summaryrefslogtreecommitdiffstats
path: root/drivers/uio
Commit message (Collapse)AuthorAgeFilesLines
* uio: Fix use-after-free in uio_openGuanghui Feng2024-01-041-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | core-1 core-2 ------------------------------------------------------- uio_unregister_device uio_open idev = idr_find() device_unregister(&idev->dev) put_device(&idev->dev) uio_device_release get_device(&idev->dev) kfree(idev) uio_free_minor(minor) uio_release put_device(&idev->dev) kfree(idev) ------------------------------------------------------- In the core-1 uio_unregister_device(), the device_unregister will kfree idev when the idev->dev kobject ref is 1. But after core-1 device_unregister, put_device and before doing kfree, the core-2 may get_device. Then: 1. After core-1 kfree idev, the core-2 will do use-after-free for idev. 2. When core-2 do uio_release and put_device, the idev will be double freed. To address this issue, we can get idev atomic & inc idev reference with minor_lock. Fixes: 57c5f4df0a5a ("uio: fix crash after the device is unregistered") Cc: stable <stable@kernel.org> Signed-off-by: Guanghui Feng <guanghuifeng@linux.alibaba.com> Reviewed-by: Baolin Wang <baolin.wang@linux.alibaba.com> Link: https://lore.kernel.org/r/1703152663-59949-1-git-send-email-guanghuifeng@linux.alibaba.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: pruss: fix missing iounmap() in pruss_probe()Yang Yingliang2023-08-221-1/+2
| | | | | | | | | | platform_get_irq() is called after ioremap(), if it fails, iounmap() needs be called in error the path. Fixes: 2fd84b9b839c ("uio: pruss: fix to check return value of platform_get_irq() in pruss_probe()") Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Link: https://lore.kernel.org/r/20230808123827.560603-1-yangyingliang@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: pruss: fix to check return value of platform_get_irq() in pruss_probe()Zhang Shurong2023-08-041-1/+5
| | | | | | | | | | | The platform_get_irq might be failed and return a negative result. So there should have an error handling code. Fixed this by adding an error handling code. Signed-off-by: Zhang Shurong <zhang_shurong@foxmail.com> Link: https://lore.kernel.org/r/tencent_8E383752B54E5BF860711E500AD8A8971208@qq.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: dfl: add vendor-specific feature idPeter Colberg2023-05-311-0/+2
| | | | | | | | | | | | | | | | | | Add a Device Feature List (DFL) feature id as a generic mechanism to expose a vendor-specific FPGA IP to user space. The feature id is intended for use with IPs that do not need any kernel services beyond exposure to user space through the UIO DFL driver. The feature id is used in, e.g., Intel Oak Springs Canyon IPUs to expose various IPs to user space, e.g., Network Controller Sideband Interface (NC-SI), BaseNIC, and VirtIO management. Link: https://github.com/OPAE/dfl-feature-id Signed-off-by: Peter Colberg <peter.colberg@intel.com> Signed-off-by: Matthew Gerlach <matthew.gerlach@linux.intel.com> Reviewed-by: Russ Weight <russell.h.weight@intel.com> Link: https://lore.kernel.org/r/20230531030737.12989-1-peter.colberg@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* Merge tag 'mm-stable-2023-02-20-13-37' of ↵Linus Torvalds2023-02-231-1/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Pull MM updates from Andrew Morton: - Daniel Verkamp has contributed a memfd series ("mm/memfd: add F_SEAL_EXEC") which permits the setting of the memfd execute bit at memfd creation time, with the option of sealing the state of the X bit. - Peter Xu adds a patch series ("mm/hugetlb: Make huge_pte_offset() thread-safe for pmd unshare") which addresses a rare race condition related to PMD unsharing. - Several folioification patch serieses from Matthew Wilcox, Vishal Moola, Sidhartha Kumar and Lorenzo Stoakes - Johannes Weiner has a series ("mm: push down lock_page_memcg()") which does perform some memcg maintenance and cleanup work. - SeongJae Park has added DAMOS filtering to DAMON, with the series "mm/damon/core: implement damos filter". These filters provide users with finer-grained control over DAMOS's actions. SeongJae has also done some DAMON cleanup work. - Kairui Song adds a series ("Clean up and fixes for swap"). - Vernon Yang contributed the series "Clean up and refinement for maple tree". - Yu Zhao has contributed the "mm: multi-gen LRU: memcg LRU" series. It adds to MGLRU an LRU of memcgs, to improve the scalability of global reclaim. - David Hildenbrand has added some userfaultfd cleanup work in the series "mm: uffd-wp + change_protection() cleanups". - Christoph Hellwig has removed the generic_writepages() library function in the series "remove generic_writepages". - Baolin Wang has performed some maintenance on the compaction code in his series "Some small improvements for compaction". - Sidhartha Kumar is doing some maintenance work on struct page in his series "Get rid of tail page fields". - David Hildenbrand contributed some cleanup, bugfixing and generalization of pte management and of pte debugging in his series "mm: support __HAVE_ARCH_PTE_SWP_EXCLUSIVE on all architectures with swap PTEs". - Mel Gorman and Neil Brown have removed the __GFP_ATOMIC allocation flag in the series "Discard __GFP_ATOMIC". - Sergey Senozhatsky has improved zsmalloc's memory utilization with his series "zsmalloc: make zspage chain size configurable". - Joey Gouly has added prctl() support for prohibiting the creation of writeable+executable mappings. The previous BPF-based approach had shortcomings. See "mm: In-kernel support for memory-deny-write-execute (MDWE)". - Waiman Long did some kmemleak cleanup and bugfixing in the series "mm/kmemleak: Simplify kmemleak_cond_resched() & fix UAF". - T.J. Alumbaugh has contributed some MGLRU cleanup work in his series "mm: multi-gen LRU: improve". - Jiaqi Yan has provided some enhancements to our memory error statistics reporting, mainly by presenting the statistics on a per-node basis. See the series "Introduce per NUMA node memory error statistics". - Mel Gorman has a second and hopefully final shot at fixing a CPU-hog regression in compaction via his