This fixes an error message that was probably copied and pasted. The same
message is used for both the in and out endpoints, so it makes it impossible
to know which one actually failed because both cases say "IN".
Make the out endpoint error message say "OUT".
Signed-off-by: David Lechner <david@lechnology.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
The dev_config() routine in gadgetfs has a check that
dev->dev->bNumConfigurations is equal to 1, and then contains a
redundant line of code setting the value to 1. This patch removes the
unnecessary assignment.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Andrey Konovalov's fuzz testing of gadgetfs showed that we should
improve the driver's checks for valid configuration descriptors passed
in by the user. In particular, the driver needs to verify that the
wTotalLength value in the descriptor is not too short (smaller
than USB_DT_CONFIG_SIZE). And the check for whether wTotalLength is
too large has to be changed, because the driver assumes there is
always enough room remaining in the buffer to hold a device descriptor
(at least USB_DT_DEVICE_SIZE bytes).
This patch adds the additional check and fixes the existing check. It
may do a little more than strictly necessary, but one extra check
won't hurt.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: Andrey Konovalov <andreyknvl@google.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Andrey Konovalov reports that fuzz testing with syzkaller causes a
KASAN use-after-free bug report in gadgetfs:
BUG: KASAN: use-after-free in gadgetfs_setup+0x208a/0x20e0 at addr ffff88003dfe5bf2
Read of size 2 by task syz-executor0/22994
CPU: 3 PID: 22994 Comm: syz-executor0 Not tainted 4.9.0-rc7+ #16
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
ffff88006df06a18 ffffffff81f96aba ffffffffe0528500 1ffff1000dbe0cd6
ffffed000dbe0cce ffff88006df068f0 0000000041b58ab3 ffffffff8598b4c8
ffffffff81f96828 1ffff1000dbe0ccd ffff88006df06708 ffff88006df06748
Call Trace:
<IRQ> [ 201.343209] [< inline >] __dump_stack lib/dump_stack.c:15
<IRQ> [ 201.343209] [<ffffffff81f96aba>] dump_stack+0x292/0x398 lib/dump_stack.c:51
[<ffffffff817e4dec>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:159
[< inline >] print_address_description mm/kasan/report.c:197
[<ffffffff817e5080>] kasan_report_error+0x1f0/0x4e0 mm/kasan/report.c:286
[< inline >] kasan_report mm/kasan/report.c:306
[<ffffffff817e562a>] __asan_report_load_n_noabort+0x3a/0x40 mm/kasan/report.c:337
[< inline >] config_buf drivers/usb/gadget/legacy/inode.c:1298
[<ffffffff8322c8fa>] gadgetfs_setup+0x208a/0x20e0 drivers/usb/gadget/legacy/inode.c:1368
[<ffffffff830fdcd0>] dummy_timer+0x11f0/0x36d0 drivers/usb/gadget/udc/dummy_hcd.c:1858
[<ffffffff814807c1>] call_timer_fn+0x241/0x800 kernel/time/timer.c:1308
[< inline >] expire_timers kernel/time/timer.c:1348
[<ffffffff81482de6>] __run_timers+0xa06/0xec0 kernel/time/timer.c:1641
[<ffffffff814832c1>] run_timer_softirq+0x21/0x80 kernel/time/timer.c:1654
[<ffffffff84f4af8b>] __do_softirq+0x2fb/0xb63 kernel/softirq.c:284
The cause of the bug is subtle. The dev_config() routine gets called
twice by the fuzzer. The first time, the user data contains both a
full-speed configuration descriptor and a high-speed config
descriptor, causing dev->hs_config to be set. But it also contains an
invalid device descriptor, so the buffer containing the descriptors is
deallocated and dev_config() returns an error.
The second time dev_config() is called, the user data contains only a
full-speed config descriptor. But dev->hs_config still has the stale
pointer remaining from the first call, causing the routine to think
that there is a valid high-speed config. Later on, when the driver
dereferences the stale pointer to copy that descriptor, we get a
use-after-free access.
