Age | Commit message (Collapse) | Author |
|
All the users of siginmask() must ensure that sig < SIGRTMIN. sig_fatal()
doesn't and this is wrong:
UBSAN: Undefined behaviour in kernel/signal.c:911:6
shift exponent 32 is too large for 32-bit type 'long unsigned int'
the patch doesn't add the neccesary check to sig_fatal(), it moves the
check into siginmask() and updates other callers.
Link: http://lkml.kernel.org/r/20160517195052.GA15187@redhat.com
Reported-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[Backport from mainline to remove UBSAN warning in sending signal]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Icb12de70772b563ba112f5f6e490731e4db119d1
|
|
Several people have reported that UBSAN doesn't like the pointer
arithmetic in ehci_hub_control():
u32 __iomem *status_reg = &ehci->regs->port_status[
(wIndex & 0xff) - 1];
u32 __iomem *hostpc_reg = &ehci->regs->hostpc[(wIndex & 0xff) - 1];
If wIndex is 0 (and it often is), these calculations underflow and
UBSAN complains.
According to the C standard, pointer computations leading to locations
outside the bounds of an array object (other than 1 position past the
end) are undefined. In this case, the compiler would be justified in
concluding the wIndex can never be 0 and then optimizing away the
tests for !wIndex that occur later in the subroutine. (Although,
since ehci->regs->port_status and ehci->regs->hostpc are both 0-length
arrays and are thus GCC extensions to the C standard, it's not clear
what the compiler is really allowed to do.)
At any rate, we can avoid all these difficulties, at the cost of
making the code slightly longer, by not decrementing the index when it
is equal to 0. The runtime effect is minimal, and anyway
ehci_hub_control() is not on a hot path.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
Reported-by: Meelis Roos <mroos@linux.ee>
Reported-by: Martin_MOKREJÅ <mmokrejs@gmail.com>
Reported-by: "Navin P.S" <navinp1912@gmail.com>
CC: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[Backport from mainline to remove UBSAN warning on usb-ehci]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Iead9feb0ae5b53d48baa7603f1808fc898b31127
|
|
To enable UBSAN on arm, this patch enables ARCH_HAS_UBSAN_SANITIZE_ALL
from arm confiuration. Basic kernel booting is tested on arm kernel
enabled CONFIG_UBSAN_SANITIZE_ALL from Exynos5422 based Odroid-XU3
board.
Change-Id: I9480a9af713b88eff2a90df11f78e1feb97eac30
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
In cpu_v7_do_suspend routine, r11 is used while it is NOT
saved/restored, different compiler may have different usage
of ARM general registers, so it may cause issues during
calling cpu_v7_do_suspend.
We meet kernel fault occurs when using GCC 4.8.3, r11 contains
valid value before calling into cpu_v7_do_suspend, but when returned
from this routine, r11 is corrupted and lead to kernel fault.
Doing save/restore for those corrupted registers is a must in
assemble code.
Signed-off-by: Anson Huang <Anson.Huang@freescale.com>
Reviewed-by: Nicolas Pitre <nico@linaro.org>
Cc: <stable@vger.kernel.org> # v3.3+
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
[Backport from mainline to fix boot hangup on arm with UBSAN]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I2c0bb7b8e9d4a0489a4e9e08c65ed7b39fea9ee8
|
|
For extended eint bank, it should use maks1 for bit from 32 to 63
as its ext offset. So this patch fixes wakeup irq setting for
extended eit of exynos5433 with adding eint mask1 setting.
Without considering extended eint, setting wakeup on ext eint pin
causes wrong offset for eint mask, so UBSAN warning is repored
like following:
UBSAN: Undefined behaviour in drivers/pinctrl/samsung/pinctrl-exynos.c:376:26
shift exponent 8217 is too large for 64-bit type 'long unsigned int'
Call trace:
[<ffffffc00008f440>] dump_backtrace+0x0/0x218
[<ffffffc00008f668>] show_stack+0x10/0x20
[<ffffffc00159f3b8>] dump_stack+0x80/0xfc
[<ffffffc00159f558>] ubsan_epilogue+0x10/0x6c
[<ffffffc00159fe38>] __ubsan_handle_shift_out_of_bounds+0x188/0x1bc
[<ffffffc000785514>] exynos_wkup_irq_set_wake+0x104/0x138
[<ffffffc0001647b0>] set_irq_wake_real+0x70/0xc0
[<ffffffc000164a70>] irq_set_irq_wake+0x158/0x1b0
[...]
