Fix section 3.8 number #76

Open
wants to merge 1 commit into
from

Projects

None yet

3 participants

@ruckuus
ruckuus commented Mar 5, 2014

No description provided.

@antonblanchard antonblanchard pushed a commit to antonblanchard/linux that referenced this pull request Mar 7, 2014
@bjorn-helgaas Rafael J. Wysocki + bjorn-helgaas PCI: Move device_del() from pci_stop_dev() to pci_destroy_dev()
After commit bcdde7e (sysfs: make __sysfs_remove_dir() recursive)
I'm seeing traces analogous to the one below in Thunderbolt testing:

WARNING: CPU: 3 PID: 76 at /scratch/rafael/work/linux-pm/fs/sysfs/group.c:214 sysfs_remove_group+0x59/0xe0()
 sysfs group ffffffff81c6c500 not found for kobject '0000:08'
 Modules linked in: ...
 CPU: 3 PID: 76 Comm: kworker/u16:7 Not tainted 3.13.0-rc1+ #76
 Hardware name: Acer Aspire S5-391/Venus    , BIOS V1.02 05/29/2012
 Workqueue: kacpi_hotplug acpi_hotplug_work_fn
  0000000000000009 ffff8801644b9ac8 ffffffff816b23bf 0000000000000007
  ffff8801644b9b18 ffff8801644b9b08 ffffffff81046607 ffff88016925b800
  0000000000000000 ffffffff81c6c500 ffff88016924f928 ffff88016924f800
 Call Trace:
  [<ffffffff816b23bf>] dump_stack+0x4e/0x71
  [<ffffffff81046607>] warn_slowpath_common+0x87/0xb0
  [<ffffffff810466d1>] warn_slowpath_fmt+0x41/0x50
  [<ffffffff811e42ef>] ? sysfs_get_dirent_ns+0x6f/0x80
  [<ffffffff811e5389>] sysfs_remove_group+0x59/0xe0
  [<ffffffff8149f00b>] dpm_sysfs_remove+0x3b/0x50
  [<ffffffff81495818>] device_del+0x58/0x1c0
  [<ffffffff814959c8>] device_unregister+0x48/0x60
  [<ffffffff813254fe>] pci_remove_bus+0x6e/0x80
  [<ffffffff81325548>] pci_remove_bus_device+0x38/0x110
  [<ffffffff8132555d>] pci_remove_bus_device+0x4d/0x110
  [<ffffffff81325639>] pci_stop_and_remove_bus_device+0x19/0x20
  [<ffffffff813418d0>] disable_slot+0x20/0xe0
  [<ffffffff81341a38>] acpiphp_check_bridge+0xa8/0xd0
  [<ffffffff813427ad>] hotplug_event+0x17d/0x220
  [<ffffffff81342880>] hotplug_event_work+0x30/0x70
  [<ffffffff8136d665>] acpi_hotplug_work_fn+0x18/0x24
  [<ffffffff81061331>] process_one_work+0x261/0x450
  [<ffffffff81061a7e>] worker_thread+0x21e/0x370
  [<ffffffff81061860>] ? rescuer_thread+0x300/0x300
  [<ffffffff81068342>] kthread+0xd2/0xe0
  [<ffffffff81068270>] ? flush_kthread_worker+0x70/0x70
  [<ffffffff816c19bc>] ret_from_fork+0x7c/0xb0
  [<ffffffff81068270>] ? flush_kthread_worker+0x70/0x70

(Mika Westerberg sees them too in his tests).

Some investigation documented in kernel bug #65281 led me to the
conclusion that the source of the problem is the device_del() in
pci_stop_dev() as it now causes the sysfs directory of the device to be
removed recursively along with all of its subdirectories.  That includes
the sysfs directory of the device's subordinate bus (dev->subordinate) and
its "power" group.

Consequently, when pci_remove_bus() is called for dev->subordinate in
pci_remove_bus_device(), it calls device_unregister(&bus->dev), but at this
point the sysfs directory of bus->dev doesn't exist any more and its
"power" group doesn't exist either.  Thus, when dpm_sysfs_remove() called
from device_del() tries to remove that group, it triggers the above
warning.

That indicates a logical mistake in the design of
pci_stop_and_remove_bus_device(), which causes bus device objects to be
left behind their parents (bridge device objects) and can be fixed by
moving the device_del() from pci_stop_dev() into pci_destroy_dev(), so
pci_remove_bus() can be called for the device's subordinate bus before the
device itself is unregistered from the hierarchy.  Still, the driver, if
any, should be detached from the device in pci_stop_dev(), so use
device_release_driver() directly from there.

References: https://bugzilla.kernel.org/show_bug.cgi?id=65281#c6
Reported-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
c4a0a5d
@ndyer ndyer pushed a commit to ndyer/linux that referenced this pull request Mar 10, 2014
Borislav Petkov + Ingo Molnar x86/boot: Further compress CPUs bootup message
Turn it into (for example):

[    0.073380] x86: Booting SMP configuration:
[    0.074005] .... node   #0, CPUs:          #1   #2   #3   #4   #5   #6   #7
[    0.603005] .... node   #1, CPUs:     #8   #9  #10  #11  #12  #13  #14  #15
[    1.200005] .... node   #2, CPUs:    #16  #17  #18  #19  #20  #21  #22  #23
[    1.796005] .... node   #3, CPUs:    #24  #25  #26  #27  #28  #29  #30  #31
[    2.393005] .... node   #4, CPUs:    #32  #33  #34  #35  #36  #37  #38  #39
[    2.996005] .... node   #5, CPUs:    #40  #41  #42  #43  #44  #45  #46  #47
[    3.600005] .... node   #6, CPUs:    #48  #49  #50  #51  #52  #53  #54  #55
[    4.202005] .... node   #7, CPUs:    #56  #57  #58  #59  #60  #61  #62  #63
[    4.811005] .... node   #8, CPUs:    #64  #65  #66  #67  #68  #69  #70  #71
[    5.421006] .... node   #9, CPUs:    #72  #73  #74  #75  #76  #77  #78  #79
[    6.032005] .... node  #10, CPUs:    #80  #81  #82  #83  #84  #85  #86  #87
[    6.648006] .... node  #11, CPUs:    #88  #89  #90  #91  #92  #93  #94  #95
[    7.262005] .... node  #12, CPUs:    #96  #97  #98  #99 #100 #101 #102 #103
[    7.865005] .... node  #13, CPUs:   #104 #105 #106 #107 #108 #109 #110 #111
[    8.466005] .... node  #14, CPUs:   #112 #113 #114 #115 #116 #117 #118 #119
[    9.073006] .... node  #15, CPUs:   #120 #121 #122 #123 #124 #125 #126 #127
[    9.679901] x86: Booted up 16 nodes, 128 CPUs

and drop useless elements.

Change num_digits() to hpa's division-avoiding, cell-phone-typed
version which he went at great lengths and pains to submit on a
Saturday evening.

Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: huawei.libin@huawei.com
Cc: wangyijing@huawei.com
Cc: fenghua.yu@intel.com
Cc: guohanjun@huawei.com
Cc: paul.gortmaker@windriver.com
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/20130930095624.GB16383@pd.tnic
Signed-off-by: Ingo Molnar <mingo@kernel.org>
a17bce4
@ndyer ndyer pushed a commit to ndyer/linux that referenced this pull request Mar 10, 2014
@bjorn-helgaas Rafael J. Wysocki + bjorn-helgaas PCI: Move device_del() from pci_stop_dev() to pci_destroy_dev()
After commit bcdde7e (sysfs: make __sysfs_remove_dir() recursive)
I'm seeing traces analogous to the one below in Thunderbolt testing:

WARNING: CPU: 3 PID: 76 at /scratch/rafael/work/linux-pm/fs/sysfs/group.c:214 sysfs_remove_group+0x59/0xe0()
 sysfs group ffffffff81c6c500 not found for kobject '0000:08'
 Modules linked in: ...
 CPU: 3 PID: 76 Comm: kworker/u16:7 Not tainted 3.13.0-rc1+ #76
 Hardware name: Acer Aspire S5-391/Venus    , BIOS V1.02 05/29/2012
 Workqueue: kacpi_hotplug acpi_hotplug_work_fn
  0000000000000009 ffff8801644b9ac8 ffffffff816b23bf 0000000000000007
  ffff8801644b9b18 ffff8801644b9b08 ffffffff81046607 ffff88016925b800
  0000000000000000 ffffffff81c6c500 ffff88016924f928 ffff88016924f800
 Call Trace:
  [<ffffffff816b23bf>] dump_stack+0x4e/0x71
  [<ffffffff81046607>] warn_slowpath_common+0x87/0xb0
  [<ffffffff810466d1>] warn_slowpath_fmt+0x41/0x50
  [<ffffffff811e42ef>] ? sysfs_get_dirent_ns+0x6f/0x80
  [<ffffffff811e5389>] sysfs_remove_group+0x59/0xe0
  [<ffffffff8149f00b>] dpm_sysfs_remove+0x3b/0x50
  [<ffffffff81495818>] device_del+0x58/0x1c0
  [<ffffffff814959c8>] device_unregister+0x48/0x60
  [<ffffffff813254fe>] pci_remove_bus+0x6e/0x80
  [<ffffffff81325548>] pci_remove_bus_device+0x38/0x110
  [<ffffffff8132555d>] pci_remove_bus_device+0x4d/0x110
  [<ffffffff81325639>] pci_stop_and_remove_bus_device+0x19/0x20
  [<ffffffff813418d0>] disable_slot+0x20/0xe0
  [<ffffffff81341a38>] acpiphp_check_bridge+0xa8/0xd0
  [<ffffffff813427ad>] hotplug_event+0x17d/0x220
  [<ffffffff81342880>] hotplug_event_work+0x30/0x70
  [<ffffffff8136d665>] acpi_hotplug_work_fn+0x18/0x24
  [<ffffffff81061331>] process_one_work+0x261/0x450
  [<ffffffff81061a7e>] worker_thread+0x21e/0x370
  [<ffffffff81061860>] ? rescuer_thread+0x300/0x300
  [<ffffffff81068342>] kthread+0xd2/0xe0
  [<ffffffff81068270>] ? flush_kthread_worker+0x70/0x70
  [<ffffffff816c19bc>] ret_from_fork+0x7c/0xb0
  [<ffffffff81068270>] ? flush_kthread_worker+0x70/0x70

(Mika Westerberg sees them too in his tests).

Some investigation documented in kernel bug #65281 led me to the
conclusion that the source of the problem is the device_del() in
pci_stop_dev() as it now causes the sysfs directory of the device to be
removed recursively along with all of its subdirectories.  That includes
the sysfs directory of the device's subordinate bus (dev->subordinate) and
its "power" group.

Consequently, when pci_remove_bus() is called for dev->subordinate in
pci_remove_bus_device(), it calls device_unregister(&bus->dev), but at this
point the sysfs directory of bus->dev doesn't exist any more and its
"power" group doesn't exist either.  Thus, when dpm_sysfs_remove() called
from device_del() tries to remove that group, it triggers the above
warning.

That indicates a logical mistake in the design of
pci_stop_and_remove_bus_device(), which causes bus device objects to be
left behind their parents (bridge device objects) and can be fixed by
moving the device_del() from pci_stop_dev() into pci_destroy_dev(), so
pci_remove_bus() can be called for the device's subordinate bus before the
device itself is unregistered from the hierarchy.  Still, the driver, if
any, should be detached from the device in pci_stop_dev(), so use
device_release_driver() directly from there.