The fix is simple: Clear dev->hs_config if the passed-in data does not
contain a high-speed config descriptor.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Andrey Konovalov reports that fuzz testing with syzkaller causes a
KASAN warning in gadgetfs:
BUG: KASAN: slab-out-of-bounds in dev_config+0x86f/0x1190 at addr ffff88003c47e160
Write of size 65537 by task syz-executor0/6356
CPU: 3 PID: 6356 Comm: syz-executor0 Not tainted 4.9.0-rc7+ #19
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
ffff88003c107ad8 ffffffff81f96aba ffffffff3dc11ef0 1ffff10007820eee
ffffed0007820ee6 ffff88003dc11f00 0000000041b58ab3 ffffffff8598b4c8
ffffffff81f96828 ffffffff813fb4a0 ffff88003b6eadc0 ffff88003c107738
Call Trace:
[< inline >] __dump_stack lib/dump_stack.c:15
[<ffffffff81f96aba>] dump_stack+0x292/0x398 lib/dump_stack.c:51
[<ffffffff817e4dec>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:159
[< inline >] print_address_description mm/kasan/report.c:197
[<ffffffff817e5080>] kasan_report_error+0x1f0/0x4e0 mm/kasan/report.c:286
[<ffffffff817e5705>] kasan_report+0x35/0x40 mm/kasan/report.c:306
[< inline >] check_memory_region_inline mm/kasan/kasan.c:308
[<ffffffff817e3fb9>] check_memory_region+0x139/0x190 mm/kasan/kasan.c:315
[<ffffffff817e4044>] kasan_check_write+0x14/0x20 mm/kasan/kasan.c:326
[< inline >] copy_from_user arch/x86/include/asm/uaccess.h:689
[< inline >] ep0_write drivers/usb/gadget/legacy/inode.c:1135
[<ffffffff83228caf>] dev_config+0x86f/0x1190 drivers/usb/gadget/legacy/inode.c:1759
[<ffffffff817fdd55>] __vfs_write+0x5d5/0x760 fs/read_write.c:510
[<ffffffff817ff650>] vfs_write+0x170/0x4e0 fs/read_write.c:560
[< inline >] SYSC_write fs/read_write.c:607
[<ffffffff81803a5b>] SyS_write+0xfb/0x230 fs/read_write.c:599
[<ffffffff84f47ec1>] entry_SYSCALL_64_fastpath+0x1f/0xc2
Indeed, there is a comment saying that the value of len is restricted
to a 16-bit integer, but the code doesn't actually do this.
This patch fixes the warning. It replaces the comment with a
computation that forces the amount of data copied from the user in
ep0_write() to be no larger than the wLength size for the control
transfer, which is a 16-bit quantity.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Andrey Konovalov reported that we were not properly checking the upper
limit before of a device configuration size before calling
memdup_user(), which could cause some problems.
So set the upper limit to PAGE_SIZE * 4, which should be good enough for
all devices.
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
The stop_activity() routine in dummy-hcd is supposed to unlink all
active requests for every endpoint, among other things. But it
doesn't handle ep0. As a result, fuzz testing can generate a WARNING
like the following:
WARNING: CPU: 0 PID: 4410 at drivers/usb/gadget/udc/dummy_hcd.c:672 dummy_free_request+0x153/0x170
Modules linked in:
CPU: 0 PID: 4410 Comm: syz-executor Not tainted 4.9.0-rc7+ #32
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
ffff88006a64ed10 ffffffff81f96b8a ffffffff41b58ab3 1ffff1000d4c9d35
ffffed000d4c9d2d ffff880065f8ac00 0000000041b58ab3 ffffffff8598b510
ffffffff81f968f8 0000000041b58ab3 ffffffff859410e0 ffffffff813f0590
Call Trace:
[< inline >] __dump_stack lib/dump_stack.c:15
[<ffffffff81f96b8a>] dump_stack+0x292/0x398 lib/dump_stack.c:51
[<ffffffff812b808f>] __warn+0x19f/0x1e0 kernel/panic.c:550
[<ffffffff812b831c>] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585
[<ffffffff830fcb13>] dummy_free_request+0x153/0x170 drivers/usb/gadget/udc/dummy_hcd.c:672
[<ffffffff830ed1b0>] usb_ep_free_request+0xc0/0x420 drivers/usb/gadget/udc/core.c:195
[<ffffffff83225031>] gadgetfs_unbind+0x131/0x190 drivers/usb/gadget/legacy/inode.c:1612
[<ffffffff830ebd8f>] usb_gadget_remove_driver+0x10f/0x2b0 drivers/usb/gadget/udc/core.c:1228
[<ffffffff830ec084>] usb_gadget_unregister_driver+0x154/0x240 drivers/usb/gadget/udc/core.c:1357
This patch fixes the problem by iterating over all the endpoints in
the driver's ep array instead of iterating over the gadget's ep_list,
which explicitly leaves out ep0.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Reserved1 is documented as expected to be set to 0, but this test fails
when it it set to 0. Reverse the condition.
Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
When FUNCTIONFS_EVENTFD flag is set, __ffs_data_got_descs reads a 32bits,
little-endian value right after the fixed structure header, and passes it
to eventfd_ctx_fdget. Document this.
Also, rephrase a comment to be affirmative about the role of string
descriptor at index 0. Ref: USB 2.0 spec paragraph "9.6.7 String", and
also checked to still be current in USB 3.0 spec paragraph "9.6.9 String".
Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
By convention (according to doc) if function does not provide
get_alt() callback composite framework should assume that it has only
altsetting 0 and should respond with error if host tries to set
other one.
After commit dd4dff8b03 ("USB: composite: Fix bug: should test
set_alt function pointer before use it")
we started checking set_alt() callback instead of get_alt().
This check is useless as we check if set_alt() is set inside
usb_add_function() and fail if it's NULL.
Let's fix this check and move comment about why we check the get
method instead of set a little bit closer to prevent future false
fixes.
Fixes: dd4dff8b03 ("USB: composite: Fix bug: should test set_alt function pointer before use it")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
ktime_set(S,N) was required for the timespec storage type and is still
useful for situations where a Seconds and Nanoseconds part of a time value
needs to be converted. For anything where the Seconds argument is 0, this
is pointless and can be replaced with a simple assignment.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
This was entirely automated, using the script by Al:
PATT='^[[:blank:]]*#[[:blank:]]*include[[:blank:]]*<asm/uaccess.h>'
sed -i -e "s!$PATT!#include <linux/uaccess.h>!" \
$(git grep -l "$PATT"|grep -v ^include/linux/uaccess.h)
to do the replacement at the end of the merge window.
Requested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Pull scsi target cleanups from Bart Van Assche:
"The changes here are:
- a few small bug fixes for the iSCSI and user space target drivers.
