PD#173147: update dtc to v1.4.4
Fix the following compile error found on odroid-xu4:
checks.c: In function ‘check_simple_bus_reg’:
checks.c:876:41: error: format ‘%lx’ expects argument of type
‘long unsigned int’, but argument 4 has type
‘uint64_t{aka long long unsigned int}’ [-Werror=format=]
snprintf(unit_addr, sizeof(unit_addr), "%lx", reg);
^
checks.c:876:41: error: format ‘%lx’ expects argument of type
‘long unsigned int’, but argument 4 has type
‘uint64_t {aka long long unsigned int}’ [-Werror=format=]
cc1: all warnings being treated as errors
Makefile:304: recipe for target 'checks.o' failed
make: *** [checks.o] Error 1
Change-Id: I070dedf5201d8b299748ad4881b5f1a1a1c9ef4f
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
[dwg: Correct new format to be correct in general]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[robh: cherry-picked from upstream dtc commit 2a42b14d0d03]
Signed-off-by: Rob Herring <robh@kernel.org>
PD#173147: update dtc to v1.4.4
dtc gained new warnings checking PCI and simple buses, unit address
formatting, and stricter node and property name checking. Disable the
new dtc warnings by default as there are 1000s. As before, warnings are
enabled with W=1 or W=2. The strict node and property name checks are a
bit subjective, so they are only enabled for W=2.
Change-Id: Ic9253cdb1f27f59c73f7c337b96c3e8c5f876b20
Signed-off-by: Rob Herring <robh@kernel.org>
PD#173147: update dtc to v1.4.4
This adds the following commits from upstream:
756ffc4f52f6 Build pylibfdt as part of the normal build process
8cb3896358e9 Adjust libfdt.h to work with swig
b40aa8359aff Mention pylibfdt in the documentation
12cfb740cc76 Add tests for pylibfdt
50f250701631 Add an initial Python library for libfdt
cdbb2b6c7a3a checks: Warn on node name unit-addresses with '0x' or leading 0s
4c15d5da17cc checks: Add bus checks for simple-bus buses
33c3985226d3 checks: Add bus checks for PCI buses
558cd81bdd43 dtc: Bump version to v1.4.4
c17a811c62eb fdtput: Remove star from value_len documentation
194d5caaefcb fdtget: Use @return to document the return value
d922ecdd017b tests: Make realloc_fdt() really allocate *fdt
921cc17fec29 libfdt: overlay: Check the value of the right variable
9ffdf60bf463 dtc: Simplify asm_emit_string() implementation
881012e44386 libfdt: Change names of sparse helper macros
bad5b28049e5 Fix assorted sparse warnings
672ac09ea04d Clean up gcc attributes
49300f2ade6a dtc: Don't abuse struct fdt_reserve_entry
fa8bc7f928ac dtc: Bump version to v1.4.3
34a9886a177f Add printf format attributes
f72508e2b6ca Correct some broken printf() like format mismatches
397d5ef0203c libfdt: Add fdt_setprop_empty()
69a1bd6ad3f9 libfdt: Remove undefined behaviour setting empty properties
acd1b534a592 Print output filename as part of warning messages
120775eb1cf3 dtc: Use streq() in preference to strcmp()
852e9ecbe197 checks: Add Warning for stricter node name character checking
ef0e8f061534 checks: Add Warning for stricter property name character checking
00d7bb1f4b0e dtc: pos parameter to srcpos_string() can't be NULL
95d57726bca4 livetree.c: Fix memory leak
3b9c97093d6e dtc: Fix NULL pointer use in dtlabel + dtref case
43eb551426ea manual: Fix typo it -> in
4baf15f7f13f Makefile: Add tags rule
Change-Id: Ie5749e27d77b0baed3d6047f79c706036360f615
Signed-off-by: Rob Herring <robh@kernel.org>
PD#173147: update dtc to v1.4.4
Further automate the dtc update script to fill in the dtc version and
commit log.
Change-Id: I3830550bf108268db5b3783fe2053fbb0f81033d
Signed-off-by: Rob Herring <robh@kernel.org>
PD#173147: update dtc to v1.4.4
Sync to upstream dtc commit 0931cea3ba20 ("dtc: fdtdump: check fdt if
not in scanning mode"). In particular, this pulls in dtc overlay
support.