References: https://bugzilla.kernel.org/show_bug.cgi?id=65281#c6
Reported-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
4bff674
@swarren swarren pushed a commit to swarren/linux-tegra that referenced this pull request Jun 23, 2014
Andrew Morton + Stephen Rothwell initramfs-support-initramfs-that-is-more-than-2g-checkpatch-fixes
WARNING: quoted string split across lines
#60: FILE: fs/isofs/compress.c:163:
 					       " page idx = %d, bh idx = %d,"
+					       " avail_in = %ld,"

WARNING: quoted string split across lines
#61: FILE: fs/isofs/compress.c:164:
+					       " avail_in = %ld,"
+					       " avail_out = %ld\n",

WARNING: missing space after return type
#76: FILE: include/linux/decompress/bunzip2.h:5:
+	    long(*fill)(void*, unsigned long),

WARNING: missing space after return type
#77: FILE: include/linux/decompress/bunzip2.h:6:
+	    long(*flush)(void*, unsigned long),

WARNING: missing space after return type
#94: FILE: include/linux/decompress/generic.h:5:
+			      long(*fill)(void*, unsigned long),

WARNING: missing space after return type
#95: FILE: include/linux/decompress/generic.h:6:
+			      long(*flush)(void*, unsigned long),

WARNING: missing space after return type
#122: FILE: include/linux/decompress/inflate.h:5:
+	   long(*fill)(void*, unsigned long),

WARNING: missing space after return type
#123: FILE: include/linux/decompress/inflate.h:6:
+	   long(*flush)(void*, unsigned long),

WARNING: missing space after return type
#140: FILE: include/linux/decompress/unlz4.h:5:
+	long(*fill)(void*, unsigned long),

WARNING: missing space after return type
#141: FILE: include/linux/decompress/unlz4.h:6:
+	long(*flush)(void*, unsigned long),

WARNING: missing space after return type
#158: FILE: include/linux/decompress/unlzma.h:5:
+	   long(*fill)(void*, unsigned long),

WARNING: missing space after return type
#159: FILE: include/linux/decompress/unlzma.h:6:
+	   long(*flush)(void*, unsigned long),

WARNING: missing space after return type
#177: FILE: include/linux/decompress/unlzo.h:5:
+	long(*fill)(void*, unsigned long),

WARNING: missing space after return type
#178: FILE: include/linux/decompress/unlzo.h:6:
+	long(*flush)(void*, unsigned long),

WARNING: please, no spaces at the start of a line
#210: FILE: include/linux/zlib.h:86:
+    uLong     avail_in;  /* number of bytes available at next_in */$

WARNING: please, no spaces at the start of a line
#215: FILE: include/linux/zlib.h:90:
+    uLong     avail_out; /* remaining free space at next_out */$

WARNING: __initdata should be placed after count
#259: FILE: init/initramfs.c:177:
+static __initdata unsigned long count;

WARNING: __initdata should be placed after remains
#268: FILE: init/initramfs.c:189:
+static __initdata long remains;

WARNING: missing space after return type
#385: FILE: lib/decompress_bunzip2.c:679:
+			long(*fill)(void*, unsigned long),

WARNING: missing space after return type
#386: FILE: lib/decompress_bunzip2.c:680:
+			long(*flush)(void*, unsigned long),

WARNING: missing space after return type
#401: FILE: lib/decompress_bunzip2.c:747:
+			long(*fill)(void*, unsigned long),

WARNING: missing space after return type
#402: FILE: lib/decompress_bunzip2.c:748:
+			long(*flush)(void*, unsigned long),

WARNING: missing space after return type
#427: FILE: lib/decompress_inflate.c:37:
+		       long(*fill)(void*, unsigned long),

WARNING: missing space after return type
#428: FILE: lib/decompress_inflate.c:38:
+		       long(*flush)(void*, unsigned long),

WARNING: Unnecessary space before function pointer arguments
#456: FILE: lib/decompress_unlz4.c:35:
+				long (*fill) (void *, unsigned long),

WARNING: Unnecessary space before function pointer arguments
#457: FILE: lib/decompress_unlz4.c:36:
+				long (*flush) (void *, unsigned long),

WARNING: missing space after return type
#479: FILE: lib/decompress_unlz4.c:179:
+			      long(*fill)(void*, unsigned long),

WARNING: missing space after return type
#480: FILE: lib/decompress_unlz4.c:180:
+			      long(*flush)(void*, unsigned long),

WARNING: missing space after return type
#529: FILE: lib/decompress_unlzma.c:283:
+	long(*flush)(void*, unsigned long);

WARNING: missing space after return type
#541: FILE: lib/decompress_unlzma.c:538:
+			      long(*fill)(void*, unsigned long),

WARNING: missing space after return type
#542: FILE: lib/decompress_unlzma.c:539:
+			      long(*flush)(void*, unsigned long),

WARNING: missing space after return type
#557: FILE: lib/decompress_unlzma.c:671:
+			      long(*fill)(void*, unsigned long),

WARNING: missing space after return type
#558: FILE: lib/decompress_unlzma.c:672:
+			      long(*flush)(void*, unsigned long),

WARNING: Unnecessary space before function pointer arguments
#586: FILE: lib/decompress_unlzo.c:112:
+				long (*fill) (void *, unsigned long),

WARNING: Unnecessary space before function pointer arguments
#587: FILE: lib/decompress_unlzo.c:113:
+				long (*flush) (void *, unsigned long),

total: 0 errors, 35 warnings, 479 lines checked

./patches/initramfs-support-initramfs-that-is-more-than-2g.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Yinghai Lu <yinghai@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
c923ec1
@Gnurou Gnurou pushed a commit to Gnurou/linux that referenced this pull request Jun 27, 2014
Andrew Morton + Stephen Rothwell mm-zpool-prevent-zbud-zsmalloc-from-unloading-when-used-checkpatch-fixes
WARNING: Missing a blank line after declarations
#76: FILE: mm/zpool.c:79:
+			bool got = try_module_get(driver->owner);
+			spin_unlock(&drivers_lock);

total: 0 errors, 1 warnings, 94 lines checked

./patches/mm-zpool-prevent-zbud-zsmalloc-from-unloading-when-used.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
f5652b5
@JoonsooKim JoonsooKim pushed a commit to JoonsooKim/linux that referenced this pull request Jul 4, 2014
Andrew Morton + Stephen Rothwell mm-zpool-prevent-zbud-zsmalloc-from-unloading-when-used-checkpatch-fixes
WARNING: Missing a blank line after declarations
#76: FILE: mm/zpool.c:79:
+			bool got = try_module_get(driver->owner);
+			spin_unlock(&drivers_lock);

total: 0 errors, 1 warnings, 94 lines checked

./patches/mm-zpool-prevent-zbud-zsmalloc-from-unloading-when-used.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
60ebde4
@krieger-od krieger-od pushed a commit to krieger-od/linux that referenced this pull request Jul 10, 2014
Andrew Morton + Stephen Rothwell mm-zpool-prevent-zbud-zsmalloc-from-unloading-when-used-checkpatch-fixes
WARNING: Missing a blank line after declarations
#76: FILE: mm/zpool.c:79:
+			bool got = try_module_get(driver->owner);
+			spin_unlock(&drivers_lock);

total: 0 errors, 1 warnings, 94 lines checked

./patches/mm-zpool-prevent-zbud-zsmalloc-from-unloading-when-used.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
098d5df
@Elizafox
Elizafox commented Jan 8, 2015

Useless. And Linus doesn't accept PR's, to add insult to injury.

@swarren
Contributor
swarren commented Jan 9, 2015

Eliza, I would not say that fixing documentation is useless. That's a little demeaning.

FWIW, this bug is fixed upstream already by 49d063c "proc: show mnt_id in /proc/pid/fdinfo".

@Reichl Reichl pushed a commit to Reichl/linux-odroid that referenced this pull request Mar 5, 2015
Andrew Morton + Stephen Rothwell mm-cma-release-trigger-checkpatch-fixes
ERROR: code indent should use tabs where possible
#76: FILE: mm/cma_debug.c:88:
+        int pages = val;$

WARNING: please, no spaces at the start of a line
#76: FILE: mm/cma_debug.c:88:
+        int pages = val;$

ERROR: code indent should use tabs where possible
#79: FILE: mm/cma_debug.c:91:
+        return cma_free_mem(cma, pages);$

WARNING: please, no spaces at the start of a line
#79: FILE: mm/cma_debug.c:91:
+        return cma_free_mem(cma, pages);$

total: 2 errors, 2 warnings, 69 lines checked

NOTE: whitespace errors detected, you may wish to use scripts/cleanpatch or
      scripts/cleanfile

./patches/mm-cma-release-trigger.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
92b5a3e
@jmickeyd jmickeyd pushed a commit to jmickeyd/linux that referenced this pull request Apr 15, 2015
@pundiramit pundiramit + Ruchi Kandoi usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
2f56ebc
@jmickeyd jmickeyd pushed a commit to jmickeyd/linux that referenced this pull request Apr 15, 2015
@pundiramit pundiramit + Badhri Jagan Sridharan usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
(cherry picked from commit 32a71bc)
41ba062
@krzk krzk pushed a commit to krzk/linux that referenced this pull request May 2, 2015
Andrew Morton + Stephen Rothwell mm-cma-release-trigger-checkpatch-fixes
ERROR: code indent should use tabs where possible
#76: FILE: mm/cma_debug.c:88:
+        int pages = val;$

WARNING: please, no spaces at the start of a line
#76: FILE: mm/cma_debug.c:88:
+        int pages = val;$

ERROR: code indent should use tabs where possible
#79: FILE: mm/cma_debug.c:91:
+        return cma_free_mem(cma, pages);$

WARNING: please, no spaces at the start of a line
#79: FILE: mm/cma_debug.c:91:
+        return cma_free_mem(cma, pages);$

total: 2 errors, 2 warnings, 69 lines checked

NOTE: whitespace errors detected, you may wish to use scripts/cleanpatch or
      scripts/cleanfile

./patches/mm-cma-release-trigger.patch has style problems, please review.

If any of these errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.

Please run checkpatch prior to sending patches

Cc: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
b37ec2e
@johnstultz-work johnstultz-work added a commit to johnstultz-work/hikey-kernel that referenced this pull request Nov 19, 2015
@pundiramit @johnstultz-work pundiramit + johnstultz-work usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
459abb1
@johnstultz-work johnstultz-work pushed a commit to johnstultz-work/hikey-kernel that referenced this pull request Nov 19, 2015
@pundiramit pundiramit + Dmitry Shmidt usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
342694a
@0day-ci 0day-ci pushed a commit to 0day-ci/linux that referenced this pull request Dec 20, 2015
@vegard @fengguang vegard + fengguang dccp: fix use-after-free after cloning struct dccp_sock
I've observed various spew (KASAN, warnings, oopses, etc.) that seem to
stem from incorrect cloning of dccp_sock in dccp_create_openreq_child().

The problem is that struct dccp_sock's
  ->dccps_hc_rx_ackvec,
  ->dccps_hc_rx_ccid, and
  ->dccps_hc_tx_ccid
members are pointers to memory which is not reference counted and not
protected by any locks, so sharing them between original sock and the
clone seems like a bad idea.

The usual symptom would be a use-after-free which happens when an
operation on the original sock causes any of these pointers to be freed
followed by an operation on the cloned sock:

==================================================================
BUG: KASAN: use-after-free in dccp_sync_mss+0x45/0x160 at addr ffff880012c65780
Read of size 8 by task a.out/987
=============================================================================
BUG ccid2_hc_tx_sock (Tainted: G        W      ): kasan: bad access detected
-----------------------------------------------------------------------------