Change-Id: I6d55182609c982de702936ddb0045639df0e5ef0
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
Patch c89511d3180fe37cdee67f9bcd2876fefa26a057 was including in
not specifying the compilation status of some drivers in the RC
system.
In order to not compile them specify their entries with the "is
not set" flag in the config file.
Change-Id: I09ff34c020bc7fd039bfaf7d5ba177205f7256fa
Signed-off-by: Andi Shyti <andi.shyti@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Suggested-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
The tm2 and tm2e boards both have an irled connected to the
SPI MOSI line for remote controlling. Therefore, enable it in
their related device tree node.
Add the fixed regulator which powers the LED, as well.
Change-Id: Ie47bebae3efaebbd2d18b3e5f5d6fbec68486b1d
Signed-off-by: Andi Shyti <andi.shyti@samsung.com>
|
|
Enable the CONFIG_IR_SPI flag for the TM2 default
configuration.
Change-Id: Ic2f08b7b5480d7de4bb8442323e100742642405a
Signed-off-by: Andi Shyti <andi.shyti@samsung.com>
|
|
The ir-spi is a simple device driver which supports the
connection between an IR LED and the MOSI line of an SPI device.
The driver, indeed, uses the SPI framework to stream the raw data
provided by userspace through a character device. The chardev is
handled by the LIRC framework and its functionality basically
provides:
- raw write: data to be sent to the SPI and then streamed to the
MOSI line;
- set frequency: sets the frequency whith which the data should
be sent;
- set length: sets the data length. This information is
optional, if the length is set, then userspace should send raw
data only with that length; while if the length is set to '0',
then the driver will figure out himself the length of the data
based on the length of the data written on the character
device.
The latter is not recommended, though, as the driver, at
any write, allocates and deallocates a buffer where the data
from userspace are stored.
The driver provides three feedback commands:
- get length: reads the length set and (as mentioned), if the
length is '0' it will be calculated at any write
- get frequency: the driver reports the frequency. If userpace
doesn't set the frequency, the driver will use a default value
of 38000Hz.
The character device is created under /dev/lircX name, where X is
and ID assigned by the LIRC framework.
Example of usage:
int fd, ret;
ssize_t n;
uint32_t val = 0;
fd = open("/dev/lirc0", O_RDWR);
if (fd < 0) {
fprintf(stderr, "unable to open the device\n");
return -1;
}
/* ioctl set frequency and length parameters */
val = 6430;
ret = ioctl(fd, LIRC_SET_LENGTH, &val);
if (ret < 0)
fprintf(stderr, "LIRC_SET_LENGTH failed\n");
val = 608000;
ret = ioctl(fd, LIRC_SET_FREQUENCY, &val);
if (ret < 0)
fprintf(stderr, "LIRC_SET_FREQUENCY failed\n");
/* read back length and frequency parameters */
ret = ioctl(fd, LIRC_GET_LENGTH, &val);
if (ret < 0)
fprintf(stderr, "LIRC_GET_LENGTH failed\n");
else
fprintf(stdout, "legnth = %u\n", val);
ret = ioctl(fd, LIRC_GET_FREQUENCY, &val);
if (ret < 0)
fprintf(stderr, "LIRC_GET_FREQUENCY failed\n");
else
fprintf(stdout, "frequency = %u\n", val);
/* write data to device */
n = write(fd, b, 6430);
if (n < 0) {
fprintf(stderr, "unable to write to the device\n");
ret = -1;
} else if (n != 6430) {
fprintf(stderr, "failed to write everything, wrote %ld instead\n", n);
ret = -1;
} else {
fprintf(stdout, "written all the %ld data\n", n);
}
close(fd);
The driver supports multi task access, but all the processes
which hold the driver should use the same length and frequency
parameters.
