fa344911d5a234b13574433cf23036f9467
Author: Lin Ming <ming.m.lin@intel.com>
[SCSI] scsi_lib: use correct DMA device in __scsi_alloc_queue
Caused a regression where we oops in every legacy mode SCSI host driver
because they supply a NULL pointer to scsi_add_host(). Fix this by checking
for the NULL in scsi_add_host_with_dma() and changing the DMA device to being
the platform_bus in that case (which replicates the original behaviour).
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
In case of firmmware detected under-run condition and scsi status of
task_set_full or busy_condition, return that to the mid layer for proper error
handling instead of DID_ERROR (which causes error handler activation and a
full retry).
Signed-off-by: Giridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: Chad Dupuis <chad.dupuis@qlogic.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
This commit adds a cosmetic change to the s3c-hsotg UDC driver.
It moves s3c-hsotg.h to other linux/ related inclusions.
Signed-off-by: Lukasz Majewski <l.majewski@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
A possible race condition appears because we are not initializing
the ohci->regs before calling usb_hcd_request_irqs().
We move the call to ohci_init() in hcd->driver->reset() instead of
hcd->driver->start() to fix this.
This was experienced when we share the same IRQ line between OHCI and EHCI
controllers.
Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Tested-by: Christian Eggers <christian.eggers@kathrein.de>
Cc: stable <stable@vger.kernel.org>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
When PHY reset pin is connected to a GPIO on external GPIO chip
(e.g. I2C), we should not call the gpio_set_value() function, but
gpio_set_value_cansleep().
Signed-off-by: Igor Grinberg <grinberg@compulab.co.il>
Acked-by: Felipe Balbi <balbi@ti.com>
Tested-by: Govindraj.R <govindraj.raja@ti.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Finally, convert to the new style framework, using udc_start/udc_stop
methods. Since there is no need in the global _udc pointer, remove it.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Currently, endpoints are initialized in gadget start/stop methods, however
for the new style gadgets it is expected that bind() can be called before
controller's start(), and we need endpoints already initialized at that
point. So, move endpoint initialization to controller's probe before we
switch to the "new style" gadget framework.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Logging output in the driver is mostly done using custom err/warn/info
macros which rely on the existence of the global variable _udc, which
is a global reference to the udc controller structure. This reference
will have to go in order to allow us to have more than one chipidea udc
in the system.
Thus, replace custom macros with dev_{err,warn,info} using the platform
device where possible. The trace() macro, which is a nop by default is
left for tracing purposes.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Let's break ci13xxx driver into a separate udc driver and platform
drivers _pci and _msm, which will create a platform device for each pci
(or msm) device found. The approach was introduced by Felipe in dwc3
driver and there seems to be no reason not to use it.
msm related code is only compile-tested.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
After the UDC class conversion, there is no reason to limit the kernel
to have only one UDC controller in the system.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Use lookup table instead of conditional macrodefinitions of register
addresses. With two different possible register layouts and different
register offsets, it's easiest to build a table with register addresses
at probe time, based on the information supplied from the platform and
device capabilities. This way we get rid of branch-per-register-access.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Make global variables that are specific for each UDC instance part of
