Jean Delvare [Tue, 23 Apr 2019 03:30:58 +0000 (03:30 +0000)]
Input: olpc_apsp - depend on ARCH_MMP
The OLPC XO-1.75 and XO-4 are ARM-based laptops, using the Marvell
MMP architecture, so don't present this driver on other architectures
except for build-testing purposes.
Input: sun4i-a10-lradc-keys - add support for A83T
Allwinner A83T SoC has a low res adc like the one in Allwinner A10 SoC,
however, the A10 SoC's vref of lradc internally is divided by 2/3 and
the A83T SoC's vref of lradc internally is divided by 3/4, thus add
a hardware variant for it to be compatible with various devices.
Input: snvs_pwrkey - use dev_pm_set_wake_irq() to simplify code
With calling dev_pm_set_wake_irq() to set SNVS ON/OFF button
as wakeup source for suspend, generic wake irq mechanism
will automatically enable it as wakeup source when suspend,
then the enable_irq_wake()/disable_irq_wake() can be removed
in suspend/resume callback, it simplifies the code.
Dmitry Torokhov [Tue, 26 Mar 2019 21:27:42 +0000 (14:27 -0700)]
Input: i8042 - signal wakeup from atkbd/psmouse
Instead of signalling wakeup directly from i8042, let psmouse and atkbd
drivers execute basic protocol handling and only then signal wakeup
condition. This solves the issue where we increment wakeup counter
simply because we are getting responses from keyboard/mouse to the
commands we ourselves send to them as part of suspend transition.
Jagan Teki [Wed, 3 Apr 2019 23:05:34 +0000 (16:05 -0700)]
Input: goodix - add GT5663 CTP support
GT5663 is capacitive touch controller with customized smart
wakeup gestures.
Add support for it by adding compatible and supported chip data.
The chip data on GT5663 is similar to GT1151, like
- config data register has 0x8050 address
- config data register max len is 240
- config data checksum has 16-bit
Input: evdev - use struct_size() in kzalloc() and vzalloc()
One of the more common cases of allocation size calculations is finding
the size of a structure that has a zero-sized array at the end, along
with memory for some number of elements for that array. For example:
YueHaibing [Mon, 18 Feb 2019 20:17:39 +0000 (12:17 -0800)]
Input: ti_am335x_tsc - remove set but not used variable 'tscadc_dev'
Fixes gcc '-Wunused-but-set-variable' warning:
drivers/input/touchscreen/ti_am335x_tsc.c: In function 'titsc_suspend':
drivers/input/touchscreen/ti_am335x_tsc.c:510:24: warning:
variable 'tscadc_dev' set but not used [-Wunused-but-set-variable]
drivers/input/touchscreen/ti_am335x_tsc.c: In function 'titsc_resume':
drivers/input/touchscreen/ti_am335x_tsc.c:527:24: warning:
variable 'tscadc_dev' set but not used [-Wunused-but-set-variable]
It's not used any more after 333e07ec4b33 ("Input: ti_am335x_tsc: Mark TSC
device as wakeup source")
Rob Herring [Mon, 18 Feb 2019 07:14:25 +0000 (23:14 -0800)]
Input: i8042 - rework DT node name comparisons
Convert string compares of DT node names to use of_node_name_eq helper
instead. For the root node on SUN DT, we need to retrieve the 'name'
property as it is the rare case where the 'name' property and node name
differ. With both changes, it removes direct access to the node name
pointer.
While at it, convert the open coded loop to use for_each_child_of_node().
Guido Günther [Sun, 17 Feb 2019 07:03:41 +0000 (23:03 -0800)]
Input: goodix - refer to touchscreen.txt in device tree bindings
Refer to touchscreen.txt for generic touch properties. This avoids
duplication and we're using the generic code to parse these in the
driver. While at that add touchscreen-size-{x,y} which are respected by
the driver as well.
This was required back when mod_delayed_work() did not exist, and had to
be implemented with a cancel + queue. See commit e7c2f967445d
("workqueue: use mod_delayed_work() instead of __cancel + queue")
schedule_delayed_work() and mod_delayed_work() can now be used
concurrently. So the spinlock is no longer needed.