- minimize the target build time by about 30% by rearranging #include
directives
- fix the second argument passed to percpu_ida_alloc()
- reduce the number of false positive warnings reported by sparse
These patches pass Wu Fengguang's build bot tests and also the
linux-next tests"
* 'scsi-target-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/bvanassche/linux:
iscsi-target: Return error if unable to add network portal
target: Fix spelling mistake and unwrap multi-line text
target/iscsi: Fix double free in lio_target_tiqn_addtpg()
target/user: Fix use-after-free of tcmu_cmds if they are expired
target: Minimize #include directives
target/user: Add an #include directive
cxgbit: Add an #include directive
ibmvscsi_tgt: Add two #include directives
sbp-target: Add an #include directive
qla2xxx: Add an #include directive
configfs: Minimize #include directives
usb: gadget: Fix second argument of percpu_ida_alloc()
sbp-target: Fix second argument of percpu_ida_alloc()
target/user: Fix a data type in tcmu_queue_cmd()
target: Use NULL instead of 0 to represent a pointer
Pull vfs updates from Al Viro:
- more ->d_init() stuff (work.dcache)
- pathname resolution cleanups (work.namei)
- a few missing iov_iter primitives - copy_from_iter_full() and
friends. Either copy the full requested amount, advance the iterator
and return true, or fail, return false and do _not_ advance the
iterator. Quite a few open-coded callers converted (and became more
readable and harder to fuck up that way) (work.iov_iter)
- several assorted patches, the big one being logfs removal
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
logfs: remove from tree
vfs: fix put_compat_statfs64() does not handle errors
namei: fold should_follow_link() with the step into not-followed link
namei: pass both WALK_GET and WALK_MORE to should_follow_link()
namei: invert WALK_PUT logics
namei: shift interpretation of LOOKUP_FOLLOW inside should_follow_link()
namei: saner calling conventions for mountpoint_last()
namei.c: get rid of user_path_parent()
switch getfrag callbacks to ..._full() primitives
make skb_add_data,{_nocache}() and skb_copy_to_page_nocache() advance only on success
[iov_iter] new primitives - copy_from_iter_full() and friends
don't open-code file_inode()
ceph: switch to use of ->d_init()
ceph: unify dentry_operations instances
lustre: switch to use of ->d_init()
Two of the USB Gadgets were poking around in the internals of struct ida
in order to determine if it is empty. Add the appropriate abstraction.
Link: http://lkml.kernel.org/r/1480369871-5271-63-git-send-email-mawilcox@linuxonhyperv.com
Signed-off-by: Matthew Wilcox <willy@linux.intel.com>
Acked-by: Konstantin Khlebnikov <koct9i@gmail.com>
Tested-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Ross Zwisler <ross.zwisler@linux.intel.com>
Cc: Felipe Balbi <balbi@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Michal Nazarewicz <mina86@mina86.com>
Cc: Matthew Wilcox <mawilcox@microsoft.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
from the ->drop_link method.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJYUUZ8AAoJEA+eU2VSBFGDjHIP/RKCBerQNkQ5hdUPnwJkXOh1
b4SWiPNsNgkzpKJsE/vuL6R2qq9KX5sxWLi8a3Wx5jyMst1Xj2m4SvI4fUew/hBC
QZM86aMJLcWZ8BfqLk2tLys759z/MSZSrXcUU8EM+JJqb6E0+i+5pgX8gOk7Pxwo
FUagFzuGXTGORwkWRf47ludBuDEGMCrLQZ6WaXEKQULTUwfPrnP+n9EhZcWzzsyu
0YxW9SFD73LgRSPLgxc+rw875D8rb3WSClWj/2LLQUy8z8QEJ83Mgt9hcbBV0Ppa
efP0kPZbpDnVx6TjpldRKW9GivkbFXNnChMmgTkBGYTRjn8IHDsyAb6ZABw/O37N
oyvd42xVDCE+GSImaMgCPL/5MEsQ+v9xCfgkBcyhWVQYFFj89Nmz/8VKp6AtTW3j
X7MQuzdzKGoWTVpAOgw/SvjrRx+fcciTg31AhhGjE5cmARVoBJuCDa6NM3WXFQf4
Pq74zetWDB38sBZwQV/6Y1m3OJGquD4MxX9b5SbNzwuROrKyJCAe3CCw7CKvuuWj
RPkwZkHiCawRijxNDCWU8zpMcuUCdt9yjTWbUW/WrvKR6BGF4IwUHf9k8oorv1Qc
Bo7enURnYBmcb7cijOLO+onzCf5iWAwMNk8KKJ1zthaZbloIGw8jdp5kOe5spEvF
Uju3n/GNA/OWe2MAuutE
=nOOH
-----END PGP SIGNATURE-----
Merge tag 'configfs-for-4.10' of git://git.infradead.org/users/hch/configfs
Pull configfs update from Christoph Hellwig:
"Just one simple change from Andrzej to drop the pointless return value
from the ->drop_link method"
* tag 'configfs-for-4.10' of git://git.infradead.org/users/hch/configfs:
fs: configfs: don't return anything from drop_link
Here's the big set of USB/PHY patches for 4.10-rc1.
