Linux v4.9.14
This commit is contained in:
parent
3431aaf079
commit
676add0c7d
|
@ -1,66 +0,0 @@
|
|||
From patchwork Wed Jan 25 18:31:31 2017
|
||||
Content-Type: text/plain; charset="utf-8"
|
||||
MIME-Version: 1.0
|
||||
Content-Transfer-Encoding: 7bit
|
||||
Subject: [v2] arm64: dma-mapping: Fix dma_mapping_error() when bypassing
|
||||
SWIOTLB
|
||||
From: Robin Murphy <robin.murphy@arm.com>
|
||||
X-Patchwork-Id: 9537723
|
||||
Message-Id: <840027acb4750542003dff17b4a8902ba8972754.1485368348.git.robin.murphy@arm.com>
|
||||
To: will.deacon@arm.com,
|
||||
catalin.marinas@arm.com
|
||||
Cc: Jisheng Zhang <jszhang@marvell.com>, arnd@arndb.de,
|
||||
konrad.wilk@oracle.com, aaro.koskinen@iki.fi, stable@vger.kernel.org,
|
||||
linux-rpi-kernel@lists.infradead.org, linux-arm-kernel@lists.infradead.org
|
||||
Date: Wed, 25 Jan 2017 18:31:31 +0000
|
||||
|
||||
When bypassing SWIOTLB on small-memory systems, we need to avoid calling
|
||||
into swiotlb_dma_mapping_error() in exactly the same way as we avoid
|
||||
swiotlb_dma_supported(), because the former also relies on SWIOTLB state
|
||||
being initialised.
|
||||
|
||||
Under the assumptions for which we skip SWIOTLB, dma_map_{single,page}()
|
||||
will only ever return the DMA-offset-adjusted physical address of the
|
||||
page passed in, thus we can report success unconditionally.
|
||||
|
||||
Fixes: b67a8b29df7e ("arm64: mm: only initialize swiotlb when necessary")
|
||||
CC: stable@vger.kernel.org
|
||||
CC: Jisheng Zhang <jszhang@marvell.com>
|
||||
Reported-by: Aaro Koskinen <aaro.koskinen@iki.fi>
|
||||
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
|
||||
Tested-by: Aaro Koskinen <aaro.koskinen@iki.fi>
|
||||
---
|
||||
|
||||
v2: Get the return value the right way round this time... After some
|
||||
careful reasoning it really is that simple.
|
||||
|
||||
arch/arm64/mm/dma-mapping.c | 9 ++++++++-
|
||||
1 file changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/arm64/mm/dma-mapping.c b/arch/arm64/mm/dma-mapping.c
|
||||
index e04082700bb1..1ffb7d5d299a 100644
|
||||
--- a/arch/arm64/mm/dma-mapping.c
|
||||
+++ b/arch/arm64/mm/dma-mapping.c
|
||||
@@ -352,6 +352,13 @@ static int __swiotlb_dma_supported(struct device *hwdev, u64 mask)
|
||||
return 1;
|
||||
}
|
||||
|
||||
+static int __swiotlb_dma_mapping_error(struct device *hwdev, dma_addr_t addr)
|
||||
+{
|
||||
+ if (swiotlb)
|
||||
+ return swiotlb_dma_mapping_error(hwdev, addr);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
static struct dma_map_ops swiotlb_dma_ops = {
|
||||
.alloc = __dma_alloc,
|
||||
.free = __dma_free,
|
||||
@@ -366,7 +373,7 @@ static struct dma_map_ops swiotlb_dma_ops = {
|
||||
.sync_sg_for_cpu = __swiotlb_sync_sg_for_cpu,
|
||||
.sync_sg_for_device = __swiotlb_sync_sg_for_device,
|
||||
.dma_supported = __swiotlb_dma_supported,
|
||||
- .mapping_error = swiotlb_dma_mapping_error,
|
||||
+ .mapping_error = __swiotlb_dma_mapping_error,
|
||||
};
|
||||
|
||||
static int __init atomic_pool_init(void)
|
|
@ -210,7 +210,7 @@ CONFIG_SUNXI_WATCHDOG=m
|
|||
CONFIG_MFD_SUN6I_PRCM=y
|
||||
CONFIG_IR_SUNXI=m
|
||||
CONFIG_MMC_SUNXI=m
|
||||
CONFIG_RTC_DRV_SUN6I=m
|
||||
CONFIG_RTC_DRV_SUN6I=y
|
||||
CONFIG_PWM_SUN4I=m
|
||||
# CONFIG_PHY_SUN4I_USB is not set
|
||||
# CONFIG_PHY_SUN9I_USB is not set
|
||||
|
|
|
@ -226,7 +226,7 @@ CONFIG_MDIO_SUN4I=m
|
|||
CONFIG_DWMAC_SUNXI=m
|
||||