series "Fix excessive CPU usage during compaction". - Christoph Hellwig does some vmalloc maintenance work in the series "cleanup vfree and vunmap". - Christoph Hellwig has removed block_device_operations.rw_page() in ths series "remove ->rw_page". - We get some maple_tree improvements and cleanups in Liam Howlett's series "VMA tree type safety and remove __vma_adjust()". - Suren Baghdasaryan has done some work on the maintainability of our vm_flags handling in the series "introduce vm_flags modifier functions". - Some pagemap cleanup and generalization work in Mike Rapoport's series "mm, arch: add generic implementation of pfn_valid() for FLATMEM" and "fixups for generic implementation of pfn_valid()" - Baoquan He has done some work to make /proc/vmallocinfo and /proc/kcore better represent the real state of things in his series "mm/vmalloc.c: allow vread() to read out vm_map_ram areas". - Jason Gunthorpe rationalized the GUP system's interface to the rest of the kernel in the series "Simplify the external interface for GUP". - SeongJae Park wishes to migrate people from DAMON's debugfs interface over to its sysfs interface. To support this, we'll temporarily be printing warnings when people use the debugfs interface. See the series "mm/damon: deprecate DAMON debugfs interface". - Andrey Konovalov provided the accurately named "lib/stackdepot: fixes and clean-ups" series. - Huang Ying has provided a dramatic reduction in migration's TLB flush IPI rates with the series "migrate_pages(): batch TLB flushing". - Arnd Bergmann has some objtool fixups in "objtool warning fixes". * tag 'mm-stable-2023-02-20-13-37' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (505 commits) include/linux/migrate.h: remove unneeded externs mm/memory_hotplug: cleanup return value handing in do_migrate_range() mm/uffd: fix comment in handling pte markers mm: change to return bool for isolate_movable_page() mm: hugetlb: change to return bool for isolate_hugetlb() mm: change to return bool for isolate_lru_page() mm: change to return bool for folio_isolate_lru() objtool: add UACCESS exceptions for __tsan_volatile_read/write kmsan: disable ftrace in kmsan core code kasan: mark addr_has_metadata __always_inline mm: memcontrol: rename memcg_kmem_enabled() sh: initialize max_mapnr m68k/nommu: add missing definition of ARCH_PFN_OFFSET mm: percpu: fix incorrect size in pcpu_obj_full_size() maple_tree: reduce stack usage with gcc-9 and earlier mm: page_alloc: call panic() when memoryless node allocation fails mm: multi-gen LRU: avoid futile retries migrate_pages: move THP/hugetlb migration support check to simplify code migrate_pages: batch flushing TLB migrate_pages: share more code between _unmap and _move ...
| * mm: replace vma->vm_flags direct modifications with modifier callsSuren Baghdasaryan2023-02-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace direct modifications to vma->vm_flags with calls to modifier functions to be able to track flag changes and to keep vma locking correctness. [akpm@linux-foundation.org: fix drivers/misc/open-dice.c, per Hyeonggon Yoo] Link: https://lkml.kernel.org/r/20230126193752.297968-5-surenb@google.com Signed-off-by: Suren Baghdasaryan <surenb@google.com> Acked-by: Michal Hocko <mhocko@suse.com> Acked-by: Mel Gorman <mgorman@techsingularity.net> Acked-by: Mike Rapoport (IBM) <rppt@kernel.org> Acked-by: Sebastian Reichel <sebastian.reichel@collabora.com> Reviewed-by: Liam R. Howlett <Liam.Howlett@Oracle.com> Reviewed-by: Hyeonggon Yoo <42.hyeyoo@gmail.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Arjun Roy <arjunroy@google.com> Cc: Axel Rasmussen <axelrasmussen@google.com> Cc: David Hildenbrand <david@redhat.com> Cc: David Howells <dhowells@redhat.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: David Rientjes <rientjes@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Greg Thelen <gthelen@google.com> Cc: Hugh Dickins <hughd@google.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Jann Horn <jannh@google.com> Cc: Joel Fernandes <joelaf@google.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Kent Overstreet <kent.overstreet@linux.dev> Cc: Laurent Dufour <ldufour@linux.ibm.com> Cc: Lorenzo Stoakes <lstoakes@gmail.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Minchan Kim <minchan@google.com> Cc: Paul E. McKenney <paulmck@kernel.org> Cc: Peter Oskolkov <posk@google.com> Cc: Peter Xu <peterx@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Punit Agrawal <punit.agrawal@bytedance.com> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Cc: Shakeel Butt <shakeelb@google.com> Cc: Soheil Hassas Yeganeh <soheil@google.com> Cc: Song Liu <songliubraving@fb.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Will Deacon <will@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
* | Drivers: hv: Make remove callback of hyperv driver void returnedDawei Li2023-01-171-3/+2
|/ | | | | | | | | | | | | | Since commit fc7a6209d571 ("bus: Make remove callback return void") forces bus_type::remove be void-returned, it doesn't make much sense for any bus based driver implementing remove callbalk to return non-void to its caller. As such, change the remove function for Hyper-V VMBus based drivers to return void. Signed-off-by: Dawei Li <set_pte_at@outlook.com> Link: https://lore.kernel.org/r/TYCP286MB2323A93C55526E4DF239D3ACCAFA9@TYCP286MB2323.JPNP286.PROD.OUTLOOK.COM Signed-off-by: Wei Liu <wei.liu@kernel.org>
* uio: uio_dmem_genirq: Use non-atomic bit operations in irq config and handlingRafael Mendonca2022-11-101-3/+8