In preparation to enabling -Wimplicit-fallthrough, mark switch
cases where we are expecting to fall through.
This patch fixes the following warning:
drivers/input/joystick/db9.c: In function ‘db9_saturn_read_packet’:
drivers/input/joystick/db9.c:256:6: warning: this statement may fall through [-Wimplicit-fallthrough=]
if (tmp == 0xff) {
^
drivers/input/joystick/db9.c:263:2: note: here
default:
^~~~~~~
Notice that, in this particular case, the code comment is modified
in accordance with what GCC is expecting to find.
This patch is part of the ongoing efforts to enable
-Wimplicit-fallthrough.
Remove a spinlock which prevents schedule_delayed_work() and
mod_delayed_work() from executing concurrently.
This was required back when mod_delayed_work() did not exist,
and had to be implemented with a cancel + schedule. See
commit e7c2f967445d ("workqueue: use mod_delayed_work() instead of
__cancel + queue")
schedule_delayed_work() and mod_delayed_work() can now be used
concurrently. So the spinlock is no longer needed.
Use devm_gpiod_get_optional() and gpiod_set_value_cansleep() instead
of the old API. The st1232_ts_power() now passes on the inverted "poweron"
value to reflect the correct logical value.
Marek Vasut [Sat, 9 Feb 2019 16:49:38 +0000 (08:49 -0800)]
Input: ili210x - fetch touchscreen geometry from DT
Fetching the geometry from the ILI251x registers seems unreliable and
sometimes returns all zeroes. Add support for fetching the geometry and
axis inversion from DT instead.
Dmitry Torokhov [Wed, 6 Feb 2019 18:10:12 +0000 (10:10 -0800)]
Input: tm2-touchkey - acknowledge that setting brightness is a blocking call
We need to access I2C bus when switching brightness, and that may block,
therefore we have to set stmfts_brightness_set() as LED's
brightness_set_blocking() method.
Dmitry Torokhov [Tue, 5 Feb 2019 22:40:40 +0000 (14:40 -0800)]
Input: stmfts - acknowledge that setting brightness is a blocking call
We need to turn regulators on and off when switching brightness, and
that may block, therefore we have to set stmfts_brightness_set() as
LED's brightness_set_blocking() method.
Fixes: 78bcac7b2ae1 ("Input: add support for the STMicroelectronics FingerTip touchscreen") Acked-by: Andi Shyti <[email protected]> Signed-off-by: Dmitry Torokhov <[email protected]>
Marek Vasut [Thu, 7 Feb 2019 06:02:02 +0000 (22:02 -0800)]
Input: ili210x - add ILI251X support
Add support for ILI251x touch controller. This controller is similar
to the ILI210x, except for the following differences:
- Does not support I2C R-W transfer, Read must be followed by an
obscenely long delay, and then followed by Write
- Does support 10 simultaneous touch inputs.
- Touch data format is slightly different, pressure reporting does not
work although the touch data contain such information.
Marek Vasut [Thu, 7 Feb 2019 06:01:30 +0000 (22:01 -0800)]
Input: ili210x - reorder probe
Perform the register access only after the I2C client data are set,
this is only done in preparation for the subsequent patch which
uses the I2C client data in the register IO function.
Marek Vasut [Thu, 7 Feb 2019 06:01:07 +0000 (22:01 -0800)]
Input: ili210x - rework the touchscreen sample processing
Get rid of the packed structures for representing data as that does not
apply to other similar Ilitek touchscreens. Instead, implement a function
which parses the data and reports touch events and coordinates.
Marek Vasut [Thu, 7 Feb 2019 06:00:44 +0000 (22:00 -0800)]
Input: ili210x - convert to devm IRQ
Convert the driver to devm_request_irq(), drop the related unmanaged
deregistration code and add ili210x_irq_teardown() to tear the IRQ
down and cancel possible touchscreen pending work.
Marek Vasut [Thu, 7 Feb 2019 05:54:37 +0000 (21:54 -0800)]
Input: ili210x - drop get_pendown_state
The .get_pendown_state callback is set only by the platform data code,
which was just removed. Thus, get_pendown_state() always returns false,
so drop that altogether.