This adds the following commits from upstream:
f88865469b65 dtc: Fix memory leak in character literal parsing
00fbb8696b66 Rename boot_info
1ef86ad2c24f dtc: Clean up /dts-v1/ and /plugin/ handling in grammar
e3c769aa9c16 dtc: Don't always generate __symbols__ for plugins
c96cb3c0169e tests: Don't use -@ on plugin de/recompile tests
66381538ce24 tests: Remove "suppression of fixups" tests
ba765b273f0f tests: Clarify dtc overlay tests
6ea8cd944fcd tests: More thorough tests of libfdt overlay application without dtc
7d8ef6e1db97 tests: Correct fdt handling of overlays without fixups and base trees without symbols
b4dc0ed8b127 tests: Fix double expansion bugs in test code
3ea879dc0c8f tests: Split overlay tests into those with do/don't exercise dtc plugin generation
47b4d66a2f11 tests: Test auto-alias generation on base tree, not overlay
72e1ad811523 tests: Make overlay/plugin tests unconditional
e7b3c3b5951b tests: Add overlay tests
9637e3f772a9 tests: Add check_path test
20f29d8d41f6 dtc: Plugin and fixup support
a2c92cac53f8 dtc: Document the dynamic plugin internals
8f70ac39801d checks: Pass boot_info instead of root node
ea10f953878f libfdt: add missing errors to fdt_strerror()
daa75e8fa594 libfdt: fix fdt_stringlist_search()
e28eff5b787a libfdt: fix fdt_stringlist_count()
ae97c7722840 tests: overlay: Rename the device tree blobs to be more explicit
96162d2bd9cb tests: overlay: Add test suffix to the compiled blobs
5ce8634733b7 libfdt: Add fdt_overlay_apply to the exported symbols
804a9db90ad2 fdt: strerr: Remove spurious BADOVERLAY
e8c3a1a493fa tests: overlay: Move back the bad fixup tests
7a72d89d3f81 libfdt: overlay: Fix symbols and fixups nodes condition
cabbaa972cdd libfdt: overlay: Report a bad overlay for mismatching local fixups
deb0a5c1aeaa libfdt: Add BADPHANDLE error string
7b7a6be9ba15 libfdt: Don't use 'index' as a local variable name
aea8860d831e tests: Add tests cases for the overlay code
0cdd06c5135b libfdt: Add overlay application function
39240cc865cf libfdt: Extend the reach of FDT_ERR_BADPHANDLE
4aa3a6f5e6d9 libfdt: Add new errors for the overlay code
6d1832c9e64b dtc: Remove "home page" link
45fd440a9561 Fix some typing errors in libfdt.h and livetree.c
a59be4939c13 Merge tag 'v1.4.2'
a34bb721caca dtc: Fix assorted problems in the testcases for the -a option
874f40588d3e Implement the -a option to pad dtb aligned
ec02b34c05be dtc: Makefile improvements for release uploading
1ed45d40a137 dtc: Bump version to 1.4.2
36fd7331fb11 libfdt: simplify fdt_del_mem_rsv()
d877364e4a0f libfdt: Add fdt_setprop_inplace_namelen_partial
3e9037aaad44 libfdt: Add fdt_getprop_namelen_w
84e0e1346c68 libfdt: Add max phandle retrieval function
d29126c90acb libfdt: Add iterator over properties
902d0f0953d0 libfdt: Add a subnodes iterator macro
c539075ba8ba fdtput.c: Fix memory leak.
f79ddb83e185 fdtget.c: Fix memory leak
1074ee54b63f convert-dtsv0-lexer.l: fix memory leak
e24d39a024e6 fdtdump.c: make sure size_t argument to memchr is always unsigned.
44a59713cf05 Remove unused srcpos_dump() function
cb9241ae3453 DTC: Fix memory leak on flatname.
1ee0ae24ea09 Simplify check field and macro names
9d97527a8621 Remove property check functions
2e709d158e11 Remove tree check functions
c4cb12e193e3 Alter grammar to allow multiple /dts-v1/ tags
d71d25d76012 Use xasprintf() in srcpos
9dc404958e9c util: Add xasprintf portable asprintf variant
beef80b8b55f Correct a missing space in a fdt_header cast
68d43cec1253 Correct line lengths in libfdt.h
b0dbceafd49a Correct space-after-tab in libfdt.h
Change-Id: Id702488d3d676b3f6dfbe013ae152c55a3b967b3
Signed-off-by: Rob Herring <robh@kernel.org>
PD#173006: stb_dv: reload the previous lut when core2 meet CONST_TC2 flag
Change-Id: Id7fbcb353e0fc3804b30c505e38c4bbb3b01d3f6
Signed-off-by: Brian Zhu <brian.zhu@amlogic.com>
PD#172700
When open kasan, kernel paniced on P321:
Internal error: Oops: 96000005 [#1] PREEMPT SMP
PC is at strncmp+0x1e0/0x210
LR is at check_channel_mask+0x30/0xa8
[<ffffff900963ad10>] strncmp+0x1e0/0x210
[<ffffff9009e64418>] parse_speaker_channel_mask.isra.1+0x120/0x258
[<ffffff9009e6610c>] txl_chipset_init+0x8c/0xc0
[<ffffff9009e653ac>] aml_init_work_func+0x54/0x210
[<ffffff90090dcb18>] process_one_work+0x378/0x880
[<ffffff90090dd0bc>] worker_thread+0x9c/0x7a0
[<ffffff90090e6514>] kthread+0x184/0x1a0
[<ffffff9009083e80>] ret_from_fork+0x10/0x50
return value of of_property_read_string must be checked!