A number of new drivers are here in this set of changes. We have a new
USB controller type "mtu3", a new usb-serial driver, and the usual churn
in the gadget subsystem and the xhci host controller driver, along with
a few other new small drivers added. And lots of little other changes
all over the USB and PHY driver tree. Full details are in the shortlog
All of these have been in linux-next for a while with no reported
issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCWFAxRg8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ynuLgCgsHgM/oba6UaVm1kmyN9V5e3PVjEAn34tRLht
R4enLi8Yv1bOWPdlrpzN
=3MGJ
-----END PGP SIGNATURE-----
Merge tag 'usb-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB/PHY updates from Greg KH:
"Here's the big set of USB/PHY patches for 4.10-rc1.
A number of new drivers are here in this set of changes. We have a new
USB controller type "mtu3", a new usb-serial driver, and the usual
churn in the gadget subsystem and the xhci host controller driver,
along with a few other new small drivers added. And lots of little
other changes all over the USB and PHY driver tree. Full details are
in the shortlog
All of these have been in linux-next for a while with no reported
issues"
* tag 'usb-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (309 commits)
USB: serial: option: add dlink dwm-158
USB: serial: option: add support for Telit LE922A PIDs 0x1040, 0x1041
USB: OHCI: nxp: fix code warnings
USB: OHCI: nxp: remove useless extern declaration
USB: OHCI: at91: remove useless extern declaration
usb: misc: rio500: fix result type for error message
usb: mtu3: fix U3 port link issue
usb: mtu3: enable auto switch from U3 to U2
usbip: fix warning in vhci_hcd_probe/lockdep_init_map
usb: core: usbport: Use proper LED API to fix potential crash
usbip: add missing compile time generated files to .gitignore
usb: hcd.h: construct hub class request constants from simpler constants
USB: OHCI: ohci-pxa27x: remove useless functions
USB: OHCI: omap: remove useless extern declaration
USB: OHCI: ohci-omap: remove useless functions
USB: OHCI: ohci-s3c2410: remove useless functions
USB: cdc-acm: add device id for GW Instek AFG-125
fsl/usb: Workarourd for USB erratum-A005697
usb: hub: Wait for connection to be reestablished after port reset
usbip: vudc: Refactor init_vudc_hw() to be more obvious
...
Pass a task state as second argument to percpu_ida_alloc().
Fixes: commit 71e7ae8e1f ("usb-gadget/tcm: Conversion to percpu_ida tag pre-allocation")
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Cc: Nicholas Bellinger <nab@linux-iscsi.org>
Cc: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: Felipe Balbi <felipe.balbi@linux.intel.com>
copy_from_iter_full(), copy_from_iter_full_nocache() and
csum_and_copy_from_iter_full() - counterparts of copy_from_iter()
et.al., advancing iterator only in case of successful full copy
and returning whether it had been successful or not.
Convert some obvious users. *NOTE* - do not blindly assume that
something is a good candidate for those unless you are sure that
not advancing iov_iter in failure case is the right thing in
this case. Anything that does short read/short write kind of
stuff (or is in a loop, etc.) is unlikely to be a good one.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Documentation/filesystems/configfs/configfs.txt says:
"When unlink(2) is called on the symbolic link, the source item is
notified via the ->drop_link() method. Like the ->drop_item() method,
this is a void function and cannot return failure."
The ->drop_item() is indeed a void function, the ->drop_link() is
actually not. This, together with the fact that the value of ->drop_link()
is silently ignored suggests, that it is the ->drop_link() return
type that should be corrected and changed to void.
This patch changes drop_link() signature and all its users.
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
[hch: reverted reformatting of some code]
Signed-off-by: Christoph Hellwig <hch@lst.de>
udplite conflict is resolved by taking what 'net-next' did
which removed the backlog receive method assignment, since
it is no longer necessary.
Two entries were added to the non-priv ethtool operations
switch statement, one in 'net' and one in 'net-next, so
simple overlapping changes.
