Currently ARM CPUs DT bindings allows different enable-method value for
PSCI based systems. On ARM 64-bit this property is required and must be
"psci" while on ARM 32-bit systems this property is optional and must
be "arm,psci" if present.
However, "arm,psci" has always been the compatible string for the PSCI
node, and was never intended to be the enable-method. So this is a bug
in the binding and not a deliberate attempt at specifying 32-bit
differently.
This is problematic if 32-bit OS is run on 64-bit system which has
"psci" as enable-method rather than the expected "arm,psci".
So let's unify the value into "psci" and remove support for "arm,psci"
before it finds any users.
Reported-by: Soby Mathew <Soby.Mathew@arm.com>
Cc: Rob Herring <robh+dt@kernel.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
(cherry picked from commit 978fa43623)
Change-Id: Ie75091185d9236595c564081083ffc202f9ba178
Fusb302 driver uses gpiod_set_value() to control VBUS, so vbus-5v-gpios
flags should be used correctly in device tree.
Change-Id: Ie7f0d1d290750bbf4207c1bc5665e4a0427a7a97
Signed-off-by: Bin Yang <yangbin@rock-chips.com>
Currently driver uses gpiod_set_raw_value() to control VBUS, which unable
to parse flags 'GPIO_ACTIVE_LOW' in device tree. We cannot ensure that
vbus-gpio will be designed to active-high in all products. So we should
use the gpiod_set_value() to control VBUS, and also gpio flags be used
correctly in device tree synchronously.
Change-Id: I94d143dde7b44d89b5593fbb5014859fedb83b04
Signed-off-by: Bin Yang <yangbin@rock-chips.com>
Spectre variant 1 attacks are about this sequence of pseudo-code:
index = load(user-manipulated pointer);
access(base + index * stride);
In order for the cache side-channel to work, the access() must me made
to memory which userspace can detect whether cache lines have been
loaded. On 32-bit ARM, this must be either user accessible memory, or
a kernel mapping of that same user accessible memory.
The problem occurs when the load() speculatively loads privileged data,
and the subsequent access() is made to user accessible memory.
Any load() which makes use of a user-maniplated pointer is a potential
problem if the data it has loaded is used in a subsequent access. This
also applies for the access() if the data loaded by that access is used
by a subsequent access.
Harden the get_user() accessors against Spectre attacks by forcing out
of bounds addresses to a NULL pointer. This prevents get_user() being
used as the load() step above. As a side effect, put_user() will also
be affected even though it isn't implicated.
Also harden copy_from_user() by redoing the bounds check within the
arm_copy_from_user() code, and NULLing the pointer if out of bounds.
Change-Id: I7598d2a637267b5979a7013cf450a80caaa2044f
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Tao Huang <huangtao@rock-chips.com>
(cherry picked from commit a3c0f84765)
Fixing __get_user() for spectre variant 1 is not sane: we would have to
add address space bounds checking in order to validate that the location
should be accessed, and then zero the address if found to be invalid.
Since __get_user() is supposed to avoid the bounds check, and this is
exactly what get_user() does, there's no point having two different
implementations that are doing the same thing. So, when the Spectre
workarounds are required, make __get_user() an alias of get_user().
Change-Id: I32e38a7635961822ffadaad256caf9a34268bd2a
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Tao Huang <huangtao@rock-chips.com>
(cherry picked from commit b1cd0a1480)
Borrow the x86 implementation of __inttype() to use in get_user() to
select an integer type suitable to temporarily hold the result value.
This is necessary to avoid propagating the volatile nature of the
result argument, which can cause the following warning:
lib/iov_iter.c:413:5: warning: optimization may eliminate reads and/or writes to register variables [-Wvolatile-register-var]
Change-Id: I2663f38f5a278c8406793dc7c8b88403ee6918b1
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Tao Huang <huangtao@rock-chips.com>
(cherry picked from commit d09fbb327d)
__get_user_error() is used as a fast accessor to make copying structure
members as efficient as possible. However, with software PAN and the
recent Spectre variant 1, the efficiency is reduced as these are no
longer fast accessors.
