Commit Graph

5689 Commits

Author SHA1 Message Date
Daniel Axtens 934bda59f2 powerpc/pseries/hvconsole: Fix stack overread via udbg
While developing KASAN for 64-bit book3s, I hit the following stack
over-read.

It occurs because the hypercall to put characters onto the terminal
takes 2 longs (128 bits/16 bytes) of characters at a time, and so
hvc_put_chars() would unconditionally copy 16 bytes from the argument
buffer, regardless of supplied length. However, udbg_hvc_putc() can
call hvc_put_chars() with a single-byte buffer, leading to the error.

  ==================================================================
  BUG: KASAN: stack-out-of-bounds in hvc_put_chars+0xdc/0x110
  Read of size 8 at addr c0000000023e7a90 by task swapper/0

  CPU: 0 PID: 0 Comm: swapper Not tainted 5.2.0-rc2-next-20190528-02824-g048a6ab4835b #113
  Call Trace:
    dump_stack+0x104/0x154 (unreliable)
    print_address_description+0xa0/0x30c
    __kasan_report+0x20c/0x224
    kasan_report+0x18/0x30
    __asan_report_load8_noabort+0x24/0x40
    hvc_put_chars+0xdc/0x110
    hvterm_raw_put_chars+0x9c/0x110
    udbg_hvc_putc+0x154/0x200
    udbg_write+0xf0/0x240
    console_unlock+0x868/0xd30
    register_console+0x970/0xe90
    register_early_udbg_console+0xf8/0x114
    setup_arch+0x108/0x790
    start_kernel+0x104/0x784
    start_here_common+0x1c/0x534

  Memory state around the buggy address:
   c0000000023e7980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   c0000000023e7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
  >c0000000023e7a80: f1 f1 01 f2 f2 f2 00 00 00 00 00 00 00 00 00 00
                           ^
   c0000000023e7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   c0000000023e7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  ==================================================================

Document that a 16-byte buffer is requred, and provide it in udbg.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2019-06-14 15:35:53 +10:00
Linus Torvalds b0bb1269b9 RISC-V Patches for the 5.2 Merge Window, Part 1 v3
This patch set contains an assortment of RISC-V related patches that I'd
 like to target for the 5.2 merge window.  Most of the patches are
 cleanups, but there are a handful of user-visible changes:
 
 * The nosmp and nr_cpus command-line arguments are now supported, which
   work like normal.
 * The SBI console no longer installs itself as a preferred console, we
   rely on standard mechanisms (/chosen, command-line, hueristics)
   instead.
 * sfence_remove_sfence_vma{,_asid} now pass their arguments along to the
   SBI call.
 * Modules now support BUG().
 * A missing sfence.vma during boot has been added.  This bug only
   manifests during boot.
 * The arch/riscv support for SiFive's L2 cache controller has been
   merged, which should un-block the EDAC framework work.
 
 I've only tested this on QEMU again, as I didn't have time to get things
 running on the Unleashed.  The latest master from this morning merges in
 cleanly and passes the tests as well.
 
 This patch set rebased my "5.2 MW, Part 1" patch set which includes an
 erronous empty file.  It's also a rebase of my "5.2 MW, Part 2" patch
 set, in which I managed to create another file while attempting to
 remove the empty file.
 
 Sorry for all the noise!
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEAM520YNJYN/OiG3470yhUCzLq0EFAlzeLhUTHHBhbG1lckBk
 YWJiZWx0LmNvbQAKCRDvTKFQLMurQXV/D/9nz8KYxNKOVIXft27mw93Qnx5joblg
 fibA7nGDuxCszSC3tfyaROJZuGKe1G24vP4RG7aVs+iwRmmFhtVdPwm7ZvIr+DfU
 a5mzwWkxhMZP8lgxMAIn7iM/NWrBm7rWdGTU0BYjHlGkQ5z3WA67rU/r/vrowhUN
 zK1U/ATLvFWDJv5rdDj8/T2rDJzWtAsuy2qlmQN30CCJoOXXgIdAj+fVG4IYoxO9
 2+NFJU4Y0a+YczWW3qaGFjTaYYt/sNr/uA8AoBNqV1NvsopK1UO3txbcfJwvZZC3
 JFU9WBjC7xuF2ihMWecIZ7XljZeqhlsP7lZDizatQ/mdL9k7+6elk1sdcNLC23dN
 VWJakudE42dISCwSh49fAbeNSl/3R5VWSlZmVO18gsmslkGa4FwuoKjklnxx7hYx
 fQfvaqMIEXy3YmKtmFneUXLdcGoWOjV0FfDh5Ye582tAmB2TzvgEJHPJI7suUA/a
 RkZHcmVJTSRBMe2fS0qkYxy/wdIDtRW2yjypssl9G6zQPPCVW+maD70m/9oVdsgm
 IL8MpoDxW0uAYsV8Ctt1/+Ux+BObMADIml/1HPQyBRA0qhorQQWk0TcbjEXeIShs
 OOG8byAQUJx98z62zrKQ53+Pxdevcja6uKxu3f0yEHxl19dBJdT2BM6rjs3sO1hi
 c3tX/U8o39H0Kg==
 =mZwx
 -----END PGP SIGNATURE-----

Merge tag 'riscv-for-linus-5.2-mw2' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux

Pull RISC-V updates from Palmer Dabbelt:
 "This contains an assortment of RISC-V related patches that I'd like to
  target for the 5.2 merge window. Most of the patches are cleanups, but
  there are a handful of user-visible changes:

   - The nosmp and nr_cpus command-line arguments are now supported,
     which work like normal.

   - The SBI console no longer installs itself as a preferred console,
     we rely on standard mechanisms (/chosen, command-line, hueristics)
     instead.

   - sfence_remove_sfence_vma{,_asid} now pass their arguments along to
     the SBI call.

   - Modules now support BUG().

   - A missing sfence.vma during boot has been added. This bug only
     manifests during boot.

   - The arch/riscv support for SiFive's L2 cache controller has been
     merged, which should un-block the EDAC framework work.