| | | | | | | | | | | | | This finishes the port of the irq configuration and handling from "uio_pdrv_genirq" to "uio_dmem_genirq". It changes the atomic bit-manipulation routines to their non-atomic counterparts as we are already guarding the code by spinlock. Split out from commit 34cb27528398 ("UIO: Fix concurrency issue"). Signed-off-by: Rafael Mendonca <rafaelmendsr@gmail.com> Link: https://lore.kernel.org/r/20220930224100.816175-4-rafaelmendsr@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: uio_dmem_genirq: Fix deadlock between irq config and handlingRafael Mendonca2022-11-101-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | This fixes a concurrency issue addressed in commit 34cb27528398 ("UIO: Fix concurrency issue"): "In a SMP case there was a race condition issue between Uio_pdrv_genirq_irqcontrol() running on one CPU and irq handler on another CPU. Fix it by spin_locking shared resources access inside irq handler." The implementation of "uio_dmem_genirq" was based on "uio_pdrv_genirq" and it is used in a similar manner to the "uio_pdrv_genirq" driver with respect to interrupt configuration and handling. At the time "uio_dmem_genirq" was merged, both had the same implementation of the 'uio_info' handlers irqcontrol() and handler(), thus, both had the same concurrency issue mentioned by the above commit. However, the above patch was only applied to the "uio_pdrv_genirq" driver. Split out from commit 34cb27528398 ("UIO: Fix concurrency issue"). Fixes: 0a0c3b5a24bd ("Add new uio device for dynamic memory allocation") Signed-off-by: Rafael Mendonca <rafaelmendsr@gmail.com> Link: https://lore.kernel.org/r/20220930224100.816175-3-rafaelmendsr@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: uio_dmem_genirq: Fix missing unlock in irq configurationRafael Mendonca2022-11-101-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit b74351287d4b ("uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()") started calling disable_irq() without holding the spinlock because it can sleep. However, that fix introduced another bug: if interrupt is already disabled and a new disable request comes in, then the spinlock is not unlocked: root@localhost:~# printf '\x00\x00\x00\x00' > /dev/uio0 root@localhost:~# printf '\x00\x00\x00\x00' > /dev/uio0 root@localhost:~# [ 14.851538] BUG: scheduling while atomic: bash/223/0x00000002 [ 14.851991] Modules linked in: uio_dmem_genirq uio myfpga(OE) bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper drm snd_pcm ppdev joydev psmouse snd_timer snd e1000fb_sys_fops syscopyarea parport sysfillrect soundcore sysimgblt input_leds pcspkr i2c_piix4 serio_raw floppy evbug qemu_fw_cfg mac_hid pata_acpi ip_tables x_tables autofs4 [last unloaded: parport_pc] [ 14.854206] CPU: 0 PID: 223 Comm: bash Tainted: G OE 6.0.0-rc7 #21 [ 14.854786] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 [ 14.855664] Call Trace: [ 14.855861] <TASK> [ 14.856025] dump_stack_lvl+0x4d/0x67 [ 14.856325] dump_stack+0x14/0x1a [ 14.856583] __schedule_bug.cold+0x4b/0x5c [ 14.856915] __schedule+0xe81/0x13d0 [ 14.857199] ? idr_find+0x13/0x20 [ 14.857456] ? get_work_pool+0x2d/0x50 [ 14.857756] ? __flush_work+0x233/0x280 [ 14.858068] ? __schedule+0xa95/0x13d0 [ 14.858307] ? idr_find+0x13/0x20 [ 14.858519] ? get_work_pool+0x2d/0x50 [ 14.858798] schedule+0x6c/0x100 [ 14.859009] schedule_hrtimeout_range_clock+0xff/0x110 [ 14.859335] ? tty_write_room+0x1f/0x30 [ 14.859598] ? n_tty_poll+0x1ec/0x220 [ 14.859830] ? tty_ldisc_deref+0x1a/0x20 [ 14.860090] schedule_hrtimeout_range+0x17/0x20 [ 14.860373] do_select+0x596/0x840 [ 14.860627] ? __kernel_text_address+0x16/0x50 [ 14.860954] ? poll_freewait+0xb0/0xb0 [ 14.861235] ? poll_freewait+0xb0/0xb0 [ 14.861517] ? rpm_resume+0x49d/0x780 [ 14.861798] ? common_interrupt+0x59/0xa0 [ 14.862127] ? asm_common_interrupt+0x2b/0x40 [ 14.862511] ? __uart_start.isra.0+0x61/0x70 [ 14.862902] ? __check_object_size+0x61/0x280 [ 14.863255] core_sys_select+0x1c6/0x400 [ 14.863575] ? vfs_write+0x1c9/0x3d0 [ 14.863853] ? vfs_write+0x1c9/0x3d0 [ 14.864121] ? _copy_from_user+0x45/0x70 [ 14.864526] do_pselect.constprop.0+0xb3/0xf0 [ 14.864893] ? do_syscall_64+0x6d/0x90 [ 14.865228] ? do_syscall_64+0x6d/0x90 [ 14.865556] __x64_sys_pselect6+0x76/0xa0 [ 14.865906] do_syscall_64+0x60/0x90 [ 14.866214] ? syscall_exit_to_user_mode+0x2a/0x50 [ 14.866640] ? do_syscall_64+0x6d/0x90 [ 14.866972] ? do_syscall_64+0x6d/0x90 [ 14.867286] ? do_syscall_64+0x6d/0x90 [ 14.867626] entry_SYSCALL_64_after_hwframe+0x63/0xcd [...] stripped [ 14.872959] </TASK> ('myfpga' is a simple 'uio_dmem_genirq' driver I wrote to test this) The implementation of "uio_dmem_genirq" was based on "uio_pdrv_genirq" and it is used in a similar manner to the "uio_pdrv_genirq" driver with respect to interrupt configuration and handling. At the time "uio_dmem_genirq" was introduced, both had the same implementation of the 'uio_info' handlers irqcontrol() and handler(). Then commit 34cb27528398 ("UIO: Fix concurrency issue"), which was only applied to "uio_pdrv_genirq", ended up making them a little different. That commit, among other things, changed disable_irq() to disable_irq_nosync() in the implementation of irqcontrol(). The motivation there was to avoid a deadlock between irqcontrol() and handler(), since it added a spinlock in the irq handler, and disable_irq() waits for the completion of the irq handler. By changing disable_irq() to disable_irq_nosync() in irqcontrol(), we also avoid the sleeping-while-atomic bug that commit b74351287d4b ("uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()") was trying to fix. Thus, this fixes the missing unlock in irqcontrol() by importing the implementation of irqcontrol() handler from the "uio_pdrv_genirq" driver. In the end, it reverts commit b74351287d4b ("uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()") and change disable_irq() to disable_irq_nosync(). It is worth noting that this still does not address the concurrency issue fixed by commit 34cb27528398 ("UIO: Fix concurrency issue"). It will be addressed separately in the next commits. Split out from commit 34cb27528398 ("UIO: Fix concurrency issue"). Fixes: b74351287d4b ("uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()") Signed-off-by: Rafael Mendonca <rafaelmendsr@gmail.com> Link: https://lore.kernel.org/r/20220930224100.816175-2-rafaelmendsr@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: uio_fsl_elbc_gpcm: Replace NO_IRQ by 0Christophe Leroy2022-11-101-3/+3