In the case of software PAN, it has to switch the domain register around
each access, and with Spectre variant 1, it would have to repeat the
access_ok() check for each access.
Rather than using __get_user_error() to copy each semops element member,
copy each semops element in full using __copy_from_user().
Change-Id: I7174992c0c63cb5f4f191b1961519e0d3c7a72e5
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Tao Huang <huangtao@rock-chips.com>
(cherry picked from commit 8c8484a1c1)
__get_user_error() is used as a fast accessor to make copying structure
members in the signal handling path as efficient as possible. However,
with software PAN and the recent Spectre variant 1, the efficiency is
reduced as these are no longer fast accessors.
In the case of software PAN, it has to switch the domain register around
each access, and with Spectre variant 1, it would have to repeat the
access_ok() check for each access.
Use __copy_from_user() rather than __get_user_err() for individual
members when restoring VFP state.
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
(cherry picked from commit 42019fc50d)
Change-Id: I978369093e075213b01e27aff3c633acfb3592be
__get_user_error() is used as a fast accessor to make copying structure
members in the signal handling path as efficient as possible. However,
with software PAN and the recent Spectre variant 1, the efficiency is
reduced as these are no longer fast accessors.
In the case of software PAN, it has to switch the domain register around
each access, and with Spectre variant 1, it would have to repeat the
access_ok() check for each access.
It becomes much more efficient to use __copy_from_user() instead, so
let's use this for the ARM integer registers.
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
(cherry picked from commit c32cd419d6)
Change-Id: I3e285582bedc3973ca0cc08d63562d71aad2f520
Prevent speculation at the syscall table decoding by clamping the index
used to zero on invalid system call numbers, and using the csdb
speculative barrier.
Change-Id: Idce90686d2e49703c5794c81b9bc9a41d93cc658
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Boot-tested-by: Tony Lindgren <tony@atomide.com>
Reviewed-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Tao Huang <huangtao@rock-chips.com>
(cherry picked from commit 10573ae547)
Add an implementation of the array_index_mask_nospec() function for
mitigating Spectre variant 1 throughout the kernel.
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Boot-tested-by: Tony Lindgren <tony@atomide.com>
Reviewed-by: Tony Lindgren <tony@atomide.com>
(cherry picked from commit 1d4238c56f)
Change-Id: I69fc8c673578a937a06cfdf85ae73492d25d069f
The SPI driver looked a bit lonely in the config menu, and it didn't
support the autoselect. Shift things around a bit so it looks more logical.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
(cherry picked from commit 8283a09299)
Change-Id: I8f67aa29dffe477b349b0a503b6db7abfd2357ec
Signed-off-by: Tao Huang <huangtao@rock-chips.com>
Separate the power supply to arm&logic, arm freq support 1.2G,
disable vad and include rk3308k.dtsi
Change-Id: I91516773e74fd098117bfdcf8213803e19cf7527
Signed-off-by: Lin Jianhua <linjh@rock-chips.com>
If we enable CONFIG_USB_CONFIGFS_F_UVC_ROCKCHIP, the userspace
must update the data length of v4l2_event to 4100 synchronously.
Because we don't modify the v4l2_event struct in the userspace
by default, so disable this config. You can enable this config
if you have modified the data length of v4l2_event to 4100 in
the userspace.
Change-Id: I68c354b2d8acba669b5c7bf1a425fdc34c05f1e5
Signed-off-by: William Wu <william.wu@rock-chips.com>
This patch adds bypass uart cfgs for rk1808 USB 3.0 OTG
port. In addition, please note that it needs to set the
uart2 rx/tx io selection in the reg "BUS_GRF_IOFUNC_CON0"
bit 15:14.
Change-Id: I77ea461be299c0454f5caee1349110b6f2714c30
Signed-off-by: William Wu <william.wu@rock-chips.com>
A recent rework accidentally left a debugging printk untouched while
changing the meaning of the variables, leading to an uninitialized
variable being printed:
drivers/media/i2c/ir-kbd-i2c.c: In function 'get_key_haup_common':
drivers/media/i2c/ir-kbd-i2c.c:62:2: error: 'toggle' may be used uninitialized in this function [-Werror=maybe-uninitialized]
This prints the correct one instead, as we did before the patch.