  I've only tested this on QEMU again, as I didn't have time to get
  things running on the Unleashed. The latest master from this morning
  merges in cleanly and passes the tests as well"

* tag 'riscv-for-linus-5.2-mw2' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux: (31 commits)
  riscv: fix locking violation in page fault handler
  RISC-V: sifive_l2_cache: Add L2 cache controller driver for SiFive SoCs
  RISC-V: Add DT documentation for SiFive L2 Cache Controller
  RISC-V: Avoid using invalid intermediate translations
  riscv: Support BUG() in kernel module
  riscv: Add the support for c.ebreak check in is_valid_bugaddr()
  riscv: support trap-based WARN()
  riscv: fix sbi_remote_sfence_vma{,_asid}.
  riscv: move switch_mm to its own file
  riscv: move flush_icache_{all,mm} to cacheflush.c
  tty: Don't force RISCV SBI console as preferred console
  RISC-V: Access CSRs using CSR numbers
  RISC-V: Add interrupt related SCAUSE defines in asm/csr.h
  RISC-V: Use tabs to align macro values in asm/csr.h
  RISC-V: Fix minor checkpatch issues.
  RISC-V: Support nr_cpus command line option.
  RISC-V: Implement nosmp commandline option.
  RISC-V: Add RISC-V specific arch_match_cpu_phys_id
  riscv: vdso: drop unnecessary cc-ldoption
  riscv: call pm_power_off from machine_halt / machine_power_off
  ...
2019-05-19 09:56:36 -07:00
Anup Patel f91253a3d0
tty: Don't force RISCV SBI console as preferred console
The Linux kernel will auto-disables all boot consoles whenever it
gets a preferred real console.

Currently on RISC-V systems, if we have a real console which is not
RISCV SBI console then boot consoles (such as earlycon=sbi) are not
auto-disabled when a real console (ttyS0 or ttySIF0) is available.
This results in duplicate prints at boot-time after kernel starts
using real console (i.e. ttyS0 or ttySIF0) if "earlycon=" kernel
parameter was passed by bootloader.

The reason for above issue is that RISCV SBI console always adds
itself as preferred console which is causing other real consoles
to be not used as preferred console.

Ideally "console=" kernel parameter passed by bootloaders should
be the one selecting a preferred real console.

This patch fixes above issue by not forcing RISCV SBI console as
preferred console.

Fixes: afa6b1ccfa ("tty: New RISC-V SBI console driver")
Cc: stable@vger.kernel.org
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Atish Patra <atish.patra@wdc.com>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-05-16 20:42:11 -07:00
Feng Tang c39ea0b9dd panic: avoid the extra noise dmesg
When kernel panic happens, it will first print the panic call stack,
then the ending msg like:

[   35.743249] ---[ end Kernel panic - not syncing: Fatal exception
[   35.749975] ------------[ cut here ]------------

The above message are very useful for debugging.

But if system is configured to not reboot on panic, say the
"panic_timeout" parameter equals 0, it will likely print out many noisy
message like WARN() call stack for each and every CPU except the panic
one, messages like below:

	WARNING: CPU: 1 PID: 280 at kernel/sched/core.c:1198 set_task_cpu+0x183/0x190
	Call Trace:
	<IRQ>
	try_to_wake_up
	default_wake_function
	autoremove_wake_function
	__wake_up_common
	__wake_up_common_lock
	__wake_up
	wake_up_klogd_work_func
	irq_work_run_list
	irq_work_tick
	update_process_times
	tick_sched_timer
	__hrtimer_run_queues
	hrtimer_interrupt
	smp_apic_timer_interrupt
	apic_timer_interrupt

For people working in console mode, the screen will first show the panic
call stack, but immediately overridden by these noisy extra messages,
which makes debugging much more difficult, as the original context gets
lost on screen.

Also these noisy messages will confuse some users, as I have seen many bug
reporters posted the noisy message into bugzilla, instead of the real
panic call stack and context.

Adding a flag "suppress_printk" which gets set in panic() to avoid those
noisy messages, without changing current kernel behavior that both panic
blinking and sysrq magic key can work as is, suggested by Petr Mladek.

To verify this, make sure kernel is not configured to reboot on panic and
in console
 # echo c > /proc/sysrq-trigger
to see if console only prints out the panic call stack.

Link: http://lkml.kernel.org/r/1551430186-24169-1-git-send-email-feng.tang@intel.com
Signed-off-by: Feng Tang <feng.tang@intel.com>
Suggested-by: Petr Mladek <pmladek@suse.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Acked-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Kees Cook <keescook@chromium.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jiri Slaby <jslaby@suse.com>
Cc: Sasha Levin <sashal@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-05-14 19:52:51 -07:00
Linus Torvalds 055128ee00 dmaengine updates for v5.2-rc1
- Updates to stm32 dma residue calculations
  - Interleave dma capability to axi-dmac and
    support for ZynqMP arch
  - Rework of channel assignment for rcar dma
  - Debugfs for pl330 driver
  - Support for Tegra186/Tegra194, refactoring for new chips
    and support for pause/resume
  - Updates to axi-dmac, bcm2835, fsl-edma, idma64, imx-sdma,
    rcar-dmac, stm32-dma etc
  - dev_get_drvdata() updates on few drivers
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJc08p1AAoJEHwUBw8lI4NHD14QAJGU7MOc9dpr+qtm2k3sNO3o
 EXZtb3GjTs4MUt6EfMA47KXsxeq4UhubQqM7CmPngDyjXaPd4JBE8bwAd+OzS9sq
 eAPMa+M1g8MehuQcdUzB/y6APoSFhGvFoGLY8e7FeI6fwYNm3Yy2gTSiZfpMb3MW
 hclJQe+UWfppUHOig13tr0tbQ31DOa7qb2+roVJqDEb9sQ5bDkhRWXjElfoeSXsS
 n8nNh4GZr5RkIxfzslVRZNfqb1lja2e03SXBsN9faQI7BfIYBM+9hWSYd4Nq8uYo
 xvhYf9gJnKVKtFrwdXtyeBJ80DijWBoodhLrLOfhEYYOrCl9WwJT9AepIOdvij32
 11FwjCbkC9ASQ1cSLyRUBbdmfykSlBvdbAMwJc1y9qK7k9BMba3rXRJfimlRy29A
 Cpsu4tZKoPlZRGinoGnEGreg1YZI1YHwa+hlkW/8V9Zkb2hvIUbbXr7xHedJf7n4
 gIb5DnCF5pC1umB/o7pj2YXrYBc9GETp3sDQ88aw1owKh1T2pZcc5HOpi4p7/7n+
 b2HM0cWOCM3aKwdOcONk0jd87FcYQm3g1isQF5SCOtOys8Uy6wNqo9aRrfE/94aw
 4SiGRq9/nSOHDh72mD3Ux7v47/cFjWGzZZJVy5+NC+Mq79KxgpXOjsIr7YVbcn9m
 GuUdiDZmUvZ4y+qq/uCI
 =JDU6
 -----END PGP SIGNATURE-----

Merge tag 'dmaengine-5.2-rc1' of git://git.infradead.org/users/vkoul/slave-dma

Pull dmaengine updates from Vinod Koul:

 - Updates to stm32 dma residue calculations

 - Interleave dma capability to axi-dmac and support for ZynqMP arch

 - Rework of channel assignment for rcar dma

 - Debugfs for pl330 driver

 - Support for Tegra186/Tegra194, refactoring for new chips and support
   for pause/resume