| | | | | | | | | | | | | | NO_IRQ is used to check the return of irq_of_parse_and_map(). On some architecture NO_IRQ is 0, on other architectures it is -1. irq_of_parse_and_map() returns 0 on error, independent of NO_IRQ. So use 0 instead of using NO_IRQ. Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> Link: https://lore.kernel.org/r/68ccdf51811ab26bdb452babf17ae860fa4900c2.1665034535.git.christophe.leroy@csgroup.eu Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: dfl: add IOPLL user-clock feature idPeter Colberg2022-09-011-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add a Device Feature List (DFL) feature id [1] for the configurable IOPLL user clock source, which can be used to configure the clock speeds that are used for RTL logic that is programmed into the Partial Reconfiguration (PR) region of an FPGA. The IOPLL user-space driver [2] contains frequency tables [3] with the specific user clock frequencies for an implementation. For each desired frequency, the table values are produced by calling the quartus tool, the same tool that generates the IOPLL RTL logic. The quartus tool allows the RTL designer to select different options which can affect the table values. The table-driven, user-space driver allows for supporting future, modified implementations and provides users the ability to modify the IOPLL implementation. [1] https://github.com/OPAE/dfl-feature-id [2] https://github.com/OPAE/opae-sdk/blob/a494f54a9f0356d0425edbff228f0254a4c70303/libraries/plugins/xfpga/usrclk/fpga_user_clk.c [3] https://github.com/OPAE/opae-sdk/blob/a494f54a9f0356d0425edbff228f0254a4c70303/libraries/plugins/xfpga/usrclk/fpga_user_clk_freq.h Acked-by: Xu Yilun <yilun.xu@intel.com> Signed-off-by: Russ Weight <russell.h.weight@intel.com> Signed-off-by: Peter Colberg <peter.colberg@intel.com> Link: https://lore.kernel.org/r/20220831204851.4683-1-peter.colberg@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_30.RULE ↵Thomas Gleixner2022-06-101-9/+1
| | | | | | | | | | | | | | | | | | | | | | | (part 2) Based on the normalized pattern: this program is free software you can redistribute it and/or modify it under the terms of the gnu general public license as published by the free software foundation version 2 this program is distributed as is without any warranty of any kind whether express or implied without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference. Reviewed-by: Allison Randal <allison@lohutok.net> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: dfl: add HSSI subsystem feature idMatthew Gerlach2022-05-091-0/+2
| | | | | | | | | | | | | | | | | | | | | | | Add the Device Feature List (DFL) feature id for the High Speed Serial Interface (HSSI) Subsystem to the table of ids supported by the uio_dfl driver. The HSSI Subsystem is a configurable set of IP blocks to be used as part of a Ethernet or PCS/FEC/PMA pipeline. Like the Ethernet group used by the N3000 card, the HSSI Subsystem does not fully implement a network device from a Linux netdev perspective and is controlled and monitored from user space software via the uio interface. The Feature ID table of DFL can be found: https://github.com/OPAE/dfl-feature-id Reviewed-by: Tom Rix <trix@redhat.com> Acked-by: Xu Yilun <yilun.xu@intel.com> Signed-off-by: Matthew Gerlach <matthew.gerlach@linux.intel.com> Signed-off-by: Tianfei Zhang <tianfei.zhang@intel.com> Link: https://lore.kernel.org/r/20220505094129.686535-1-tianfei.zhang@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* UIO: use default_groups in kobj_typeGreg Kroah-Hartman2021-12-291-3/+5
| | | | | | | | | | | | There are currently 2 ways to create a set of sysfs files for a kobj_type, through the default_attrs field, and the default_groups field. Move the UIO code to use default_groups field which has been the preferred way since aa30f47cf666 ("kobject: Add support for default attribute groups to kobj_type") so that we can soon get rid of the obsolete default_attrs field. Link: https://lore.kernel.org/r/20211228131319.249324-1-gregkh@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: uio_dmem_genirq: Catch the ExceptionJiasheng Jiang2021-12-051-1/+5
| | | | | | | | | | The return value of dma_set_coherent_mask() is not always 0. To catch the exception in case that dma is not support the mask. Fixes: 0a0c3b5a24bd ("Add new uio device for dynamic memory allocation") Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Link: https://lore.kernel.org/r/20211204000326.1592687-1-jiasheng@iscas.ac.cn Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* Drivers: hv: vmbus: Mark vmbus ring buffer visible to host in Isolation VMTianyu Lan2021-10-281-10/+8
| | | | | | | | | | Mark vmbus ring buffer visible with set_memory_decrypted() when establish gpadl handle. Reviewed-by: Michael Kelley <mikelley@microsoft.com> Signed-off-by: Tianyu Lan <Tianyu.Lan@microsoft.com> Link: https://lore.kernel.org/r/20211025122116.264793-5-ltykernel@gmail.com Signed-off-by: Wei Liu <wei.liu@kernel.org>
* uio: Remove leading spaces in KconfigJuerg Haefliger2021-05-211-1/+1
| | | | | | | | | | | Remove leading spaces before tabs in Kconfig file(s) by running the following command: $ find drivers/uio -name 'Kconfig*' | xargs sed -r -i 's/^[ ]+\t/\t/' Signed-off-by: Juerg Haefliger <juergh@canonical.com> Link: https://lore.kernel.org/r/20210517095837.81783-1-juergh@canonical.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* Merge 50f09a3dd587 ("Merge tag 'char-misc-5.13-rc3' of ↵Greg Kroah-Hartman2021-05-212-4/+10
|\ | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc") into char-misc-next We want the char/misc driver fixes in here as well Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * uio_hv_generic: Fix another memory leak in error handling pathsChristophe JAILLET2021-05-141-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Memory allocated by 'vmbus_alloc_ring()' at the beginning of the probe function is never freed in the error handling path. Add the missing 'vmbus_free_ring()' call. Note that it is already freed in the .remove function. Fixes: cdfa835c6e5e ("uio_hv_generic: defer opening vmbus until first use") Cc: stable <stable@vger.kernel.org> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Link: https://lore.kernel.org/r/0d86027b8eeed8e6360bc3d52bcdb328ff9bdca1.1620544055.git.christophe.jaillet@wanadoo.fr Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * uio_hv_generic: Fix a memory leak in error handling pathsChristophe JAILLET2021-05-141-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | If 