Disabling lock debugging due to kernel taint
INFO: Allocated in ccid_new+0x1b4/0x270 age=64589 cpu=0 pid=986
        ___slab_alloc+0x724/0x810
        __slab_alloc.isra.49+0x86/0xc0
        kmem_cache_alloc+0x25a/0x2d0
        ccid_new+0x1b4/0x270
        dccp_hdlr_ccid+0x26/0xe0
        __dccp_feat_activate+0xc3/0x180
        dccp_feat_activate_values+0x2fa/0x4c0
        dccp_rcv_state_process+0x814/0xa80
        dccp_v4_do_rcv+0x6a/0x100
        release_sock+0x168/0x330
        inet_stream_connect+0x6d/0x90
        SYSC_connect+0x1d0/0x200
        SyS_connect+0x11/0x20
        entry_SYSCALL_64_fastpath+0x12/0x71
INFO: Freed in ccid_hc_tx_delete+0x7d/0x90 age=11330 cpu=1 pid=989
        __slab_free+0x1f0/0x360
        kmem_cache_free+0x2b6/0x300
        ccid_hc_tx_delete+0x7d/0x90
        dccp_hdlr_ccid+0x65/0xe0
        __dccp_feat_activate+0xc3/0x180
        dccp_feat_activate_values+0x2fa/0x4c0
        dccp_create_openreq_child+0x1fc/0x290
        dccp_v4_request_recv_sock+0x67/0x430
        dccp_check_req+0x248/0x330
        dccp_v4_rcv+0x2a8/0xd50
        ip_local_deliver_finish+0x160/0x4c0
        ip_local_deliver+0x175/0x230
        ip_rcv_finish+0x119/0x750
        ip_rcv+0x678/0x960
        __netif_receive_skb_core+0xe64/0x1810
        __netif_receive_skb+0x41/0xf0
INFO: Slab 0xffffea00004b1800 objects=20 used=9 fp=0xffff880012c644c0 flags=0x100000000004080
INFO: Object 0xffff880012c65780 @offset=22400 fp=0xffff880012c60c80
[...]
CPU: 0 PID: 987 Comm: a.out Tainted: G    B   W       4.4.0-rc5+ #76
 ffffea00004b1800 ffff88001304fa40 ffffffff8169ed5b ffff88001422e800
 ffff88001304fa70 ffffffff812e36ec ffff88001422e800 ffffea00004b1800
 ffff880012c65780 000000000000ffff ffff88001304fa98 ffffffff812e946f
Call Trace:
 [<ffffffff8169ed5b>] dump_stack+0x8d/0xe2
 [<ffffffff812e36ec>] print_trailer+0x13c/0x1b0
 [<ffffffff812e946f>] object_err+0x3f/0x50
 [<ffffffff812f02c3>] kasan_report_error+0x2e3/0x6e0
 [<ffffffff8108d321>] ? kvm_clock_get_cycles+0x11/0x20
 [<ffffffff81e8fb33>] ? secure_dccp_sequence_number+0x133/0x1d0
 [<ffffffff812f0704>] kasan_report+0x44/0x50
 [<ffffffff82207155>] ? dccp_sync_mss+0x45/0x160
 [<ffffffff812ef403>] __asan_load8+0x93/0xe0
 [<ffffffff82207155>] dccp_sync_mss+0x45/0x160
 [<ffffffff822080df>] dccp_connect+0x7f/0x2a0
 [<ffffffff82217632>] dccp_v4_connect+0x612/0x960
 [<ffffffff81ff20a7>] __inet_stream_connect+0x1d7/0x6a0
 [<ffffffff8110438b>] ? preempt_count_sub+0x1b/0x170
 [<ffffffff824cd007>] ? _raw_spin_unlock_irqrestore+0x47/0x90
 [<ffffffff81ff1ed0>] ? inet_sendpage+0x200/0x200
 [<ffffffff811302c1>] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20
 [<ffffffff8110438b>] ? preempt_count_sub+0x1b/0x170
 [<ffffffff810baa41>] ? __local_bh_enable_ip+0x61/0x110
 [<ffffffff81ff25c1>] inet_stream_connect+0x51/0x90
 [<ffffffff81e671a0>] SYSC_connect+0x1d0/0x200
 [<ffffffff81ff2570>] ? __inet_stream_connect+0x6a0/0x6a0
 [<ffffffff81e66fd0>] ? ___sys_recvmsg+0x3d0/0x3d0
 [<ffffffff81384490>] ? SyS_epoll_create+0x1a0/0x1a0
 [<ffffffff813372e5>] ? __fget+0x115/0x180
 [<ffffffff8133739d>] ? __fget_light+0x4d/0xf0
 [<ffffffff813822e0>] ? ep_poll_wakeup_proc+0x30/0x30
 [<ffffffff81e69e71>] SyS_connect+0x11/0x20
 [<ffffffff824cdd6e>] entry_SYSCALL_64_fastpath+0x12/0x71

I'm not really sure if setting them to NULL is really the correct
solution -- maybe we should try to duplicate the pointed-to memory
instead?

Anyway, this is a tentative patch that explains the issue and fixes
this particular problem -- dccp fuzzing now runs for minutes rather
than seconds before encountering a crash. I haven't tested any
real world workloads on this patch.

Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
0484b21
@xin3liang xin3liang pushed a commit to xin3liang/linux that referenced this pull request Jan 13, 2016
@pundiramit pundiramit usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
35e217b
@xin3liang xin3liang added a commit to xin3liang/linux that referenced this pull request Feb 6, 2016
@pundiramit @xin3liang pundiramit + xin3liang usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
a3caa95
@xin3liang xin3liang added a commit to xin3liang/linux that referenced this pull request Mar 18, 2016
@pundiramit @xin3liang pundiramit + xin3liang usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
ef4c12c
@0day-ci 0day-ci pushed a commit to 0day-ci/linux that referenced this pull request May 11, 2016
@petegriffin @fengguang petegriffin + fengguang ARM: STi: Update machine _namestr to be more generic.
This string is used by dump_stack and as we now support
more SoC's than just STiH415/6 it is misleading to have
the current string in the stack trace.

This patch updates it to be more generic for the STi
family of SoCs.

So instead of looking like this

[  271.672555] Hardware name: STiH415/416 SoC with Flattened Device Tree
[  271.678998] [<c0310490>] (unwind_backtrace) from [<c030bb54>] (show_stack+0x10/0x14)
[  271.686746] [<c030bb54>] (show_stack) from [<c058bc4c>] (dump_stack+0x98/0xac)
[snip]

it now looks like this:

[    2.669879] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.6.0-rc3-00026-g38a1ce6-dirty #76
[    2.677973] Hardware name: STi SoC with Flattened Device Tree
[    2.683723] [<c0310490>] (unwind_backtrace) from [<c030bb54>] (show_stack+0x10/0x14)
[    2.691472] [<c030bb54>] (show_stack) from [<c058bc0c>] (dump_stack+0x98/0xac)
[snip]

Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
f0d44dc
@showliu showliu pushed a commit to showliu/linux that referenced this pull request Jun 16, 2016
@pundiramit @johnstultz-work pundiramit + johnstultz-work usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
e087ef4
@0day-ci 0day-ci pushed a commit to 0day-ci/linux that referenced this pull request Jul 17, 2016
@petegriffin @pchotard petegriffin + pchotard ARM: STi: Update machine _namestr to be more generic.
This string is used by dump_stack and as we now support
more SoC's than just STiH415/6 it is misleading to have
the current string in the stack trace.

This patch updates it to be more generic for the STi
family of SoCs.

So instead of looking like this

[  271.672555] Hardware name: STiH415/416 SoC with Flattened Device Tree
[  271.678998] [<c0310490>] (unwind_backtrace) from [<c030bb54>] (show_stack+0x10/0x14)
[  271.686746] [<c030bb54>] (show_stack) from [<c058bc4c>] (dump_stack+0x98/0xac)
[snip]

it now looks like this:

[    2.669879] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.6.0-rc3-00026-g38a1ce6-dirty #76
[    2.677973] Hardware name: STi SoC with Flattened Device Tree
[    2.683723] [<c0310490>] (unwind_backtrace) from [<c030bb54>] (show_stack+0x10/0x14)
[    2.691472] [<c030bb54>] (show_stack) from [<c058bc0c>] (dump_stack+0x98/0xac)
[snip]

Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
Acked-by: Patrice Chotard <patrice.chotard@st.com>
50fdda7
@fengguang fengguang added a commit to 0day-ci/linux that referenced this pull request Oct 6, 2016
@ldu4 @fengguang ldu4 + fengguang powerpc/pseries: Fix stack corruption in htpe code
This commit fixes a stack corruption in the pseries specific code dealing
with the huge pages.

In __pSeries_lpar_hugepage_invalidate() the buffer used to pass arguments
to the hypervisor is not large enough. This leads to a stack corruption
where a previously saved register could be corrupted leading to unexpected
result in the caller, like the following panic:

Oops: Kernel access of bad area, sig: 11 [#1]
SMP NR_CPUS=2048 NUMA pSeries
Modules linked in: virtio_balloon ip_tables x_tables autofs4
virtio_blk 8139too virtio_pci virtio_ring 8139cp virtio
CPU: 11 PID: 1916 Comm: mmstress Not tainted 4.8.0 #76
task: c000000005394880 task.stack: c000000005570000
NIP: c00000000027bf6c LR: c00000000027bf64 CTR: 0000000000000000
REGS: c000000005573820 TRAP: 0300   Not tainted  (4.8.0)
MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 84822884  XER:
20000000
CFAR: c00000000010a924 DAR: 420000000014e5e0 DSISR: 40000000 SOFTE: 1
GPR00: c00000000027bf64 c000000005573aa0 c000000000e02800 c000000004447964
GPR04: c00000000404de18 c000000004d38810 00000000042100f5 00000000f5002104
GPR08: e0000000f5002104 0000000000000001 042100f5000000e0 00000000042100f5
GPR12: 0000000000002200 c00000000fe02c00 c00000000404de18 0000000000000000
GPR16: c1ffffffffffe7ff 00003fff62000000 420000000014e5e0 00003fff63000000
GPR20: 0008000000000000 c0000000f7014800 0405e600000000e0 0000000000010000
GPR24: c000000004d38810 c000000004447c10 c00000000404de18 c000000004447964
GPR28: c000000005573b10 c000000004d38810 00003fff62000000 420000000014e5e0
NIP [c00000000027bf6c] zap_huge_pmd+0x4c/0x470
LR [c00000000027bf64] zap_huge_pmd+0x44/0x470
Call Trace:
[c000000005573aa0] [c00000000027bf64] zap_huge_pmd+0x44/0x470 (unreliable)
[c000000005573af0] [c00000000022bbd8] unmap_page_range+0xcf8/0xed0
[c000000005573c30] [c00000000022c2d4] unmap_vmas+0x84/0x120
[c000000005573c80] [c000000000235448] unmap_region+0xd8/0x1b0
[c000000005573d80] [c0000000002378f0] do_munmap+0x2d0/0x4c0
[c000000005573df0] [c000000000237be4] SyS_munmap+0x64/0xb0
[c000000005573e30] [c000000000009560] system_call+0x38/0x108
Instruction dump:
fbe1fff8 fb81ffe0 7c7f1b78 7ca32b78 7cbd2b78 f8010010 7c9a2378 f821ffb1
7cde3378 4bfffea9 7c7b1b79 41820298 <e87f0000> 48000130 7fa5eb78 7fc4f378

Most of the time, the bug is surfacing in a caller up in the stack from
__pSeries_lpar_hugepage_invalidate() which is quite confusing.

This bug is pending since v3.11 but was hidden if a caller of the
caller of __pSeries_lpar_hugepage_invalidate() has pushed the corruped
register (r18 in this case) in the stack and is not using it until
restoring it. GCC 6.2.0 seems to raise it more frequently.

This commit also change the definition of the parameter buffer in
pSeries_lpar_flush_hash_range() to rely on the global define
PLPAR_HCALL9_BUFSIZE (no functional change here).

Fixes: 1a52728 ("powerpc: Optimize hugepage invalidate")
Cc: <stable@vger.kernel.org>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
a3bb107
@mpe mpe referenced this pull request in linuxppc/linux Oct 11, 2016
@ldu4 @mpe ldu4 + mpe powerpc/pseries: Fix stack corruption in htpe code
This commit fixes a stack corruption in the pseries specific code dealing
with the huge pages.

In __pSeries_lpar_hugepage_invalidate() the buffer used to pass arguments
to the hypervisor is not large enough. This leads to a stack corruption
where a previously saved register could be corrupted leading to unexpected
result in the caller, like the following panic:

  Oops: Kernel access of bad area, sig: 11 [#1]
  SMP NR_CPUS=2048 NUMA pSeries
  Modules linked in: virtio_balloon ip_tables x_tables autofs4
  virtio_blk 8139too virtio_pci virtio_ring 8139cp virtio
  CPU: 11 PID: 1916 Comm: mmstress Not tainted 4.8.0 #76
  task: c000000005394880 task.stack: c000000005570000
  NIP: c00000000027bf6c LR: c00000000027bf64 CTR: 0000000000000000
  REGS: c000000005573820 TRAP: 0300   Not tainted  (4.8.0)
  MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 84822884  XER: 20000000
  CFAR: c00000000010a924 DAR: 420000000014e5e0 DSISR: 40000000 SOFTE: 1
  GPR00: c00000000027bf64 c000000005573aa0 c000000000e02800 c000000004447964
  GPR04: c00000000404de18 c000000004d38810 00000000042100f5 00000000f5002104
  GPR08: e0000000f5002104 0000000000000001 042100f5000000e0 00000000042100f5
  GPR12: 0000000000002200 c00000000fe02c00 c00000000404de18 0000000000000000
  GPR16: c1ffffffffffe7ff 00003fff62000000 420000000014e5e0 00003fff63000000
  GPR20: 0008000000000000 c0000000f7014800 0405e600000000e0 0000000000010000
  GPR24: c000000004d38810 c000000004447c10 c00000000404de18 c000000004447964
  GPR28: c000000005573b10 c000000004d38810 00003fff62000000 420000000014e5e0
  NIP [c00000000027bf6c] zap_huge_pmd+0x4c/0x470
  LR [c00000000027bf64] zap_huge_pmd+0x44/0x470
  Call Trace:
  [c000000005573aa0] [c00000000027bf64] zap_huge_pmd+0x44/0x470 (unreliable)
  [c000000005573af0] [c00000000022bbd8] unmap_page_range+0xcf8/0xed0
  [c000000005573c30] [c00000000022c2d4] unmap_vmas+0x84/0x120
  [c000000005573c80] [c000000000235448] unmap_region+0xd8/0x1b0
  [c000000005573d80] [c0000000002378f0] do_munmap+0x2d0/0x4c0
  [c000000005573df0] [c000000000237be4] SyS_munmap+0x64/0xb0
  [c000000005573e30] [c000000000009560] system_call+0x38/0x108
  Instruction dump:
  fbe1fff8 fb81ffe0 7c7f1b78 7ca32b78 7cbd2b78 f8010010 7c9a2378 f821ffb1
  7cde3378 4bfffea9 7c7b1b79 41820298 <e87f0000> 48000130 7fa5eb78 7fc4f378

Most of the time, the bug is surfacing in a caller up in the stack from
__pSeries_lpar_hugepage_invalidate() which is quite confusing.