 - Updates to axi-dmac, bcm2835, fsl-edma, idma64, imx-sdma, rcar-dmac,
   stm32-dma etc

 - dev_get_drvdata() updates on few drivers

* tag 'dmaengine-5.2-rc1' of git://git.infradead.org/users/vkoul/slave-dma: (34 commits)
  dmaengine: tegra210-adma: restore channel status
  dmaengine: tegra210-dma: free dma controller in remove()
  dmaengine: tegra210-adma: add pause/resume support
  dmaengine: tegra210-adma: add support for Tegra186/Tegra194
  Documentation: DT: Add compatibility binding for Tegra186
  dmaengine: tegra210-adma: prepare for supporting newer Tegra chips
  dmaengine: at_xdmac: remove a stray bottom half unlock
  dmaengine: fsl-edma: Adjust indentation
  dmaengine: fsl-edma: Fix typo in Vybrid name
  dmaengine: stm32-dma: fix residue calculation in stm32-dma
  dmaengine: nbpfaxi: Use dev_get_drvdata()
  dmaengine: bcm-sba-raid: Use dev_get_drvdata()
  dmaengine: stm32-dma: Fix unsigned variable compared with zero
  dmaengine: stm32-dma: use platform_get_irq()
  dmaengine: rcar-dmac: Update copyright information
  dmaengine: imx-sdma: Only check ratio on parts that support 1:1
  dmaengine: xgene-dma: fix spelling mistake "descripto" -> "descriptor"
  dmaengine: idma64: Move driver name to the header
  dmaengine: bcm2835: Drop duplicate capability setting.
  dmaengine: pl330: _stop: clear interrupt status
  ...
2019-05-09 08:51:45 -07:00
Linus Torvalds b3a5e648f5 TTY/Serial patches for 5.2-rc1
Here is the "big" set of tty/serial driver patches for 5.2-rc1.
 
 It's really pretty small, not much happening in this portion of the
 kernel at the moment.  When the "highlight" is the movement of the
 documentation from .txt to .rst files, it's a good merge window.
 
 There's a number of small fixes and updates over the various serial
 drivers, and a new "tty null" driver for those embedded systems that
 like to make things even smaller and not break things.
 
 All of these have been in linux-next for a while with no reported
 issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXNKvrw8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ynR2wCfTrWM9Qm7oA1hgWeYZiLTrnYnOtsAoK4a629W
 o7AAyVf8RJ4jdWaSgOqx
 =9Dy/
 -----END PGP SIGNATURE-----

Merge tag 'tty-5.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty

Pull tty/serial updates from Greg KH:
 "Here is the "big" set of tty/serial driver patches for 5.2-rc1.

  It's really pretty small, not much happening in this portion of the
  kernel at the moment. When the "highlight" is the movement of the
  documentation from .txt to .rst files, it's a good merge window.

  There's a number of small fixes and updates over the various serial
  drivers, and a new "tty null" driver for those embedded systems that
  like to make things even smaller and not break things.

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'tty-5.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: (45 commits)
  tty: serial: add driver for the SiFive UART
  dt-bindings: serial: add documentation for the SiFive UART driver
  serial: uartps: Add support for cts-override
  dt-bindings: xilinx-uartps: Add support for cts-override
  serial: milbeaut_usio: Fix error handling in probe and remove
  tty: rocket: deprecate the rp_ioctl
  tty: rocket: Remove RCPK_GET_STRUCT ioctl
  tty: update obsolete termios comment
  tty: serial_core: fix error code returned by uart_register_driver()
  serial: 8250-mtk: modify baudrate setting
  serial: 8250-mtk: add follow control
  docs: serial: convert docs to ReST and rename to *.rst
  serial: 8250_exar: Adjust IOT2000 matching
  TTY: serial_core, add ->install
  serial: Fix using plain integer instead of Null pointer
  tty:serial_core: Spelling mistake
  tty: Add NULL TTY driver
  tty: vt: keyboard: Allow Unicode compose base char
  Revert "tty: fix NULL pointer issue when tty_port ops is not set"
  serial: Add Milbeaut serial control
  ...
2019-05-08 10:07:28 -07:00
Linus Torvalds e0dccbdf5a Staging / IIO driver patches for 5.2-rc1
Here is the big staging and iio driver update for 5.2-rc1.
 
 Lots of tiny fixes all over the staging and IIO driver trees here, along
 with some new IIO drivers.
 
 Also we ended up deleting two drivers, making this pull request remove a
 few hundred thousand lines of code, always a nice thing to see.  Both of
 the drivers removed have been replaced with "real" drivers in their
 various subsystem directories, and they will be coming to you from those
 locations during this merge window.
 
 There are some core vt/selection changes in here, that was due to some
 cleanups needed for the speakup fixes.  Those have all been acked by the
 various subsystem maintainers (i.e. me), so those are ok.
 
 We also added a few new drivers, for some odd hardware, giving new
 developers plenty to work on with basic coding style cleanups to come in
 the near future.
 
 Other than that, nothing unusual here.
 
 All of these have been in linux-next for a while with no reported
 issues, other than an odd gcc warning for one of the new drivers that
 should be fixed up soon.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCXNHGMQ8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ynQRACgwtlC6DFsEFwCplYxQXP5uzuIVTMAoJ61xzC0
 Qim7K31f5ulaa3GJuhzo
 =zEY5
 -----END PGP SIGNATURE-----

Merge tag 'staging-5.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

Pull staging / IIO driver updates from Greg KH:
 "Here is the big staging and iio driver update for 5.2-rc1.

  Lots of tiny fixes all over the staging and IIO driver trees here,
  along with some new IIO drivers.

  The "counter" subsystem was added in here as well, as it is needed by
  the IIO drivers and subsystem.

  Also we ended up deleting two drivers, making this pull request remove
  a few hundred thousand lines of code, always a nice thing to see. Both
  of the drivers removed have been replaced with "real" drivers in their
  various subsystem directories, and they will be coming to you from
  those locations during this merge window.

  There are some core vt/selection changes in here, that was due to some
  cleanups needed for the speakup fixes. Those have all been acked by
  the various subsystem maintainers (i.e. me), so those are ok.

  We also added a few new drivers, for some odd hardware, giving new
  developers plenty to work on with basic coding style cleanups to come
  in the near future.

  Other than that, nothing unusual here.