Change-Id: Ic0e0dcd0a3aa2f4ed10335e417f7db259a51fc95
Signed-off-by: tao zeng <tao.zeng@amlogic.com>
PD#172713: touchscreen: goodix_gt9xx: fix coverity warning
There is no judgment about whether the pointer
is NULL before using it.
This causes "Dereference before null check".
Change-Id: Ic4d96cc1e48d16f409b71c70a049b433eeb39bf1
Signed-off-by: Yingyuan Zhu <yingyuan.zhu@amlogic.com>
PD#172722: meson: i2c: fix coverity warning
Here,the value of "ret" must be equal to 0,
so that the program cannot execute to the left of
the expression "return ret ?: size;".
This causes "Logically dead code".
Change-Id: Ief0cdb891e5583f0fba1ff166b40a5e71b67342f
Signed-off-by: Yingyuan Zhu <yingyuan.zhu@amlogic.com>
PD#172714: touchscreen: goodix_gt1x: fix coverity warning
There is no judgment about whether it is null before
using the pointer.
This causes "Untrusted value as argument".
Change-Id: I147b89e9a96cddf4bdc3c42753bd165b6b802065
Signed-off-by: Yingyuan Zhu <yingyuan.zhu@amlogic.com>
PD#172714: touchscreen: goodix_gt1x: fix coverity warning
1.The return value of the function "gt1x_i2c_read" is not
checked in the "gt1x_generic.c" file.
2.There is no exit condition for the "while (retry > 0)"
loop statement in the "gt1x_update.c" file.
This causes "Untrusted valued as argument" and "Logically dead code".
Change-Id: I07c0639d084ca3b961dd187ce6721f0167b2e4cc
Signed-off-by: Yingyuan Zhu <yingyuan.zhu@amlogic.com>
PD#172715: touchscreen: focaltech: fix coverity warning
In the "copy_from_user" function does not ensure that
the string "writebuf" ends with a null character.So that
need to add a null character at the end.
This causes "String not null terminated".
Change-Id: I4cc0736ec06652226f39dd5dcde3dc7406639b89
Signed-off-by: Yingyuan Zhu <yingyuan.zhu@amlogic.com>
PD#172715: touchscreen: focaltech: fix coverity warning
In the "drivers/amlogic/input/touchscreen/focaltech_touch/
focaltech_core.c" file,the variable "irq_gpio"and
"reset_gpio" is an unsigned integer, they cannot be
compared with 0.
This causes "Unsigned compared against 0.
Change-Id: Ic0ef2043e18550cc6c81867ef73f492d2dc446ec
Signed-off-by: Yingyuan Zhu <yingyuan.zhu@amlogic.com>
PD#172717: meson: adc_key: fix coverity warning
The "strncpy" function does not ensure that
the string "key->name"ends with a null character.
So, the function "strncpy" is replaced by the function "snprintf".
This causes "Buffer not null terminated".
Change-Id: I83cd35f2df8790ca779a8cc8bcde1cd97f2c9020
Signed-off-by: Yingyuan Zhu <yingyuan.zhu@amlogic.com>
PD#172718: meson: pwm: fix coverity warning
"value < 0" and "value > 255", two conditions cannot be
met simultaneously.So that the if statement cannot be executed.
This causes "Logically dead code".
Change-Id: I55930eb7ae9c6b44aa3b20b85aab6fbae9b04210
Signed-off-by: Yingyuan Zhu <yingyuan.zhu@amlogic.com>
PD#172722: meson: i2c: fix coverity warning
When the function "devm_ioremap_resource" returns
an error,the previously applied memory resource
"slave" is not released.
This causes resource leak.
Change-Id: I2dfb7fab007977e1ae57e714ae489fbf80ec7103
Signed-off-by: Yingyuan Zhu <yingyuan.zhu@amlogic.com>
PD#172720: meson: pinctrl: fix coverity warning
The variable "reg" should be replaced by "ret",
otherwise statement "if (ret) return ret;" will
not be executed.