This bug is pending since v3.11 but was hidden if a caller of the
caller of __pSeries_lpar_hugepage_invalidate() has pushed the corruped
register (r18 in this case) in the stack and is not using it until
restoring it. GCC 6.2.0 seems to raise it more frequently.

This commit also change the definition of the parameter buffer in
pSeries_lpar_flush_hash_range() to rely on the global define
PLPAR_HCALL9_BUFSIZE (no functional change here).

Fixes: 1a52728 ("powerpc: Optimize hugepage invalidate")
Cc: stable@vger.kernel.org # v3.11+
Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
05af40e
@Noltari Noltari pushed a commit to Noltari/linux that referenced this pull request Oct 28, 2016
@ldu4 @gregkh ldu4 + gregkh powerpc/pseries: Fix stack corruption in htpe code
commit 05af40e upstream.

This commit fixes a stack corruption in the pseries specific code dealing
with the huge pages.

In __pSeries_lpar_hugepage_invalidate() the buffer used to pass arguments
to the hypervisor is not large enough. This leads to a stack corruption
where a previously saved register could be corrupted leading to unexpected
result in the caller, like the following panic:

  Oops: Kernel access of bad area, sig: 11 [#1]
  SMP NR_CPUS=2048 NUMA pSeries
  Modules linked in: virtio_balloon ip_tables x_tables autofs4
  virtio_blk 8139too virtio_pci virtio_ring 8139cp virtio
  CPU: 11 PID: 1916 Comm: mmstress Not tainted 4.8.0 #76
  task: c000000005394880 task.stack: c000000005570000
  NIP: c00000000027bf6c LR: c00000000027bf64 CTR: 0000000000000000
  REGS: c000000005573820 TRAP: 0300   Not tainted  (4.8.0)
  MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 84822884  XER: 20000000
  CFAR: c00000000010a924 DAR: 420000000014e5e0 DSISR: 40000000 SOFTE: 1
  GPR00: c00000000027bf64 c000000005573aa0 c000000000e02800 c000000004447964
  GPR04: c00000000404de18 c000000004d38810 00000000042100f5 00000000f5002104
  GPR08: e0000000f5002104 0000000000000001 042100f5000000e0 00000000042100f5
  GPR12: 0000000000002200 c00000000fe02c00 c00000000404de18 0000000000000000
  GPR16: c1ffffffffffe7ff 00003fff62000000 420000000014e5e0 00003fff63000000
  GPR20: 0008000000000000 c0000000f7014800 0405e600000000e0 0000000000010000
  GPR24: c000000004d38810 c000000004447c10 c00000000404de18 c000000004447964
  GPR28: c000000005573b10 c000000004d38810 00003fff62000000 420000000014e5e0
  NIP [c00000000027bf6c] zap_huge_pmd+0x4c/0x470
  LR [c00000000027bf64] zap_huge_pmd+0x44/0x470
  Call Trace:
  [c000000005573aa0] [c00000000027bf64] zap_huge_pmd+0x44/0x470 (unreliable)
  [c000000005573af0] [c00000000022bbd8] unmap_page_range+0xcf8/0xed0
  [c000000005573c30] [c00000000022c2d4] unmap_vmas+0x84/0x120
  [c000000005573c80] [c000000000235448] unmap_region+0xd8/0x1b0
  [c000000005573d80] [c0000000002378f0] do_munmap+0x2d0/0x4c0
  [c000000005573df0] [c000000000237be4] SyS_munmap+0x64/0xb0
  [c000000005573e30] [c000000000009560] system_call+0x38/0x108
  Instruction dump:
  fbe1fff8 fb81ffe0 7c7f1b78 7ca32b78 7cbd2b78 f8010010 7c9a2378 f821ffb1
  7cde3378 4bfffea9 7c7b1b79 41820298 <e87f0000> 48000130 7fa5eb78 7fc4f378

Most of the time, the bug is surfacing in a caller up in the stack from
__pSeries_lpar_hugepage_invalidate() which is quite confusing.

This bug is pending since v3.11 but was hidden if a caller of the
caller of __pSeries_lpar_hugepage_invalidate() has pushed the corruped
register (r18 in this case) in the stack and is not using it until
restoring it. GCC 6.2.0 seems to raise it more frequently.

This commit also change the definition of the parameter buffer in
pSeries_lpar_flush_hash_range() to rely on the global define
PLPAR_HCALL9_BUFSIZE (no functional change here).

Fixes: 1a52728 ("powerpc: Optimize hugepage invalidate")
Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
b57af60
@megous megous pushed a commit to megous/linux that referenced this pull request Oct 30, 2016
@ldu4 @gregkh ldu4 + gregkh powerpc/pseries: Fix stack corruption in htpe code
commit 05af40e upstream.

This commit fixes a stack corruption in the pseries specific code dealing
with the huge pages.

In __pSeries_lpar_hugepage_invalidate() the buffer used to pass arguments
to the hypervisor is not large enough. This leads to a stack corruption
where a previously saved register could be corrupted leading to unexpected
result in the caller, like the following panic:

  Oops: Kernel access of bad area, sig: 11 [#1]
  SMP NR_CPUS=2048 NUMA pSeries
  Modules linked in: virtio_balloon ip_tables x_tables autofs4
  virtio_blk 8139too virtio_pci virtio_ring 8139cp virtio
  CPU: 11 PID: 1916 Comm: mmstress Not tainted 4.8.0 #76
  task: c000000005394880 task.stack: c000000005570000
  NIP: c00000000027bf6c LR: c00000000027bf64 CTR: 0000000000000000
  REGS: c000000005573820 TRAP: 0300   Not tainted  (4.8.0)
  MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 84822884  XER: 20000000
  CFAR: c00000000010a924 DAR: 420000000014e5e0 DSISR: 40000000 SOFTE: 1
  GPR00: c00000000027bf64 c000000005573aa0 c000000000e02800 c000000004447964
  GPR04: c00000000404de18 c000000004d38810 00000000042100f5 00000000f5002104
  GPR08: e0000000f5002104 0000000000000001 042100f5000000e0 00000000042100f5
  GPR12: 0000000000002200 c00000000fe02c00 c00000000404de18 0000000000000000
  GPR16: c1ffffffffffe7ff 00003fff62000000 420000000014e5e0 00003fff63000000
  GPR20: 0008000000000000 c0000000f7014800 0405e600000000e0 0000000000010000
  GPR24: c000000004d38810 c000000004447c10 c00000000404de18 c000000004447964
  GPR28: c000000005573b10 c000000004d38810 00003fff62000000 420000000014e5e0
  NIP [c00000000027bf6c] zap_huge_pmd+0x4c/0x470
  LR [c00000000027bf64] zap_huge_pmd+0x44/0x470
  Call Trace:
  [c000000005573aa0] [c00000000027bf64] zap_huge_pmd+0x44/0x470 (unreliable)
  [c000000005573af0] [c00000000022bbd8] unmap_page_range+0xcf8/0xed0
  [c000000005573c30] [c00000000022c2d4] unmap_vmas+0x84/0x120
  [c000000005573c80] [c000000000235448] unmap_region+0xd8/0x1b0
  [c000000005573d80] [c0000000002378f0] do_munmap+0x2d0/0x4c0
  [c000000005573df0] [c000000000237be4] SyS_munmap+0x64/0xb0
  [c000000005573e30] [c000000000009560] system_call+0x38/0x108
  Instruction dump:
  fbe1fff8 fb81ffe0 7c7f1b78 7ca32b78 7cbd2b78 f8010010 7c9a2378 f821ffb1
  7cde3378 4bfffea9 7c7b1b79 41820298 <e87f0000> 48000130 7fa5eb78 7fc4f378

Most of the time, the bug is surfacing in a caller up in the stack from
__pSeries_lpar_hugepage_invalidate() which is quite confusing.

This bug is pending since v3.11 but was hidden if a caller of the
caller of __pSeries_lpar_hugepage_invalidate() has pushed the corruped
register (r18 in this case) in the stack and is not using it until
restoring it. GCC 6.2.0 seems to raise it more frequently.

This commit also change the definition of the parameter buffer in
pSeries_lpar_flush_hash_range() to rely on the global define
PLPAR_HCALL9_BUFSIZE (no functional change here).

Fixes: 1a52728 ("powerpc: Optimize hugepage invalidate")
Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
67b098d
@metux metux added a commit to metux/linux that referenced this pull request Nov 5, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
25ff337
@metux metux added a commit to metux/linux that referenced this pull request Nov 5, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
5fb54e7
@metux metux added a commit to metux/linux that referenced this pull request Nov 5, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
d90841f
@metux metux added a commit to metux/linux that referenced this pull request Nov 5, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
9f8c569
@metux metux added a commit to metux/linux that referenced this pull request Nov 5, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
c39314b
@metux metux added a commit to metux/linux that referenced this pull request Nov 5, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
4a139bf
@metux metux added a commit to metux/linux that referenced this pull request Nov 5, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
39e2709
@metux metux added a commit to metux/linux that referenced this pull request Nov 5, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
0611cd5
@metux metux added a commit to metux/linux that referenced this pull request Nov 5, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
7bbdde0
@metux metux added a commit to metux/linux that referenced this pull request Nov 6, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
2294a0a
@metux metux added a commit to metux/linux that referenced this pull request Nov 7, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
b52c509
@metux metux added a commit to metux/linux that referenced this pull request Nov 7, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
7809ef1
@metux metux added a commit to metux/linux that referenced this pull request Nov 7, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
90bd412
@metux metux added a commit to metux/linux that referenced this pull request Nov 7, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
7b90322
@metux metux added a commit to metux/linux that referenced this pull request Nov 7, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
0ec368b
@metux metux added a commit to metux/linux that referenced this pull request Nov 7, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
f58e12d
@metux metux added a commit to metux/linux that referenced this pull request Nov 7, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
131bb6c
@metux metux added a commit to metux/linux that referenced this pull request Nov 7, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
13bc87d
@metux metux added a commit to metux/linux that referenced this pull request Nov 7, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
09298e8
@metux metux added a commit to metux/linux that referenced this pull request Nov 7, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
4839e31
@metux metux added a commit to metux/linux that referenced this pull request Nov 8, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
7c4f0d8
@metux metux added a commit to metux/linux that referenced this pull request Nov 8, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
30af907
@metux metux added a commit to metux/linux that referenced this pull request Nov 8, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
3b79f23
@metux metux added a commit to metux/linux that referenced this pull request Nov 8, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
090cb8a
@metux metux added a commit to metux/linux that referenced this pull request Nov 8, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
957c378
@metux metux added a commit to metux/linux that referenced this pull request Nov 8, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
c86db9f
@metux metux added a commit to metux/linux that referenced this pull request Nov 8, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
34e67c7
@metux metux added a commit to metux/linux that referenced this pull request Nov 8, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
34479af
@metux metux added a commit to metux/linux that referenced this pull request Nov 8, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
d087ae6
@metux metux added a commit to metux/linux that referenced this pull request Nov 8, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
1f46d7c
@metux metux added a commit to metux/linux that referenced this pull request Nov 8, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
ffd1c82
@metux metux added a commit to metux/linux that referenced this pull request Nov 8, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
7a4e1b8
@metux metux added a commit to metux/linux that referenced this pull request Nov 9, 2016
@pundiramit @metux pundiramit + metux usb: gadget: check for accessory device before disconnecting HIDs
While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

===> SQ usb: gadget: Accessory:Migrate to USB_FUNCTION API

This patch adds support to use Android accessory
gadget function through the
DECLARE_USB_FUNCTION_INIT interface.

Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Change-Id: Ib352752d5bc905fa1df9049b53eabf1294930db7
6ab8202
@metux metux added a commit to metux/linux that referenced this pull request Nov 9, 2016
@benoitgoby @metux benoitgoby + metux usb: gadget: accessory: Add Android Accessory function
USB accessory mode allows users to connect USB host hardware
specifically designed for Android-powered devices. The accessories
must adhere to the Android accessory protocol outlined in the
http://accessories.android.com documentation. This allows
Android devices that cannot act as a USB host to still interact with
USB hardware. When an Android device is in USB accessory mode, the
attached Android USB accessory acts as the host, provides power
to the USB bus, and enumerates connected devices.

