drivers/mmc/host/mtk-mmc/dbg.c:51:13: warning: 'cmd_buf' defined but not used [-Wunused-variable]
static char cmd_buf[256];
^~~~~~~
In addition, msdc_reg[] is completely unused, even in debug
mode.
Signed-off-by: André Draszik <git@andred.net>
msdc_6575_host[] is unused, just remove it. Also, it
was the source of memory corruption up until the
previous fix to this driver.
Signed-off-by: André Draszik <git@andred.net>
pdev->id is -1 when only one device exists, and is used:
* as an index into drv_mode[] to determine whether to use
PIO or DMA mode (via host->id)
* as an index into msdc_6575_host[], to store the
mmc_priv() data.
Obviously, -1 is not a valid index in either case, causing
us to read invalid memory, and memory corruption,
respectively.
The invalid memory read is causing non-deterministic
behaviour, in particular in the v4.4 kernel it still
picked DMA mode, but in the v4.9 it now always picks
PIO mode.
Also, PIO mode doesn't work, causing the following:
/ # echo 3 > /proc/sys/vm/drop_caches
[ 3845.249237] sh (128): drop_caches: 3
/ # /root/usr/lib/libc.so
[ 3846.096070] do_page_fault(): sending SIGSEGV to libc.so for invalid read access from 7f9cb5a0
[ 3846.104758] epc = 779b0ea4 in libc.so[7792f000+c3000]
[ 3846.109907] ra = 779a8004 in libc.so[7792f000+c3000]
Segmentation fault
/ # /root/usr/lib/libc.so
musl libc (mipsel-sf)
Version 1.1.16-git-40-g54807d47
Dynamic Program Loader
Usage: /root/usr/lib/libc.so [options] [--] pathname [args]
(i.e. initial page-in of any binary causes a segfault,
subsequent access works.)
While this change doesn't fix PIO mode, it at least makes
us deterministically use DMA (which works), and it also
stops us from corrupting memory.
Signed-off-by: André Draszik <git@andred.net>
drivers/mmc/host/mtk-mmc/sd.c:2782:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
if ((hw->flags & MSDC_SDIO_IRQ) || (hw->flags & MSDC_EXT_SDIO_IRQ))
^~
drivers/mmc/host/mtk-mmc/sd.c:2785:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
cd_active_low = !of_property_read_bool(pdev->dev.of_node, "mediatek,cd-high");
^~~~~~~~~~~~~
Signed-off-by: André Draszik <git@andred.net>
If CONFIG_GPIO_SYSFS=n, compilation fails with
drivers/built-in.o: In function `gpio_export_with_name':
include/asm-generic/gpio.h:128: undefined reference to `__gpiod_export'
This is because the stub in that case has the wrong name,
_gpiod_export() - note the missing underscore (_) at the
start.
Fix the stub, and add the correct prototype for the real
implementation.
Signed-off-by: André Draszik <git@andred.net>
According to the datasheet the REFCLK pin is shared with GPIO#37 and
the PERST pin is shared with GPIO#36.
While at it fix a typo inside the pinmux setup code. The function is called
refclk and not reclk.
Update device tree source files accordingly.
Signed-off-by: Mathias Kresin <dev@kresin.me>
On some devices the flash chip needs to be in 3-byte addressing mode during
reboot, otherwise the boot loader will fail to start.
This mode however does not allow regular reads/writes onto the upper 16M
half. W25Q256 has separate read commands for reading from >16M, however
it does not have any separate write commands.
This patch changes the code to leave the chip in 3-byte mode most of the
time and only switch during erase/write cycles that go to >16M
addresses.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Refresh patches.
Compile-tested on brcm2708/bcm2708, octeon and x86/64.
Runtime-tested on brcm2708/bcm2708, octeon and x86/64.
Fixes the following CVEs:
- CVE-2017-1000252
- CVE-2017-12153
- CVE-2017-12154
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Refresh patches.
Compile-tested on octeon and x86/64.
Runtime-tested on octeon and x86/64.
Fixes the following CVEs:
- CVE-2017-14106
- CVE-2017-14497
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Refresh patches.