CONFIG_SUN4I_EMAC=m
|
||||
CONFIG_SUN8I_EMAC=m
|
||||
CONFIG_RTC_DRV_SUN6I=m
|
||||
CONFIG_RTC_DRV_SUN6I=y
|
||||
CONFIG_MTD_NAND_SUNXI=m
|
||||
CONFIG_SERIO_SUN4I_PS2=m
|
||||
CONFIG_KEYBOARD_SUN4I_LRADC=m
|
||||
|
|
|
@ -1,75 +0,0 @@
|
|||
From 95e91b831f87ac8e1f8ed50c14d709089b4e01b8 Mon Sep 17 00:00:00 2001
|
||||
From: Davidlohr Bueso <dave@stgolabs.net>
|
||||
Date: Mon, 27 Feb 2017 14:28:24 -0800
|
||||
Subject: [PATCH] ipc/shm: Fix shmat mmap nil-page protection
|
||||
|
||||
The issue is described here, with a nice testcase:
|
||||
|
||||
https://bugzilla.kernel.org/show_bug.cgi?id=192931
|
||||
|
||||
The problem is that shmat() calls do_mmap_pgoff() with MAP_FIXED, and
|
||||
the address rounded down to 0. For the regular mmap case, the
|
||||
protection mentioned above is that the kernel gets to generate the
|
||||
address -- arch_get_unmapped_area() will always check for MAP_FIXED and
|
||||
return that address. So by the time we do security_mmap_addr(0) things
|
||||
get funky for shmat().
|
||||
|
||||
The testcase itself shows that while a regular user crashes, root will
|
||||
not have a problem attaching a nil-page. There are two possible fixes
|
||||
to this. The first, and which this patch does, is to simply allow root
|
||||
to crash as well -- this is also regular mmap behavior, ie when hacking
|
||||
up the testcase and adding mmap(... |MAP_FIXED). While this approach
|
||||
is the safer option, the second alternative is to ignore SHM_RND if the
|
||||
rounded address is 0, thus only having MAP_SHARED flags. This makes the
|
||||
behavior of shmat() identical to the mmap() case. The downside of this
|
||||
is obviously user visible, but does make sense in that it maintains
|
||||
semantics after the round-down wrt 0 address and mmap.
|
||||
|
||||
Passes shm related ltp tests.
|
||||
|
||||
Link: http://lkml.kernel.org/r/1486050195-18629-1-git-send-email-dave@stgolabs.net
|
||||
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
|
||||
Reported-by: Gareth Evans <gareth.evans@contextis.co.uk>
|
||||
Cc: Manfred Spraul <manfred@colorfullife.com>
|
||||
Cc: Michael Kerrisk <mtk.manpages@googlemail.com>
|
||||
Cc: <stable@vger.kernel.org>
|
||||
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
---
|
||||
ipc/shm.c | 13 +++++++++----
|
||||
1 file changed, 9 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/ipc/shm.c b/ipc/shm.c
|
||||
index d7805ac..06ea9ef 100644
|
||||
--- a/ipc/shm.c
|
||||
+++ b/ipc/shm.c
|
||||
@@ -1091,8 +1091,8 @@ SYSCALL_DEFINE3(shmctl, int, shmid, int, cmd, struct shmid_ds __user *, buf)
|
||||
* "raddr" thing points to kernel space, and there has to be a wrapper around
|
||||
* this.
|
||||
*/
|
||||
-long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
|
||||
- unsigned long shmlba)
|
||||
+long do_shmat(int shmid, char __user *shmaddr, int shmflg,
|
||||
+ ulong *raddr, unsigned long shmlba)
|
||||
{
|
||||
struct shmid_kernel *shp;
|
||||
unsigned long addr;
|
||||
@@ -1113,8 +1113,13 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
|
||||
goto out;
|
||||
else if ((addr = (ulong)shmaddr)) {
|
||||
if (addr & (shmlba - 1)) {
|
||||
- if (shmflg & SHM_RND)
|
||||
- addr &= ~(shmlba - 1); /* round down */
|
||||
+ /*
|
||||
+ * Round down to the nearest multiple of shmlba.
|
||||
+ * For sane do_mmap_pgoff() parameters, avoid
|
||||
+ * round downs that trigger nil-page and MAP_FIXED.