Change-Id: I67964b50d278f3c0471d47efbb7b0973a3502681
Signed-off-by: Mike Lockwood <lockwood@android.com>

usb: gadget: accessory: Fix section mismatch

create_bulk_endpoints should not be __init since it is called when
accessory is enabled

Change-Id: If827a4531f0f6c15af938345163923186368e2a5
Signed-off-by: Benoit Goby <benoit@android.com>

usb: gadget: add ACCESSORY_SET_AUDIO_MODE control request and ioctl

The control request will be used by the host to enable/disable USB audio
and the ioctl will be used by userspace to read the audio mode

Change-Id: I81c38611b588451e80eacdccc417ca6e11c60cab
Signed-off-by: Mike Lockwood <lockwood@google.com>

usb: gadget: f_accessory: add support for HID input devices

Change-Id: I4f1452db32508382df52acdc47c0eb395ae328c7
Signed-off-by: Mike Lockwood <lockwood@google.com>

usb: gadget: accessory: Fix section mismatch (again)

create_bulk_endpoints should not be __init since it is called when
accessory is enabled.

Change-Id: Iac6e9f29d53c93760e926efd8e7603432632acb4
Signed-off-by: Todd Poynor <toddpoynor@google.com>

usb: gadget: android: Fixes and hacks to make android usb gadget compile on 3.8

Change-Id: I332a6802dbd49b4018b9318b8621d26ed94c955d
Signed-off-by: Arve Hjønnevåg <arve@android.com>

usb: gadget: f_accessory: move userspace interface to uapi

Move the entire contents of linux/usb/f_accessory.h header to uapi,
it only contains a userspace interface.

Change-Id: Ieb5547da449588ae554988a201c0e6b4e3afc531
Signed-off-by: Colin Cross <ccross@android.com>

drivers: usb: gadget: 64-bit related type fixes

Change-Id: I2f9b12e1e0cdfe64ffe20db78d319a6221821184
Signed-off-by: Greg Hackmann <ghackmann@google.com>

usb: gadget: f_accessory: Enabled Zero Length Packet (ZLP) for acc_write

Accessory connected to Android Device requires
Zero Length Packet (ZLP) to be written when data
transferred out from the Android device are multiples
of wMaxPacketSize (64bytes (Full-Speed) / 512bytes (High-Speed))
to end the transfer.

Change-Id: Ib2c2c0ab98ef9afa10e74a720142deca5c0ed476
Signed-off-by: Anson Jacob <ansonkuzhumbil@gmail.com>

usb: gadget: check for accessory device before disconnecting HIDs

While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

===> SQ usb: gadget: Accessory:Migrate to USB_FUNCTION API

This patch adds support to use Android accessory
gadget function through the
DECLARE_USB_FUNCTION_INIT interface.

Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Change-Id: Ib352752d5bc905fa1df9049b53eabf1294930db7

SQ: f_accessory: usb: gadget: cleanup: fix unused variable and function warnings

Remove unused variables and functions to fix following
build warnings:

  CC      drivers/usb/gadget/configfs.o
drivers/usb/gadget/configfs.c: In function ‘gadgets_make’:
drivers/usb/gadget/configfs.c:1710:6: warning: unused variable ‘err’ [-Wunused-variable]
  int err;
      ^
drivers/usb/gadget/configfs.c:1709:27: warning: unused variable ‘attr’ [-Wunused-variable]
  struct device_attribute *attr;
                           ^
drivers/usb/gadget/configfs.c:1708:28: warning: unused variable ‘attrs’ [-Wunused-variable]
  struct device_attribute **attrs;
                            ^
drivers/usb/gadget/configfs.c: In function ‘gadgets_drop’:
drivers/usb/gadget/configfs.c:1774:27: warning: unused variable ‘attr’ [-Wunused-variable]
  struct device_attribute *attr;
                           ^
drivers/usb/gadget/configfs.c:1773:28: warning: unused variable ‘attrs’ [-Wunused-variable]
  struct device_attribute **attrs;
                            ^
<snip>...
  CC      drivers/usb/gadget/function/f_mtp.o
drivers/usb/gadget/function/f_mtp.c:1219:12: warning: ‘mtp_bind_config’ defined but not used [-Wunused-function]
 static int mtp_bind_config(struct usb_configuration *c, bool ptp_config)
            ^
drivers/usb/gadget/function/f_mtp.c:1300:12: warning: ‘mtp_setup’ defined but not used [-Wunused-function]
 static int mtp_setup(void)
            ^
<snip>...
  CC      drivers/usb/gadget/function/f_accessory.o
drivers/usb/gadget/function/f_accessory.c:969:1: warning: ‘acc_function_bind’ defined but not used [-Wunused-function]
 acc_function_bind(struct usb_configuration *c, struct usb_function *f) {
 ^
drivers/usb/gadget/function/f_accessory.c:1172:12: warning: ‘acc_bind_config’ defined but not used [-Wunused-function]
 static int acc_bind_config(struct usb_configuration *c)
            ^

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

SQ f_accessory: fix false disconnect due to a signal sent to the reading process

- In the current implementation, when a signal is sent to the reading process,
  read is cancelled by calling usb_ep_dequeue, which lead into calling
  acc_complete_out with ECONNRESET, but the current logic treats it as
  disconnection, which makes the device inaccessible until cable is actually
  disconnected.
- The fix calls disconnect only when ESHUTDOWN error is passed.
- If data has already arrived while trying cancelling, the data is marked
  as available, and it will be read out on the next read. This is necessary
  as USB bulk is assumed to guarantee no data loss.

Signed-off-by: keunyoung <keunyoung@google.com>

===> SQ CHROMIUM: usb: gadget: f_accessory: add .raw_request callback

After this upstream commit: 3c86726,
.raw_request is mandatory in hid_ll_driver structure, hence add an empty
raw_request() function.

BUG=chrome-os-partner:49140
TEST=none

Change-Id: Idd0bbe6960aad2c557376e4a24827d7e1df8e023
Signed-off-by: Mark Kuo <mkuo@nvidia.com>
Reviewed-on: https://chromium-review.googlesource.com/321038
Commit-Ready: Andrew Bresticker <abrestic@chromium.org>
Tested-by: Andrew Bresticker <abrestic@chromium.org>
Reviewed-by: Andrew Bresticker <abrestic@chromium.org>

===> SQ usb: gadget: f_accessory: remove duplicate endpoint alloc

usb_ep_autoconfig is called twice for allocating
bulk out endpoint.

Removed the unwanted call.

Fixes Issue: 67180

Change-Id: I03e87a86fbbbc85831ff7f0496adf038d1de2956
Signed-off-by: Anson Jacob <ansonjacob.aj@gmail.com>

===> SQ usb: gadget: Relocate f_accessory

3.18 kernel has reorganized drivers/usb/gadget
directory. Moving accessory gadget driver from
drivers/usb/gadget to drivers/usb/gadget/function

Signed-off-by: Badhri Jagan Sridharan <Badhri@google.com>
Change-Id: If73c6df0537c4b1f51338ed3b0db817e51f06b4a
23d6963
@metux metux added a commit to metux/linux that referenced this pull request Nov 9, 2016
@benoitgoby @metux benoitgoby + metux usb: gadget: accessory: Add Android Accessory function
USB accessory mode allows users to connect USB host hardware
specifically designed for Android-powered devices. The accessories
must adhere to the Android accessory protocol outlined in the
http://accessories.android.com documentation. This allows
Android devices that cannot act as a USB host to still interact with
USB hardware. When an Android device is in USB accessory mode, the
attached Android USB accessory acts as the host, provides power
to the USB bus, and enumerates connected devices.

Change-Id: I67964b50d278f3c0471d47efbb7b0973a3502681
Signed-off-by: Mike Lockwood <lockwood@android.com>

usb: gadget: accessory: Fix section mismatch

create_bulk_endpoints should not be __init since it is called when
accessory is enabled

Change-Id: If827a4531f0f6c15af938345163923186368e2a5
Signed-off-by: Benoit Goby <benoit@android.com>

usb: gadget: add ACCESSORY_SET_AUDIO_MODE control request and ioctl

The control request will be used by the host to enable/disable USB audio
and the ioctl will be used by userspace to read the audio mode

Change-Id: I81c38611b588451e80eacdccc417ca6e11c60cab
Signed-off-by: Mike Lockwood <lockwood@google.com>

usb: gadget: f_accessory: add support for HID input devices

Change-Id: I4f1452db32508382df52acdc47c0eb395ae328c7
Signed-off-by: Mike Lockwood <lockwood@google.com>

usb: gadget: accessory: Fix section mismatch (again)

create_bulk_endpoints should not be __init since it is called when
accessory is enabled.

Change-Id: Iac6e9f29d53c93760e926efd8e7603432632acb4
Signed-off-by: Todd Poynor <toddpoynor@google.com>

usb: gadget: android: Fixes and hacks to make android usb gadget compile on 3.8

Change-Id: I332a6802dbd49b4018b9318b8621d26ed94c955d
Signed-off-by: Arve Hjønnevåg <arve@android.com>

usb: gadget: f_accessory: move userspace interface to uapi

Move the entire contents of linux/usb/f_accessory.h header to uapi,
it only contains a userspace interface.

Change-Id: Ieb5547da449588ae554988a201c0e6b4e3afc531
Signed-off-by: Colin Cross <ccross@android.com>

drivers: usb: gadget: 64-bit related type fixes

Change-Id: I2f9b12e1e0cdfe64ffe20db78d319a6221821184
Signed-off-by: Greg Hackmann <ghackmann@google.com>

usb: gadget: f_accessory: Enabled Zero Length Packet (ZLP) for acc_write

Accessory connected to Android Device requires
Zero Length Packet (ZLP) to be written when data
transferred out from the Android device are multiples
of wMaxPacketSize (64bytes (Full-Speed) / 512bytes (High-Speed))
to end the transfer.

Change-Id: Ib2c2c0ab98ef9afa10e74a720142deca5c0ed476
Signed-off-by: Anson Jacob <ansonkuzhumbil@gmail.com>

usb: gadget: check for accessory device before disconnecting HIDs

While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

===> SQ usb: gadget: Accessory:Migrate to USB_FUNCTION API

This patch adds support to use Android accessory
gadget function through the
DECLARE_USB_FUNCTION_INIT interface.

Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Change-Id: Ib352752d5bc905fa1df9049b53eabf1294930db7

SQ: f_accessory: usb: gadget: cleanup: fix unused variable and function warnings

Remove unused variables and functions to fix following
build warnings:

  CC      drivers/usb/gadget/configfs.o
drivers/usb/gadget/configfs.c: In function ‘gadgets_make’:
drivers/usb/gadget/configfs.c:1710:6: warning: unused variable ‘err’ [-Wunused-variable]
  int err;
      ^
drivers/usb/gadget/configfs.c:1709:27: warning: unused variable ‘attr’ [-Wunused-variable]
  struct device_attribute *attr;
                           ^
drivers/usb/gadget/configfs.c:1708:28: warning: unused variable ‘attrs’ [-Wunused-variable]
  struct device_attribute **attrs;
                            ^
drivers/usb/gadget/configfs.c: In function ‘gadgets_drop’:
drivers/usb/gadget/configfs.c:1774:27: warning: unused variable ‘attr’ [-Wunused-variable]
  struct device_attribute *attr;
                           ^
drivers/usb/gadget/configfs.c:1773:28: warning: unused variable ‘attrs’ [-Wunused-variable]
  struct device_attribute **attrs;
                            ^
<snip>...
  CC      drivers/usb/gadget/function/f_mtp.o
drivers/usb/gadget/function/f_mtp.c:1219:12: warning: ‘mtp_bind_config’ defined but not used [-Wunused-function]
 static int mtp_bind_config(struct usb_configuration *c, bool ptp_config)
            ^
drivers/usb/gadget/function/f_mtp.c:1300:12: warning: ‘mtp_setup’ defined but not used [-Wunused-function]
 static int mtp_setup(void)
            ^
<snip>...
  CC      drivers/usb/gadget/function/f_accessory.o
drivers/usb/gadget/function/f_accessory.c:969:1: warning: ‘acc_function_bind’ defined but not used [-Wunused-function]
 acc_function_bind(struct usb_configuration *c, struct usb_function *f) {
 ^
drivers/usb/gadget/function/f_accessory.c:1172:12: warning: ‘acc_bind_config’ defined but not used [-Wunused-function]
 static int acc_bind_config(struct usb_configuration *c)
            ^

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

SQ f_accessory: fix false disconnect due to a signal sent to the reading process

- In the current implementation, when a signal is sent to the reading process,
  read is cancelled by calling usb_ep_dequeue, which lead into calling
  acc_complete_out with ECONNRESET, but the current logic treats it as
  disconnection, which makes the device inaccessible until cable is actually
  disconnected.
- The fix calls disconnect only when ESHUTDOWN error is passed.
- If data has already arrived while trying cancelling, the data is marked
  as available, and it will be read out on the next read. This is necessary
  as USB bulk is assumed to guarantee no data loss.