Change-Id: I323d7dd4a56d6dcf48f2c695293822eb04bdb85f
Signed-off-by: Andi Shyti <andi.shyti@samsung.com>
|
|
The Lirc framework works mainly with receivers, but there is
nothing that prevents us from using it for transmitters as well.
For that we need to have more control on the device frequency to
set (which is a new concept fro LIRC) and we also need to provide
to userspace, as feedback, the values of the used frequency and
length.
Add the LIRC_SET_LENGTH, LIRC_GET_FREQUENCY and
LIRC_SET_FREQUENCY ioctl commands in order to allow the above
mentioned operations.
Change-Id: I50b08e4da89a61f4b14f8a2752b905bc9e4a1d34
Signed-off-by: Andi Shyti <andi.shyti@samsung.com>
|
|
The 'quirks' variable cannot ever be negative, therefore use u8
instead of int. The 8 bit size is given from the fact that
currently the quirks variable has very few statuses.
The rx_lvl_offset and tx_st_done store shift values, so that u8
is a proper size.
fifo_lvl_mask stores a series of masks, to be in we will keep the
32 bit size.
Change-Id: I949160c9dfd68d6dce5c2385c911269f5b6d1505
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Andi Shyti <andi.shyti@samsung.com>
|
|
The CS line might be disconneced ("broken"), therefore unused.
In this case, the device doesn't need to wait for the user to
handle the CS line for selecting the slave. The data will then be
automatically transferred without taking the CS line status into
account.
Change-Id: Ibddf87721b7d882efbdad9c978b79a3e19189b3e
Signed-off-by: Andi Shyti <andi.shyti@samsung.com>
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
|
|
The SPI 3 bus uses two clocks, a bus clock and an input clock.
Do not disable the clocks when unused in order to allow access to
the SPI 3 device.
Change-Id: I5fbc360e4b0ed2043b0bf1f2dd251f3e913082f3
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Andi Shyti <andi.shyti@samsung.com>
|
|
FIMD device is not used at all on Exynos5422-based Odroid XU3-lite and
XU4. XU3 board theorethically can support FIMD with DisplayPort
connector, but due to hw limitation/design it doesn't work in most
cases. It is also not even enabled in XU3 dts file.
FIMD node was enabled mainly due to limitation of early Exynos DRM
driver, which didn't initialize properly when no FIMD device was
available. This node can be now safely removed from XU3-common dtsi and
added layer to Odroid XU3 dts, when Display Port driver gets enabled.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Tested-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Reviewed-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
[mainline backport of commit 616d289abac9c63f5a5a56c0deb088360f4aed06]
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Change-Id: I616d289abac9c63f5a5a56c0deb088360f4aed06
|
|
The MFC IP is also inter-connected by an Async-Bridge so the CLK_ACLK333
has to be ungated during a power domain switch. Trying to do it when the
clock is gated will fail and lead to an imprecise external abort error
when the driver tries to access the MFC registers with the PD disabled.
For example, if the s5p-mfc module is removed and the MFC PD turned off:
[ 186.835606] Power domain power-domain@10044060 disable failed
[ 186.835671] s5p-mfc 11000000.codec: Removing 11000000.codec
[ 186.837670] Power domain power-domain@10044060 disable failed
And when the module is inserted again:
[ 2395.176956] s5p_mfc_wait_for_done_dev:34: Interrupt (dev->int_type:0, command:12) timed out
[ 2395.177031] s5p_mfc_init_hw:272: Failed to load firmware
[ 2395.177384] Unhandled fault: imprecise external abort (0x1406) at 0x00000000
[ 2395.177441] pgd = ec3b4000
[ 2395.177467] [00000000] *pgd=00000000
[ 2395.177507] Internal error: : 1406 [#1] PREEMPT SMP ARM
[ 2395.177550] Modules linked in: s5p_mfc mwifiex_sdio mwifiex uvcvideo s5p_jpeg v4l2_mem2mem videobuf2_vmalloc videobuf2_dma_contig videobuf2_memops videobuf2_v4l2 videobuf2_core v4l2_common videodev media [last unloaded: s5p_mfc]
[ 2395.177774] CPU: 1 PID: 2382 Comm: v4l_id Tainted: G W 4.6.0-rc6-next-20160502-00010-g7730dc64d2c1-dirty #179
[ 2395.177857] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
[ 2395.177906] task: ed275500 ti: e6c8c000 task.ti: e6c8c000
[ 2395.177996] PC is at s5p_mfc_reset+0x1c4/0x284 [s5p_mfc]
[ 2395.178057] LR is at s5p_mfc_reset+0x1a4/0x284 [s5p_mfc]
This patch fixes this issue by adding the CLK_ACLK333 as an Async-Bridge
clock for the MFC power domain, so the PD configuration works properly.
Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
Reviewed-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
[backport of mainline commit 94aed538e032d82287023beb9c59ee80f03a1493]
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Change-Id: I94aed538e032d82287023beb9c59ee80f03a1493
|
|
The aclk333 clock needs to be ungated during the MFC power domain switch,
so set the clock ID to allow the Exynos power domain logic to lookup this
clock if is defined in the MFC PD device tree node.
Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
Reviewed-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
[backport of mainline commit 34cba900375ec1751a87d3655ad03b9a5b022362]
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Change-Id: I34cba900375ec1751a87d3655ad03b9a5b022362
|
|
User-space applications can use the VIDIOC_REQBUFS ioctl to determine if a
memory mapped, user pointer or DMABUF based I/O is supported by the driver.
So a set of VIDIOC_REQBUFS ioctl calls will be made with count 0 and then
the real VIDIOC_REQBUFS call with count == n. But for count 0, the driver
not only frees the buffer but also closes the MFC instance and s5p_mfc_ctx
state is set to MFCINST_FREE.
The VIDIOC_REQBUFS handler for the output device checks if the s5p_mfc_ctx
state is set to MFCINST_INIT (which happens on an VIDIOC_S_FMT) and fails
otherwise. So after a VIDIOC_REQBUFS(n), future VIDIOC_REQBUFS(n) calls
will fails unless a VIDIOC_S_FMT ioctl calls happens before the reqbufs.
But applications may first set the format and then attempt to determine
the I/O methods supported by the driver (for example Gstramer does it) so
the state won't be set to MFCINST_INIT again and VIDIOC_REQBUFS will fail.
To avoid this issue, only free the buffers on VIDIOC_REQBUFS(0) but don't
close the MFC instance to allow future VIDIOC_REQBUFS(n) calls to succeed.
[javier: Rewrote changelog to explain the problem more detailed]
Signed-off-by: ayaka <ayaka@soulik.info>
Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
Acked-by: Nicolas Dufresne <nicolas@collabora.com>
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Acked-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
[backport of mainline commit 9bd5d8696fd50a10d830e2ad7f9d4e67e0bbbae2]
Signed-of-by: Marek Szyprowski <m.szyprowski@samsung.com>
Change-Id: I9bd5d8696fd50a10d830e2ad7f9d4e67e0bbbae2
|
|
The s5p_mfc_probe() function registers the video devices before all the
resources needed by s5p_mfc_open() are correctly initalized.
So if s5p_mfc_open() function is called before s5p_mfc_probe() finishes
(since the video dev is already registered), a NULL pointer dereference
will happen due s5p_mfc_open() accessing uninitialized vars such as the
struct s5p_mfc_dev .watchdog_timer and .mfc_ops fields.
An example is following BUG caused by add_timer() getting a NULL pointer:
[ 45.765374] kernel BUG at kernel/time/timer.c:790!
[ 45.765381] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
...