  All of these have been in linux-next for a while with no reported
  issues, other than an odd gcc warning for one of the new drivers that
  should be fixed up soon"

[ I fixed up the warning myself  - Linus ]

* tag 'staging-5.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (663 commits)
  staging: kpc2000: kpc_spi: Fix build error for {read,write}q
  Staging: rtl8192e: Remove extra space before break statement
  Staging: rtl8192u: ieee80211: Fix if-else indentation warning
  Staging: rtl8192u: ieee80211: Fix indentation errors by removing extra spaces
  staging: most: cdev: fix chrdev_region leak in mod_exit
  staging: wlan-ng: Fix improper SPDX comment style
  staging: rtl8192u: ieee80211: Resolve ERROR reported by checkpatch
  staging: vc04_services: bcm2835-camera: Compress two lines into one line
  staging: rtl8723bs: core: Use !x in place of NULL comparison.
  staging: rtl8723bs: core: Prefer using the BIT Macro.
  staging: fieldbus: anybus-s: fix wait_for_completion_timeout return handling
  staging: kpc2000: fix up build problems with readq()
  staging: rtlwifi: move remaining phydm .h files
  staging: rtlwifi: strip down phydm .h files
  staging: rtlwifi: delete the staging driver
  staging: fieldbus: anybus-s: rename bus id field to avoid confusion
  staging: fieldbus: anybus-s: keep device bus id in bus endianness
  Staging: sm750fb: Change *array into *const array
  staging: rtl8192u: ieee80211: Fix spelling mistake
  staging: rtl8192u: ieee80211: Replace bit shifting with BIT macro
  ...
2019-05-07 13:31:29 -07:00
Linus Torvalds dd4e5d6106 Remove Mysterious Macro Intended to Obscure Weird Behaviours (mmiowb())
Remove mmiowb() from the kernel memory barrier API and instead, for
 architectures that need it, hide the barrier inside spin_unlock() when
 MMIO has been performed inside the critical section.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEPxTL6PPUbjXGY88ct6xw3ITBYzQFAlzMFaUACgkQt6xw3ITB
 YzRICQgAiv7wF/yIbBhDOmCNCAKDO59chvFQWxXWdGk/aAB56kwKAMXJgLOvlMG/
 VRuuLyParTFQETC3jaxKgnO/1hb+PZLDt2Q2KqixtjIzBypKUPWvK2sf6THhSRF1
 GK0DBVUd1rCrWrR815+SPb8el4xXtdBzvAVB+Fx35PXVNpdRdqCkK+EQ6UnXGokm
 rXXHbnfsnquBDtmb4CR4r2beH+aNElXbdt0Kj8VcE5J7f7jTdW3z6Q9WFRvdKmK7
 yrsxXXB2w/EsWXOwFp0SLTV5+fgeGgTvv8uLjDw+SG6t0E0PebxjNAflT7dPrbYL
 WecjKC9WqBxrGY+4ew6YJP70ijLBCw==
 =aC8m
 -----END PGP SIGNATURE-----

Merge tag 'arm64-mmiowb' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull mmiowb removal from Will Deacon:
 "Remove Mysterious Macro Intended to Obscure Weird Behaviours (mmiowb())

  Remove mmiowb() from the kernel memory barrier API and instead, for
  architectures that need it, hide the barrier inside spin_unlock() when
  MMIO has been performed inside the critical section.

  The only relatively recent changes have been addressing review
  comments on the documentation, which is in a much better shape thanks
  to the efforts of Ben and Ingo.

  I was initially planning to split this into two pull requests so that
  you could run the coccinelle script yourself, however it's been plain
  sailing in linux-next so I've just included the whole lot here to keep
  things simple"

* tag 'arm64-mmiowb' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: (23 commits)
  docs/memory-barriers.txt: Update I/O section to be clearer about CPU vs thread
  docs/memory-barriers.txt: Fix style, spacing and grammar in I/O section
  arch: Remove dummy mmiowb() definitions from arch code
  net/ethernet/silan/sc92031: Remove stale comment about mmiowb()
  i40iw: Redefine i40iw_mmiowb() to do nothing
  scsi/qla1280: Remove stale comment about mmiowb()
  drivers: Remove explicit invocations of mmiowb()
  drivers: Remove useless trailing comments from mmiowb() invocations
  Documentation: Kill all references to mmiowb()
  riscv/mmiowb: Hook up mmwiob() implementation to asm-generic code
  powerpc/mmiowb: Hook up mmwiob() implementation to asm-generic code
  ia64/mmiowb: Add unconditional mmiowb() to arch_spin_unlock()
  mips/mmiowb: Add unconditional mmiowb() to arch_spin_unlock()
  sh/mmiowb: Add unconditional mmiowb() to arch_spin_unlock()
  m68k/io: Remove useless definition of mmiowb()
  nds32/io: Remove useless definition of mmiowb()
  x86/io: Remove useless definition of mmiowb()
  arm64/io: Remove useless definition of mmiowb()
  ARM/io: Remove useless definition of mmiowb()
  mmiowb: Hook up mmiowb helpers to spinlocks and generic I/O accessors
  ...
2019-05-06 16:57:52 -07:00
Linus Torvalds 423ea32554 tty: rocket: fix incorrect forward declaration of 'rp_init()'
Make the forward declaration actually match the real function
definition, something that previous versions of gcc had just ignored.

This is another patch to fix new warnings from gcc-9 before I start the
merge window pulls.  I don't want to miss legitimate new warnings just
because my system update brought a new compiler with new warnings.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-05-06 11:28:23 -07:00
Paul Walmsley 45c054d081 tty: serial: add driver for the SiFive UART
Add a serial driver for the SiFive UART, found on SiFive FU540 devices
(among others).

The underlying serial IP block is relatively basic, and currently does
not support serial break detection.  Further information on the IP
block can be found in the documentation and Chisel sources:

    https://static.dev.sifive.com/FU540-C000-v1.0.pdf

    https://github.com/sifive/sifive-blocks/tree/master/src/main/scala/devices/uart

This driver was written in collaboration with Wesley Terpstra
<wesley@sifive.com>.

Tested on a SiFive HiFive Unleashed A00 board, using BBL and the open-
source FSBL (using a DT file based on what's targeted for mainline).

This revision incorporates changes based on comments by Julia Lawall
<julia.lawall@lip6.fr>, Emil Renner Berthing <kernel@esmil.dk>, and
Andreas Schwab <schwab@suse.de>.  Thanks also to Andreas for testing
the driver with his userspace and reporting a bug with the
set_termios implementation.

Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
Signed-off-by: Paul Walmsley <paul@pwsan.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jiri Slaby <jslaby@suse.com>
Cc: Palmer Dabbelt <palmer@sifive.com>
Cc: Wesley Terpstra <wesley@sifive.com>
Cc: linux-serial@vger.kernel.org
Cc: linux-riscv@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Cc: Julia Lawall <julia.lawall@lip6.fr>
Cc: Emil Renner Berthing <kernel@esmil.dk>
Cc: Andreas Schwab <schwab@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-29 16:30:59 +02:00
Shubhrajyoti Datta 1863178b20 serial: uartps: Add support for cts-override
Having flow is configurable. Add support for the same by
checking for cts-override.