Signed-off-by: keunyoung <keunyoung@google.com>

===> SQ CHROMIUM: usb: gadget: f_accessory: add .raw_request callback

After this upstream commit: 3c86726,
.raw_request is mandatory in hid_ll_driver structure, hence add an empty
raw_request() function.

BUG=chrome-os-partner:49140
TEST=none

Change-Id: Idd0bbe6960aad2c557376e4a24827d7e1df8e023
Signed-off-by: Mark Kuo <mkuo@nvidia.com>
Reviewed-on: https://chromium-review.googlesource.com/321038
Commit-Ready: Andrew Bresticker <abrestic@chromium.org>
Tested-by: Andrew Bresticker <abrestic@chromium.org>
Reviewed-by: Andrew Bresticker <abrestic@chromium.org>

===> SQ usb: gadget: f_accessory: remove duplicate endpoint alloc

usb_ep_autoconfig is called twice for allocating
bulk out endpoint.

Removed the unwanted call.

Fixes Issue: 67180

Change-Id: I03e87a86fbbbc85831ff7f0496adf038d1de2956
Signed-off-by: Anson Jacob <ansonjacob.aj@gmail.com>

===> SQ usb: gadget: Relocate f_accessory

3.18 kernel has reorganized drivers/usb/gadget
directory. Moving accessory gadget driver from
drivers/usb/gadget to drivers/usb/gadget/function

Signed-off-by: Badhri Jagan Sridharan <Badhri@google.com>
Change-Id: If73c6df0537c4b1f51338ed3b0db817e51f06b4a
77c7cc6
@metux metux added a commit to metux/linux that referenced this pull request Nov 9, 2016
@benoitgoby @metux benoitgoby + metux usb: gadget: accessory: Add Android Accessory function
USB accessory mode allows users to connect USB host hardware
specifically designed for Android-powered devices. The accessories
must adhere to the Android accessory protocol outlined in the
http://accessories.android.com documentation. This allows
Android devices that cannot act as a USB host to still interact with
USB hardware. When an Android device is in USB accessory mode, the
attached Android USB accessory acts as the host, provides power
to the USB bus, and enumerates connected devices.

Change-Id: I67964b50d278f3c0471d47efbb7b0973a3502681
Signed-off-by: Mike Lockwood <lockwood@android.com>

usb: gadget: accessory: Fix section mismatch

create_bulk_endpoints should not be __init since it is called when
accessory is enabled

Change-Id: If827a4531f0f6c15af938345163923186368e2a5
Signed-off-by: Benoit Goby <benoit@android.com>

usb: gadget: add ACCESSORY_SET_AUDIO_MODE control request and ioctl

The control request will be used by the host to enable/disable USB audio
and the ioctl will be used by userspace to read the audio mode

Change-Id: I81c38611b588451e80eacdccc417ca6e11c60cab
Signed-off-by: Mike Lockwood <lockwood@google.com>

usb: gadget: f_accessory: add support for HID input devices

Change-Id: I4f1452db32508382df52acdc47c0eb395ae328c7
Signed-off-by: Mike Lockwood <lockwood@google.com>

usb: gadget: accessory: Fix section mismatch (again)

create_bulk_endpoints should not be __init since it is called when
accessory is enabled.

Change-Id: Iac6e9f29d53c93760e926efd8e7603432632acb4
Signed-off-by: Todd Poynor <toddpoynor@google.com>

usb: gadget: android: Fixes and hacks to make android usb gadget compile on 3.8

Change-Id: I332a6802dbd49b4018b9318b8621d26ed94c955d
Signed-off-by: Arve Hjønnevåg <arve@android.com>

usb: gadget: f_accessory: move userspace interface to uapi

Move the entire contents of linux/usb/f_accessory.h header to uapi,
it only contains a userspace interface.

Change-Id: Ieb5547da449588ae554988a201c0e6b4e3afc531
Signed-off-by: Colin Cross <ccross@android.com>

drivers: usb: gadget: 64-bit related type fixes

Change-Id: I2f9b12e1e0cdfe64ffe20db78d319a6221821184
Signed-off-by: Greg Hackmann <ghackmann@google.com>

usb: gadget: f_accessory: Enabled Zero Length Packet (ZLP) for acc_write

Accessory connected to Android Device requires
Zero Length Packet (ZLP) to be written when data
transferred out from the Android device are multiples
of wMaxPacketSize (64bytes (Full-Speed) / 512bytes (High-Speed))
to end the transfer.

Change-Id: Ib2c2c0ab98ef9afa10e74a720142deca5c0ed476
Signed-off-by: Anson Jacob <ansonkuzhumbil@gmail.com>

usb: gadget: check for accessory device before disconnecting HIDs

While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

===> SQ usb: gadget: Accessory:Migrate to USB_FUNCTION API

This patch adds support to use Android accessory
gadget function through the
DECLARE_USB_FUNCTION_INIT interface.

Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Change-Id: Ib352752d5bc905fa1df9049b53eabf1294930db7

SQ: f_accessory: usb: gadget: cleanup: fix unused variable and function warnings

Remove unused variables and functions to fix following
build warnings:

  CC      drivers/usb/gadget/configfs.o
drivers/usb/gadget/configfs.c: In function ‘gadgets_make’:
drivers/usb/gadget/configfs.c:1710:6: warning: unused variable ‘err’ [-Wunused-variable]
  int err;
      ^
drivers/usb/gadget/configfs.c:1709:27: warning: unused variable ‘attr’ [-Wunused-variable]
  struct device_attribute *attr;
                           ^
drivers/usb/gadget/configfs.c:1708:28: warning: unused variable ‘attrs’ [-Wunused-variable]
  struct device_attribute **attrs;
                            ^
drivers/usb/gadget/configfs.c: In function ‘gadgets_drop’:
drivers/usb/gadget/configfs.c:1774:27: warning: unused variable ‘attr’ [-Wunused-variable]
  struct device_attribute *attr;
                           ^
drivers/usb/gadget/configfs.c:1773:28: warning: unused variable ‘attrs’ [-Wunused-variable]
  struct device_attribute **attrs;
                            ^
<snip>...
  CC      drivers/usb/gadget/function/f_mtp.o
drivers/usb/gadget/function/f_mtp.c:1219:12: warning: ‘mtp_bind_config’ defined but not used [-Wunused-function]
 static int mtp_bind_config(struct usb_configuration *c, bool ptp_config)
            ^
drivers/usb/gadget/function/f_mtp.c:1300:12: warning: ‘mtp_setup’ defined but not used [-Wunused-function]
 static int mtp_setup(void)
            ^
<snip>...
  CC      drivers/usb/gadget/function/f_accessory.o
drivers/usb/gadget/function/f_accessory.c:969:1: warning: ‘acc_function_bind’ defined but not used [-Wunused-function]
 acc_function_bind(struct usb_configuration *c, struct usb_function *f) {
 ^
drivers/usb/gadget/function/f_accessory.c:1172:12: warning: ‘acc_bind_config’ defined but not used [-Wunused-function]
 static int acc_bind_config(struct usb_configuration *c)
            ^

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

SQ f_accessory: fix false disconnect due to a signal sent to the reading process

- In the current implementation, when a signal is sent to the reading process,
  read is cancelled by calling usb_ep_dequeue, which lead into calling
  acc_complete_out with ECONNRESET, but the current logic treats it as
  disconnection, which makes the device inaccessible until cable is actually
  disconnected.
- The fix calls disconnect only when ESHUTDOWN error is passed.
- If data has already arrived while trying cancelling, the data is marked
  as available, and it will be read out on the next read. This is necessary
  as USB bulk is assumed to guarantee no data loss.

Signed-off-by: keunyoung <keunyoung@google.com>

===> SQ CHROMIUM: usb: gadget: f_accessory: add .raw_request callback

After this upstream commit: 3c86726,
.raw_request is mandatory in hid_ll_driver structure, hence add an empty
raw_request() function.

BUG=chrome-os-partner:49140
TEST=none

Change-Id: Idd0bbe6960aad2c557376e4a24827d7e1df8e023
Signed-off-by: Mark Kuo <mkuo@nvidia.com>
Reviewed-on: https://chromium-review.googlesource.com/321038
Commit-Ready: Andrew Bresticker <abrestic@chromium.org>
Tested-by: Andrew Bresticker <abrestic@chromium.org>
Reviewed-by: Andrew Bresticker <abrestic@chromium.org>

===> SQ usb: gadget: f_accessory: remove duplicate endpoint alloc

usb_ep_autoconfig is called twice for allocating
bulk out endpoint.

Removed the unwanted call.

Fixes Issue: 67180

Change-Id: I03e87a86fbbbc85831ff7f0496adf038d1de2956
Signed-off-by: Anson Jacob <ansonjacob.aj@gmail.com>

===> SQ usb: gadget: Relocate f_accessory

3.18 kernel has reorganized drivers/usb/gadget
directory. Moving accessory gadget driver from
drivers/usb/gadget to drivers/usb/gadget/function

Signed-off-by: Badhri Jagan Sridharan <Badhri@google.com>
Change-Id: If73c6df0537c4b1f51338ed3b0db817e51f06b4a
8c5016f
@metux metux added a commit to metux/linux that referenced this pull request Nov 9, 2016
@benoitgoby @metux benoitgoby + metux usb: gadget: accessory: Add Android Accessory function
USB accessory mode allows users to connect USB host hardware
specifically designed for Android-powered devices. The accessories
must adhere to the Android accessory protocol outlined in the
http://accessories.android.com documentation. This allows
Android devices that cannot act as a USB host to still interact with
USB hardware. When an Android device is in USB accessory mode, the
attached Android USB accessory acts as the host, provides power
to the USB bus, and enumerates connected devices.

Change-Id: I67964b50d278f3c0471d47efbb7b0973a3502681
Signed-off-by: Mike Lockwood <lockwood@android.com>

usb: gadget: accessory: Fix section mismatch

create_bulk_endpoints should not be __init since it is called when
accessory is enabled

Change-Id: If827a4531f0f6c15af938345163923186368e2a5
Signed-off-by: Benoit Goby <benoit@android.com>

usb: gadget: add ACCESSORY_SET_AUDIO_MODE control request and ioctl

The control request will be used by the host to enable/disable USB audio
and the ioctl will be used by userspace to read the audio mode

Change-Id: I81c38611b588451e80eacdccc417ca6e11c60cab
Signed-off-by: Mike Lockwood <lockwood@google.com>

usb: gadget: f_accessory: add support for HID input devices

Change-Id: I4f1452db32508382df52acdc47c0eb395ae328c7
Signed-off-by: Mike Lockwood <lockwood@google.com>

usb: gadget: accessory: Fix section mismatch (again)

create_bulk_endpoints should not be __init since it is called when
accessory is enabled.

Change-Id: Iac6e9f29d53c93760e926efd8e7603432632acb4
Signed-off-by: Todd Poynor <toddpoynor@google.com>

usb: gadget: android: Fixes and hacks to make android usb gadget compile on 3.8

Change-Id: I332a6802dbd49b4018b9318b8621d26ed94c955d
Signed-off-by: Arve Hjønnevåg <arve@android.com>

usb: gadget: f_accessory: move userspace interface to uapi

Move the entire contents of linux/usb/f_accessory.h header to uapi,
it only contains a userspace interface.

Change-Id: Ieb5547da449588ae554988a201c0e6b4e3afc531
Signed-off-by: Colin Cross <ccross@android.com>

drivers: usb: gadget: 64-bit related type fixes

Change-Id: I2f9b12e1e0cdfe64ffe20db78d319a6221821184
Signed-off-by: Greg Hackmann <ghackmann@google.com>

usb: gadget: f_accessory: Enabled Zero Length Packet (ZLP) for acc_write

Accessory connected to Android Device requires
Zero Length Packet (ZLP) to be written when data
transferred out from the Android device are multiples
of wMaxPacketSize (64bytes (Full-Speed) / 512bytes (High-Speed))
to end the transfer.

Change-Id: Ib2c2c0ab98ef9afa10e74a720142deca5c0ed476
Signed-off-by: Anson Jacob <ansonkuzhumbil@gmail.com>

usb: gadget: check for accessory device before disconnecting HIDs

While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

===> SQ usb: gadget: Accessory:Migrate to USB_FUNCTION API

This patch adds support to use Android accessory
gadget function through the
DECLARE_USB_FUNCTION_INIT interface.

Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Change-Id: Ib352752d5bc905fa1df9049b53eabf1294930db7

SQ: f_accessory: usb: gadget: cleanup: fix unused variable and function warnings

Remove unused variables and functions to fix following
build warnings:

  CC      drivers/usb/gadget/configfs.o
drivers/usb/gadget/configfs.c: In function ‘gadgets_make’:
drivers/usb/gadget/configfs.c:1710:6: warning: unused variable ‘err’ [-Wunused-variable]
  int err;
      ^
drivers/usb/gadget/configfs.c:1709:27: warning: unused variable ‘attr’ [-Wunused-variable]
  struct device_attribute *attr;
                           ^
drivers/usb/gadget/configfs.c:1708:28: warning: unused variable ‘attrs’ [-Wunused-variable]
  struct device_attribute **attrs;
                            ^
drivers/usb/gadget/configfs.c: In function ‘gadgets_drop’:
drivers/usb/gadget/configfs.c:1774:27: warning: unused variable ‘attr’ [-Wunused-variable]
  struct device_attribute *attr;
                           ^
drivers/usb/gadget/configfs.c:1773:28: warning: unused variable ‘attrs’ [-Wunused-variable]
  struct device_attribute **attrs;
                            ^
<snip>...
  CC      drivers/usb/gadget/function/f_mtp.o
drivers/usb/gadget/function/f_mtp.c:1219:12: warning: ‘mtp_bind_config’ defined but not used [-Wunused-function]
 static int mtp_bind_config(struct usb_configuration *c, bool ptp_config)
            ^
drivers/usb/gadget/function/f_mtp.c:1300:12: warning: ‘mtp_setup’ defined but not used [-Wunused-function]
 static int mtp_setup(void)
            ^
<snip>...
  CC      drivers/usb/gadget/function/f_accessory.o
drivers/usb/gadget/function/f_accessory.c:969:1: warning: ‘acc_function_bind’ defined but not used [-Wunused-function]
 acc_function_bind(struct usb_configuration *c, struct usb_function *f) {
 ^
drivers/usb/gadget/function/f_accessory.c:1172:12: warning: ‘acc_bind_config’ defined but not used [-Wunused-function]
 static int acc_bind_config(struct usb_configuration *c)
            ^

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

SQ f_accessory: fix false disconnect due to a signal sent to the reading process

- In the current implementation, when a signal is sent to the reading process,
  read is cancelled by calling usb_ep_dequeue, which lead into calling
  acc_complete_out with ECONNRESET, but the current logic treats it as
  disconnection, which makes the device inaccessible until cable is actually
  disconnected.
- The fix calls disconnect only when ESHUTDOWN error is passed.
- If data has already arrived while trying cancelling, the data is marked
  as available, and it will be read out on the next read. This is necessary
  as USB bulk is assumed to guarantee no data loss.

Signed-off-by: keunyoung <keunyoung@google.com>

===> SQ CHROMIUM: usb: gadget: f_accessory: add .raw_request callback

After this upstream commit: 3c86726,
.raw_request is mandatory in hid_ll_driver structure, hence add an empty
raw_request() function.

BUG=chrome-os-partner:49140
TEST=none

Change-Id: Idd0bbe6960aad2c557376e4a24827d7e1df8e023
Signed-off-by: Mark Kuo <mkuo@nvidia.com>
Reviewed-on: https://chromium-review.googlesource.com/321038
Commit-Ready: Andrew Bresticker <abrestic@chromium.org>
Tested-by: Andrew Bresticker <abrestic@chromium.org>
Reviewed-by: Andrew Bresticker <abrestic@chromium.org>

===> SQ usb: gadget: f_accessory: remove duplicate endpoint alloc

usb_ep_autoconfig is called twice for allocating
bulk out endpoint.

Removed the unwanted call.

Fixes Issue: 67180

Change-Id: I03e87a86fbbbc85831ff7f0496adf038d1de2956
Signed-off-by: Anson Jacob <ansonjacob.aj@gmail.com>

===> SQ usb: gadget: Relocate f_accessory

3.18 kernel has reorganized drivers/usb/gadget
directory. Moving accessory gadget driver from
drivers/usb/gadget to drivers/usb/gadget/function

Signed-off-by: Badhri Jagan Sridharan <Badhri@google.com>
Change-Id: If73c6df0537c4b1f51338ed3b0db817e51f06b4a
bb2c9c1
@metux metux added a commit to metux/linux that referenced this pull request Nov 10, 2016
@benoitgoby @metux benoitgoby + metux usb: gadget: accessory: Add Android Accessory function
USB accessory mode allows users to connect USB host hardware
specifically designed for Android-powered devices. The accessories
must adhere to the Android accessory protocol outlined in the
http://accessories.android.com documentation. This allows
Android devices that cannot act as a USB host to still interact with
USB hardware. When an Android device is in USB accessory mode, the
attached Android USB accessory acts as the host, provides power
to the USB bus, and enumerates connected devices.

Change-Id: I67964b50d278f3c0471d47efbb7b0973a3502681
Signed-off-by: Mike Lockwood <lockwood@android.com>

usb: gadget: accessory: Fix section mismatch

create_bulk_endpoints should not be __init since it is called when
accessory is enabled

Change-Id: If827a4531f0f6c15af938345163923186368e2a5
Signed-off-by: Benoit Goby <benoit@android.com>

usb: gadget: add ACCESSORY_SET_AUDIO_MODE control request and ioctl

The control request will be used by the host to enable/disable USB audio
and the ioctl will be used by userspace to read the audio mode

Change-Id: I81c38611b588451e80eacdccc417ca6e11c60cab
Signed-off-by: Mike Lockwood <lockwood@google.com>

usb: gadget: f_accessory: add support for HID input devices

Change-Id: I4f1452db32508382df52acdc47c0eb395ae328c7
Signed-off-by: Mike Lockwood <lockwood@google.com>

usb: gadget: accessory: Fix section mismatch (again)

create_bulk_endpoints should not be __init since it is called when
accessory is enabled.

Change-Id: Iac6e9f29d53c93760e926efd8e7603432632acb4
Signed-off-by: Todd Poynor <toddpoynor@google.com>

usb: gadget: android: Fixes and hacks to make android usb gadget compile on 3.8

Change-Id: I332a6802dbd49b4018b9318b8621d26ed94c955d
Signed-off-by: Arve Hjønnevåg <arve@android.com>

usb: gadget: f_accessory: move userspace interface to uapi

Move the entire contents of linux/usb/f_accessory.h header to uapi,
it only contains a userspace interface.

Change-Id: Ieb5547da449588ae554988a201c0e6b4e3afc531
Signed-off-by: Colin Cross <ccross@android.com>

drivers: usb: gadget: 64-bit related type fixes

Change-Id: I2f9b12e1e0cdfe64ffe20db78d319a6221821184
Signed-off-by: Greg Hackmann <ghackmann@google.com>

usb: gadget: f_accessory: Enabled Zero Length Packet (ZLP) for acc_write

Accessory connected to Android Device requires
Zero Length Packet (ZLP) to be written when data
transferred out from the Android device are multiples
of wMaxPacketSize (64bytes (Full-Speed) / 512bytes (High-Speed))
to end the transfer.

Change-Id: Ib2c2c0ab98ef9afa10e74a720142deca5c0ed476
Signed-off-by: Anson Jacob <ansonkuzhumbil@gmail.com>

usb: gadget: check for accessory device before disconnecting HIDs

While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

===> SQ usb: gadget: Accessory:Migrate to USB_FUNCTION API

This patch adds support to use Android accessory
gadget function through the
DECLARE_USB_FUNCTION_INIT interface.

Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Change-Id: Ib352752d5bc905fa1df9049b53eabf1294930db7

SQ: f_accessory: usb: gadget: cleanup: fix unused variable and function warnings

Remove unused variables and functions to fix following
build warnings:

  CC      drivers/usb/gadget/configfs.o
drivers/usb/gadget/configfs.c: In function ‘gadgets_make’:
drivers/usb/gadget/configfs.c:1710:6: warning: unused variable ‘err’ [-Wunused-variable]
  int err;
      ^
drivers/usb/gadget/configfs.c:1709:27: warning: unused variable ‘attr’ [-Wunused-variable]
  struct device_attribute *attr;
                           ^
drivers/usb/gadget/configfs.c:1708:28: warning: unused variable ‘attrs’ [-Wunused-variable]
  struct device_attribute **attrs;
                            ^
drivers/usb/gadget/configfs.c: In function ‘gadgets_drop’:
drivers/usb/gadget/configfs.c:1774:27: warning: unused variable ‘attr’ [-Wunused-variable]
  struct device_attribute *attr;
                           ^
drivers/usb/gadget/configfs.c:1773:28: warning: unused variable ‘attrs’ [-Wunused-variable]
  struct device_attribute **attrs;
                            ^
<snip>...
  CC      drivers/usb/gadget/function/f_mtp.o
drivers/usb/gadget/function/f_mtp.c:1219:12: warning: ‘mtp_bind_config’ defined but not used [-Wunused-function]
 static int mtp_bind_config(struct usb_configuration *c, bool ptp_config)
            ^
drivers/usb/gadget/function/f_mtp.c:1300:12: warning: ‘mtp_setup’ defined but not used [-Wunused-function]
 static int mtp_setup(void)
            ^
<snip>...
  CC      drivers/usb/gadget/function/f_accessory.o
drivers/usb/gadget/function/f_accessory.c:969:1: warning: ‘acc_function_bind’ defined but not used [-Wunused-function]
 acc_function_bind(struct usb_configuration *c, struct usb_function *f) {
 ^
drivers/usb/gadget/function/f_accessory.c:1172:12: warning: ‘acc_bind_config’ defined but not used [-Wunused-function]
 static int acc_bind_config(struct usb_configuration *c)
            ^

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

SQ f_accessory: fix false disconnect due to a signal sent to the reading process

- In the current implementation, when a signal is sent to the reading process,
  read is cancelled by calling usb_ep_dequeue, which lead into calling
  acc_complete_out with ECONNRESET, but the current logic treats it as
  disconnection, which makes the device inaccessible until cable is actually
  disconnected.
- The fix calls disconnect only when ESHUTDOWN error is passed.
- If data has already arrived while trying cancelling, the data is marked
  as available, and it will be read out on the next read. This is necessary
  as USB bulk is assumed to guarantee no data loss.

Signed-off-by: keunyoung <keunyoung@google.com>

===> SQ CHROMIUM: usb: gadget: f_accessory: add .raw_request callback

After this upstream commit: 3c86726,
.raw_request is mandatory in hid_ll_driver structure, hence add an empty
raw_request() function.

BUG=chrome-os-partner:49140
TEST=none

Change-Id: Idd0bbe6960aad2c557376e4a24827d7e1df8e023
Signed-off-by: Mark Kuo <mkuo@nvidia.com>
Reviewed-on: https://chromium-review.googlesource.com/321038
Commit-Ready: Andrew Bresticker <abrestic@chromium.org>
Tested-by: Andrew Bresticker <abrestic@chromium.org>
Reviewed-by: Andrew Bresticker <abrestic@chromium.org>

===> SQ usb: gadget: f_accessory: remove duplicate endpoint alloc

usb_ep_autoconfig is called twice for allocating
bulk out endpoint.

Removed the unwanted call.

Fixes Issue: 67180

Change-Id: I03e87a86fbbbc85831ff7f0496adf038d1de2956
Signed-off-by: Anson Jacob <ansonjacob.aj@gmail.com>

===> SQ usb: gadget: Relocate f_accessory

3.18 kernel has reorganized drivers/usb/gadget
directory. Moving accessory gadget driver from
drivers/usb/gadget to drivers/usb/gadget/function

Signed-off-by: Badhri Jagan Sridharan <Badhri@google.com>
Change-Id: If73c6df0537c4b1f51338ed3b0db817e51f06b4a
7e763a7
@Noltari Noltari pushed a commit to Noltari/linux that referenced this pull request Nov 10, 2016
@ldu4 ldu4 + Jiri Slaby powerpc/pseries: Fix stack corruption in htpe code
commit 05af40e upstream.

This commit fixes a stack corruption in the pseries specific code dealing
with the huge pages.