'vmbus_establish_gpadl()' fails, the (recv|send)_gpadl will not be updated and 'hv_uio_cleanup()' in the error handling path will not be able to free the corresponding buffer. In such a case, we need to free the buffer explicitly. Fixes: cdfa835c6e5e ("uio_hv_generic: defer opening vmbus until first use") Cc: stable <stable@vger.kernel.org> Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Link: https://lore.kernel.org/r/4fdaff557deef6f0475d02ba7922ddbaa1ab08a6.1620544055.git.christophe.jaillet@wanadoo.fr Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * uio/uio_pci_generic: fix return value changed in refactoringMartin Ågren2021-05-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit ef84928cff58 ("uio/uio_pci_generic: use device-managed function equivalents") was able to simplify various error paths thanks to no longer having to clean up on the way out. Some error paths were dropped, others were simplified. In one of those simplifications, the return value was accidentally changed from -ENODEV to -ENOMEM. Restore the old return value. Fixes: ef84928cff58 ("uio/uio_pci_generic: use device-managed function equivalents") Cc: stable <stable@vger.kernel.org> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Martin Ågren <martin.agren@gmail.com> Link: https://lore.kernel.org/r/20210422192240.1136373-1-martin.agren@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* | uio: uio_pci_generic: add memory resource mappingsFiras Ashkar2021-05-141-0/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | import memory resources from underlying pci device, thus allowing userspace applications to memory map those resources. without this change, current implementation, does not populate the memory maps and are not shown under the corresponding sysfs uio entry: root@apalis-imx8:~# echo "ad00 0122" > \ /sys/bus/pci/drivers/uio_pci_generic/new_id [ 55.736433] uio_pci_generic 0000:01:00.0: enabling device (0000 -> 0002) root@apalis-imx8:~# ls -lsrt /sys/class/uio/uio0/ 0 -rw-r--r-- 1 root root 4096 Apr 27 18:52 uevent 0 -r--r--r-- 1 root root 4096 Apr 27 18:52 version 0 -r--r--r-- 1 root root 4096 Apr 27 18:52 suppliers 0 lrwxrwxrwx 1 root root 0 Apr 27 18:52 subsystem -> ../../../../../../../../../class/uio 0 drwxr-xr-x 2 root root 0 Apr 27 18:52 power 0 -r--r--r-- 1 root root 4096 Apr 27 18:52 name 0 -r--r--r-- 1 root root 4096 Apr 27 18:52 event 0 lrwxrwxrwx 1 root root 0 Apr 27 18:52 device -> ../../../0000:01:00.0 0 -r--r--r-- 1 root root 4096 Apr 27 18:52 dev 0 -r--r--r-- 1 root root 4096 Apr 27 18:52 consumers root@apalis-imx8:~# with the proposed changed, have following instead: root@apalis-imx8:~# ls -lsrt /sys/class/uio/uio0/ 0 -rw-r--r-- 1 root root 4096 Apr 27 19:06 uevent 0 -r--r--r-- 1 root root 4096 Apr 27 19:06 version 0 -r--r--r-- 1 root root 4096 Apr 27 19:06 suppliers 0 lrwxrwxrwx 1 root root 0 Apr 27 19:06 subsystem -> ../../../../../../../../../class/uio 0 drwxr-xr-x 2 root root 0 Apr 27 19:06 power 0 -r--r--r-- 1 root root 4096 Apr 27 19:06 name 0 drwxr-xr-x 4 root root 0 Apr 27 19:06 maps 0 -r--r--r-- 1 root root 4096 Apr 27 19:06 event 0 lrwxrwxrwx 1 root root 0 Apr 27 19:06 device -> ../../../0000:01:00.0 0 -r--r--r-- 1 root root 4096 Apr 27 19:06 dev 0 -r--r--r-- 1 root root 4096 Apr 27 19:06 consumers root@apalis-imx8:~# root@apalis-imx8:~# ls -lsrt /sys/class/uio/uio0/maps/ 0 drwxr-xr-x 2 root root 0 Apr 27 19:07 map1 0 drwxr-xr-x 2 root root 0 Apr 27 19:07 map0 root@apalis-imx8:~# root@apalis-imx8:~# cat /sys/class/uio/uio0/maps/map1/addr 0x0000000062000000 root@apalis-imx8:~# root@apalis-imx8:~# cat /sys/class/uio/uio0/maps/map1/size 0x0000000000200000 root@apalis-imx8:~# tested on AltaData ARINC 429 MiniPCIE module on imx8qm-apalis-ixora-v1.2 Signed-off-by: Firas Ashkar <firas.ashkar@savoirfairelinux.com> Link: https://lore.kernel.org/r/20210427201046.4005820-1-firas.ashkar@savoirfairelinux.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* | uio: uio_aec: Use pci_iounmap instead of iounmapChristophe JAILLET2021-05-141-1/+1
|/ | | | | | | | | | | | 'pci_iomap()' is used in the probe and 'pci_iounmap()' in the error handling path of the probe. So keep things consistent and use 'pci_iounmap()' also in the remove function. Fixes: 1bafeb378e91 ("uio: add the uio_aec driver") Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Link: https://lore.kernel.org/r/f6b2a09a45658e8ef552aa34f0b8615dc1c35838.1620546705.git.christophe.jaillet@wanadoo.fr Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: uio_dfl: add userspace i/o driver for DFL busXu Yilun2021-03-283-0/+84
| | | | | | | | | | | | | This patch supports the DFL drivers be written in userspace. This is realized by exposing the userspace I/O device interfaces. The driver now only binds the ether group feature, which has no irq. So the irq support is not implemented yet. Reviewed-by: Tom Rix <trix@redhat.com> Signed-off-by: Xu Yilun <yilun.xu@intel.com> Link: https://lore.kernel.org/r/1615168776-8553-2-git-send-email-yilun.xu@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: uio_pci_generic: don't fail probe if pdev->irq equals to IRQ_NOTCONNECTEDJie Li2021-02-091-1/+1
| | | | | | | | | | | | | | | | | Some devices use 255 as default value of Interrupt Line register, and this maybe causes pdev->irq is set as IRQ_NOTCONNECTED in some scenarios. For example, NVMe controller connects to Intel Volume Management Device (VMD). In this situation, IRQ_NOTCONNECTED means INTx line is not connected, not fault. If bind uio_pci_generic to these devices, uio frame will return -ENOTCONN through request_irq. This patch allows binding uio_pci_generic to device with dev->irq of IRQ_NOTCONNECTED. Acked-by: Kyungsan Kim <ks0204.kim@samsung.com> Signed-off-by: Jie Li <jie6.li@samsung.com> Link: https://lore.kernel.org/r/1612153559-17028-1-git-send-email-jie6.li@samsung.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: uio_hv_generic: use devm_kzalloc() for private data allocAlexandru Ardelean2020-12-091-6/+2