Change-Id: Ia9b59c8fcbdfaf792ea7d4c9bcf93c94cf76d9d5
Fixes: 00bb820755 ("[media] rc: Hauppauge z8f0811 can decode RC6")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Tao Huang <huangtao@rock-chips.com>
(cherry picked from commit 9cdbe14fb4)
If userspace has an open file descriptor on the rc input device or lirc
device when rc_unregister_device() is called, then the rc close() is
never called.
This ensures that the receiver is turned off on the nuvoton-cir driver
during shutdown.
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
(cherry picked from commit 8e782fcf78)
Signed-off-by: Ziyuan Xu <xzy.xu@rock-chips.com>
libevdev (which is used by libinput) gets a list of keycodes from the
input device on creation. Any events with keycodes which are not in this
list are silently dropped. So, set all keycodes on device creation since
we do not know which will be used if the keymap changes.
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
(cherry picked from commit fec225a043)
Signed-off-by: Ziyuan Xu <xzy.xu@rock-chips.com>
The Kathrein RCU-676 remote uses the 32-bit rc6 protocol and toggles
bit 15 (0x8000) on repeated button presses, like MCE remotes.
Add it's customer code 0x80460000 to the 32-bit rc6 toggle
handling code to get proper scancodes and toggle reports.
Signed-off-by: Matthias Reichl <hias@horus.com>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
(cherry picked from commit 85e4af0a7a)
Signed-off-by: Ziyuan Xu <xzy.xu@rock-chips.com>
This can be done with c99 initializers, which makes the code cleaner
and more transparent. It does require gcc 4.6, because of this bug
in earlier versions:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=10676
Since commit cafa0010cd ("Raise the minimum required gcc version to
4.6"), this is the case.
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
(cherry picked from commit 183e19f5b9)
Signed-off-by: Ziyuan Xu <xzy.xu@rock-chips.com>
Conflicts:
drivers/media/pci/cx88/cx88-input.c
drivers/media/rc/imon_raw.c
drivers/media/rc/mceusb.c
drivers/media/rc/meson-ir.c
drivers/media/rc/mtk-cir.c
drivers/media/rc/redrat3.c
drivers/media/rc/sir_ir.c
drivers/media/rc/st_rc.c
The repeat period is read from a static array. If a keydown event is
reported from bpf with a high protocol number, we read out of bounds. This
is unlikely to end up with a reasonable repeat period at the best of times,
in which case no timely key up event is generated.
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
(cherry picked from commit f5dbee6e38)
Signed-off-by: Ziyuan Xu <xzy.xu@rock-chips.com>
Since commit 48231f289e ("media: rc: drivers should produce alternate
pulse and space timing events"), on meson-ir we are regularly producing
errors. Reduce to warning level and only warn once to avoid flooding
the log.
A proper fix for meson-ir is going to be too large for v4.18.
Signed-off-by: Sean Young <sean@mess.org>
Cc: stable@vger.kernel.org # 4.17+
Tested-by: Jerome Brunet <jbrunet@baylibre.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
(cherry picked from commit 0ca54b2905)
Signed-off-by: Ziyuan Xu <xzy.xu@rock-chips.com>
Since commit cb84343fce ("media: lirc: do not call close() or open() on
unregistered devices") rc_open() will return -ENODEV if rcdev->registered
is false. Ensure this is set before we register the input device and the
lirc device, else we have a short window where the neither the lirc or
input device can be opened.
Fixes: cb84343fce ("media: lirc: do not call close() or open() on unregistered devices")
Cc: stable@vger.kernel.org # v4.16+
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
(cherry picked from commit d7832cd2a3)
Signed-off-by: Ziyuan Xu <xzy.xu@rock-chips.com>
Drivers should never produce consecutive pulse or space raw events. Should
that occur, we would have bigger problems than this code is trying to
guard against.
Note that we already log an error should a driver misbehave.
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
(cherry picked from commit 09161a0552)
Signed-off-by: Ziyuan Xu <xzy.xu@rock-chips.com>