[ 45.766149] [<c016fdf4>] (mod_timer) from [<bf181d18>] (s5p_mfc_open+0x274/0x4d4 [s5p_mfc])
[ 45.766416] [<bf181d18>] (s5p_mfc_open [s5p_mfc]) from [<bf0214a0>] (v4l2_open+0x9c/0x100 [videodev])
[ 45.766547] [<bf0214a0>] (v4l2_open [videodev]) from [<c01e355c>] (chrdev_open+0x9c/0x178)
[ 45.766575] [<c01e355c>] (chrdev_open) from [<c01dceb4>] (do_dentry_open+0x1e0/0x300)
[ 45.766595] [<c01dceb4>] (do_dentry_open) from [<c01ec2f0>] (path_openat+0x800/0x10d4)
[ 45.766610] [<c01ec2f0>] (path_openat) from [<c01ed8b8>] (do_filp_open+0x5c/0xc0)
[ 45.766624] [<c01ed8b8>] (do_filp_open) from [<c01de218>] (do_sys_open+0x10c/0x1bc)
[ 45.766642] [<c01de218>] (do_sys_open) from [<c01078c0>] (ret_fast_syscall+0x0/0x3c)
[ 45.766655] Code: eaffffe3 e3a00001 e28dd008 e8bd81f0 (e7f001f2)
Fix it by registering the video devs as the last step in s5p_mfc_probe().
Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
[backport of mainline commit 6311f1261f59ce5e51fbe5cc3b5e7737197316ac]
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Change-Id: I43355e4eeaa913d3b63a41a5621a122f4771982f
|
|
This patch removes following UBSAN warnings in dw_mci_setup_bus().
UBSAN: Undefined behaviour in drivers/mmc/host/dw_mmc.c:1102:14
shift exponent 250 is too large for 32-bit type 'unsigned int'
Call trace:
[<ffffff90080908a8>] dump_backtrace+0x0/0x380
[<ffffff9008090c3c>] show_stack+0x14/0x20
[<ffffff90087457b8>] dump_stack+0xe0/0x120
[<ffffff90087b1360>] ubsan_epilogue+0x18/0x68
[<ffffff90087b1a94>] __ubsan_handle_shift_out_of_bounds+0x18c/0x1bc
[<ffffff9008d89cb8>] dw_mci_setup_bus+0x3a0/0x438
[...]
UBSAN: Undefined behaviour in drivers/mmc/host/dw_mmc.c:1132:27
shift exponent 250 is too large for 32-bit type 'unsigned int'
Call trace:
[<ffffff90080908a8>] dump_backtrace+0x0/0x380
[<ffffff9008090c3c>] show_stack+0x14/0x20
[<ffffff90087457b8>] dump_stack+0xe0/0x120
[<ffffff90087b1360>] ubsan_epilogue+0x18/0x68
[<ffffff90087b1a94>] __ubsan_handle_shift_out_of_bounds+0x18c/0x1bc
[<ffffff9008d89c9c>] dw_mci_setup_bus+0x384/0x438
[...]
The warnings are caused because of bit shift which is used to
filter spamming message for CONFIG_MMC_CLKGATE, but the config is
already removed. So this patch just removes the shift.
[Backport for current version.]
Change-Id: I1760db1b0e42ddd490aa7539e6c1474a047387c4
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
This enables the generic early_ioremap implementation for ARM.
It uses the fixmap region reserved for kmap. Since early_ioremap
is only supported before paging_init(), and kmap is only supported
afterwards, this is guaranteed not to cause any clashes.
Tested-by: Ryan Harkin <ryan.harkin@linaro.org>
Reviewed-by: Matt Fleming <matt@codeblueprint.co.uk>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
[backport from mainline to support ioremap on earlycon for arm target]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I4e2d88b47a4c1f31882632b702df6a627b109308
|
|
Add early fixmap support, initially to support permanent, fixed
mapping support for early console. A temporary, early pte is
created which is migrated to a permanent mapping in paging_init.
This is also needed since the attributes may change as the memory
types are initialized. The 3MiB range of fixmap spans two pte
tables, but currently only one pte is created for early fixmap
support.
Re-add FIX_KMAP_BEGIN to the index calculation in highmem.c since
the index for kmap does not start at zero anymore. This reverts
4221e2e6b316 ("ARM: 8031/1: fixmap: remove FIX_KMAP_BEGIN and
FIX_KMAP_END") to some extent.
Cc: Mark Salter <msalter@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Laura Abbott <lauraa@codeaurora.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
[backport from mainline to support ioremap on earlycon for arm target]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Ifeee5e94d70d87b74b8e0d2bb3b4d32f6d946a01
|
|
ROL on a 32 bit integer with a shift of 32 or more is undefined and the
result is arch-dependent. Avoid this by handling the trivial case of
roling by 0 correctly.