Signed-off-by: David S. Miller <davem@davemloft.net>
One big merge this time with a total of 166 non-merge commits.
Most of the work, by far, is on dwc2 this time (68.2%) with dwc3 a far
second (22.5%). The remaining 9.3% are scattered on gadget drivers.
The most important changes for dwc2 are the peripheral side DMA support
implemented by Synopsys folks and support for the new IOT dwc2
compatible core from Synopsys.
In dwc3 land we have support for high-bandwidth, high-speed isochronous
endpoints and some non-critical fixes for large scatter lists.
Apart from these, we have our usual set of cleanups, non-critical fixes,
etc.
-----BEGIN PGP SIGNATURE-----
iQJRBAABCAA7FiEElLzh7wn96CXwjh2IzL64meEamQYFAlgu7+gdHGZlbGlwZS5i
YWxiaUBsaW51eC5pbnRlbC5jb20ACgkQzL64meEamQaDbxAAsgDPAp8QTx8D1d70
hSGyPZ55rmqlzBNbUUOQyk/AeN5xM3XVbjZNOxWn4c386iaDrngcqOrxjCbBRsje
b9yMESMiZsTPVlKXE45yXt//NHg1KUfpHON7rybaiFq0uqjUhnQf95DeYPgJVxit
7F9B+05XcNMyxYRoz6bGkRTU+lcJ6g3/orgKfp4t/hs8WUNXH6+71keMF+IdLYNH
mcPmJ8MXpfLzv8eweRwV0s/3flxCuFx1ksZ8cW6qHR5vX303X2sGTlinBmhfQapr
t0a+OBtLpZdNmjw/yB2odc/1jjLNRHpYU5xGqwouMx9Ca2PocFT2xFbmUWR23xp1
X0rkICRxcLPjZql2Uld5QHO9dPnF/FbX0Njuvxo+2r8ENE5/eG4C/RcYcRDmYPsu
u8k2rKFs0+yCOAU91rD8mayJVBWBJ4trqZFT0TcocCGsMTk8fTYpF1Iskj9Z4FKz
yo+lgyCCtp673ykGZ1ezsL6YWOmdrQv/PurKZqrXAmdhi6+mImLI/nAHtAdOZx0X
zK9MwPnwDxrPiqhrZ46+Bm/EjZI50TM44M1ldmCwKi/6/Nvy54DHMtjPI5/9205R
bjftW3DkVWAC//29RNcGEHtwiJFPEU/kdoRFOPhKGJ7ocCzFVSTFBgo02kDsC6De
Wouv2QTFuZN9s17o29YVD3bGJZM=
=5WN9
-----END PGP SIGNATURE-----
Merge tag 'usb-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-next
Felipe writes:
usb: patches for v4.10 merge window
One big merge this time with a total of 166 non-merge commits.
Most of the work, by far, is on dwc2 this time (68.2%) with dwc3 a far
second (22.5%). The remaining 9.3% are scattered on gadget drivers.
The most important changes for dwc2 are the peripheral side DMA support
implemented by Synopsys folks and support for the new IOT dwc2
compatible core from Synopsys.
In dwc3 land we have support for high-bandwidth, high-speed isochronous
endpoints and some non-critical fixes for large scatter lists.
Apart from these, we have our usual set of cleanups, non-critical fixes,
etc.
Fix error message by checkpath.pl
open brace '{' following struct/enum go on the same line
Patch applied by running fix inplace capability of checkpatch:
checkpatch.pl -f *.[ch] --types OPEN_BRACE --fix-inplace
Signed-off-by: Anson Jacob <ansonjacob.aj@gmail.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Properly check the return code of ffs_func_revmap_intf() and
ffs_func_revmap_ep() for a non-negative value.
Instead of checking the return code, the comparison was performed for the last
parameter of the function calls, because of wrong parenthesis.
