When async binder buffer got exhausted, some normal oneway transactions
will also be discarded and may cause system or application failures. By
that time, the binder debug information we dump may not be relevant to
the root cause. And this issue is difficult to debug if without the
backtrace of the thread sending spam.
This change will send BR_ONEWAY_SPAM_SUSPECT to userspace when oneway
spamming is detected, request to dump current backtrace. Oneway spamming
will be reported only once when exceeding the threshold (target process
dips below 80% of its oneway space, and current process is responsible for
either more than 50 transactions, or more than 50% of the oneway space).
And the detection will restart when the async buffer has returned to a
healthy state.
Acked-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Hang Lu <hangl@codeaurora.org>
Link: https://lore.kernel.org/r/1617961246-4502-3-git-send-email-hangl@codeaurora.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Chanwoo writes:
Update extcon next for v5.13
Detailed description for this pull request:
1. Update extcon provider driver
- Add the support of charging interrupt to detect charger connector
for extcon-max8997.c
- Detect OTG when USB_ID pin is connected to ground for extcon-sm5502.c
- Add the support for VBUS detection for extcon-qcom-spmi-misc.c
and replace qcom,pm8941-misc binding document with yaml style.
* tag 'extcon-next-for-5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/chanwoo/extcon:
extcon: qcom-spmi: Add support for VBUS detection
bindings: pm8941-misc: Add support for VBUS detection
bindings: pm8941-misc: Convert bindings to YAML
extcon: sm5502: Detect OTG when USB_ID is connected to ground
extcon: max8997: Add CHGINS and CHGRM interrupt handling
Moritz writes:
Second set of FPGA Manager changes for 5.13-rc1
FPGA Manager:
- Russ' first change improves port_enable reliability
- Russ' second change adds a new device ID for a DFL device
- Geert's change updates the examples in binding with dt overlay sugar
syntax
All patches have been reviewed on the mailing list, and have been in the
last linux-next releases (as part of my for-next branch) without issues.
Signed-off-by: Moritz Fischer <mdf@kernel.org>
* tag 'fpga-late-for-5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/mdf/linux-fpga:
fpga: dfl: pci: add DID for D5005 PAC cards
dt-bindings: fpga: fpga-region: Convert to sugar syntax
fpga: dfl: afu: harden port enable logic
fpga: Add support for Xilinx DFX AXI Shutdown manager
dt-bindings: fpga: Add compatible value for Xilinx DFX AXI shutdown manager
fpga: xilinx-pr-decoupler: Simplify code by using dev_err_probe()
fpga: fpga-mgr: xilinx-spi: fix error messages on -EPROBE_DEFER
In it's curent state this driver ignores OTG adapters with ID pin
connected to ground. This commit adds a check to set extcon into
host mode when such OTG adapter is connected.
Signed-off-by: Nikita Travkin <nikitos.tr@gmail.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
This allows the MAX8997 charger to set the current limit depending on
the detected extcon charger type.
Signed-off-by: Timon Baetz <timon.baetz@protonmail.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Vinod writes:
phy-for-5.13
- Updates:
- Yaml conversion for mvebu-utmi binding, bcm-ns-usb2 and
bcm-ns-usb3 bindings
- Mediatek dsi and hdmi phy updates
- TI j721e-wiz updates for AM64
- Cadence-torrent phy updates for SGMII/QSGMII
- New support:
- usb3-dp phy for Qualcomm SM8250
- UTMI phy for Armada CP110
- USB phy for Qualcomm SC7280
- Binding and driver for Sparx5 ethernet serdes
* tag 'phy-for-5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy: (75 commits)
phy: fix resource_size.cocci warnings
phy: Sparx5 Eth SerDes: Use direct register operations
phy: hisilicon: Use the correct HiSilicon copyright
phy: marvell: phy-mvebu-cp11i-utmi needs USB_COMMON
phy: qcom-qmp: add support for sm8250-usb3-dp phy
phy: qcom-qmp: rename common registers
phy: qcom-qmp: move DP functions to callbacks
dt-bindings: phy: qcom,qmp-usb3-dp: Add support for SM8250
dt-bindings: phy: qcom,qmp-usb3-dp-phy: move usb3 compatibles back to qcom,qmp-phy.yaml
phy: ti: j721e-wiz: Configure 'p_standard_mode' only for DP/QSGMII
dt-bindings: phy: fix dt_binding_check warning in mediatek, ufs-phy.yaml
phy: zynqmp: Handle the clock enable/disable properly
dt-bindings: phy: bcm-ns-usb3-phy: convert to yaml
dt-bindings: phy: bcm-ns-usb2-phy: convert to yaml
phy: microchip: PHY_SPARX5_SERDES should depend on ARCH_SPARX5
phy: cadence-torrent: Add delay for PIPE clock to be stable
phy: cadence-torrent: Explicitly request exclusive reset control
phy: cadence-torrent: Do not configure SERDES if it's already configured
phy: cadence-torrent: Group reset APIs and clock APIs
phy: ti: j721e-wiz: Do not configure wiz if its already configured
...
Vinod writes:
soundwire updates for 5.13-rc1
Updates for v5.13-rc1 are:
Core:
- Ability to add quirks for masters
- static checker cleanup for bus code
Drivers:
- DMI quirks for Intel controllers
- static checker cleanup for drivers
- add auto enumeration support qcom controller
* tag 'soundwire-5.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire: (45 commits)
soundwire: intel_init: test link->cdns
soundwire: qcom: handle return correctly in qcom_swrm_transport_params
soundwire: qcom: cleanup internal port config indexing
soundwire: qcom: wait for fifo space to be available before read/write
soundwire: qcom: add static port map support
soundwire: qcom: update port map allocation bit mask
soundwire: add static port mapping support
soundwire: stream: fix memory leak in stream config error path
soundwire: qcom: use signed variable for error return
soundwire: qcom: wait for enumeration to be complete in probe
soundwire: qcom: add auto enumeration support
soundwire: export sdw_compare_devid, sdw_extract_slave_id and sdw_slave_add
soundwire: qcom: add support to new interrupts
soundwire: qcom: update register read/write routine
soundwire: qcom: start the clock during initialization
soundwire: qcom: set continue execution flag for ignored commands
soundwire: qcom: add support to missing transport params
dt-bindings: soundwire: qcom: clarify data port bus parameters
soundwire: cadence: only prepare attached devices on clock stop
soundwire: generic_allocation: fix confusion between group and packing
...
Internally used portconfig array for storing port bandwidth
params starts from offset zero. However port zero is not really
used and we also copy the bus parameters to offset zero.
So basically we endup with a code which has to subtract 1 from port
number to get to port parameters.
This is bit confusing to the reader so, make this bit more obvious by only
copying the parameters to offset 1 instead of zero. This will avoid doing
-1 every time when we try to get port params.
Similar thing has been recently done with din/dout_port_mask.
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20210401092454.21299-1-srinivas.kandagatla@linaro.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Some of the SoundWire device ports are statically mapped to Controller
ports during design, however there is no way to expose this information
to the controller. Controllers like Qualcomm ones use this info to setup
static bandwidth parameters for those ports.
A generic port allocation is not possible in this cases!
So this patch adds a new member m_port_map to struct sdw_slave to expose
this static map.
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20210315165650.13392-2-srinivas.kandagatla@linaro.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
For each device, the nosy driver allocates a pcilynx structure.
A use-after-free might happen in the following scenario:
1. Open nosy device for the first time and call ioctl with command
NOSY_IOC_START, then a new client A will be malloced and added to
doubly linked list.
2. Open nosy device for the second time and call ioctl with command
NOSY_IOC_START, then a new client B will be malloced and added to
doubly linked list.
3. Call ioctl with command NOSY_IOC_START for client A, then client A
will be readded to the doubly linked list. Now the doubly linked
list is messed up.
4. Close the first nosy device and nosy_release will be called. In
nosy_release, client A will be unlinked and freed.
5. Close the second nosy device, and client A will be referenced,
resulting in UAF.
The root cause of this bug is that the element in the doubly linked list
is reentered into the list.
Fix this bug by adding a check before inserting a client. If a client
is already in the linked list, don't insert it.
The following KASAN report reveals it:
BUG: KASAN: use-after-free in nosy_release+0x1ea/0x210
Write of size 8 at addr ffff888102ad7360 by task poc
CPU: 3 PID: 337 Comm: poc Not tainted 5.12.0-rc5+ #6
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
Call Trace:
nosy_release+0x1ea/0x210
__fput+0x1e2/0x840
task_work_run+0xe8/0x180
exit_to_user_mode_prepare+0x114/0x120
syscall_exit_to_user_mode+0x1d/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xae
Allocated by task 337:
nosy_open+0x154/0x4d0
misc_open+0x2ec/0x410
chrdev_open+0x20d/0x5a0
do_dentry_open+0x40f/0xe80
path_openat+0x1cf9/0x37b0
do_filp_open+0x16d/0x390
do_sys_openat2+0x11d/0x360
__x64_sys_open+0xfd/0x1a0
do_syscall_64+0x33/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xae
Freed by task 337:
kfree+0x8f/0x210
nosy_release+0x158/0x210
__fput+0x1e2/0x840
task_work_run+0xe8/0x180
exit_to_user_mode_prepare+0x114/0x120
syscall_exit_to_user_mode+0x1d/0x40
entry_SYSCALL_64_after_hwframe+0x44/0xae
The buggy address belongs to the object at ffff888102ad7300 which belongs to the cache kmalloc-128 of size 128
The buggy address is located 96 bytes inside of 128-byte region [ffff888102ad7300, ffff888102ad7380)
[ Modified to use 'list_empty()' inside proper lock - Linus ]
Link: https://lore.kernel.org/lkml/1617433116-5930-1-git-send-email-zheyuma97@gmail.com/
Reported-and-tested-by: 马哲宇 (Zheyu Ma) <zheyuma97@gmail.com>
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Cc: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
POull io_uring fix from Jens Axboe:
"Just fixing a silly braino in a previous patch, where we'd end up
failing to compile if CONFIG_BLOCK isn't enabled.
Not that a lot of people do that, but kernel bot spotted it and it's
probably prudent to just flush this out now before -rc6.
Sorry about that, none of my test compile configs have !CONFIG_BLOCK"
* tag 'io_uring-5.12-2021-04-03' of git://git.kernel.dk/linux-block:
io_uring: fix !CONFIG_BLOCK compilation failure
Pull gfs2 fixes from Andreas Gruenbacher:
"Two more gfs2 fixes"
* tag 'gfs2-v5.12-rc2-fixes2' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2:
gfs2: report "already frozen/thawed" errors
gfs2: Flag a withdraw if init_threads() fails
Pull RISC-V fixes from Palmer Dabbelt:
"A handful of fixes for 5.12:
- fix a stack tracing regression related to "const register asm"
variables, which have unexpected behavior.
- ensure the value to be written by put_user() is evaluated before
enabling access to userspace memory..
- align the exception vector table correctly, so we don't rely on the
firmware's handling of unaligned accesses.
- build fix to make NUMA depend on MMU, which triggered on some
randconfigs"
* tag 'riscv-for-linus-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
riscv: Make NUMA depend on MMU
riscv: remove unneeded semicolon
riscv,entry: fix misaligned base for excp_vect_table
riscv: evaluate put_user() arg before enabling user access
riscv: Drop const annotation for sp
Pull powerpc fixes from Michael Ellerman:
"Fix a bug on pseries where spurious wakeups from H_PROD would prevent
partition migration from succeeding.
Fix oopses seen in pcpu_alloc(), caused by parallel faults of the
percpu mapping causing us to corrupt the protection key used for the
mapping, and cause a fatal key fault.
Thanks to Aneesh Kumar K.V, Murilo Opsfelder Araujo, and Nathan Lynch"
* tag 'powerpc-5.12-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/mm/book3s64: Use the correct storage key value when calling H_PROTECT
powerpc/pseries/mobility: handle premature return from H_JOIN
powerpc/pseries/mobility: use struct for shared state
Pull Hyper-V fixes from Wei Liu:
"One fix from Lu Yunlong for a double free in hvfb_probe"
* tag 'hyperv-fixes-signed-20210402' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux:
video: hyperv_fb: Fix a double free in hvfb_probe
Pull driver core fix from Greg KH:
"Here is a single driver core fix for a reported problem with differed
probing. It has been in linux-next for a while with no reported
problems"
* tag 'driver-core-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
driver core: clear deferred probe reason on probe retry
Pull char/misc driver fixes from Greg KH:
"Here are a few small driver char/misc changes for 5.12-rc6.
Nothing major here, a few fixes for reported issues:
- interconnect fixes for problems found
- fbcon syzbot-found fix
- extcon fixes
- firmware stratix10 bugfix
- MAINTAINERS file update.
All of these have been in linux-next for a while with no reported
issues"
* tag 'char-misc-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
drivers: video: fbcon: fix NULL dereference in fbcon_cursor()
mei: allow map and unmap of client dma buffer only for disconnected client
MAINTAINERS: Add linux-phy list and patchwork
interconnect: Fix kerneldoc warning
firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
extcon: Fix error handling in extcon_dev_register
extcon: Add stubs for extcon_register_notifier_all() functions
interconnect: core: fix error return code of icc_link_destroy()
interconnect: qcom: msm8939: remove rpm-ids from non-RPM nodes
Pull staging driver fixes from Greg KH:
"Here are two rtl8192e staging driver fixes for reported problems.
Both of these have been in linux-next for a while with no reported
issues"
* tag 'staging-5.12-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
staging: rtl8192e: Change state information from u16 to u8
staging: rtl8192e: Fix incorrect source in memcpy()