The trivial solution of checking if shift is 0 breaks gcc's detection
of this code as a ROL instruction, which is unacceptable.
This bug was reported and fixed in GCC
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57157):
The standard rotate idiom,
(x << n) | (x >> (32 - n))
is recognized by gcc (for concreteness, I discuss only the case that x
is an uint32_t here).
However, this is portable C only for n in the range 0 < n < 32. For n
== 0, we get x >> 32 which gives undefined behaviour according to the
C standard (6.5.7, Bitwise shift operators). To portably support n ==
0, one has to write the rotate as something like
(x << n) | (x >> ((-n) & 31))
And this is apparently not recognized by gcc.
Note that this is broken on older GCCs and will result in slower ROL.
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[Backport from mainline to fix ubsan report]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I47fcb9807778615fff4972fa92dc7b3143e0ef3d
|
|
-fsanitize=* options makes GCC less smart than usual and increase number
of 'maybe-uninitialized' false-positives. So this patch does two things:
* Add -Wno-maybe-uninitialized to CFLAGS_UBSAN which will disable all
such warnings for instrumented files.
* Remove CONFIG_UBSAN_SANITIZE_ALL from all[yes|mod]config builds. So
the all[yes|mod]config build goes without -fsanitize=* and still with
-Wmaybe-uninitialized.
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[backport from mainline for UBSAN]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Ia32d029540fcb5ebd19a3ac447a3b6333a173f84
|
|
To enable UBSAN on arm64, ARCH_HAS_UBSAN_SANITIZE_ALL need to be selected.
Basic kernel bootup test is passed on arm64 with CONFIG_UBSAN_SANITIZE_ALL
enabled.
Signed-off-by: Yang Shi <yang.shi@linaro.org>
Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Tested-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
[backport from mainline for UBSAN]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I1876783c89adf8c7f0328434ab41c556440b64ff
|
|
When enabling UBSAN_SANITIZE_ALL, the kernel image size gets increased
significantly (~3x). So, it sounds better to have some note in Kconfig.
And, fixed a typo.
Signed-off-by: Yang Shi <yang.shi@linaro.org>
Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[backport from mainline for UBSAN]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Ibd4183436723b1cad45eab0ffa5b0a8910edc0e6
|
|
UBSAN uses compile-time instrumentation to catch undefined behavior
(UB). Compiler inserts code that perform certain kinds of checks before
operations that could cause UB. If check fails (i.e. UB detected)
__ubsan_handle_* function called to print error message.
So the most of the work is done by compiler. This patch just implements
ubsan handlers printing errors.
GCC has this capability since 4.9.x [1] (see -fsanitize=undefined
option and its suboptions).
However GCC 5.x has more checkers implemented [2].
Article [3] has a bit more details about UBSAN in the GCC.
[1] - https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Debugging-Options.html
[2] - https://gcc.gnu.org/onlinedocs/gcc/Debugging-Options.html
[3] - http://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/
Issues which UBSAN has found thus far are:
Found bugs:
* out-of-bounds access - 97840cb67ff5 ("netfilter: nfnetlink: fix
insufficient validation in nfnetlink_bind")
undefined shifts:
* d48458d4a768 ("jbd2: use a better hash function for the revoke
table")
* 10632008b9e1 ("clockevents: Prevent shift out of bounds")
* 'x << -1' shift in ext4 -
http://lkml.kernel.org/r/<5444EF21.8020501@samsung.com>
* undefined rol32(0) -
http://lkml.kernel.org/r/<1449198241-20654-1-git-send-email-sasha.levin@oracle.com>
* undefined dirty_ratelimit calculation -
http://lkml.kernel.org/r/<566594E2.3050306@odin.com>
* undefined roundown_pow_of_two(0) -
http://lkml.kernel.org/r/<1449156616-11474-1-git-send-email-sasha.levin@oracle.com>
* [WONTFIX] undefined shift in __bpf_prog_run -
http://lkml.kernel.org/r/<CACT4Y+ZxoR3UjLgcNdUm4fECLMx2VdtfrENMtRRCdgHB2n0bJA@mail.gmail.com>
WONTFIX here because it should be fixed in bpf program, not in kernel.