This causes "Logically dead code".
Change-Id: I2a69b68dd00235198e17255f78c580212f922724
Signed-off-by: Yingyuan Zhu <yingyuan.zhu@amlogic.com>
PD#172716: meson: remote: fix coverity warning
The "strncpy" function does not ensure that the
string "ptable->tab.custom_name"ends with a null character.
So,the function "strncpy" is replaced by the function "snprintf".
This causes "Buffer not null terminated".
Change-Id: I4dd7ce89778ba8be7d60f3463e445f5a3a753061
Signed-off-by: Yingyuan Zhu <yingyuan.zhu@amlogic.com>
PD#172715: touchscreen: focaltech: fix coverity warning
The two header files "focaltech_upgrade_common.h" and
"focaltech_flash.h" contain each other.
This causes "Recursion in included headers".
Change-Id: I5ca6deae0c33a7cc32aa4f9498e19d40c001b2d3
Signed-off-by: Yingyuan Zhu <yingyuan.zhu@amlogic.com>
PD#172714: touchscreen: goodix_gt1x: fix coverity warning
The value of "ret" variable is overridden by
the new value before it is used.
This causes "Unused value".
Change-Id: Ie48b58668c4f4077606d69d5bafbd8d59264ae7e
Signed-off-by: Yingyuan Zhu <yingyuan.zhu@amlogic.com>
PD#172713: touchscreen: goodix_gt9xx: fix coverity warning
1.The return value of function "gtp_i2c_read" is not
checked in the "gt9xx.c" file.
2."ts"null pointer dereferencing reference in the "gt9xx.c" file.
3.In the "goodix_tool.c" file, because the third argument to
"memset" function is of type int, expression "cmd_head.data_len + 1"
is of type u16, so it need to convert to int.
This causes "Unused value".
Change-Id: I85ae8d9c11da0ed5d0ffbef97ad4b6c89fd78cf3
Signed-off-by: Yingyuan Zhu <yingyuan.zhu@amlogic.com>
PD#172721: meson: adc: fix coverity warning
1.Function "regmap_write" does not check the return value.
2.There's a risk of dividing by 0.
3.There is a risk of null pointer dereferencing the reference
This causes "Unchecked return value" and "Division or modulo by zero".
Change-Id: I10a04dbd49db2d3f3e7def18b6b9eb9f836bc9f0
Signed-off-by: Yingyuan Zhu <yingyuan.zhu@amlogic.com>
PD#171080: backlight: add pwm range 0~255 support
both support 0~100, 0~255 pwm range,
depend on pwm_duty_max value is bigger than 100 or not.
Change-Id: Ib5962ccaf5fbc728640326dfae3f82f70594001e
Signed-off-by: Evoke Zhang <evoke.zhang@amlogic.com>
PD#172028 merge CVE patch
inet: frag: enforce memory limits earlier
[ Upstream commit 56e2c94f05 ]
We currently check current frags memory usage only when
a new frag queue is created. This allows attackers to first
consume the memory budget (default : 4 MB) creating thousands
of frag queues, then sending tiny skbs to exceed high_thresh
limit by 2 to 3 order of magnitude.
Note that before commit 648700f76b ("inet: frags: use rhashtables
for reassembly units"), work queue could be starved under DOS,
getting no cpu cycles.
After commit 648700f76b, only the per frag queue timer can eventually
remove an incomplete frag queue and its skbs.
Change-Id: I93236ff2764c02ad347339872b05b6f4dce7a06a
Fixes: b13d3cbfb8 ("inet: frag: move eviction of queues to work queue")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Jann Horn <jannh@google.com>
Cc: Florian Westphal <fw@strlen.de>
Cc: Peter Oskolkov <posk@google.com>
Cc: Paolo Abeni <pabeni@redhat.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
PD#172623: for vpu clock enabled before drm probed,
so we need a flag used in drm to emulate irq
enable/disable.
Change-Id: Iaddee0a885a396cfd6fa102533a1bde08536229e
Signed-off-by: sky zhou <sky.zhou@amlogic.com>
PD#172019: hdmitx: optimise hdmi power consumption
A tiny modification of HDMI_PHY_CNTL5 under suspend.
Change-Id: I429d930f980c1eb9af3c186c138c538c9ad4fcd0
Signed-off-by: Zongdong Jiao <zongdong.jiao@amlogic.com>
PD#172028 merge CVE patch
ipv4: frags: handle possible skb truesize change
[ Upstream commit 4672694bd4 ]
ip_frag_queue() might call pskb_pull() on one skb that
is already in the fragment queue.