On some platforms (e.g.: ARCH_BRCMSTB) it is possible to enter
"poweroff" while leaving some wake-up sources enabled such as key
presses in order to allow for the system to wake-up.
Wire up a .shutdown() callback which calls into the existing
gpio_keys_suspend() since the logic is essentially the same.
Richard Leitner [Tue, 29 Jan 2019 00:17:58 +0000 (16:17 -0800)]
Input: sx8654 - convert #defined flags to BIT(x)
Some of the #defined register values are one-bit flags. Convert them to
use the BIT(x) macro instead of 1 byte hexadecimal values. This improves
readability and clarifies the intent.
Richard Leitner [Mon, 28 Jan 2019 22:54:04 +0000 (14:54 -0800)]
Input: sx8654 - add sx8655 and sx8656 to compatibles
As the sx865[456] share the same datasheet and differ only in the
presence of a "capacitive proximity detection circuit" and a "haptics
motor driver for LRA/ERM" add them to the compatbiles. As the driver
doesn't implement these features it should be no problem.
Add support for the Sitronix ST1633 touchscreen controller to the st1232
driver. A protocol spec can be found here:
www.ampdisplay.com/documents/pdf/AM-320480B6TZQW-TC0H.pdf
Marco Felsch [Mon, 14 Jan 2019 07:08:32 +0000 (23:08 -0800)]
Input: edt-ft5x06 - add support for Evervision FT5726
Evervision displays are using different Focaltech touchscreen
controllers. This commit adds the initial support for the ones using the
FT5726 controller. Receiving the touch data is the same as for the
GENERIC_FT but the x and y cooridnates are swapped. The main differences
are the register addresses where the GAIN and THRESHOLD parameters are
stored.
Input: mcs_touchkey - use struct_size() in kzalloc()
One of the more common cases of allocation size calculations is finding the
size of a structure that has a zero-sized array at the end, along with memory
for some number of elements for that array. For example:
Input: tca6416-keypad - use struct_size() in kzalloc()
One of the more common cases of allocation size calculations is finding the
size of a structure that has a zero-sized array at the end, along with
memory for some number of elements for that array. For example:
Aditya Pakki [Mon, 7 Jan 2019 19:53:59 +0000 (11:53 -0800)]
Input: ad7879 - add check for read errors in interrupt
regmap_bulk_read() can return a non zero value on failure. The fix checks
if the function call succeeded before calling mod_timer. The issue was
identified by a static analysis tool.
Hans de Goede [Fri, 4 Jan 2019 02:10:45 +0000 (18:10 -0800)]
Input: soc_button_array - fix mapping of the 5th GPIO in a PNP0C40 device
The Microsoft documenation for the PNP0C40 device aka the
"Windows-compatible button array" describes the 5th GpioInt listed in
the resources as: '5. Interrupt corresponding to the "Rotation Lock"
button, if supported'.
Notice this describes the 5th entry as a button while we sofar have been
mapping it to EV_SW, SW_ROTATE_LOCK. On my Point of View TAB P1006W-232
which actually comes with a rotation-lock button, the button indeed is a
button and not a slider/switch. An image search for other Windows tablets
has found 2 more models with a rotation-lock button and on both of those
it too is a push-button and not a slider/switch.
Further evidence can be found in the HUT extension HUTRR52 from Microsoft
which adds rotation lock support to the HUT, which describes 2 different
usages: "0xC9 System Display Rotation Lock Button" and
"0xCA System Display Rotation Lock Slider Switch" note that switch is seen
as a separate thing here and the non switch wording is an exact match for
the "Windows-compatible button array" spec wording.
TL;DR: our current mapping of the 5th GPIO to SW_ROTATE_LOCK is wrong
because the 5th GPIO is for a push-button not a switch.
This commit fixes this by maping the 5th GPIO to KEY_ROTATE_LOCK_TOGGLE.
The ACPI0011 _DSD button descriptor on a CHT based Intel Compute Sticks
contains a mapping for usage-page 0x01 usage-id 0xca.
As described in hutrr52_system_display_rotation_lock_controls_0.pdf this
should be mapped as a "System Display Rotation Lock Slider Switch", this
commit adds support for this, silencing the following warning:
soc_button_array ACPI0011:00: Unknown button index 4 upage 01 usage ca,
ignoring
Sanjeev Chugh [Sat, 29 Dec 2018 01:04:31 +0000 (17:04 -0800)]
Input: atmel_mxt_ts - don't try to free unallocated kernel memory
If the user attempts to update Atmel device with an invalid configuration
cfg file, error handling code is trying to free cfg file memory which is
not allocated yet hence results into kernel crash.
This patch fixes the order of memory free operations.
Linus Torvalds [Sun, 23 Dec 2018 18:40:41 +0000 (10:40 -0800)]
Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs fixes from Al Viro:
"A couple of fixes - no common topic ;-)"
[ The aio spectre patch also came in from Jens, so now we have that
doubly fixed .. ]
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
proc/sysctl: don't return ENOMEM on lookup when a table is unregistering
aio: fix spectre gadget in lookup_ioctx
Linus Torvalds [Sat, 22 Dec 2018 23:03:00 +0000 (15:03 -0800)]
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"This is two simple target fixes and one discard related I/O starvation
problem in sd.
The discard problem occurs because the discard page doesn't have a
mempool backing so if the allocation fails due to memory pressure, we
then lose the forward progress we require if the writeout is on the
same device. The fix is to back it with a mempool"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: sd: use mempool for discard special page
scsi: target: iscsi: cxgbit: add missing spin_lock_init()
scsi: target: iscsi: cxgbit: fix csk leak
Linus Torvalds [Sat, 22 Dec 2018 22:29:21 +0000 (14:29 -0800)]
Merge tag 'compiler-attributes-for-linus-v4.20' of https://github.com/ojeda/linux
Pull compiler_types.h fix from Miguel Ojeda:
"A cleanup for userspace in compiler_types.h: don't pollute userspace
with macro definitions (Xiaozhou Liu)
This is harmless for the kernel, but v4.19 was released with a few
macros exposed to userspace as the patch explains; which this removes,
so it *could* happen that we break something for someone (although
leaving inline redefined is probably worse)"
* tag 'compiler-attributes-for-linus-v4.20' of https://github.com/ojeda/linux:
include/linux/compiler_types.h: don't pollute userspace with macro definitions
commit 55956b59df33 ("vfs: Allow userns root to call mknod on owned filesystems.")
enabled mknod() in user namespaces for userns root if CAP_MKNOD is
available. However, these device nodes are useless since any filesystem
mounted from a non-initial user namespace will set the SB_I_NODEV flag on
the filesystem. Now, when a device node s created in a non-initial user
namespace a call to open() on said device node will fail due to:
The problem with this is that as of the aforementioned commit mknod()
creates partially functional device nodes in non-initial user namespaces.
In particular, it has the consequence that as of the aforementioned commit
open() will be more privileged with respect to device nodes than mknod().
Before it was the other way around. Specifically, if mknod() succeeded
then it was transparent for any userspace application that a fatal error
must have occured when open() failed.
All of this breaks multiple userspace workloads and a widespread assumption
about how to handle mknod(). Basically, all container runtimes and systemd
live by the slogan "ask for forgiveness not permission" when running user
namespace workloads. For mknod() the assumption is that if the syscall
succeeds the device nodes are useable irrespective of whether it succeeds
in a non-initial user namespace or not. This logic was chosen explicitly
to allow for the glorious day when mknod() will actually be able to create
fully functional device nodes in user namespaces.
A specific problem people are already running into when running 4.18 rc
kernels are failing systemd services. For any distro that is run in a
container systemd services started with the PrivateDevices= property set
will fail to start since the device nodes in question cannot be
opened (cf. the arguments in [1]).
Full disclosure, Seth made the very sound argument that it is already
possible to end up with partially functional device nodes. Any filesystem
mounted with MS_NODEV set will allow mknod() to succeed but will not allow
open() to succeed. The difference to the case here is that the MS_NODEV
case is transparent to userspace since it is an explicitly set mount option
while the SB_I_NODEV case is an implicit property enforced by the kernel
and hence opaque to userspace.
Linus Torvalds [Fri, 21 Dec 2018 22:59:00 +0000 (14:59 -0800)]
Merge branch 'akpm' (patches from Andrew)
Merge misc fixes from Andrew Morton:
"4 fixes"
* emailed patches from Andrew Morton <[email protected]>:
mm, page_alloc: fix has_unmovable_pages for HugePages
fork,memcg: fix crash in free_thread_stack on memcg charge fail
mm: thp: fix flags for pmd migration when split
mm, memory_hotplug: initialize struct pages for the full memory section
The reason is we do not pass the Head to page_hstate(), and so, the call
to compound_order() in page_hstate() returns 0, so we end up checking
all hstates's size to match PAGE_SIZE.
Obviously, we do not find any hstate matching that size, and we return
NULL. Then, we dereference that NULL pointer in
hugepage_migration_supported() and we got the #PF from above.
Fix that by getting the head page before calling page_hstate().
Also, since gigantic pages span several pageblocks, re-adjust the logic
for skipping pages. While are it, we can also get rid of the
round_up().
Rik van Riel [Fri, 21 Dec 2018 22:30:54 +0000 (14:30 -0800)]
fork,memcg: fix crash in free_thread_stack on memcg charge fail
Commit 9b6f7e163cd0 ("mm: rework memcg kernel stack accounting") will
result in fork failing if allocating a kernel stack for a task in
dup_task_struct exceeds the kernel memory allowance for that cgroup.
Unfortunately, it also results in a crash.
This is due to the code jumping to free_stack and calling
free_thread_stack when the memcg kernel stack charge fails, but without
tsk->stack pointing at the freshly allocated stack.
This in turn results in the vfree_atomic in free_thread_stack oopsing
with a backtrace like this:
Peter Xu [Fri, 21 Dec 2018 22:30:50 +0000 (14:30 -0800)]
mm: thp: fix flags for pmd migration when split
When splitting a huge migrating PMD, we'll transfer all the existing PMD
bits and apply them again onto the small PTEs. However we are fetching
the bits unconditionally via pmd_soft_dirty(), pmd_write() or
pmd_yound() while actually they don't make sense at all when it's a
migration entry. Fix them up. Since at it, drop the ifdef together as
not needed.
Note that if my understanding is correct about the problem then if
without the patch there is chance to lose some of the dirty bits in the
migrating pmd pages (on x86_64 we're fetching bit 11 which is part of
swap offset instead of bit 2) and it could potentially corrupt the
memory of an userspace program which depends on the dirty bit.
Mikhail Zaslonko [Fri, 21 Dec 2018 22:30:46 +0000 (14:30 -0800)]
mm, memory_hotplug: initialize struct pages for the full memory section
If memory end is not aligned with the sparse memory section boundary,
the mapping of such a section is only partly initialized. This may lead
to VM_BUG_ON due to uninitialized struct page access from
is_mem_section_removable() or test_pages_in_a_zone() function triggered
by memory_hotplug sysfs handlers:
Here are the the panic examples:
CONFIG_DEBUG_VM=y
CONFIG_DEBUG_VM_PGFLAGS=y
kernel parameter mem=2050M
--------------------------
page:000003d082008000 is uninitialized and poisoned
page dumped because: VM_BUG_ON_PAGE(PagePoisoned(p))
Call Trace:
( test_pages_in_a_zone+0xde/0x160)
show_valid_zones+0x5c/0x190
dev_attr_show+0x34/0x70
sysfs_kf_seq_show+0xc8/0x148
seq_read+0x204/0x480
__vfs_read+0x32/0x178
vfs_read+0x82/0x138
ksys_read+0x5a/0xb0
system_call+0xdc/0x2d8
Last Breaking-Event-Address:
test_pages_in_a_zone+0xde/0x160
Kernel panic - not syncing: Fatal exception: panic_on_oops
kernel parameter mem=3075M
--------------------------
page:000003d08300c000 is uninitialized and poisoned
page dumped because: VM_BUG_ON_PAGE(PagePoisoned(p))
Call Trace:
( is_mem_section_removable+0xb4/0x190)
show_mem_removable+0x9a/0xd8
dev_attr_show+0x34/0x70
sysfs_kf_seq_show+0xc8/0x148
seq_read+0x204/0x480
__vfs_read+0x32/0x178
vfs_read+0x82/0x138
ksys_read+0x5a/0xb0
system_call+0xdc/0x2d8
Last Breaking-Event-Address:
is_mem_section_removable+0xb4/0x190
Kernel panic - not syncing: Fatal exception: panic_on_oops
Fix the problem by initializing the last memory section of each zone in
memmap_init_zone() till the very end, even if it goes beyond the zone end.
Michal said:
: This has alwways been problem AFAIU. It just went unnoticed because we
: have zeroed memmaps during allocation before f7f99100d8d9 ("mm: stop
: zeroing memory during allocation in vmemmap") and so the above test
: would simply skip these ranges as belonging to zone 0 or provided a
: garbage.
:
: So I guess we do care for post f7f99100d8d9 kernels mostly and
: therefore Fixes: f7f99100d8d9 ("mm: stop zeroing memory during
: allocation in vmemmap")
Pull sparc fixes from David Miller:
"Just some small fixes here and there, and a refcount leak in a serial
driver, nothing serious"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
serial/sunsu: fix refcount leak
sparc: Set "ARCH: sunxx" information on the same line
sparc: vdso: Drop implicit common-page-size linker flag
Pull more networking fixes from David Miller:
"Some more bug fixes have trickled in, we have:
1) Local MAC entries properly in mscc driver, from Allan W. Nielsen.
2) Eric Dumazet found some more of the typical "pskb_may_pull() -->
oops forgot to reload the header pointer" bugs in ipv6 tunnel
handling.
3) Bad SKB socket pointer in ipv6 fragmentation handling, from Herbert
Xu.
4) Overflow fix in sk_msg_clone(), from Vakul Garg.
5) Validate address lengths in AF_PACKET, from Willem de Bruijn"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup
qmi_wwan: Add support for Fibocom NL678 series
tls: Do not call sk_memcopy_from_iter with zero length
ipv6: tunnels: fix two use-after-free
Prevent overflow of sk_msg in sk_msg_clone()
packet: validate address length
net: netxen: fix a missing check and an uninitialized use
tcp: fix a race in inet_diag_dump_icsk()
MAINTAINERS: update cxgb4 and cxgb3 maintainer
ipv6: frags: Fix bogus skb->sk in reassembled packets
mscc: Configured MAC entries should be locked.
Mans Rullgard [Wed, 5 Dec 2018 13:52:47 +0000 (13:52 +0000)]
auxdisplay: charlcd: fix x/y command parsing
The x/y command parsing has been broken since commit 129957069e6a
("staging: panel: Fixed checkpatch warning about simple_strtoul()").
Commit b34050fadb86 ("auxdisplay: charlcd: Fix and clean up handling of
x/y commands") fixed some problems by rewriting the parsing code,
but also broke things further by removing the check for a complete
command before attempting to parse it. As a result, parsing is
terminated at the first x or y character.
This reinstates the check for a final semicolon. Whereas the original
code use strchr(), this is wasteful seeing as the semicolon is always
at the end of the buffer. Thus check this character directly instead.
Yangtao Li [Wed, 12 Dec 2018 16:01:45 +0000 (11:01 -0500)]
serial/sunsu: fix refcount leak
The function of_find_node_by_path() acquires a reference to the node
returned by it and that reference needs to be dropped by its caller.
su_get_type() doesn't do that. The match node are used as an identifier
to compare against the current node, so we can directly drop the refcount
after getting the node from the path as it is not used as pointer.
Fix this by use a single variable and drop the refcount right after
of_find_node_by_path().
Corentin Labbe [Tue, 11 Dec 2018 12:11:09 +0000 (12:11 +0000)]
sparc: Set "ARCH: sunxx" information on the same line
While checking boot log from SPARC qemu, I saw that the "ARCH: sunxx"
information was split on two different line.
This patchs merge both line together.
In the meantime, thoses information need to be printed via pr_info
since printk print them by default via the warning loglevel.
sparc: vdso: Drop implicit common-page-size linker flag
GNU linker's -z common-page-size's default value is based on the target
architecture. arch/sparc/vdso/Makefile sets it to the architecture
default, which is implicit and redundant. Drop it.
Vakul Garg [Fri, 21 Dec 2018 15:16:52 +0000 (15:16 +0000)]
tls: Do not call sk_memcopy_from_iter with zero length
In some conditions e.g. when tls_clone_plaintext_msg() returns -ENOSPC,
the number of bytes to be copied using subsequent function
sk_msg_memcopy_from_iter() becomes zero. This causes function
sk_msg_memcopy_from_iter() to fail which in turn causes tls_sw_sendmsg()
to return failure. To prevent it, do not call sk_msg_memcopy_from_iter()
when number of bytes to copy (indicated by 'try_to_copy') is zero.
Fixes: d829e9c4112b ("tls: convert to generic sk_msg interface") Signed-off-by: Vakul Garg <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Linus Torvalds [Fri, 21 Dec 2018 17:22:24 +0000 (09:22 -0800)]
Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Ingo Molnar:
"The biggest part is a series of reverts for the macro based GCC
inlining workarounds. It caused regressions in distro build and other
kernel tooling environments, and the GCC project was very receptive to
fixing the underlying inliner weaknesses - so as time ran out we
decided to do a reasonably straightforward revert of the patches. The
plan is to rely on the 'asm inline' GCC 9 feature, which might be
backported to GCC 8 and could thus become reasonably widely available
on modern distros.
Other than those reverts, there's misc fixes from all around the
place.
I wish our final x86 pull request for v4.20 was smaller..."
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
Revert "kbuild/Makefile: Prepare for using macros in inline assembly code to work around asm() related GCC inlining bugs"
Revert "x86/objtool: Use asm macros to work around GCC inlining bugs"
Revert "x86/refcount: Work around GCC inlining bug"
Revert "x86/alternatives: Macrofy lock prefixes to work around GCC inlining bugs"
Revert "x86/bug: Macrofy the BUG table section handling, to work around GCC inlining bugs"
Revert "x86/paravirt: Work around GCC inlining bugs when compiling paravirt ops"
Revert "x86/extable: Macrofy inline assembly code to work around GCC inlining bugs"
Revert "x86/cpufeature: Macrofy inline assembly code to work around GCC inlining bugs"
Revert "x86/jump-labels: Macrofy inline assembly code to work around GCC inlining bugs"
x86/mtrr: Don't copy uninitialized gentry fields back to userspace
x86/fsgsbase/64: Fix the base write helper functions
x86/mm/cpa: Fix cpa_flush_array() TLB invalidation
x86/vdso: Pass --eh-frame-hdr to the linker
x86/mm: Fix decoy address handling vs 32-bit builds
x86/intel_rdt: Ensure a CPU remains online for the region's pseudo-locking sequence
x86/dump_pagetables: Fix LDT remap address marker
x86/mm: Fix guard hole handling
Eric Dumazet [Fri, 21 Dec 2018 15:47:51 +0000 (07:47 -0800)]
ipv6: tunnels: fix two use-after-free
xfrm6_policy_check() might have re-allocated skb->head, we need
to reload ipv6 header pointer.
sysbot reported :
BUG: KASAN: use-after-free in __ipv6_addr_type+0x302/0x32f net/ipv6/addrconf_core.c:40
Read of size 4 at addr ffff888191b8cb70 by task syz-executor2/1304
Memory state around the buggy address: ffff888191b8ca00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888191b8ca80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
>ffff888191b8cb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^ ffff888191b8cb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888191b8cc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
Fixes: 0d3c703a9d17 ("ipv6: Cleanup IPv6 tunnel receive path") Fixes: ed1efb2aefbb ("ipv6: Add support for IPsec virtual tunnel interfaces") Signed-off-by: Eric Dumazet <[email protected]> Cc: Steffen Klassert <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Linus Torvalds [Fri, 21 Dec 2018 17:17:52 +0000 (09:17 -0800)]
Merge tag 'drm-fixes-2018-12-21' of git://anongit.freedesktop.org/drm/drm
Pull final drm fix from Daniel Vetter:
"Very calm week, so either everything perfect or everyone on holidays
already. Just one array_index_nospec patch, also for stable"
* tag 'drm-fixes-2018-12-21' of git://anongit.freedesktop.org/drm/drm:
drm/ioctl: Fix Spectre v1 vulnerabilities
Vakul Garg [Fri, 21 Dec 2018 15:55:46 +0000 (15:55 +0000)]
Prevent overflow of sk_msg in sk_msg_clone()
Fixed function sk_msg_clone() to prevent overflow of 'dst' while adding
pages in scatterlist entries. The overflow of 'dst' causes crash in kernel
tls module while doing record encryption.
Fixes: d829e9c4112b ("tls: convert to generic sk_msg interface") Signed-off-by: Vakul Garg <[email protected]> Acked-by: John Fastabend <[email protected]> Signed-off-by: David S. Miller <[email protected]>
Linus Torvalds [Fri, 21 Dec 2018 17:09:30 +0000 (09:09 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Pull input fixes from Dmitry Torokhov:
"Switching a few devices with Synaptics over to SMbus and disabling
SMbus on a couple devices with Elan touchpads as they need more
plumbing on PS/2 side"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: synaptics - enable SMBus for HP EliteBook 840 G4
Input: elantech - disable elan-i2c for P52 and P72
Input: synaptics - enable RMI on ThinkPad T560
Input: omap-keypad - fix idle configuration to not block SoC idle states
Linus Torvalds [Fri, 21 Dec 2018 17:05:28 +0000 (09:05 -0800)]
Merge tag 'gpio-v4.20-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
Pull GPIO fixes from Linus Walleij:
"Hopefully last round of GPIO fixes.
The ACPI patch is pretty important for some laptop users, the rest is
driver-specific for embedded (mostly ARM) systems.
I took out one ACPI patch that wasn't critical enough because I
couldn't justify sending it at this point, and that is why the commit
date is today, but the patches have been in linux-next.
Sorry for not sending some of them earlier :(
Notice that we have a co-maintainer for GPIO now, Bartosz Golaszewski,
and he might jump in and make some pull requests at times when I am
off.
Summary:
- ACPI IRQ request deferral
- OMAP: revert deferred wakeup quirk
- MAX7301: fix DMA safe memory handling
- MVEBU: selective probe failure on missing clk"
* tag 'gpio-v4.20-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
gpio: mvebu: only fail on missing clk if pwm is actually to be used
gpio: max7301: fix driver for use with CONFIG_VMAP_STACK
gpio: gpio-omap: Revert deferred wakeup quirk handling for regressions
gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers
Linus Torvalds [Fri, 21 Dec 2018 16:56:31 +0000 (08:56 -0800)]
Merge tag '4.20-rc7-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6
Pull smb3 fix from Steve French:
"An important smb3 fix for an regression to some servers introduced by
compounding optimization to rmdir.
This fix has been tested by multiple developers (including me) with
the usual private xfstesting, but also by the new cifs/smb3 "buildbot"
xfstest VMs (thank you Ronnie and Aurelien for good work on this
automation). The automated testing has been updated so that it will
catch problems like this in the future.
Note that Pavel discovered (very recently) some unrelated but
extremely important bugs in credit handling (smb3 flow control problem
that can lead to disconnects/reconnects) when compounding, that I
would have liked to send in ASAP but the complete testing of those two
fixes may not be done in time and have to wait for 4.21"
* tag '4.20-rc7-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
smb3: Fix rmdir compounding regression to strict servers
Input: add official Raspberry Pi's touchscreen driver
Add's support to Raspberry Pi's 7" Touch device. Instead of using a
conventional bus all information is copied into a memory mapped area by
RPi's firmware.
Based on the driver found in RPi's kernel repository.
projects / linux.git / log