signed overflows:
* 32a8df4e0b33f ("sched: Fix odd values in effective_load()
calculations")
* mul overflow in ntp -
http://lkml.kernel.org/r/<1449175608-1146-1-git-send-email-sasha.levin@oracle.com>
* incorrect conversion into rtc_time in rtc_time64_to_tm() -
http://lkml.kernel.org/r/<1449187944-11730-1-git-send-email-sasha.levin@oracle.com>
* unvalidated timespec in io_getevents() -
http://lkml.kernel.org/r/<CACT4Y+bBxVYLQ6LtOKrKtnLthqLHcw-BMp3aqP3mjdAvr9FULQ@mail.gmail.com>
* [NOTABUG] signed overflow in ktime_add_safe() -
http://lkml.kernel.org/r/<CACT4Y+aJ4muRnWxsUe1CMnA6P8nooO33kwG-c8YZg=0Xc8rJqw@mail.gmail.com>
[akpm@linux-foundation.org: fix unused local warning]
[akpm@linux-foundation.org: fix __int128 build woes]
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Michal Marek <mmarek@suse.cz>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Yury Gribov <y.gribov@samsung.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Kostya Serebryany <kcc@google.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[backport from mainline for UBSAN]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I216cb2d9dbfd9fc9e70b8e4515a0e34fcb68822f
|
|
On architectures that have support for efficient unaligned access struct
printk_log has 4-byte alignment. Specify alignment attribute in type
declaration.
The whole point of this patch is to fix deadlock which happening when
UBSAN detects unaligned access in printk() thus UBSAN recursively calls
printk() with logbuf_lock held by top printk() call.
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Michal Marek <mmarek@suse.cz>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Yury Gribov <y.gribov@samsung.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Kostya Serebryany <kcc@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[Backport from mainline for UBSAN]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I93d23dec2c1539faf21eb7242ccc328999950c01
|
|
From event handler, touch_id is used as index of array, but in can
be larger than array size, and it causes out of range access for
array. From event data of the fts hw, finger touch_id is only valid
when event_id is enter/leave/motion pointer event. So this patch
fixes to use touch_id as a array index only when the proper event_id
is received.
This issue is found by ubsan checker like following:
================================================================================
UBSAN: Undefined behaviour in drivers/input/touchscreen/fts_ts.c:342:15
index 13 is out of range for type 'fts_finger [10]'
CPU: 1 PID: 98 Comm: irq/150-fts_tou Not tainted 4.1.0-01159-gfb62846 #17
Hardware name: Samsung TM2 board (DT)
Call trace:
[<ffffffc00008f440>] dump_backtrace+0x0/0x218
[<ffffffc00008f668>] show_stack+0x10/0x20
[<ffffffc00159f378>] dump_stack+0x80/0xfc
[<ffffffc00159f518>] ubsan_epilogue+0x10/0x6c
[<ffffffc00159fef4>] __ubsan_handle_out_of_bounds+0xc8/0xf4
[<ffffffc000ceb980>] fts_interrupt_handler+0x570/0x678
[<ffffffc000165a98>] irq_thread+0x218/0x378
[<ffffffc0000ee30c>] kthread+0x194/0x240
================================================================================
Change-Id: I3b2195ee0eee39b16cd05552c19c26072706125d
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
This patch adds VR mode support.
For this, it creates a new sysfs file which is used by user-space
to enable or disable VR mode like below,
To enable,
echo 1 > /sys/devices/platform/soc/13900000.dsi/13900000.dsi.0/vr
To disable,
echo 0 > /sys/devices/platform/soc/13900000.dsi/13900000.dsi.0/vr
Actually, this patch enables mDNIe feature of Panel device and
updates its Display color temperature to 6500K for VR mode.
Change-Id: I4e9f15134f57fa200e63ac8fa9d94c5300d6a340
Signed-off-by: Inki Dae <inki.dae@samsung.com>
|
|
This patch adds build script for gbs/obs for tm2/tm2e.