We need to take care of possible truesize change, or we
might have an imbalance of the netns frags memory usage.
IPv6 is immune to this bug, because RFC5722, Section 4,
amended by Errata ID 3089 states :
When reassembling an IPv6 datagram, if
one or more its constituent fragments is determined to be an
overlapping fragment, the entire datagram (and any constituent
fragments) MUST be silently discarded.
Change-Id: I55a7bb378c160972d99736e4ba592bc10c10f94e
Fixes: 158f323b98 ("net: adjust skb->truesize in pskb_expand_head()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
PD#172028 merge CVE patch
tcp: detect malicious patterns in tcp_collapse_ofo_queue()
[ Upstream commit 3d4bf93ac1 ]
In case an attacker feeds tiny packets completely out of order,
tcp_collapse_ofo_queue() might scan the whole rb-tree, performing
expensive copies, but not changing socket memory usage at all.
1) Do not attempt to collapse tiny skbs.
2) Add logic to exit early when too many tiny skbs are detected.
We prefer not doing aggressive collapsing (which copies packets)
for pathological flows, and revert to tcp_prune_ofo_queue() which
will be less expensive.
In the future, we might add the possibility of terminating flows
that are proven to be malicious.
Change-Id: I5f857fe551726fcc5144cf0e217362ba0b8d85ae
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
PD#172028 merge CVE patch
tcp: avoid collapses in tcp_prune_queue() if possible
[ Upstream commit f4a3313d8e ]
Right after a TCP flow is created, receiving tiny out of order
packets allways hit the condition :
if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
tcp_clamp_window(sk);
tcp_clamp_window() increases sk_rcvbuf to match sk_rmem_alloc
(guarded by tcp_rmem[2])
Calling tcp_collapse_ofo_queue() in this case is not useful,
and offers a O(N^2) surface attack to malicious peers.
Better not attempt anything before full queue capacity is reached,
forcing attacker to spend lots of resource and allow us to more
easily detect the abuse.
Change-Id: I45bfe1bc87670f0871aebd5d6963aaf82b357f3e
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
PD#172028: merge CVE patch
tcp: free batches of packets in tcp_prune_ofo_queue()
[ Upstream commit 72cd43ba64 ]
Juha-Matti Tilli reported that malicious peers could inject tiny
packets in out_of_order_queue, forcing very expensive calls
to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for
every incoming packet. out_of_order_queue rb-tree can contain
thousands of nodes, iterating over all of them is not nice.
Before linux-4.9, we would have pruned all packets in ofo_queue
in one go, every XXXX packets. XXXX depends on sk_rcvbuf and skbs
truesize, but is about 7000 packets with tcp_rmem[2] default of 6 MB.
Since we plan to increase tcp_rmem[2] in the future to cope with
modern BDP, can not revert to the old behavior, without great pain.
Strategy taken in this patch is to purge ~12.5 % of the queue capacity.
Change-Id: I647968cc33ccb0acd37ce647923b7cc320eaaf4f
Fixes: 36a6503fed ("tcp: refine tcp_prune_ofo_queue() to not drop all packets")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Juha-Matti Tilli <juha-matti.tilli@iki.fi>
Acked-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
PD#172367: sdemmc: update fix adj tuning method
All adj delay are avalible is not fair when
fix adj mode were used for tuning.
We had tried to add all data with rx delay
to find out the unstable adj delay point.
This method can not cover all scene.
For example:
All adj delay are available as below.
ADJ 0 1 2 3 4 0 1
Src --__--__--__--__--__--__--
D0 __________________--------
D1 __________________--------
D2 __________________--------
D3 __________________--------
when same rx delay were added to all data line.
All adj delay are still avalible as below.
ADJ 0 1 2 3 4 0 1
Src --__--__--__--__--__--__--
D0 ----__________________----
D1 ----__________________----
D2 ----__________________----
D3 ----__________________----
So, a new method to find out the unstable adj point
were designed for better compatibility.
Rx delay were added on only 1 data line, such as D1.
When rx delay were added on D1 only. Adj delay 1 is
not available anymore as below.
ADJ 0 1 2 3 4 0 1
Src --__--__--__--__--__--__--
D0 __________________--------
D1 ----__________________----
D2 __________________--------
D3 __________________--------
In this way, the unsatble adj delay could be
distinguished.
Change-Id: I0488dec001a55f6b50b431ee4d691c872947f0f3
Signed-off-by: Yonghui Yu <yonghui.yu@amlogic.com>