| | | | | | | | | | | | This is a minor cleanup for the management of the private object of this driver. The allocation can be tied to the life-time of the hv_device object. This cleans up a bit the exit & error paths, since the object doesn't need to be explicitly free'd anymore. Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com> Link: https://lore.kernel.org/r/20201119154903.82099-4-alexandru.ardelean@analog.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: uio_fsl_elbc_gpcm: use device-managed allocatorsAlexandru Ardelean2020-12-091-23/+9
| | | | | | | | | | | | This change moves all the simple allocations to use device-managed allocator functions. This way their life-time is tied to the platform_device object, so when this gets free'd these allocations also get cleaned up. The final effect is that error & exit paths get cleaned up a bit. Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com> Link: https://lore.kernel.org/r/20201119154903.82099-3-alexandru.ardelean@analog.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: uio_aec: use devm_kzalloc() for uio_info objectAlexandru Ardelean2020-12-091-6/+2
| | | | | | | | | | The uio_info object is free'd last, so it's life-time is tied PCI device object. Using devm_kzalloc() cleans up the error path a bit and the exit path. Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com> Link: https://lore.kernel.org/r/20201119154903.82099-2-alexandru.ardelean@analog.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: uio_cif: use devm_kzalloc() for uio_info objectAlexandru Ardelean2020-12-091-6/+2
| | | | | | | | | | The uio_info object is free'd last, so it's life-time is tied PCI device object. Using devm_kzalloc() cleans up the error path a bit and the exit path. Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com> Link: https://lore.kernel.org/r/20201119154903.82099-1-alexandru.ardelean@analog.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: uio_netx: use devm_kzalloc() for or uio_info objectAlexandru Ardelean2020-12-091-6/+2
| | | | | | | | | This change uses the devm_kzalloc() function to tie the life-time of the uio_info object to PCI device. This cleans up the exit & error path a bit. Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com> Link: https://lore.kernel.org/r/20201120084207.50736-3-alexandru.ardelean@analog.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: uio_mf624: use devm_kzalloc() for uio_info objectAlexandru Ardelean2020-12-091-6/+2
| | | | | | | | | This change uses the devm_kzalloc() function to tie the life-time of the uio_info object to PCI device. This cleans up the exit & error path a bit. Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com> Link: https://lore.kernel.org/r/20201120084207.50736-2-alexandru.ardelean@analog.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: uio_sercos3: use device-managed functions for simple allocsAlexandru Ardelean2020-12-091-10/+4
| | | | | | | | | | | | This change converts the simple allocations [kzalloc()] to devm_kzalloc() tying the life-time of these objects to the PCI device object. It cleans up the error and exit path and bit, and does a minor correction that -ENOMEM is returned (vs -ENODEV) in case the 'priv' object cannot be allocated. Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com> Link: https://lore.kernel.org/r/20201120084207.50736-1-alexandru.ardelean@analog.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: uio_dmem_genirq: finalize conversion of probe to devm_ handlersAlexandru Ardelean2020-12-091-18/+10
| | | | | | | | | | This moves move pm_runtime_disable on a devm_add_action_or_reset() handler. And with the use of the devm_uio_register_device() function, the remove hook is no longer required. Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com> Link: https://lore.kernel.org/r/20201120075625.12272-2-alexandru.ardelean@analog.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: uio_dmem_genirq: convert simple allocations to device-managedAlexandru Ardelean2020-12-091-26/+8
| | | | | | | | | | | This change converts the simple allocations in the driver to used device-managed allocation functions. This removes the error path entirely in the probe function, and reduces some code in the remove function. Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com> Link: https://lore.kernel.org/r/20201120075625.12272-1-alexandru.ardelean@analog.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio/uio_pci_generic: remove unneeded pci_set_drvdata()Alexandru Ardelean2020-12-091-7/+1
| | | | | | | | | | | | | | | | The pci_get_drvdata() was moved during commit ef84928cff58 ("uio/uio_pci_generic: use device-managed function equivalents"). Storing a private object with pci_set_drvdata() doesn't make sense since that change, since there is no more pci_get_drvdata() call in the driver to retrieve the information. This change removes it. Fixes: ef84928cff58 ("uio/uio_pci_generic: use device-managed function equivalents") Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com> Link: https://lore.kernel.org/r/20201123143447.16829-1-alexandru.ardelean@analog.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: pruss: use devm_clk_get() for clk initAlexandru Ardelean2020-12-091-5/+2
| | | | | | | | | | This change uses devm_clk_get() to obtain a reference to the clock. It has the benefit that clk_put() is no longer required, and cleans up the exit & error path. Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com> Link: https://lore.kernel.org/r/20201119145059.48326-1-alexandru.ardelean@analog.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* Merge 5.10-rc4 into char-misc-nextGreg Kroah-Hartman2020-11-161-4/+6
