Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v4.4.235 2020-07-22T07:10:07+00:00 2020-07-22T07:10:07+00:00 Esben Haabendal esben@geanix.com 2020-07-01T14:56:58+00:00 urn:sha1:89339d38cfa3df57a88f7a80d326c0d915bc192c commit bf12fdf0ab728ca8e5933aac46dd972c0dd0421e upstream. While e3a3c3a20555 ("UIO: fix uio_pdrv_genirq with device tree but no interrupt") added support for using uio_pdrv_genirq for devices without interrupt for device tree platforms, the removal of uio_pdrv in 26dac3c49d56 ("uio: Remove uio_pdrv and use uio_pdrv_genirq instead") broke the support for non device tree platforms. This change fixes this, so that uio_pdrv_genirq can be used without interrupt on all platforms. This still leaves the support that uio_pdrv had for custom interrupt handler lacking, as uio_pdrv_genirq does not handle it (yet). Fixes: 26dac3c49d56 ("uio: Remove uio_pdrv and use uio_pdrv_genirq instead") Signed-off-by: Esben Haabendal <esben@geanix.com> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200701145659.3978-3-esben@geanix.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2020-02-28T14:38:54+00:00 Jia-Ju Bai baijiaju1990@gmail.com 2019-12-18T09:44:05+00:00 urn:sha1:4a117a1c581623d04bf09aa7455d8e7b66e8bb85 [ Upstream commit b74351287d4bd90636c3f48bc188c2f53824c2d4 ] The driver may sleep while holding a spinlock. The function call path (from bottom to top) in Linux 4.19 is: kernel/irq/manage.c, 523: synchronize_irq in disable_irq drivers/uio/uio_dmem_genirq.c, 140: disable_irq in uio_dmem_genirq_irqcontrol drivers/uio/uio_dmem_genirq.c, 134: _raw_spin_lock_irqsave in uio_dmem_genirq_irqcontrol synchronize_irq() can sleep at runtime. To fix this bug, disable_irq() is called without holding the spinlock. This bug is found by a static analysis tool STCheck written by myself. Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> Link: https://lore.kernel.org/r/20191218094405.6009-1-baijiaju1990@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2018-11-27T15:08:02+00:00 Dan Carpenter dan.carpenter@oracle.com 2018-10-26T07:19:51+00:00 urn:sha1:1582f07e886d94a2d214b4978de740205f469cdd commit 432798195bbce1f8cd33d1c0284d0538835e25fb upstream. I was trying to solve a double free but I introduced a more serious NULL dereference bug. The problem is that if there is an IRQ which triggers immediately, then we need "info->uio_dev" but it's not set yet. This patch puts the original initialization back to how it was and just sets info->uio_dev to NULL on the error path so it should solve both the Oops and the double free. Fixes: f019f07ecf6a ("uio: potential double frees if __uio_register_device() fails") Reported-by: Mathias Thore <Mathias.Thore@infinera.com> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: stable <stable@vger.kernel.org> Tested-by: Mathias Thore <Mathias.Thore@infinera.