struct ci13xxx.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Small and self-evident cleanup.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch (as1553) adds an unusual_dev entrie for the Yarvik PMP400
MP4 music player.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Jesse Feddema <jdfeddema@gmail.com>
Tested-by: Jesse Feddema <jdfeddema@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This is a last minute bug fix that was only just noticed since the code
path that's being exercised here is one that is fairly rarely used. The
changelog for the change itself is extremely clear and the code itself
is obvious to inspection so should be pretty safe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABAgAGBQJPqoQhAAoJEBus8iNuMP3dj1kP/0Z1yIk1ME0KzSy42/qbGKsp
+2mrAASkh7DbbWU2hSmwTpEgAAiY2ws0A/Uyj/Al4f/gJW6bZvlxK4mbf1i+P1LG
ab3ohhUOqexHVaIKMTnYKhnHWuzU25mnf2vW8IOr6jccu6h7X4orDmw1uEPVgsbs
P7fThQa0BPRkiLIUWGmg0oMY6IXJlzsStDK2Npw47EypY4FZCZucJgXkmYZLt0Nk
mhLPsznD5GqHNSmCqrUI3j/s3R0sd/Xc63pvznBU9D8RAbSRgi2vGL8UenEtIQgt
bVXOKe5H8ZzXYNYpzpGeJm3dTE2pZWmT1hfRSf0kBOkLhEpt/Oy9WBj1kfoTg9n9
fNH6OJYn12uG0qQomiAT96Qm3qrslF5y9S64ZyHT6BAkJT87wnEqTmaQkoAevDEr
hldzT+dTPAk2Pspge8m910+kQA72YyE1z6/PikvkEepYDFrqffZcBFWqjW8aQjGj
/5r7F5fLC7zJku0FjYUMRYDgYc9z0lk6tDt8QL7E7j+55ntrhYR8IuTQA7g2asal
yeQSTqa/NkJcch+aULgyOU0W9U1z2i04mdGI74iJnf3DSGGmvJ95IYLJA4tfnIOw
63xo2BhmHVGyRqTN5l7o5Zlgf5FdcUt+5EBLudSqqZynB/tMZNgb0PEzfIRFBuRq
GSIm5dwIqKgtymCEOUmp
=xcal
-----END PGP SIGNATURE-----
Merge tag 'regmap-3.4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap
Pull last minute regman bug fix from Mark Brown:
"This is a last minute bug fix that was only just noticed since the
code path that's being exercised here is one that is fairly rarely
used. The changelog for the change itself is extremely clear and the
code itself is obvious to inspection so should be pretty safe."
* tag 'regmap-3.4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
regmap: fix possible memory corruption in regmap_bulk_read()
The function regmap_bulk_read() calls the regmap_read() for
each register if set of register has volatile and cache is
enabled. In this case, last few register read makes the memory
corruption if the register size is not the size of unsigned int.
The regam_read() takes argument as unsigned int for returning
value and it update the value as
*val = map->format.parse_val(map->work_buf);
This causes complete 4 bytes (size of unsigned int) to get written.
Now if client pass the memory pointer for value which is equal to the
required size of register count in regmap_bulk_read() then last few
register read actually update the memory beyond passed pointer size.
Avoid this by using local variable for read and then do memcpy()
for actual byte copy to passed pointer based on register size.
I allocated one pointer ptr and take first 16 bytes dump of that
pointer then call regmap_bulk_read() with pointer which is just
on top of this allocated pointer and register count of 128. Here
register size is 1 byte.
The memory trace of last 5 register read are as follows:
[ 5.438589] regmap_bulk_read after regamp_read() for register 122
[ 5.447421] 0xef993c20 0xef993c00 0x00000000 0x00000001
[ 5.467535] regmap_bulk_read after regamp_read() for register 123
[ 5.476374] 0xef993c20 0xef993c00 0x00000000 0x00000001
[ 5.496425] regmap_bulk_read after regamp_read() for register 124
[ 5.505260] 0xef993c20 0xef993c00 0x00000000 0x00000001
[ 5.525372] regmap_bulk_read after regamp_read() for register 125
[ 5.534205] 0xef993c00 0xef993c00 0x00000000 0x00000001
[ 5.554258] regmap_bulk_read after regamp_read() for register 126
[ 5.563100] 0xef990000 0xef993c00 0x00000000 0x00000001
[ 5.554258] regmap_bulk_read after regamp_read() for register 127
[ 5.587108] 0xef000000 0xef993c00 0x00000000 0x00000001
Here it is observed that the memory content at first word started changing
on last 3 regmap_read() and so corruption happened.
Signed-off-by: Laxman Dewangan <ldewangan@nvidia.com>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
