Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v3.16.46 2017-03-16T02:26:49Z 2017-03-16T02:26:49Z Alexander Usyskin alexander.usyskin@intel.com 2016-12-14T15:56:52Z urn:sha1:abf35ecb24ad917de55f75c715c0e5ed5e6a6069 commit e09ee853c92011860a4bd2fbdf6126f60fc16bd3 upstream. The credentials handling was pushed to the write handlers but error handling wasn't done properly. Move write callbacks to completion queue to destroy them and to notify a blocked writer about the failure Fixes: 136698e535cd1 (mei: push credentials inside the irq write handler) Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> [bwh: Backported to 3.16: adjust context] Signed-off-by: Ben Hutchings <ben@decadent.org.uk> 2017-02-23T03:54:26Z Alexander Usyskin alexander.usyskin@intel.com 2016-10-31T17:02:39Z urn:sha1:ad6dcc78333f0e2e2add0f1b350ce8d049e98ffc commit 582ab27a063a506ccb55fc48afcc325342a2deba upstream. NFC version reply size checked against only header size, not against full message size. That may lead potentially to uninitialized memory access in version data. That leads to warnings when version data is accessed: drivers/misc/mei/bus-fixup.c: warning: '*((void *)&ver+11)' may be used uninitialized in this function [-Wuninitialized]: => 212:2 Reported in Build regressions/improvements in v4.9-rc3 https://lkml.org/lkml/2016/10/30/57 Fixes: 59fcd7c63abf (mei: nfc: Initial nfc implementation) Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> [bwh: Backported to 3.16: - Drop change in mei_phy.c - Adjust filename] Signed-off-by: Ben Hutchings <ben@decadent.org.uk> 2017-02-23T03:54:20Z Alexander Usyskin alexander.usyskin@intel.com 2016-10-18T22:34:48Z urn:sha1:47e1befd550ccacf735afb640d17cf55e4d4b8ec commit 43605e293eb13c07acb546c14f407a271837af17 upstream. SEC registers are not accessible when the TXE device is in low power state, hence the SEC interrupt cannot be processed if device is not awake. In some rare cases entrance to low power state (aliveness off) and input ready bits can be signaled at the same time, resulting in communication stall as input ready won't be signaled again after waking up. To resolve this IPC_HHIER_SEC bit in HHISR_REG should not be cleaned if the interrupt is not processed. Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Ben Hutchings <ben@decadent.org.uk> 2016-04-30T22:05:49Z Alexander Usyskin alexander.usyskin@intel.com 2016-02-17T16:27:34Z urn:sha1:6efef4d65461d7b21284a96bb7d2b365a08de6c7 commit 35bf7692e765c2275bf93fe573f7ca868ab73453 upstream. buf_idx type was changed to size_t, and few places missed out to change the print format from %ld to %zu. Use also uz for buf.size which is also of size_t Fixes: commit 56988f22e097 ("mei: fix possible integer overflow issue")' Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> [bwh: Backported to 3.16: adjust context] Signed-off-by: Ben Hutchings <ben@decadent.org.uk> 2016-04-30T22:05:49Z Tomas Winkler tomas.winkler@intel.com 2016-02-07T21:35:19Z urn:sha1:2e7adcd5a04c9147c441ef156ad94178bee862c1 commit f862b6b24f0ffd954633a55f39251a6873b664ca upstream. There is a possible integer overflow following by a buffer overflow when accumulating messages coming from the FW to compose a full payload. Occurrence of wrap around has to be prevented for next message size calculation. For unsigned integer the addition overflow has occurred when the result is smaller than one of the arguments. To simplify the fix, the types of buf.size and buf_idx are set to the same width, namely size_t also to be aligned with the type of length parameter in file read/write ops. Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> [bwh: Backported to 3.16: - Adjust context, indentation - Return error directly, rather than through cb->status and the completion list - Fix up additional format string in mei_cl_write()] Signed-off-by: Ben Hutchings <ben@decadent.org.uk> 2015-03-18T15:06:06Z Alexander Usyskin alexander.usyskin@intel.com 2015-02-10T08:36:36Z urn:sha1:5fba9e60c6e3ccebcfa4c0fdc6f4bb1d9d881148 commit 6c15a8516b8118eb19a59fd0bd22df41b9101c32 upstream. Set the internal device state to to disabled after hardware reset in stop flow. This will cover cases when driver was not brought to disabled state because of an error and in stop flow we wish not to retry the reset. Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Luis Henriques <luis.henriques@canonical.com> 2015-03-02T13:17:06Z Alexander Usyskin alexander.usyskin@intel.com 2015-01-25T21:45:28Z urn:sha1:f4d1740859daedf8e1cf2bea495f9c7483863eca commit 663b7ee9517eec6deea9a48c7a1392a9a34f7809 upstream. We might enter the interrupt handler with hw_ready already set, but prior we actually started the reset flow. To soleve this we move the reset release from the interrupt handler to the HW start wait function which is part of the reset sequence. Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> [ luis: backported to 3.16: adjusted context ] Signed-off-by: Luis Henriques <luis.henriques@canonical.com> 2015-03-02T13:17:05Z Alexander Usyskin alexander.usyskin@intel.com 2015-01-25T21:45:27Z urn:sha1:f6106f8357a47f566bdeb97dd02b6b764f678f30 commit 1ab1e79b9fd4b01331490bbe2e630a0fc0b25449 upstream. We should mask interrupt set bit when writing back hcsr value in reset bit clean-up. This is refinement for mei: clean reset bit before reset commit b13a65ef190e488e2761d65bdd2e1fe8a3a125f5 Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Luis Henriques <luis.henriques@canonical.com> 2015-01-22T16:33:24Z Alexander Usyskin alexander.usyskin@intel.com 2014-12-24T22:37:46Z urn:sha1:47c5594ecb1f0339ba90fa6a44d3ae2efcbb3c4a commit b13a65ef190e488e2761d65bdd2e1fe8a3a125f5 upstream. H_RST bit in H_CSR register may be found lit before reset is started, for example if preceding reset flow hasn't completed. In that case asserting H_RST will be ignored, therefore we need to clean H_RST bit to start a successful reset sequence. Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> [ luis: backported to 3.16: - replace dev->dev by &dev->pdev->dev ] Signed-off-by: Luis Henriques <luis.henriques@canonical.com> 2014-10-30T16:40:13Z Alexander Usyskin alexander.usyskin@intel.com 2014-08-25T13:46:53Z urn:sha1:9d170b6818204ced9a1cc6cda1a48df409588660 commit cfda2794b5afe7ce64ee9605c64bef0e56a48125 upstream. function 'strncpy' will fill whole buffer 'id.name' of fixed size (32) with string value and will not leave place for NULL-terminator. Possible buffer boundaries violation in following string operations. Replace strncpy with strlcpy. Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>