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-11-21T08:27:33+00:00 Alexandre Belloni alexandre.belloni@bootlin.com 2018-08-16T07:39:41+00:00 urn:sha1:2d62826e4bd58417f1e1b6e64f2fcbc950a12b07 [ Upstream commit ae61cf5b9913027c6953a79ed3894da4f47061bd ] When both uio and the uio drivers are built in the kernel, it is possible for a driver to register devices before the uio class is registered. This may result in a NULL pointer dereference later on in get_device_parent() when accessing the class glue_dirs spinlock. The trace looks like that: Unable to handle kernel NULL pointer dereference at virtual address 00000140 [...] [<ffff0000089cc234>] _raw_spin_lock+0x14/0x48 [<ffff0000084f56bc>] device_add+0x154/0x6a0 [<ffff0000084f5e48>] device_create_groups_vargs+0x120/0x128 [<ffff0000084f5edc>] device_create+0x54/0x60 [<ffff0000086e72c0>] __uio_register_device+0x120/0x4a8 [<ffff000008528b7c>] jaguar2_pci_probe+0x2d4/0x558 [<ffff0000083fc18c>] local_pci_probe+0x3c/0xb8 [<ffff0000083fd81c>] pci_device_probe+0x11c/0x180 [<ffff0000084f88bc>] driver_probe_device+0x22c/0x2d8 [<ffff0000084f8a24>] __driver_attach+0xbc/0xc0 [<ffff0000084f69fc>] bus_for_each_dev+0x4c/0x98 [<ffff0000084f81b8>] driver_attach+0x20/0x28 [<ffff0000084f7d08>] bus_add_driver+0x1b8/0x228 [<ffff0000084f93c0>] driver_register+0x60/0xf8 [<ffff0000083fb918>] __pci_register_driver+0x40/0x48 Return EPROBE_DEFER in that case so the driver can register the device later. Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-09-19T20:48:57+00:00 Dan Carpenter dan.carpenter@oracle.com 2018-08-02T08:24:47+00:00 urn:sha1:57533bacbc5606d12322dbb738f5f335fc835c33 [ Upstream commit f019f07ecf6a6b8bd6d7853bce70925d90af02d1 ] The uio_unregister_device() function assumes that if "info->uio_dev" is non-NULL that means "info" is fully allocated. Setting info->uio_de has to be the last thing in the function. In the current code, if request_threaded_irq() fails then we return with info->uio_dev set to non-NULL but info is not fully allocated and it can lead to double frees. Fixes: beafc54c4e2f ("UIO: Add the User IO core code") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2016-10-31T10:13:59+00:00 Jan Viktorin viktorin@rehivetech.com 2016-05-17T09:22:17+00:00 urn:sha1:4d0842a484407d6d470e57dff30e414f365af1ad commit 4d31a2588ae37a5d0f61f4d956454e9504846aeb upstream. The variable i contains a total number of resources (including IORESOURCE_IRQ). However, we want the dmem_region_start to point after the last resource of type IORESOURCE_MEM. The original behaviour leads (very likely) to skipping several UIO mapping regions and makes them useless. Fix this by computing dmem_region_start from the uiomem which points to the last used UIO mapping. Fixes: 0a0c3b5a24bd ("Add new uio device for dynamic memory allocation") Signed-off-by: Jan Viktorin <viktorin@rehivetech.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2015-10-04T11:32:25+00:00 Michal Hocko mhocko@suse.com 2015-09-07T07:21:24+00:00 urn:sha1:edce5e6f33a365c879b453286191bf397cc5efb4 Andy has reported a __might_sleep warning [ 5174.883617] WARNING: CPU: 0 PID: 1532 at /home/agrover/git/kernel/kernel/sched/core.c:7389 __might_sleep+0x7d/0x90() [ 5174.884407] do not call blocking ops when !TASK_RUNNING; state=1 set at [<ffffffffa02a5821>] uio_read+0x91/0x170 [uio] [ 5174.885198] Modules linked in: tcm_loop target_core_user uio target_core_pscsi target_core_file target_core_iblock iscsi_target_mod target_core_mod uinput fuse nfsv3 nfs_acl nfs lockd grace fscache sunrpc microcode i2c_piix4 virtio_balloon i2c_core xfs libcrc32c crc32c_intel virtio_net virtio_blk [ 5174.887351] CPU: 0 PID: 1532 Comm: tcmu-runner Not tainted 4.2.0-rc7+ [ 5174.887853] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.1-20150318_183358- 