This also fixes the following static checker warning:
drivers/usb/gadget/function/f_fs.c:3152 ffs_func_req_match()
warn: always true condition '(((creq->wIndex)) >= 0) => (0-u16max >= 0)'
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Felix Hädicke <felixhaedicke@web.de>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Add super speed descriptors to f_hid.
Signed-off-by: Janusz Dziedzic <januszx.dziedzic@linux.intel.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
The patch improves readability of mv_u3d_start_queue()
by rearranging its code with two semantic modifications:
- assignment zero to ep->processing if usb_gadget_map_request() fails;
- propagation of error code from mv_u3d_req_to_trb() instead of
hardcoded -ENOMEM.
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
mv_u3d_req_to_trb() does not check for dma mapping errors.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
dev_kfree_skb_any() is used to free packets that are dropped by the
network stack. Therefore the function should not be used for packets
that have been successfully processed by the network stack. Instead
dev_consume_skb_any() has to be used for such consumed packets.
This separation helps to identify dropped packets.
Signed-off-by: Torsten Polle <tpolle@de.adit-jv.com>
Signed-off-by: Harish Jenny K N <harish_kandiga@mentor.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Socket buffers should be linked to the (network) device that allocated
the buffers. __netdev_alloc_skb performs this task.
Signed-off-by: Torsten Polle <tpolle@de.adit-jv.com>
Signed-off-by: Jim Baxter <jim_baxter@mentor.com>
Signed-off-by: Harish Jenny K N <harish_kandiga@mentor.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Socket buffers should be linked to the (network) device that allocated
the buffers.
Signed-off-by: Torsten Polle <tpolle@de.adit-jv.com>
Signed-off-by: Harish Jenny K N <harish_kandiga@mentor.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
There is only one waiter for the completion, therefore there
is no need to use complete_all(). Let's make that clear by
using complete() instead of complete_all().
The usage pattern of the completion is:
waiter context waker context
reinit_completion()
usb_esp_queue()
wait_for_completion_interruptible()
ffs_ep0_complete()
complete()
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Signed-off-by: Daniel Wagner <daniel.wagner@bmw-carit.de>
Cc: Felipe Balbi <balbi@kernel.org>
Cc: Michal Nazarewicz <mina86@mina86.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: linux-usb@vger.kernel.org
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Use the more common logging mechanism.
Miscellanea:
o Realign multiline statements
o Coalesce format
Acked-by: Robert Jarzmik <robert.jarzmik@free.fr>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Now that usb_endpoint_maxp() only returns the lowest
11 bits from wMaxPacketSize, we can remove the &
operation from this driver.
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Now that usb_endpoint_maxp() only returns the lowest
11 bits from wMaxPacketSize, we can remove the &
operation from this driver.
Cc: Li Yang <leoli@freescale.com>
Cc: <linuxppc-dev@lists.ozlabs.org>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Now that usb_endpoint_maxp() only returns the lowest
11 bits from wMaxPacketSize, we can remove the &
operation from this driver.
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Now that usb_endpoint_maxp() only returns the lowest
11 bits from wMaxPacketSize, we can remove the &
operation from this driver.
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Now that usb_endpoint_maxp() only returns the lowest
11 bits from wMaxPacketSize, we can remove the &
operation from this driver.
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Now that usb_endpoint_maxp() only returns the lowest
11 bits from wMaxPacketSize, we can remove the &
operation from this driver.
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: <linux-usb@vger.kernel.org>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Now that usb_endpoint_maxp() only returns the lowest
11 bits from wMaxPacketSize, we can remove the &
operation from this driver.
Cc: Ashwini Pahuja <ashwini.linux@gmail.com>
Cc: <linux-usb@vger.kernel.org>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Now that usb_endpoint_maxp() only returns the lowest
11 bits from wMaxPacketSize, we can remove the &
operation from this driver.
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Cc: <linux-usb@vger.kernel.org>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Now that usb_endpoint_maxp() only returns the lowest
11 bits from wMaxPacketSize, we can remove the &
operation from this driver.
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
We have introduced a helper to calculate multiplier
value from wMaxPacketSize. Start using it.
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