Signed-off-by: Shubhrajyoti Datta <shubhrajyoti.datta@xilinx.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-29 16:20:24 +02:00
Wei Yongjun 74cdf8cec7 serial: milbeaut_usio: Fix error handling in probe and remove
devm_clk_get() is used so there is no reason to explicitly call
clk_put() in probe or remove functions. Also remove duplicate assign
for port->membase.

Fixes: ba44dc0430 ("serial: Add Milbeaut serial control")
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Tested-by: Sugaya Taichi <sugaya.taichi@socionext.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-29 16:20:24 +02:00
Fuqian Huang 8ef795653d tty: rocket: deprecate the rp_ioctl
The rp_ioctl is deprecated.
Add dev_warn_ratelimited to warn the use of rp_ioctl.

Signed-off-by: Fuqian Huang <huangfq.daxian@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-25 11:58:56 +02:00
Fuqian Huang 29973f8a88 tty: rocket: Remove RCPK_GET_STRUCT ioctl
If the cmd is RCPK_GET_STRUCT, copy_to_user will copy
info to user space. As info->port.ops is the address of
a constant object rocket_port_ops (assigned in init_r_port),
a kernel address leakage happens.

Remove the RCPK_GET_STRUCT ioctl.

Signed-off-by: Fuqian Huang <huangfq.daxian@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-25 11:58:56 +02:00
Johan Hovold 8daa89e099 tty: update obsolete termios comment
Update an obsolete comment referring to the termios_locked structure
which was removed over a decade ago by commit fe6e29fdb1 ("tty:
simplify ktermios allocation").

While at it, fix the "Thus" typo.

Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-25 11:58:56 +02:00
Sergey Organov 050dfc09f8 tty: serial_core: fix error code returned by uart_register_driver()
uart_register_driver() returned -ENOMEM on any error, even when
tty_register_driver() call returned another one, such as -EBUSY.

Signed-off-by: Sergey Organov <sorganov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-25 11:39:51 +02:00
Long Cheng bdbd0a7f8f serial: 8250-mtk: modify baudrate setting
In termios function, add Fractional divider to adjust baudrate.

Signed-off-by: Long Cheng <long.cheng@mediatek.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-25 11:37:42 +02:00
Long Cheng 8ceeb47098 serial: 8250-mtk: add follow control
Add SW and HW follow control function.

Signed-off-by: Long Cheng <long.cheng@mediatek.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-25 11:37:42 +02:00
Mauro Carvalho Chehab f137401780 docs: serial: convert docs to ReST and rename to *.rst
The converted files are focused at the Kernel internal API,
so, this is a good candidate for the kernel API set of books.

The conversion is actually:
  - add blank lines and identation in order to identify paragraphs;
  - fix tables markups;
  - add some lists markups;
  - mark literal blocks;
  - adjust title markups.

At its new index.rst, let's add a :orphan: while this is not linked to
the main index.rst file, in order to avoid build warnings.

Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-25 11:37:42 +02:00
Su Bao Cheng 3e51ceea10 serial: 8250_exar: Adjust IOT2000 matching
Since there are more IOT2040 variants with identical hardware but
different asset tags, the asset tag matching should be adjusted to
support them.

As only the IOT2040 variants have the Exar chip on board, matching on
their board name is enough. In the future there will be no other devices
with the "SIMATIC IOT2000" DMI board name but different hardware.

Signed-off-by: Su Bao Cheng <baocheng.su@siemens.com>
Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-25 11:37:41 +02:00
Jiri Slaby 4cdd17ba1d TTY: serial_core, add ->install
We need to compute the uart state only on the first open. This is
usually what is done in the ->install hook. serial_core used to do this
in ->open on every open. So move it to ->install.

As a side effect, it ensures the state is set properly in the window
after tty_init_dev is called, but before uart_open. This fixes a bunch
of races between tty_open and flush_to_ldisc we were dealing with
recently.

One of such bugs was attempted to fix in commit fedb576064 (serial:
fix race between flush_to_ldisc and tty_open), but it only took care of
a couple of functions (uart_start and uart_unthrottle).  I was able to
reproduce the crash on a SLE system, but in uart_write_room which is
also called from flush_to_ldisc via process_echoes. I was *unable* to
reproduce the bug locally. It is due to having this patch in my queue
since 2012!

 general protection fault: 0000 [#1] SMP KASAN PTI
 CPU: 1 PID: 5 Comm: kworker/u4:0 Tainted: G             L 4.12.14-396-default #1 SLE15-SP1 (unreleased)
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c89-prebuilt.qemu.org 04/01/2014
 Workqueue: events_unbound flush_to_ldisc
 task: ffff8800427d8040 task.stack: ffff8800427f0000
 RIP: 0010:uart_write_room+0xc4/0x590
 RSP: 0018:ffff8800427f7088 EFLAGS: 00010202
 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
 RDX: 000000000000002f RSI: 00000000000000ee RDI: ffff88003888bd90
 RBP: ffffffffb9545850 R08: 0000000000000001 R09: 0000000000000400
 R10: ffff8800427d825c R11: 000000000000006e R12: 1ffff100084fee12
 R13: ffffc900004c5000 R14: ffff88003888bb28 R15: 0000000000000178
 FS:  0000000000000000(0000) GS:ffff880043300000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000561da0794148 CR3: 000000000ebf4000 CR4: 00000000000006e0
 Call Trace:
  tty_write_room+0x6d/0xc0
  __process_echoes+0x55/0x870
  n_tty_receive_buf_common+0x105e/0x26d0
  tty_ldisc_receive_buf+0xb7/0x1c0
  tty_port_default_receive_buf+0x107/0x180
  flush_to_ldisc+0x35d/0x5c0
...

0 in rbx means tty->driver_data is NULL in uart_write_room. 0x178 is
tried to be dereferenced (0x178 >> 3 is 0x2f in rdx) at
uart_write_room+0xc4. 0x178 is exactly (struct uart_state *)NULL->refcount
used in uart_port_lock from uart_write_room.

So revert the upstream commit here as my local patch should fix the
whole family.

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: Li RongQing <lirongqing@baidu.com>
Cc: Wang Li <wangli39@baidu.com>
Cc: Zhang Yu <zhangyu31@baidu.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-25 11:37:41 +02:00
Sugaya Taichi 6bc3703dcf serial: Fix using plain integer instead of Null pointer
Fix build warning that using plain integer as Null pointer.
This is reported by kbuild test robot.