In __pSeries_lpar_hugepage_invalidate() the buffer used to pass arguments
to the hypervisor is not large enough. This leads to a stack corruption
where a previously saved register could be corrupted leading to unexpected
result in the caller, like the following panic:

  Oops: Kernel access of bad area, sig: 11 [#1]
  SMP NR_CPUS=2048 NUMA pSeries
  Modules linked in: virtio_balloon ip_tables x_tables autofs4
  virtio_blk 8139too virtio_pci virtio_ring 8139cp virtio
  CPU: 11 PID: 1916 Comm: mmstress Not tainted 4.8.0 #76
  task: c000000005394880 task.stack: c000000005570000
  NIP: c00000000027bf6c LR: c00000000027bf64 CTR: 0000000000000000
  REGS: c000000005573820 TRAP: 0300   Not tainted  (4.8.0)
  MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 84822884  XER: 20000000
  CFAR: c00000000010a924 DAR: 420000000014e5e0 DSISR: 40000000 SOFTE: 1
  GPR00: c00000000027bf64 c000000005573aa0 c000000000e02800 c000000004447964
  GPR04: c00000000404de18 c000000004d38810 00000000042100f5 00000000f5002104
  GPR08: e0000000f5002104 0000000000000001 042100f5000000e0 00000000042100f5
  GPR12: 0000000000002200 c00000000fe02c00 c00000000404de18 0000000000000000
  GPR16: c1ffffffffffe7ff 00003fff62000000 420000000014e5e0 00003fff63000000
  GPR20: 0008000000000000 c0000000f7014800 0405e600000000e0 0000000000010000
  GPR24: c000000004d38810 c000000004447c10 c00000000404de18 c000000004447964
  GPR28: c000000005573b10 c000000004d38810 00003fff62000000 420000000014e5e0
  NIP [c00000000027bf6c] zap_huge_pmd+0x4c/0x470
  LR [c00000000027bf64] zap_huge_pmd+0x44/0x470
  Call Trace:
  [c000000005573aa0] [c00000000027bf64] zap_huge_pmd+0x44/0x470 (unreliable)
  [c000000005573af0] [c00000000022bbd8] unmap_page_range+0xcf8/0xed0
  [c000000005573c30] [c00000000022c2d4] unmap_vmas+0x84/0x120
  [c000000005573c80] [c000000000235448] unmap_region+0xd8/0x1b0
  [c000000005573d80] [c0000000002378f0] do_munmap+0x2d0/0x4c0
  [c000000005573df0] [c000000000237be4] SyS_munmap+0x64/0xb0
  [c000000005573e30] [c000000000009560] system_call+0x38/0x108
  Instruction dump:
  fbe1fff8 fb81ffe0 7c7f1b78 7ca32b78 7cbd2b78 f8010010 7c9a2378 f821ffb1
  7cde3378 4bfffea9 7c7b1b79 41820298 <e87f0000> 48000130 7fa5eb78 7fc4f378

Most of the time, the bug is surfacing in a caller up in the stack from
__pSeries_lpar_hugepage_invalidate() which is quite confusing.

This bug is pending since v3.11 but was hidden if a caller of the
caller of __pSeries_lpar_hugepage_invalidate() has pushed the corruped
register (r18 in this case) in the stack and is not using it until
restoring it. GCC 6.2.0 seems to raise it more frequently.

This commit also change the definition of the parameter buffer in
pSeries_lpar_flush_hash_range() to rely on the global define
PLPAR_HCALL9_BUFSIZE (no functional change here).

Fixes: 1a52728 ("powerpc: Optimize hugepage invalidate")
Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
429074e
@bgly bgly pushed a commit to powervm/ibmvscsis that referenced this pull request Nov 30, 2016
@ldu4 ldu4 + Seth Forshee UBUNTU: SAUCE: (no-up) powerpc/pseries: Fix stack corruption in htpe …
…code

BugLink: http://bugs.launchpad.net/bugs/1628976

https://patchwork.kernel.org/patch/9364805/

This commit fixes a stack corruption in the pseries specific code dealing
with the huge pages.

In __pSeries_lpar_hugepage_invalidate() the buffer used to pass arguments
to the hypervisor is not large enough. This leads to a stack corruption
where a previously saved register could be corrupted leading to unexpected
result in the caller, like the following panic:

Oops: Kernel access of bad area, sig: 11 [#1]
SMP NR_CPUS=2048 NUMA pSeries
Modules linked in: virtio_balloon ip_tables x_tables autofs4
virtio_blk 8139too virtio_pci virtio_ring 8139cp virtio
CPU: 11 PID: 1916 Comm: mmstress Not tainted 4.8.0 #76
task: c000000005394880 task.stack: c000000005570000
NIP: c00000000027bf6c LR: c00000000027bf64 CTR: 0000000000000000
REGS: c000000005573820 TRAP: 0300   Not tainted  (4.8.0)
MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 84822884  XER:
20000000
CFAR: c00000000010a924 DAR: 420000000014e5e0 DSISR: 40000000 SOFTE: 1
GPR00: c00000000027bf64 c000000005573aa0 c000000000e02800 c000000004447964
GPR04: c00000000404de18 c000000004d38810 00000000042100f5 00000000f5002104
GPR08: e0000000f5002104 0000000000000001 042100f5000000e0 00000000042100f5
GPR12: 0000000000002200 c00000000fe02c00 c00000000404de18 0000000000000000
GPR16: c1ffffffffffe7ff 00003fff62000000 420000000014e5e0 00003fff63000000
GPR20: 0008000000000000 c0000000f7014800 0405e600000000e0 0000000000010000
GPR24: c000000004d38810 c000000004447c10 c00000000404de18 c000000004447964
GPR28: c000000005573b10 c000000004d38810 00003fff62000000 420000000014e5e0
NIP [c00000000027bf6c] zap_huge_pmd+0x4c/0x470
LR [c00000000027bf64] zap_huge_pmd+0x44/0x470
Call Trace:
[c000000005573aa0] [c00000000027bf64] zap_huge_pmd+0x44/0x470 (unreliable)
[c000000005573af0] [c00000000022bbd8] unmap_page_range+0xcf8/0xed0
[c000000005573c30] [c00000000022c2d4] unmap_vmas+0x84/0x120
[c000000005573c80] [c000000000235448] unmap_region+0xd8/0x1b0
[c000000005573d80] [c0000000002378f0] do_munmap+0x2d0/0x4c0
[c000000005573df0] [c000000000237be4] SyS_munmap+0x64/0xb0
[c000000005573e30] [c000000000009560] system_call+0x38/0x108
Instruction dump:
fbe1fff8 fb81ffe0 7c7f1b78 7ca32b78 7cbd2b78 f8010010 7c9a2378 f821ffb1
7cde3378 4bfffea9 7c7b1b79 41820298 <e87f0000> 48000130 7fa5eb78 7fc4f378

Most of the time, the bug is surfacing in a caller up in the stack from
__pSeries_lpar_hugepage_invalidate() which is quite confusing.

This bug is pending since v3.11 but was hidden if a caller of the
caller of __pSeries_lpar_hugepage_invalidate() has pushed the corruped
register (r18 in this case) in the stack and is not using it until
restoring it. GCC 6.2.0 seems to raise it more frequently.

This commit also change the definition of the parameter buffer in
pSeries_lpar_flush_hash_range() to rely on the global define
PLPAR_HCALL9_BUFSIZE (no functional change here).

Fixes: 1a52728 ("powerpc: Optimize hugepage invalidate")
Cc: <stable@vger.kernel.org>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
2a272ad
@vchong vchong pushed a commit to linaro-swg/linux that referenced this pull request Jan 31, 2017
@pundiramit pundiramit + Dmitry Shmidt ANDROID: usb: gadget: check for accessory device before disconnecting…
… HIDs

While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
f91fcd3
@bgly bgly pushed a commit to powervm/ibmvscsis that referenced this pull request Jan 31, 2017
@ldu4 ldu4 + Seth Forshee UBUNTU: SAUCE: (no-up) powerpc/pseries: Fix stack corruption in htpe …
…code

BugLink: http://bugs.launchpad.net/bugs/1628976

https://patchwork.kernel.org/patch/9364805/

This commit fixes a stack corruption in the pseries specific code dealing
with the huge pages.

In __pSeries_lpar_hugepage_invalidate() the buffer used to pass arguments
to the hypervisor is not large enough. This leads to a stack corruption
where a previously saved register could be corrupted leading to unexpected
result in the caller, like the following panic:

Oops: Kernel access of bad area, sig: 11 [#1]
SMP NR_CPUS=2048 NUMA pSeries
Modules linked in: virtio_balloon ip_tables x_tables autofs4
virtio_blk 8139too virtio_pci virtio_ring 8139cp virtio
CPU: 11 PID: 1916 Comm: mmstress Not tainted 4.8.0 #76
task: c000000005394880 task.stack: c000000005570000
NIP: c00000000027bf6c LR: c00000000027bf64 CTR: 0000000000000000
REGS: c000000005573820 TRAP: 0300   Not tainted  (4.8.0)
MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 84822884  XER:
20000000
CFAR: c00000000010a924 DAR: 420000000014e5e0 DSISR: 40000000 SOFTE: 1
GPR00: c00000000027bf64 c000000005573aa0 c000000000e02800 c000000004447964
GPR04: c00000000404de18 c000000004d38810 00000000042100f5 00000000f5002104
GPR08: e0000000f5002104 0000000000000001 042100f5000000e0 00000000042100f5
GPR12: 0000000000002200 c00000000fe02c00 c00000000404de18 0000000000000000
GPR16: c1ffffffffffe7ff 00003fff62000000 420000000014e5e0 00003fff63000000
GPR20: 0008000000000000 c0000000f7014800 0405e600000000e0 0000000000010000
GPR24: c000000004d38810 c000000004447c10 c00000000404de18 c000000004447964
GPR28: c000000005573b10 c000000004d38810 00003fff62000000 420000000014e5e0
NIP [c00000000027bf6c] zap_huge_pmd+0x4c/0x470
LR [c00000000027bf64] zap_huge_pmd+0x44/0x470
Call Trace:
[c000000005573aa0] [c00000000027bf64] zap_huge_pmd+0x44/0x470 (unreliable)
[c000000005573af0] [c00000000022bbd8] unmap_page_range+0xcf8/0xed0
[c000000005573c30] [c00000000022c2d4] unmap_vmas+0x84/0x120
[c000000005573c80] [c000000000235448] unmap_region+0xd8/0x1b0
[c000000005573d80] [c0000000002378f0] do_munmap+0x2d0/0x4c0
[c000000005573df0] [c000000000237be4] SyS_munmap+0x64/0xb0
[c000000005573e30] [c000000000009560] system_call+0x38/0x108
Instruction dump:
fbe1fff8 fb81ffe0 7c7f1b78 7ca32b78 7cbd2b78 f8010010 7c9a2378 f821ffb1
7cde3378 4bfffea9 7c7b1b79 41820298 <e87f0000> 48000130 7fa5eb78 7fc4f378

Most of the time, the bug is surfacing in a caller up in the stack from
__pSeries_lpar_hugepage_invalidate() which is quite confusing.

This bug is pending since v3.11 but was hidden if a caller of the
caller of __pSeries_lpar_hugepage_invalidate() has pushed the corruped
register (r18 in this case) in the stack and is not using it until
restoring it. GCC 6.2.0 seems to raise it more frequently.

This commit also change the definition of the parameter buffer in
pSeries_lpar_flush_hash_range() to rely on the global define
PLPAR_HCALL9_BUFSIZE (no functional change here).

Fixes: 1a52728 ("powerpc: Optimize hugepage invalidate")
Cc: <stable@vger.kernel.org>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
d951575
@vchong vchong pushed a commit to linaro-swg/linux that referenced this pull request Feb 24, 2017
@pundiramit pundiramit + Dmitry Shmidt ANDROID: usb: gadget: check for accessory device before disconnecting…
… HIDs

While disabling ConfigFS Android gadget, android_disconnect() calls
kill_all_hid_devices(), if CONFIG_USB_CONFIGFS_F_ACC is enabled, to free
the registered HIDs without checking whether the USB accessory device
really exist or not. If USB accessory device doesn't exist then we run into
following kernel panic:
----8<----
[  136.724761] Unable to handle kernel NULL pointer dereference at virtual address 00000064
[  136.724809] pgd = c0204000
[  136.731924] [00000064] *pgd=00000000
[  136.737830] Internal error: Oops: 5 [#1] SMP ARM
[  136.738108] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc4-00400-gf75300e-dirty #76
[  136.742788] task: c0fb19d8 ti: c0fa4000 task.ti: c0fa4000
[  136.750890] PC is at _raw_spin_lock_irqsave+0x24/0x60
[  136.756246] LR is at kill_all_hid_devices+0x24/0x114
---->8----

This patch adds a test to check if USB Accessory device exists before freeing HIDs.

Change-Id: Ie229feaf0de3f4f7a151fcaa9a994e34e15ff73b
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
65758ce
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment