dwc3_meson_g12a_usb2_init_phy() crashes with NULL pointer on an SM1
board (which uses the same USB setup as G12A) dereference as reported
by the Kernel CI bot. This is because of the following call flow:
dwc3_meson_g12a_probe
priv->drvdata->setup_regmaps
dwc3_meson_g12a_setup_regmaps
priv->usb2_ports is still 0 so priv->u2p_regmap[i] will be NULL
dwc3_meson_g12a_get_phys
initializes priv->usb2_ports
priv->drvdata->usb_init
dwc3_meson_g12a_usb_init
dwc3_meson_g12a_usb_init_glue
dwc3_meson_g12a_usb2_init
priv->drvdata->usb2_init_phy
dwc3_meson_g12a_usb2_init_phy
dereferences priv->u2p_regmap[i]
Call priv->drvdata->setup_regmaps only after dwc3_meson_g12a_get_phys so
priv->usb2_ports is initialized and the regmaps will be set up
correctly. This fixes the NULL dereference later on.
Fixes: 013af227f5 ("usb: dwc3: meson-g12a: handle the phy and glue registers separately")
Reported-by: "kernelci.org bot" <bot@kernelci.org>
Acked-by: Felipe Balbi <balbi@kernel.org>
Acked-by: Neil Armstrong <narmstron@baylibre.com>
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Link: https://lore.kernel.org/r/20200526202943.715220-3-martin.blumenstingl@googlemail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch is to fix a crash:
[ ] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ ] general protection fault: 0000 [#1] SMP KASAN PTI
[ ] RIP: 0010:ipv6_local_error+0xac/0x7a0
[ ] Call Trace:
[ ] xfrm6_local_error+0x1eb/0x300
[ ] xfrm_local_error+0x95/0x130
[ ] __xfrm6_output+0x65f/0xb50
[ ] xfrm6_output+0x106/0x46f
[ ] udp_tunnel6_xmit_skb+0x618/0xbf0 [ip6_udp_tunnel]
[ ] vxlan_xmit_one+0xbc6/0x2c60 [vxlan]
[ ] vxlan_xmit+0x6a0/0x4276 [vxlan]
[ ] dev_hard_start_xmit+0x165/0x820
[ ] __dev_queue_xmit+0x1ff0/0x2b90
[ ] ip_finish_output2+0xd3e/0x1480
[ ] ip_do_fragment+0x182d/0x2210
[ ] ip_output+0x1d0/0x510
[ ] ip_send_skb+0x37/0xa0
[ ] raw_sendmsg+0x1b4c/0x2b80
[ ] sock_sendmsg+0xc0/0x110
This occurred when sending a v4 skb over vxlan6 over ipsec, in which case
skb->protocol == htons(ETH_P_IPV6) while skb->sk->sk_family == AF_INET in
xfrm_local_error(). Then it will go to xfrm6_local_error() where it tries
to get ipv6 info from a ipv4 sk.
This issue was actually fixed by Commit 628e341f31 ("xfrm: make local
error reporting more robust"), but brought back by Commit 844d48746e
("xfrm: choose protocol family by skb protocol").
So to fix it, we should call xfrm6_local_error() only when skb->protocol
is htons(ETH_P_IPV6) and skb->sk->sk_family is AF_INET6.
Fixes: 844d48746e ("xfrm: choose protocol family by skb protocol")
Reported-by: Xiumei Mu <xmu@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Johan writes:
GNSS updates for 5.8-rc1
Here are the GNSS updates for 5.8-rc1, including:
- a fix for two broken probe errors paths in the sirf driver
- a flexible array conversion
Both have been in linux-next with no reported issues.
* tag 'gnss-5.8-rc1' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/gnss:
gnss: replace zero-length array with flexible-array
gnss: sirf: fix error return code in sirf_probe()
Chanwoo writes:
Update extcon for v5.8
Detailed description for this pull request:
1. Update extcon provider driver
- Fix an error handling code by using devm_iio_channel_get() for extcon-adc-jac.c
- Fix the usage counter imbalance of runtime PM for extcon-arizona.c.
- Add proper dt-compatible string for extcon-max14577.c.
2. Update extcon core with minor updates:
- Remove unneeded initialization of local variable in extcon_register_notifier
* tag 'extcon-next-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/chanwoo/extcon:
extcon: arizona: Fix runtime PM imbalance on error
extcon: max14577: Add proper dt-compatible strings
extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()'
extcon: remove redundant assignment to variable idx
When arizona_request_irq() returns an error code, a
pairing runtime PM usage counter decrement is needed
to keep the counter balanced. For error paths after
this function, things are the same.
Also, remove calls to pm_runtime_disable() when
pm_runtime_enable() has not been executed.
Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Add device tree compatible strings and create proper modalias structures
to let this driver load automatically if compiled as module, because
max14577 MFD driver creates MFD cells with such compatible strings.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
In some error handling paths, a call to 'iio_channel_get()' is not balanced
by a corresponding call to 'iio_channel_release()'.
This can be achieved easily by using the devm_ variant of
'iio_channel_get()'.
This has the extra benefit to simplify the remove function.
Fixes: 19939860dc ("extcon: adc_jack: adc-jack driver to support 3.5 pi or simliar devices")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
The variable idx is being initialized with a value that is never read
and it is being updated later with a new value. The initialization is
redundant and can be removed.
Addresses-Coverity: ("Unused value")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Johan writes:
USB-serial fixes for 5.8-rc1
Here are some new modem device ids.
All have been in linux-next with no reported issues.
* tag 'usb-serial-5.8-rc1-2' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial:
USB: serial: option: add Telit LE910C1-EUX compositions
USB: serial: qcserial: add DW5816e QDL support
Johan writes:
USB-serial updates for 5.8-rc1
Here are the USB-serial updates for 5.8-rc1, including:
- a SPDX comment-style clean up
- a fix usb_wwan modem drivers which could end up resubmitting the
their read URBs in a tight loop on disconnect
- a regression fix for a subset of quirky ch341 devices which would
lock up on certain low line speeds when using the new divisor
algorithm
All have been in linux-next with no reported issues.
* tag 'usb-serial-5.8-rc1' of https://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial:
USB: serial: ch341: fix lockup of devices with limited prescaler
USB: serial: ch341: add basis for quirk detection
USB: serial: usb_wwan: do not resubmit rx urb on fatal errors
USB: serial: Use the correct style for SPDX License Identifier
CONFIG_ICST is for ARM Ltd reference platforms and isn't used by Zynq
platform, so remove selecting it. It appears to be a copy-n-paste error.
Cc: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Rob Herring <robh@kernel.org>
[arnd: remove the versatile clk driver change I added previously]
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
We don't want to have txq code in the PCIe transport code, so move all
the relevant elements to a new iwl_txq structure and store it in
iwl_trans.
spatch
@ replace_pcie @
struct iwl_trans_pcie *trans_pcie;
@@
(
-trans_pcie->queue_stopped
+trans->txqs.queue_stopped
|
-trans_pcie->queue_used
+trans->txqs.queue_used
|
-trans_pcie->txq
+trans->txqs.txq
|
-trans_pcie->txq
+trans->txqs.txq
|
-trans_pcie->cmd_queue
+trans->txqs.cmd.q_id
|
-trans_pcie->cmd_fifo
+trans->txqs.cmd.fifo
|
-trans_pcie->cmd_q_wdg_timeout
+trans->txqs.cmd.wdg_timeout
)
// clean all new unused variables
@ depends on replace_pcie @
type T;
identifier i;
expression E;
@@
- T i = E;
... when != i
Signed-off-by: Mordechay Goodstein <mordechay.goodstein@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/iwlwifi.20200529092401.a428d3c9d66f.Ie04ae55f33954636a39c98e7ae1e739c0507435b@changeid
Add enable regulators to dev_pm_opp_set_regulators() and disable
regulators to dev_pm_opp_put_regulators(). Even if bootloader
leaves regulators enabled, they should be enabled in kernel in
order to increase the reference count.
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Acked-by: Clément Péron <peron.clem@gmail.com>
Tested-by: Clément Péron <peron.clem@gmail.com>
Signed-off-by: Kamil Konieczny <k.konieczny@samsung.com>
[ Viresh: Enable the regulator only after it is programmed and add a
flag to track its status. ]
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
In addition to clocks and regulators, some devices can scale the bandwidth
of their on-chip interconnect - for example between CPU and DDR memory. Add
support for that, so that platforms which support it can make use of it.
Signed-off-by: Georgi Djakov <georgi.djakov@linaro.org>
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
[ Viresh: Reused dev_pm_opp_of_find_icc_paths(). Also drop the depends
on from Kconfig. ]
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
fixup! cpufreq: dt: Add support for interconnect bandwidth scaling
If the OPP bandwidth values are populated, we want to switch also the
interconnect bandwidth in addition to frequency and voltage.
Signed-off-by: Georgi Djakov <georgi.djakov@linaro.org>
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Sibi Sankar <sibis@codeaurora.org>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
When we read the OPP keys, it would be nice to do some sanity checks
of the values we get from DT and see if they match with the information
that is populated in the OPP table. Let's pass a pointer of the table,
so that we can do some validation.
Signed-off-by: Georgi Djakov <georgi.djakov@linaro.org>
Reviewed-by: Matthias Kaehlcke <mka@chromium.org>
Reviewed-by: Sibi Sankar <sibis@codeaurora.org>
[ Viresh: Fix rebase conflicts ]
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