|\ | | | | | | | | | | We need the char/misc fixes in here as well. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * uio: Fix use-after-free in uio_unregister_device()Shin'ichiro Kawasaki2020-11-091-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 8fd0e2a6df26 ("uio: free uio id after uio file node is freed") triggered KASAN use-after-free failure at deletion of TCM-user backstores [1]. In uio_unregister_device(), struct uio_device *idev is passed to uio_free_minor() to refer idev->minor. However, before uio_free_minor() call, idev is already freed by uio_device_release() during call to device_unregister(). To avoid reference to idev->minor after idev free, keep idev->minor value in a local variable. Also modify uio_free_minor() argument to receive the value. [1] BUG: KASAN: use-after-free in uio_unregister_device+0x166/0x190 Read of size 4 at addr ffff888105196508 by task targetcli/49158 CPU: 3 PID: 49158 Comm: targetcli Not tainted 5.10.0-rc1 #1 Hardware name: Supermicro Super Server/X10SRL-F, BIOS 2.0 12/17/2015 Call Trace: dump_stack+0xae/0xe5 ? uio_unregister_device+0x166/0x190 print_address_description.constprop.0+0x1c/0x210 ? uio_unregister_device+0x166/0x190 ? uio_unregister_device+0x166/0x190 kasan_report.cold+0x37/0x7c ? kobject_put+0x80/0x410 ? uio_unregister_device+0x166/0x190 uio_unregister_device+0x166/0x190 tcmu_destroy_device+0x1c4/0x280 [target_core_user] ? tcmu_release+0x90/0x90 [target_core_user] ? __mutex_unlock_slowpath+0xd6/0x5d0 target_free_device+0xf3/0x2e0 [target_core_mod] config_item_cleanup+0xea/0x210 configfs_rmdir+0x651/0x860 ? detach_groups.isra.0+0x380/0x380 vfs_rmdir.part.0+0xec/0x3a0 ? __lookup_hash+0x20/0x150 do_rmdir+0x252/0x320 ? do_file_open_root+0x420/0x420 ? strncpy_from_user+0xbc/0x2f0 ? getname_flags.part.0+0x8e/0x450 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f9e2bfc91fb Code: 73 01 c3 48 8b 0d 9d ec 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 54 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 6d ec 0c 00 f7 d8 64 89 01 48 RSP: 002b:00007ffdd2baafe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 RAX: ffffffffffffffda RBX: 00007f9e2beb44a0 RCX: 00007f9e2bfc91fb RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f9e1c20be90 RBP: 00007ffdd2bab000 R08: 0000000000000000 R09: 00007f9e2bdf2440 R10: 00007ffdd2baaf37 R11: 0000000000000246 R12: 00000000ffffff9c R13: 000055f9abb7e390 R14: 000055f9abcf9558 R15: 00007f9e2be7a780 Allocated by task 34735: kasan_save_stack+0x1b/0x40 __kasan_kmalloc.constprop.0+0xc2/0xd0 __uio_register_device+0xeb/0xd40 tcmu_configure_device+0x5a0/0xbc0 [target_core_user] target_configure_device+0x12f/0x760 [target_core_mod] target_dev_enable_store+0x32/0x50 [target_core_mod] configfs_write_file+0x2bb/0x450 vfs_write+0x1ce/0x610 ksys_write+0xe9/0x1b0 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Freed by task 49158: kasan_save_stack+0x1b/0x40 kasan_set_track+0x1c/0x30 kasan_set_free_info+0x1b/0x30 __kasan_slab_free+0x110/0x150 slab_free_freelist_hook+0x5a/0x170 kfree+0xc6/0x560 device_release+0x9b/0x210 kobject_put+0x13e/0x410 uio_unregister_device+0xf9/0x190 tcmu_destroy_device+0x1c4/0x280 [target_core_user] target_free_device+0xf3/0x2e0 [target_core_mod] config_item_cleanup+0xea/0x210 configfs_rmdir+0x651/0x860 vfs_rmdir.part.0+0xec/0x3a0 do_rmdir+0x252/0x320 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 The buggy address belongs to the object at ffff888105196000 which belongs to the cache kmalloc-2k of size 2048 The buggy address is located 1288 bytes inside of 2048-byte region [ffff888105196000, ffff888105196800) The buggy address belongs to the page: page:0000000098e6ca81 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105190 head:0000000098e6ca81 order:3 compound_mapcount:0 compound_pincount:0 flags: 0x17ffffc0010200(slab|head) raw: 0017ffffc0010200 dead000000000100 dead000000000122 ffff888100043040 raw: 0000000000000000 0000000000080008 00000001ffffffff ffff88810eb55c01 page dumped because: kasan: bad access detected page->mem_cgroup:ffff88810eb55c01 Memory state around the buggy address: ffff888105196400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888105196480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff888105196500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888105196580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888105196600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb Fixes: 8fd0e2a6df26 ("uio: free uio id after uio file node is freed") Cc: stable <stable@vger.kernel.org> Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com> Link: https://lore.kernel.org/r/20201102122819.2346270-1-shinichiro.kawasaki@wdc.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* | uio/uio_pci_generic: use device-managed function equivalentsAlexandru Ardelean2020-11-141-28/+9
| | | | | | | | | | | | | | | | | | | | | | | | This driver can be easily converted to use the device-managed allocator function and the PCI managed enable function. With these conversions the probe error paths are no longer needed and neither is the remove function. Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com> Link: https://lore.kernel.org/r/20201111113828.64992-1-alexandru.ardelean@analog.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* | uio: pruss: move simple allocations to dem_ equivalentsAlexandru Ardelean2020-11-131-20/+7
| | | | | | | | | | | | | | | | | | | | This change moves the simple allocations to their device-managed equivalents. This cleans up some error/exit paths. Signed-off-by: Alexandru Ardelean <alexandru.ardelean@analog.com> Link: https://lore.kernel.org/r/20201111112242.62116-1-alexandru.ardelean@analog.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* | uio: fix some kernel-doc markupsMauro Carvalho Chehab2020-11-091-2/+2
|/ | | | | | | | | | | | The definitions for (devm_)uio_register_device should be at the header file, as the macros are there. The ones inside uio.c refer, instead, to __(devm_)uio_register_device. Update them and add new kernel-doc markups for the macros. Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org> Link: https://lore.kernel.org/r/82ab7b68d271aeda7396e369ff8a629491b9d628.1603469755.git.mchehab+huawei@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: free uio id after uio file node is freedLang Dai2020-09-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | uio_register_device() do two things. 1) get an uio id from a global pool, e.g. the id is <A> 2) create file nodes like /sys/class/uio/uio<A> uio_unregister_device() do two things. 1) free the uio id <A> and return it to the global pool 2) free the file node /sys/class/uio/uio<A> There is a situation is that one worker is calling uio_unregister_device(), and another worker is calling uio_register_device(). If the two workers are X and Y, they go as below sequence, 1) X free the uio id <AAA> 2) Y get an uio id <AAA> 3) Y create file node /sys/class/uio/uio<AAA> 4) X free the file note /sys/class/uio/uio<AAA> Then it will failed at the 3rd step and cause the phenomenon we saw as it is creating a duplicated file node. Failure reports as follows: sysfs: cannot create duplicate filename '/class/uio/uio10' Call Trace: sysfs_do_create_link_sd.isra.2+0x9e/0xb0 sysfs_create_link+0x25/0x40 device_add+0x2c4/0x640 __uio_register_device+0x1c5/0x576 [uio] adf_uio_init_bundle_dev+0x231/0x280 [intel_qat] adf_uio_register+0x1c0/0x340 [intel_qat] adf_dev_start+0x202/0x370 [intel_qat] adf_dev_start_async+0x40/0xa0 [intel_qat] process_one_work+0x14d/0x410 worker_thread+0x4b/0x460 kthread+0x105/0x140 ? process_one_work+0x410/0x410 ? kthread_bind+0x40/0x40 ret_from_fork+0x1f/0x40 Code: 85 c0 48 89 c3 74 12 b9 00 10 00 00 48 89 c2 31 f6 4c 89 ef e8 ec c4 ff ff 4c 89 e2 48 89 de 48 c7 c7 e8 b4 ee b4 e8 6a d4 d7 ff <0f> 0b 48 89 df e8 20 fa f3 ff 5b 41 5c 41 5d 5d c3 66 0f 1f 84 ---[ end trace a7531c1ed5269e84 ]--- c6xxvf b002:00:00.0: Failed to register UIO devices c6xxvf b002:00:00.0: Failed to register UIO devices Signed-off-by: Lang Dai <lang.dai@intel.com> Link: https://lore.kernel.org/r/1600054002-17722-1-git-send-email-lang.dai@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* Merge branch 'char-misc-linus' into 'char-misc-next'Greg Kroah-Hartman2020-07-101-2/+2
|\ | | | | | | | | | | We need the virtbox changes in here as well to build on top of. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * uio_pdrv_genirq: fix use without device tree and no interruptEsben Haabendal2020-07-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While e3a3c3a20555 ("UIO: fix uio_pdrv_genirq with device tree but no interrupt") added support for using uio_pdrv_genirq for devices without interrupt for device tree platforms, the removal of uio_pdrv in 26dac3c49d56 ("uio: Remove uio_pdrv and use uio_pdrv_genirq instead") broke the support for non device tree platforms. This change fixes this, so that uio_pdrv_genirq can be used without interrupt on all platforms. This still leaves the support that uio_pdrv had for custom interrupt handler lacking, as uio_pdrv_genirq does not handle it (yet). Fixes: 26dac3c49d56 ("uio: Remove uio_pdrv and use uio_pdrv_genirq instead") Signed-off-by: Esben Haabendal <esben@geanix.com> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200701145659.3978-3-esben@geanix.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| * uio_pdrv_genirq: Remove warning when irq is not specifiedEsben Haabendal2020-07-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Since e3a3c3a20555 ("UIO: fix uio_pdrv_genirq with device tree but no interrupt"), the uio_pdrv_genirq has supported use without interrupt, so the change in 7723f4c5ecdb ("driver core: platform: Add an error message to") added false warnings for those cases. Fixes: 7723f4c5ecdb ("driver core: platform: Add an error message to platform_get_irq*()") Signed-off-by: Esben Haabendal <esben@geanix.com> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200701145659.3978-2-esben@geanix.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* | uio: disable lazy irq disable to avoid double fireThommy Jakobsson2020-07-032-0/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | uio_pdrv_genirq and uio_dmem_genirq interrupts are handled in userspace. So the condition for the interrupt hasn't normally not been cleared when top half returns. disable_irq_nosync is called in top half, but since that normally is lazy the irq isn't actually disabled. For level triggered interrupts this will always result in a spurious additional fire since the level in to the interrupt controller still is active. The actual interrupt handler isn't run though since this spurious irq is just recorded, and later on discared (for level). This commit disables lazy masking for level triggered interrupts. It leaves edge triggered interrupts as before, because they work with the lazy scheme. All other UIO drivers already seem to clear the interrupt cause at driver levels. Example of double fire. First goes all the way up to uio_pdrv_genirq_handler, second is terminated in handle_fasteoi_irq and marked as pending. <idle>-0 [000] d... 8.245870: gic_handle_irq: irq 29 <idle>-0 [000] d.h. 8.245873: uio_pdrv_genirq_handler: disable irq 29 <idle>-0 [000] d... 8.245878: gic_handle_irq: irq 29 <idle>-0 [000] d.h. 8.245880: handle_fasteoi_irq: irq 29 PENDING HInt-34 [001] d... 8.245897: uio_pdrv_genirq_irqcontrol: enable irq 29 Tested on 5.7rc2 using uio_pdrv_genirq and a custom Xilinx MPSoC board. Signed-off-by: Thommy Jakobsson <thommyj@gmail.com> Link: https://lore.kernel.org/r/20200628141229.16121-1-thommyj@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* | uio_pdrv_genirq: Allow use with non-page-aligned memory resourcesEsben Haabendal2020-07-031-2/+4
|/ | | | | | | | | | | | Similar to the changes made in 270579d95f82 ("uio_mf624: Align memory regions to page size and set correct offsets"), this will allow uio_pdrv_genirq devices to expose memory regions that is not page-aligned, requiring the users to respect the offset sysfs attribute (as implemented in libuio). Signed-off-by: Esben Haabendal <esben@geanix.com> Link: https://lore.kernel.org/r/20200701145659.3978-4-esben@geanix.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio_hv_generic: add missed sysfs_remove_bin_fileChuhong Yuan2020-05-151-0/+1
| | | | | | | | | | This driver calls sysfs_create_bin_file() in probe, but forgets to call sysfs_remove_bin_file() in remove. Add the missed call to fix it. Signed-off-by: Chuhong Yuan <hslester96@gmail.com> Link: https://lore.kernel.org/r/20200507151343.792816-1-hslester96@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* uio: remove unneeded variable "ret" in uio_dmem_genirq_openJason Yan2020-04-281-2/+1
| | | | | | | | | | | Fix the following coccicheck warning: drivers/uio/uio_dmem_genirq.c:47:5-8: Unneeded variable: "ret". Return "0" on line 71 Signed-off-by: Jason Yan <yanaijie@huawei.com> Link: https://lore.kernel.org/r/20200428063155.42349-1-yanaijie@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>