linux/drivers/misc, branch v4.2

Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux

2015-08-03T21:51:30Z

Pull i2c fixes from Wolfram Sang: "A refcounting bugfix for the i2c-core, bugfixes for the generic bus recovery algorithm and for its omap-user, making binary file attributes for EEPROMs behave POSIX compliant, and a small typo fix while we are here" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: fix leaked device refcount on of_find_i2c_* error path i2c: Fix typo in i2c-bfin-twi.c i2c: omap: fix bus recovery setup i2c: core: only use set_scl for bus recovery after calling prepare_recovery misc: eeprom: at24: clean up at24_bin_write() i2c: slave eeprom: clean up sysfs bin attribute read()/write()

misc: eeprom: at24: clean up at24_bin_write()

2015-07-31T11:32:31Z

The change removes redundant sysfs binary file boundary check, since this task is already done on caller side in fs/sysfs/file.c Signed-off-by: Vladimir Zapolskiy Signed-off-by: Wolfram Sang

mei: prevent unloading mei hw modules while the device is opened.

2015-07-23T04:31:05Z

chrdev_open() increases reference counter on cdev->owner. Instead of assigning the owner to mei subsystem, the owner has to be set to the underlaying HW module (mei_me or mei_txe), so once the device is opened the HW module cannot be unloaded. Cc: #3.17+ Signed-off-by: Tomas Winkler Signed-off-by: Alexander Usyskin Signed-off-by: Greg Kroah-Hartman

misc: mic: scif bug fix for vmalloc_to_page crash

2015-07-23T04:25:36Z

v4.2-rc1 enabled huge page support for ioremap(..). Calling vmalloc_to_page after v4.2-rc1 results in the crash shown below on the host upon booting X100 coprocessors: BUG: unable to handle kernel paging request at ffffc47c00000000 IP: [] vmalloc_to_page+0x6c/0xb0 This patch fixes this crash by obtaining the fake struct page pointer which is required to be passed into dma_map_sg(..) by calling pfn_to_page(..) instead of vmalloc_to_page(..). Link: https://lkml.org/lkml/2015/7/18/110 Reviewed-by: Nikhil Rao Suggested-by: Toshi Kani Signed-off-by: Ashutosh Dixit Signed-off-by: Sudeep Dutt Signed-off-by: Greg Kroah-Hartman

Merge tag 'powerpc-4.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

2015-07-10T19:16:59Z

Pull powerpc fixes from Michael Ellerman: - opal-prd mmap fix from Vaidy - set kernel taint for MCEs from Daniel - alignment exception description from Anton - ppc4xx_hsta_msi build fix from Daniel - opal-elog interrupt fix from Alistair - core_idle_state race fix from Shreyas - hv-24x7 lockdep fix from Sukadev - multiple cxl fixes from Daniel, Ian, Mikey & Maninder - update MAINTAINERS to point at shared tree * tag 'powerpc-4.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: cxl: Check if afu is not null in cxl_slbia powerpc: Update MAINTAINERS to point at shared tree powerpc/perf/24x7: Fix lockdep warning cxl: Fix off by one error allowing subsequent mmap page to be accessed cxl: Fail mmap if requested mapping is larger than assigned problem state area cxl: Fix refcounting in kernel API powerpc/powernv: Fix race in updating core_idle_state powerpc/powernv: Fix opal-elog interrupt handler powerpc/ppc4xx_hsta_msi: Include ppc-pci.h to fix reference to hose_list powerpc: Add plain English description for alignment exception oopses cxl: Test the correct mmio space before unmapping powerpc: Set the correct kernel taint on machine check errors cxl/vphb.c: Use phb pointer after NULL check powerpc/powernv: Fix vma page prot flags in opal-prd driver

cxl: Check if afu is not null in cxl_slbia

2015-07-10T01:44:25Z

The pointer to an AFU in the adapter's list of AFUs can be null if we're in the process of removing AFUs. The afu_list_lock doesn't guard against this. Say we have 2 slices, and we're in the process of removing cxl. - We remove the AFUs in order (see cxl_remove). In cxl_remove_afu for AFU 0, we take the lock, set adapter->afu[0] = NULL, and release the lock. - Then we get an slbia. In cxl_slbia we take the lock, and set afu = adapter->afu[0], which is NULL. - Therefore our attempt to check afu->enabled will blow up. Therefore, check if afu is a null pointer before dereferencing it. Cc: stable@vger.kernel.org Signed-off-by: Daniel Axtens Acked-by: Michael Neuling Acked-by: Ian Munsie Signed-off-by: Michael Ellerman

cxl: Fix off by one error allowing subsequent mmap page to be accessed

2015-07-08T05:17:47Z

It was discovered that if a process mmaped their problem state area they were able to access one page more than expected, potentially allowing them to access the problem state area of an unrelated process. This was due to a simple off by one error in the mmap fault handler introduced in 0712dc7e73e59d79bcead5d5520acf4e9e917e87 ("cxl: Fix issues when unmapping contexts"), which is fixed in this patch. Cc: stable@vger.kernel.org Fixes: 0712dc7e73e5 ("cxl: Fix issues when unmapping contexts") Signed-off-by: Ian Munsie Signed-off-by: Michael Ellerman

cxl: Fail mmap if requested mapping is larger than assigned problem state area

2015-07-08T05:17:46Z

This patch makes the mmap call fail outright if the requested region is larger than the problem state area assigned to the context so the error is reported immediately rather than waiting for an attempt to access an address out of bounds. Although we never expect users to map more than the assigned problem state area and are not aware of anyone doing this (other than for testing), this does have the potential to break users if someone has used a larger range regardless. I'm submitting it for consideration, but if this change is not considered acceptable the previous patch is sufficient to prevent access out of bounds without breaking anyone. Signed-off-by: Ian Munsie Signed-off-by: Michael Ellerman

mei: nfc: fix deadlock on shutdown/suspend path

2015-07-07T22:04:12Z

In function mei_nfc_host_exit mei_cl_remove_device cannot be called under the device mutex as device removing flow invokes the device driver remove handler that calls in turn to mei_cl_disable_device which naturally acquires the device mutex. Also remove mei_cl_bus_remove_devices which has the same issue, but is never executed as currently the only device on the mei client bus is NFC and a new device cannot be easily added till the bus revamp is completed. This fixes regression caused by commit be9b720a0ccb ("mei_phy: move all nfc logic from mei driver to nfc") Prior to this change the nfc driver remove handler called to no-op disable function while actual nfc device was disabled directly from the mei driver. Reported-by: Linus Torvalds Acked-by: Greg Kroah-Hartman Cc: Samuel Ortiz Signed-off-by: Tomas Winkler Signed-off-by: Linus Torvalds

cxl: Fix refcounting in kernel API

2015-07-07T09:38:37Z

Currently the kernel API AFU dev refcounting is done on context start and stop. This patch moves this refcounting to context init and release, bringing it inline with how the userspace API does it. Without this we've seen the refcounting on the AFU get out of whack between the user and kernel API usage. This causes the AFU structures to be freed when they are actually still in use. This fixes some kref warnings we've been seeing and spurious ErrIVTE IRQs. Signed-off-by: Michael Neuling Acked-by: Ian Munsie Signed-off-by: Michael Ellerman