Change-Id: I4bcd1a9d2b6ae26fd65e54f56c84624335192b8c
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
This patch fixes local build script to make fit image also and
x86_32 prebuilt mkimage tool to create fit image.
Also boot.img style image creation and tools for boot.img are
removed.
Change-Id: I7dedb2d40a8a5c672f01271951551b660c5f7013
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
For destination buffers, buf_id is valid only less than maximum
dest buffer count. So this patch fixes wrong buf_id access to
dma_channel.
Change-Id: I4c73ab90a2fc8e57ecb82f277d3d53c2e91b910a
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
This patch reverts arm64 defconfig into default defconfig in v4.1 and
adds tizen_tm2_defconfig. Also it fixes proper defconfig from local
build script.
Change-Id: Ic167bb2edc61f4fb25bade2e69e46f9549b7ae4e
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
MIC_BS_SIZE_2D depends only on hactive.
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Change-Id: Ie6120a2b6aef251f0bfb295b41666dac5f9c5e42
|
|
Panel datasheet is not clear about it but directly after dsi interface
setting and calibration of panel, DSIM/MIC should start transmission, panel
should then wait 120ms and finish its initialization.
The patch fixes frequent image loss on draco board.
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Change-Id: I194d5bae87bac0e436469d6f5949ee756656b16b
|
|
Tear-On sequence should have one argument.
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Change-Id: I37aa1c368ff691499e225fdd108e168fe0a449ac
|
|
The driver support 1440p and 1600p displays, to support both models correctly
it should send different frequency calibration sequence.
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Change-Id: Ic38d4eb357609be0d1a67c655c5c110559b08bd3
|
|
Panel TE interrupt was signaled with variable frequency 53-60 fps.
This patch fixes it to about 60 fps.
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Change-Id: Icf88caae7eed9ea540158a17a6745a0265948265
|
|
This restores support for asb clocks, which got lost during core rewrite.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Change-Id: Idc37a9814bd4825863960dc0e59486e07ddf9139
|
|
Exynos DRM GSC IPP subdriver supports only processing a single src/dst
buffer pair, so don't use any other buf_id to avoid accessing
uninitialized buffers (IOMMU page fault).
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Change-Id: I488bb9ee60e0fe8e711b9c116b04483ac99a66e9
|
|
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Change-Id: Ib621db7813a80d0a775968c5fadef5f25d0a92f5
|
|
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Change-Id: Ibfe361bdff955eb446b472a5edcd0df9800c1221
|
|
At least in the one frame processing mode which is the only mode supported
by the current gsc driver, the buf idx is not meaningful for the driver.
Because only one address in the buffer is valid at a time, so it is OK to
convert the invalid buf idx from userspace to a valid idx, process the
frame, and return the result with original buf idx.
Signed-off-by: Hyungwon Hwang <human.hwang@samsung.com>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Change-Id: I8257cd39e33382f214ce4573e4a79f15ea498aab
|
|
fixed"
This reverts commit 937b633eebe825aad14181b168c5b79eccad833d.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Change-Id: I488bb9ee60e0fe8e711b9c116b04483ac99a66e8
|
|
Video overlay plane should be registered only when suitable hardware
sub-block (Video Processor) is available.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
[backport of mainline commit ab14420125c3cd1111f57731f0f9359c4e64d76a
to let Enlightenment to use video/osd graphics plane]
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Change-Id: Iea4dd02abb408aa188b46f6ed099b0231ef99b6d
|
|
This patch removes unused config for pci binding in bcm4358 driver.
Change-Id: Ib82010c667224a9ed323c52f604e3183f62f42a7
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
This patch adds tizen-tm2 its file to create kernel image for u-boot.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
This patch enables usb cdc-acm driver config to support /dev/ttyACM#
nodes for ACM class devices.
Change-Id: I8531129aeabd504bb5f43a34379a1a2b6634a65c
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
This patch enables dm_crypto config instead of building as a
module to manage encrypted disk.
Change-Id: Ic1639439a473cc2cd2e5206de282798d2e9f3973
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
|
This patch enables cp210x usb serial driver. It is required to use
specific usb serial dongle.
Change-Id: I1e0a991ec4e467fd236a1806d672a42faa996081
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|