Adapt 704-phy-no-genphy-soft-reset.patch.
Remove brcm2708/950-0005-mm-Remove-the-PFN-busy-warning.patch.
Compile-tested on brcm2708/bcm2708 and x86/64.
Runtime-tested on brcm2708/bcm2708 and x86/64.
Fixes the following vulnerabilities:
- CVE-2017-7533
- CVE-2017-1000111
- CVE-2017-1000112
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Fix when add 'mediatek,cd-poll' to dts cause the sd card be removed randomly.
Special for the device without card-detect pin.
Signed-off-by: Qin Wie <me@vonger.cn>
So, this is kind of complicated. This has been upstream for a while,
imported from OpenWRT/LEDE with some cleanups. LEDE ramips has stayed
on linux-4.4 this whole time, with the old(er) version of the patch
that had correct behavior[0], while upstream got changed[1].
When LEDE updated to kernel 4.9, the older version of the code from
the patch got replaced with the upstream version containing the bug.
The original behavior, however, seems to be correct here, as the
official programming guide[2] indicates that bit 31 (PDRV_SW_SET)
in register PPLL_CFG1 is reserved, but bit 23 (added as PPLL_LD)
is the PPLL lock state (which also happens to line up with the
error message).
The original confusion probably comes from the double definition
of PDRV_SW_SET[3, 4] in the upstream code, with one correct definition
(31) and one incorrect one (23).
I've also used the opportunity to clean up the error message a bit -
it's still not really helpful to anyone who doesn't already know what
the PPLL is, but at least it's slightly more readable now.
This will probably need to be upstreamed as well, since with the way
it's currently set up, it's unlikely PCI ever worked for anyone who's
running an upstream kernel on that SoC.
[0]: 05d6e92594/target/linux/ramips/patches-4.4/0009-PCI-MIPS-adds-mt7620a-pcie-driver.patch (L259)
[1]: 026d15f6b9/arch/mips/pci/pci-mt7620.c (L246)
[2]: http://www.anz.ru/files/mediatek/MT7620_ProgrammingGuide.pdf
[3]: 026d15f6b9/arch/mips/pci/pci-mt7620.c (L36)
[4]: 026d15f6b9/arch/mips/pci/pci-mt7620.c (L39)
Signed-off-by: Ilya Katsnelson <me@0upti.me>
Make the behaviour of clk_get_rate consistent with common clk's
clk_get_rate by accepting NULL clocks as parameter. Some device
drivers rely on this, and will cause an OOPS otherwise.
Fixes: FS#735
Signed-off-by: Mathias Kresin <dev@kresin.me>
Children of the pinctrl0 node are optional. Return EINVAL (=missing)
instead of 0. Fixes a hang if the pinctrl0 has no children.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Acked-by: John Crispin <john@phrozen.org>
there were 2 bugs
*) core1 came up with a bad bogo mips, looks like the clock needed time to stabilize
*) HPT frequency was not set making r4k timers not come up properly
Signed-off-by: John Crispin <john@phrozen.org>
- Refreshed all patches
- Removed upstreamed
- Adapted 4 patches:
473-fix-marvell-phy-initialization-issues.patch
-----------------------------------------------
Removed hunk 5 which got upstreamed
403-net-phy-avoid-setting-unsupported-EEE-advertisments.patch
404-net-phy-restart-phy-autonegotiation-after-EEE-advert.patch
--------------------------------------------------------------
Adapted these 2 RFC patches, merging the delta's from an upstream commit
(see below) which made it before these 2.
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-
stable.git/commit/?h=v4.9.36&id=97ace183074d306942b903a148aebd5d061758f0
180-usb-xhci-add-support-for-performing-fake-doorbell.patch
-----------------------------------------------------------
- Moved fake_doorbell bitmask due to new item
Compile tested on: cns3xxx, imx6
Run tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
v4.9 CM code has a few bugs on this HW. Disable the GCR register access
during boot. This caused a cpu stall.
Signed-off-by: John Crispin <john@phrozen.org>