Fixes: ba44dc0430 ("serial: Add Milbeaut serial control")
Signed-off-by: Sugaya Taichi <sugaya.taichi@socionext.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-25 11:37:41 +02:00
Greg Kroah-Hartman 3b8a1f45e1 Merge 5.1-rc6 into tty-next
We want the serial/tty fixes in here as well.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-21 23:20:08 +02:00
Greg Kroah-Hartman 817de6b859 Merge 5.1-rc6 into staging-next
We want the fixes in here as well as this resolves an iio driver merge
issue.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-21 23:18:44 +02:00
Okash Khawaja 496124e5e1 vt: selection: allow functions to be called from inside kernel
This patch breaks set_selection() into two functions so that when
called from kernel, copy_from_user() can be avoided. The two functions
are called set_selection_user() and set_selection_kernel() in order to
be explicit about their purposes. This also means updating any
references to set_selection() and fixing for name change. It also
exports set_selection_kernel() and paste_selection().

These changes are used the following patch where speakup's selection
functionality calls into the above functions, thereby doing away with
parallel implementation.

Signed-off-by: Okash Khawaja <okash.khawaja@gmail.com>
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Tested-by: Gregory Nowak <greg@gregn.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-19 15:09:10 +02:00
Guoqing Jiang c53051128b sc16is7xx: put err_spi and err_i2c into correct #ifdef
err_spi is only called within SERIAL_SC16IS7XX_SPI
while err_i2c is called inside SERIAL_SC16IS7XX_I2C.
So we need to put err_spi and err_i2c into each #ifdef
accordingly.

This change fixes ("sc16is7xx: move label 'err_spi'
to correct section").

Signed-off-by: Guoqing Jiang <gqjiang@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-19 14:09:23 +02:00
Mikulas Patocka b2ecf00631 vt: fix cursor when clearing the screen
The patch a6dbe44275 ("vt: perform safe console erase in the right
order") introduced a bug. The conditional do_update_region() was
replaced by a call to update_region() that does contain the conditional
already, but with unwanted extra side effects such as restoring the cursor
drawing.

In order to reproduce the bug:
- use framebuffer console with the AMDGPU driver
- type "links" to start the console www browser
- press 'q' and space to exit links

Now the cursor will be permanently visible in the center of the
screen. It will stay there until something overwrites it.

The bug goes away if we change update_region() back to the conditional
do_update_region().

[ nico: reworded changelog ]

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Reviewed-by: Nicolas Pitre <nico@fluxnic.net>
Cc: stable@vger.kernel.org
Fixes: a6dbe44275 ("vt: perform safe console erase in the right order")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-17 14:45:15 +02:00
Hariprasad Kelam c7a6b9e4df tty:serial_core: Spelling mistake
fix spelling mistake "overriden" -> "overridden"

This fix resolves warning reported by checkpatch tool.

Signed-off-by: Hariprasad Kelam <hariprasad.kelam@gmail.com>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-16 15:25:40 +02:00
Guoqing Jiang e00164a0f0 sc16is7xx: move label 'err_spi' to correct section
err_spi is used when SERIAL_SC16IS7XX_SPI is enabled, so make
the label only available under SERIAL_SC16IS7XX_SPI option.
Otherwise, the below warning appears.

drivers/tty/serial/sc16is7xx.c:1523:1: warning: label ‘err_spi’ defined but not used [-Wunused-label]
 err_spi:
  ^~~~~~~

Signed-off-by: Guoqing Jiang <gqjiang@suse.com>
Fixes: ac0cdb3d99 ("sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-16 15:24:38 +02:00
Geert Uytterhoeven 6b87784b53 serial: sh-sci: Fix HSCIF RX sampling point adjustment
The calculation of the sampling point has min() and max() exchanged.
Fix this by using the clamp() helper instead.

Fixes: 63ba1e00f1 ("serial: sh-sci: Support for HSCIF RX sampling point adjustment")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Ulrich Hecht <uli+renesas@fpond.eu>
Reviewed-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Acked-by: Dirk Behme <dirk.behme@de.bosch.com>
Cc: stable <stable@vger.kernel.org>
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-16 15:24:38 +02:00
Geert Uytterhoeven ace965696d serial: sh-sci: Fix HSCIF RX sampling point calculation
There are several issues with the formula used for calculating the
deviation from the intended rate:
  1. While min_err and last_stop are signed, srr and baud are unsigned.
     Hence the signed values are promoted to unsigned, which will lead
     to a bogus value of deviation if min_err is negative,
  2. Srr is the register field value, which is one less than the actual
     sampling rate factor,
  3. The divisions do not use rounding.

Fix this by casting unsigned variables to int, adding one to srr, and
using a single DIV_ROUND_CLOSEST().

Fixes: 63ba1e00f1 ("serial: sh-sci: Support for HSCIF RX sampling point adjustment")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Cc: stable <stable@vger.kernel.org>
Reviewed-by: Ulrich Hecht <uli+renesas@fpond.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-16 15:24:38 +02:00
Vincent Whitchurch 3117ff13f1 tty: Add NULL TTY driver
If no console driver is enabled (or if a non-present driver is selected
with something like console=null in an attempt to disable the console),
opening /dev/console errors out, and init scripts and other userspace
code that relies on the existence of a console will fail.  Symlinking
/dev/null to /dev/console does not solve the problem since /dev/null
does not behave like a real TTY.

To just provide a dummy console to userspace when no console driver is
available or desired, add a ttynull driver which simply discards all
writes.  It can be chosen on the command line in the standard way, i.e.
with console=ttynull.

Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-16 15:21:34 +02:00
Reinis Danne 89bb1e1ee5 tty: vt: keyboard: Allow Unicode compose base char
Pass Unicode character to k_unicode handler function to honor possible
accent_table definition.

With introduction of KDSKBDIACRUC ioctl, it has been possible to set
compose characters (diacr, base and result) to any Unicode character
(below 0xf000 code point) as defined in struct kbdiacruc.

But it does not work with characters beyond Latin-1 as base, because
they are printed early and not passed to any of the handler functions,
thus breaking compose and dead keys.

It affects keyboard layouts defining such characters on level 1 and
relying on dead keys to access level 3 (e.g., lv-modern with some
modifications for extra characters on level 3 for ē, ā and ī keys).

Signed-off-by: Reinis Danne <rei4dan@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-16 15:21:34 +02:00
Johan Hovold 0d3cb6f6c6 Revert "tty: fix NULL pointer issue when tty_port ops is not set"
This reverts commit f4e68d58cf.

TTY drivers using the tty-port abstraction all provide a pointer to a
set of port operations, which specifically cannot be NULL (or we'd find
out at first attempt to open a port).

Revert the recent commit which added unnecessary NULL-checks and whose
commit message indicated that it was fixing a real problem, which it did
not.

Note that even the two tty drivers for virtual devices currently
providing an empty set of operations probably should be implementing at
least some of the callbacks.

Cc: Fabien Dessenne <fabien.dessenne@st.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-16 15:21:34 +02:00
Sugaya Taichi ba44dc0430 serial: Add Milbeaut serial control
Add Milbeaut serial control including earlycon and console.

Signed-off-by: Sugaya Taichi <sugaya.taichi@socionext.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-16 15:21:34 +02:00
Konstantin Khorenko fa2b360f26 tty/vt: avoid high order pages allocation on GIO_UNIMAP ioctl
GIO_UNIMAP can easily result in a high order allocation,
seen 6th order allocation on radeondrmfb:

  fbcon: radeondrmfb (fb0) is primary device
  Console: switching to colour frame buffer device 160x64
  radeon 0000:01:05.0: fb0: radeondrmfb frame buffer device
  WARNING: CPU: 0 PID: 78661 at mm/page_alloc.c:3532
        __alloc_pages_nodemask+0x1b1/0x600
  order 6 >= 3, gfp 0x40d0

The warning is generated by a debug patch.

At the same time it's safe to use kvmalloc() for allocation in
con_get_unimap(), so let's do the substitution.

And do the same for con_set_unimap().

Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-16 15:21:34 +02:00
Bartlomiej Zolnierkiewicz f692f7766f tty: remove redundant 'default n' from Kconfig-s
'default n' is the default value for any bool or tristate Kconfig
setting so there is no need to write it explicitly.

Also since commit f467c5640c ("kconfig: only write '# CONFIG_FOO
is not set' for visible symbols") the Kconfig behavior is the same
regardless of 'default n' being present or not:

    ...
    One side effect of (and the main motivation for) this change is making
    the following two definitions behave exactly the same:

        config FOO
                bool

        config FOO
                bool
                default n

    With this change, neither of these will generate a
    '# CONFIG_FOO is not set' line (assuming FOO isn't selected/implied).
    That might make it clearer to people that a bare 'default n' is
    redundant.
    ...

Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-16 15:21:33 +02:00
YueHaibing 7a7457ba40 serial: sprd: Fix a copy-paste err in sprd_request_dma()
when dma_request_chan rx_dma fails, dev_err log should print rx_dma
err log.

Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Reviewed-by: Baolin Wang <baolin.wang@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-16 15:21:33 +02:00
Colin Ian King 9ef8927f45 n_tty: check for negative and zero space return from tty_write_room
The return from tty_write_room could potentially be negative if
a tty write_room driver returns an error number (not that any seem
to do). Rather than just check for a zero return, also check for
a -ve return. This avoids the unsigned nr being set to a large unsigned
value on the assignment from variable space and can lead to overflowing
the buffer buf.  Better to be safe than assume all write_room
implementations in tty drivers are going to do the right thing.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-16 15:21:33 +02:00
Will Deacon fb24ea52f7 drivers: Remove explicit invocations of mmiowb()
mmiowb() is now implied by spin_unlock() on architectures that require
it, so there is no reason to call it from driver code. This patch was
generated using coccinelle:

	@mmiowb@
	@@
	- mmiowb();

and invoked as:

$ for d in drivers include/linux/qed sound; do \
spatch --include-headers --sp-file mmiowb.cocci --dir $d --in-place; done

NOTE: mmiowb() has only ever guaranteed ordering in conjunction with
spin_unlock(). However, pairing each mmiowb() removal in this patch with
the corresponding call to spin_unlock() is not at all trivial, so there
is a small chance that this change may regress any drivers incorrectly
relying on mmiowb() to order MMIO writes between CPUs using lock-free
synchronisation. If you've ended up bisecting to this commit, you can
reintroduce the mmiowb() calls using wmb() instead, which should restore
the old behaviour on all architectures other than some esoteric ia64
systems.

Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2019-04-08 12:01:02 +01:00
Greg Kroah-Hartman f16aa97d3f tty: fix up a few remaining files without SPDX identifiers
There were a few straggling files under drivers/tty/ that did not have
any SPDX identifier either because they entered the tree recently, or
they somehow missed the mass-tagging of commit b24413180f ("License
cleanup: add SPDX GPL-2.0 license identifier to files with no license")

This commit follows the same rule as b24413180f ("License cleanup: add
SPDX GPL-2.0 license identifier to files with no license") where files
without any specified license in them fall under GPL-2.0 as the correct
license for the individual file.  Add that identifier to these remaining
files so that we don't have to guess at the license of them in the
future.

Cc: Jiri Slaby <jslaby@suse.com>
Cc: "David S. Miller" <davem@davemloft.net>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-04 18:48:43 +02:00
Greg Kroah-Hartman 38c91d1d55 tty: add SPDX identifiers to Kconfig and Makefiles
There were a few Kconfig and Makefiles under drivers/tty/ that were
missing a SPDX identifier.  Fix that up so that automated tools can
properly classify all kernel source files.

Cc: Jiri Slaby <jslaby@suse.com>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Rob Herring <robh@kernel.org>
Acked-by: David Sterba <dsterba@suse.com>
Reviewed-by: Mukesh Ojha <mojha@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-04 18:48:43 +02:00
Greg Kroah-Hartman b63d443be4 Merge 5.1-rc3 into tty-next
We want the tty/serial fixes in here as well.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-01 07:40:47 +02:00
Greg Kroah-Hartman 0eae4686a1 Revert "tty: pty: Fix race condition between release_one_tty and pty_write"
This reverts commit b9ca5f8560 as 0-day
shows it has a circular locking dependency.

Fixes: b9ca5f8560 ("tty: pty: Fix race condition between release_one_tty and pty_write")
Reported-by: kernel test robot <lkp@intel.com>
Cc: Sahara <keun-o.park@darkmatter.ae>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-29 15:47:40 +01:00
Jakub Wilk 67fbfc3943 vt: use /dev/vcs (not /dev/vcs0) in comment
Both /dev/vcs and /dev/vcs0 were in use in the past, but these days
/dev/vcs0 is mostly historical curiosity.

* "/dev/vcs" is the name that has always been in the Linux allocated
devices list.

* "vcs" is the device name in sysfs since Linux v2.6.12.

* MAKEDEV(1) in Debian used to create /dev/vcs0 only, but /dev/vcs was
  added in 1999: https://bugs.debian.org/45698

* MAKEDEV(1) in RedHat switched from /dev/vcs0 to /dev/vcs in 2000:

    * Fri Oct 20 2000 Nalin Dahyabhai <nalin@redhat.com>
      - change vcs0 to vcs (ditto for vcsa0)

Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-28 01:28:24 +09:00
Sahara b9ca5f8560 tty: pty: Fix race condition between release_one_tty and pty_write
Especially when a linked tty is used such as pty, the linked tty
port's buf works have not been cancelled while master tty port's
buf work has been cancelled. Since release_one_tty and flush_to_ldisc
run in workqueue threads separately, when pty_cleanup happens and
link tty port is freed, flush_to_ldisc tries to access freed port
and port->itty, eventually it causes a panic.
This patch utilizes the magic value with holding the tty_mutex to
check if the tty->link is valid.

Fixes: 2b022ab754 ("pty: cancel pty slave port buf's work in tty_release")
Signed-off-by: Sahara <keun-o.park@darkmatter.ae>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-28 01:28:23 +09:00
Yifeng Li 75ddbc1fb1 tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0
Previously, in the userspace, it was possible to use the "setterm" command
from util-linux to blank the VT console by default, using the following
command.

According to the man page,

> The force option keeps the screen blank even if a key is pressed.

It was implemented by calling TIOCL_BLANKSCREEN.

	case BLANKSCREEN:
		ioctlarg = TIOCL_BLANKSCREEN;
		if (ioctl(STDIN_FILENO, TIOCLINUX, &ioctlarg))
			warn(_("cannot force blank"));
		break;

However, after Linux 4.12, this command ceased to work anymore, which is
unexpected. By inspecting the kernel source, it shows that the issue was
triggered by the side-effect from commit a4199f5eb8 ("tty: Disable
default console blanking interval").

The console blanking is implemented by function do_blank_screen() in vt.c:
"blank_state" will be initialized to "blank_normal_wait" in con_init() if
AND ONLY IF ("blankinterval" > 0). If "blankinterval" is 0, "blank_state"
will be "blank_off" (== 0), and a call to do_blank_screen() will always
abort, even if a forced blanking is required from the user by calling
TIOCL_BLANKSCREEN, the console won't be blanked.

This behavior is unexpected from a user's point-of-view, since it's not
mentioned in any documentation. The setterm man page suggests it will
always work, and the kernel comments in uapi/linux/tiocl.h says

> /* keep screen blank even if a key is pressed */
> #define TIOCL_BLANKSCREEN 14

To fix it, we simply remove the "blank_state != blank_off" check, as
pointed out by Nicolas Pitre, this check doesn't logically make sense
and it's safe to remove.

Suggested-by: Nicolas Pitre <nicolas.pitre@linaro.org>
Fixes: a4199f5eb8 ("tty: Disable default console blanking interval")
Signed-off-by: Yifeng Li <tomli@tomli.me>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-28 01:28:23 +09:00
Sergei Trofimovich 46ca3f735f tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
The bug manifests as an attempt to access deallocated memory:

    BUG: unable to handle kernel paging request at ffff9c8735448000
    #PF error: [PROT] [WRITE]
    PGD 288a05067 P4D 288a05067 PUD 288a07067 PMD 7f60c2063 PTE 80000007f5448161
    Oops: 0003 [#1] PREEMPT SMP
    CPU: 6 PID: 388 Comm: loadkeys Tainted: G         C        5.0.0-rc6-00153-g5ded5871030e #91
    Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./H77M-D3H, BIOS F12 11/14/2013
    RIP: 0010:__memmove+0x81/0x1a0
    Code: 4c 89 4f 10 4c 89 47 18 48 8d 7f 20 73 d4 48 83 c2 20 e9 a2 00 00 00 66 90 48 89 d1 4c 8b 5c 16 f8 4c 8d 54 17 f8 48 c1 e9 03 <f3> 48 a5 4d 89 1a e9 0c 01 00 00 0f 1f 40 00 48 89 d1 4c 8b 1e 49
    RSP: 0018:ffffa1b9002d7d08 EFLAGS: 00010203
    RAX: ffff9c873541af43 RBX: ffff9c873541af43 RCX: 00000c6f105cd6bf
    RDX: 0000637882e986b6 RSI: ffff9c8735447ffb RDI: ffff9c8735447ffb
    RBP: ffff9c8739cd3800 R08: ffff9c873b802f00 R09: 00000000fffff73b
    R10: ffffffffb82b35f1 R11: 00505b1b004d5b1b R12: 0000000000000000
    R13: ffff9c873541af3d R14: 000000000000000b R15: 000000000000000c
    FS:  00007f450c390580(0000) GS:ffff9c873f180000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: ffff9c8735448000 CR3: 00000007e213c002 CR4: 00000000000606e0
    Call Trace:
     vt_do_kdgkb_ioctl+0x34d/0x440
     vt_ioctl+0xba3/0x1190
     ? __bpf_prog_run32+0x39/0x60
     ? mem_cgroup_commit_charge+0x7b/0x4e0
     tty_ioctl+0x23f/0x920
     ? preempt_count_sub+0x98/0xe0
     ? __seccomp_filter+0x67/0x600
     do_vfs_ioctl+0xa2/0x6a0
     ? syscall_trace_enter+0x192/0x2d0
     ksys_ioctl+0x3a/0x70
     __x64_sys_ioctl+0x16/0x20
     do_syscall_64+0x54/0xe0
     entry_SYSCALL_64_after_hwframe+0x49/0xbe

The bug manifests on systemd systems with multiple vtcon devices:
  # cat /sys/devices/virtual/vtconsole/vtcon0/name
  (S) dummy device
  # cat /sys/devices/virtual/vtconsole/vtcon1/name
  (M) frame buffer device

There systemd runs 'loadkeys' tool in tapallel for each vtcon
instance. This causes two parallel ioctl(KDSKBSENT) calls to
race into adding the same entry into 'func_table' array at:

    drivers/tty/vt/keyboard.c:vt_do_kdgkb_ioctl()

The function has no locking around writes to 'func_table'.

The simplest reproducer is to have initrams with the following
init on a 8-CPU machine x86_64:

    #!/bin/sh

    loadkeys -q windowkeys ru4 &
    loadkeys -q windowkeys ru4 &
    loadkeys -q windowkeys ru4 &
    loadkeys -q windowkeys ru4 &

    loadkeys -q windowkeys ru4 &
    loadkeys -q windowkeys ru4 &
    loadkeys -q windowkeys ru4 &
    loadkeys -q windowkeys ru4 &
    wait

The change adds lock on write path only. Reads are still racy.

CC: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
CC: Jiri Slaby <jslaby@suse.com>
Link: https://lkml.org/lkml/2019/2/17/256
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-28 01:28:23 +09:00
Kangjie Lu 1bbb1c318c tty: ipwireless: fix missing checks for ioremap
ipw->attr_memory and ipw->common_memory are assigned with the
return value of ioremap. ioremap may fail, but no checks
are enforced. The fix inserts the checks to avoid potential
NULL pointer dereferences.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-28 01:28:23 +09:00
David Emett cf90c06f81 tty: fix read of tty->pgrp outside of ctrl_lock
The intention was clearly to use the tty_pgrp local variable rather than
re-read tty->pgrp outside of ctrl_lock, so do that.

This bug was introduced by commit 2812d9e9fd ("tty: Combine
SIGTTOU/SIGTTIN handling").

Signed-off-by: David Emett <dave@sp4m.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-28 01:28:23 +09:00