04/01/2014 [ 5174.888633] ffffffff81a3b870 ffff880045393ca8 ffffffff817afaae 0000000000000000 [ 5174.889224] ffff880045393cf8 ffff880045393ce8 ffffffff8109a846 ffff880045393cd8 [ 5174.889793] ffffffffa02a7150 00000000000002dc 0000000000000000 ffff880045008000 [ 5174.890375] Call Trace: [ 5174.890562] [<ffffffff817afaae>] dump_stack+0x4c/0x65 [ 5174.890938] [<ffffffff8109a846>] warn_slowpath_common+0x86/0xc0 [ 5174.891388] [<ffffffff8109a8c6>] warn_slowpath_fmt+0x46/0x50 [ 5174.891808] [<ffffffffa02a5821>] ? uio_read+0x91/0x170 [uio] [ 5174.892237] [<ffffffffa02a5821>] ? uio_read+0x91/0x170 [uio] [ 5174.892653] [<ffffffff810c584d>] __might_sleep+0x7d/0x90 [ 5174.893055] [<ffffffff811ea023>] __might_fault+0x43/0xa0 [ 5174.893448] [<ffffffff817b31ce>] ? schedule+0x3e/0x90 [ 5174.893820] [<ffffffffa02a58c2>] uio_read+0x132/0x170 [uio] [ 5174.894240] [<ffffffff810cbb80>] ? wake_up_q+0x70/0x70 [ 5174.894620] [<ffffffff81236168>] __vfs_read+0x28/0xe0 [ 5174.894993] [<ffffffff81353233>] ? security_file_permission+0xa3/0xc0 [ 5174.895541] [<ffffffff8123678f>] ? rw_verify_area+0x4f/0xf0 [ 5174.896006] [<ffffffff812368ba>] vfs_read+0x8a/0x140 [ 5174.896391] [<ffffffff817b28f5>] ? __schedule+0x425/0xcc0 [ 5174.896788] [<ffffffff812375d9>] SyS_read+0x49/0xb0 The warning is a false positive because uio_read doesn't depent on TASK_INTERRUPTIBLE after copy_to_user so it is safe to silence the warning by an explicit setting the state to TASK_RUNNING in the path which might call into TASK_RUNNING. Reported-by: Andy Grover <agrover@redhat.com> Signed-off-by: Michal Hocko <mhocko@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2015-10-04T11:32:25+00:00 Luis de Bethencourt luis@debethencourt.com 2015-09-03T11:08:48+00:00 urn:sha1:0049ef9c8d44e46d042e463fb74e120efe7640f2 This platform driver has a OF device ID table but the OF module alias information is not created so module autoloading won't work. Signed-off-by: Luis de Bethencourt <luis@debethencourt.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2015-08-05T20:25:59+00:00 Geert Uytterhoeven geert@linux-m68k.org 2015-06-29T07:12:38+00:00 urn:sha1:686079c9b71a4673d0068ea4538f22359070ee33 If NO_DMA=y: ERROR: "dma_alloc_coherent" [drivers/uio/uio_pruss.ko] undefined! ERROR: "dma_free_coherent" [drivers/uio/uio_pruss.ko] undefined! Add a dependency on HAS_DMA to fix this. Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2015-08-05T20:25:59+00:00 Vaishali Thakkar vthakkar1994@gmail.com 2015-07-08T04:54:27+00:00 urn:sha1:d12f569c9b57ecdb18631d0b54c5224da5a1c233 Use module_platform_driver for drivers whose init and exit functions only register and unregister, respectively. A simplified version of the Coccinelle semantic patch that performs this transformation is as follows: @a@ identifier f, x; @@ -static f(...) { return platform_driver_register(&x); } @b depends on a@ identifier e, a.x; @@ -static e(...) { platform_driver_unregister(&x); } @c depends on a && b@ identifier a.f; declarer name module_init; @@ -module_init(f); @d depends on a && b && c@ identifier b.e, a.x; declarer name module_exit; declarer name module_platform_driver; @@ -module_exit(e); +module_platform_driver(x); Signed-off-by: Vaishali Thakkar <vthakkar1994@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>