|
||||
+ */
|
||||
+ if ((shmflg & SHM_RND) && addr >= shmlba)
|
||||
+ addr &= ~(shmlba - 1);
|
||||
else
|
||||
#ifndef __ARCH_FORCE_SHMLBA
|
||||
if (addr & ~PAGE_MASK)
|
||||
--
|
||||
2.9.3
|
||||
|
15
kernel.spec
15
kernel.spec
|
@ -42,7 +42,7 @@ Summary: The Linux kernel
|
|||
# For non-released -rc kernels, this will be appended after the rcX and
|
||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||
#
|
||||
%global baserelease 101
|
||||
%global baserelease 100
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# base_sublevel is the kernel version we're starting with and patching
|
||||
|
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 13
|
||||
%define stable_update 14
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
@ -513,8 +513,6 @@ Patch426: usb-phy-tegra-Add-38.4MHz-clock-table-entry.patch
|
|||
# Fix OMAP4 (pandaboard)
|
||||
Patch427: arm-revert-mmc-omap_hsmmc-Use-dma_request_chan-for-reque.patch
|
||||
|
||||
Patch428: arm64-dma-mapping-Fix-dma_mapping_error-when-bypassing-SWIOTLB.patch
|
||||
|
||||
# Not particularly happy we don't yet have a proper upstream resolution this is the right direction
|
||||
# https://www.spinics.net/lists/arm-kernel/msg535191.html
|
||||
Patch429: arm64-mm-Fix-memmap-to-be-initialized-for-the-entire-section.patch
|
||||
|
@ -642,15 +640,9 @@ Patch855: kvm-fix-page-struct-leak-in-handle_vmon.patch
|
|||
Patch858: 1-2-media-cxusb-Use-a-dma-capable-buffer-also-for-reading.patch
|
||||
Patch859: 2-2-media-dvb-usb-firmware-don-t-do-DMA-on-stack.patch
|
||||
|
||||
#rhbz 1415397
|
||||
Patch861: w1-ds2490-USB-transfer-buffers-need-to-be-DMAable.patch
|
||||
|
||||
#rhbz 1422969
|
||||
Patch862: rt2800-warning.patch
|
||||
|
||||
#CVE-2017-5669 rhbz 1427239
|
||||
Patch863: ipc-shm-Fix-shmat-mmap-nil-page-protection.patch
|
||||
|
||||
#CVE-2017-6353 rhbz 1428907 1428910
|
||||
Patch864: sctp-deny-peeloff-operation-on-asocs-with-threads-sl.patch
|
||||
|
||||
|
@ -2185,6 +2177,9 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Mon Mar 13 2017 Laura Abbott <labbott@fedoraproject.org> - 4.9.14-100
|
||||
- Linux v4.9.14
|
||||
|
||||
* Tue Mar 07 2017 Laura Abbott <labbott@fedoraproject.org> - 4.9.13-101
|
||||
- Build for some CVEs
|
||||
|
||||
|
|
2
sources
2
sources
|
@ -1,3 +1,3 @@
|
|||
SHA512 (linux-4.9.tar.xz) = bf67ff812cc3cb7e5059e82cc5db0d9a7c5637f7ed9a42e4730c715bf7047c81ed3a571225f92a33ef0b6d65f35595bc32d773356646df2627da55e9bc7f1f1a
|
||||
SHA512 (perf-man-4.9.tar.gz) = d23bb3da1eadd6623fddbf4696948de7675f3dcf57c711a7427dd7ae111394f58d8f42752938bbea7cd219f1e7f6f116fc67a1c74f769711063940a065f37b99
|
||||
SHA512 (patch-4.9.13.xz) = d7956cc8a4ab11514789af4f1f7023268e4b003216766c153f0f09aac659aabda5de634b363d53f8daeddfcf5820619c5bca31ff5f9aeb187c1df016c05f68d5
|
||||
SHA512 (patch-4.9.14.xz) = 0bfb0f5e27081d96760884726cc44fa0dcb1c4f3658e8131de0a4d8b90689e95e8c2f3a0c95a165ae4a2c95b227392cd9249b3018d6242af4ee81a892edfc94f
|
||||
|
|
|
@ -1,360 +0,0 @@
|
|||
From patchwork Wed Jan 18 20:31:11 2017
|
||||
Content-Type: text/plain; charset="utf-8"
|
||||
MIME-Version: 1.0
|
||||
Content-Transfer-Encoding: 7bit
|
||||
Subject: w1: ds2490: USB transfer buffers need to be DMAable
|
||||
From: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>
|
||||
X-Patchwork-Id: 9524693
|
||||
Message-Id: <5ba98814-d0b0-fbd4-d631-eda3472f4017@maciej.szmigiero.name>
|
||||
To: Evgeniy Polyakov <zbr@ioremap.net>
|
||||
Cc: linux-kernel <linux-kernel@vger.kernel.org>
|
||||
Date: Wed, 18 Jan 2017 21:31:11 +0100
|
||||
|
||||
ds2490 driver was doing USB transfers from / to buffers on a stack.
|
||||
This is not permitted and made the driver non-working with vmapped stacks.
|
||||
|
||||
Since all these transfers are done under the same bus_mutex lock we can
|
||||
simply use shared buffers in a device private structure for two most common
|
||||
of them.
|
||||
|
||||
While we are at it, let's also fix a comparison between int and size_t in
|
||||
ds9490r_search() which made the driver spin in this function if state
|
||||
register get requests were failing.
|
||||
|
||||
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
|
||||
Cc: stable@vger.kernel.org
|
||||
---
|
||||
drivers/w1/masters/ds2490.c | 142 ++++++++++++++++++++++++++------------------
|
||||
1 file changed, 84 insertions(+), 58 deletions(-)
|
||||
|
||||
diff --git a/drivers/w1/masters/ds2490.c b/drivers/w1/masters/ds2490.c
|
||||
index 049a884a756f..59d74d1b47a8 100644
|
||||
--- a/drivers/w1/masters/ds2490.c
|
||||
+++ b/drivers/w1/masters/ds2490.c
|
||||
@@ -153,6 +153,9 @@ struct ds_device
|
||||
*/
|
||||
u16 spu_bit;
|
||||
|
||||
+ u8 st_buf[ST_SIZE];
|
||||
+ u8 byte_buf;
|
||||
+
|
||||
struct w1_bus_master master;
|
||||
};
|
||||
|
||||
@@ -174,7 +177,6 @@ struct ds_status
|
||||
u8 data_in_buffer_status;
|
||||
u8 reserved1;
|
||||
u8 reserved2;
|
||||
-
|
||||
};
|
||||
|
||||
static struct usb_device_id ds_id_table [] = {
|
||||
@@ -244,28 +246,6 @@ static int ds_send_control(struct ds_device *dev, u16 value, u16 index)
|
||||
return err;
|
||||
}
|
||||
|
||||
-static int ds_recv_status_nodump(struct ds_device *dev, struct ds_status *st,
|
||||
- unsigned char *buf, int size)
|
||||
-{
|
||||
- int count, err;
|
||||
-
|
||||
- memset(st, 0, sizeof(*st));
|
||||
-
|
||||
- count = 0;
|
||||
- err = usb_interrupt_msg(dev->udev, usb_rcvintpipe(dev->udev,
|
||||
- dev->ep[EP_STATUS]), buf, size, &count, 1000);
|
||||
- if (err < 0) {
|
||||
- pr_err("Failed to read 1-wire data from 0x%x: err=%d.\n",
|
||||
- dev->ep[EP_STATUS], err);
|
||||
- return err;
|
||||
- }
|
||||
-
|
||||
- if (count >= sizeof(*st))
|
||||
- memcpy(st, buf, sizeof(*st));
|
||||
-
|
||||
- return count;
|
||||
-}
|
||||
-
|
||||
static inline void ds_print_msg(unsigned char *buf, unsigned char *str, int off)
|
||||
{
|
||||
pr_info("%45s: %8x\n", str, buf[off]);
|
||||
@@ -324,6 +304,35 @@ static void ds_dump_status(struct ds_device *dev, unsigned char *buf, int count)
|
||||
}
|
||||
}
|
||||
|
||||
+static int ds_recv_status(struct ds_device *dev, struct ds_status *st,
|
||||
+ bool dump)
|
||||
+{
|
||||
+ int count, err;
|
||||
+
|
||||
+ if (st)
|
||||
+ memset(st, 0, sizeof(*st));
|
||||
+
|
||||
+ count = 0;
|
||||
+ err = usb_interrupt_msg(dev->udev,
|
||||
+ usb_rcvintpipe(dev->udev,
|
||||
+ dev->ep[EP_STATUS]),
|
||||
+ dev->st_buf, sizeof(dev->st_buf),
|
||||
+ &count, 1000);
|
||||
+ if (err < 0) {
|
||||
+ pr_err("Failed to read 1-wire data from 0x%x: err=%d.\n",
|
||||
+ dev->ep[EP_STATUS], err);
|
||||
+ return err;
|
||||
+ }
|
||||
+
|
||||
+ if (dump)
|
||||
+ ds_dump_status(dev, dev->st_buf, count);
|
||||
+
|
||||
+ if (st && count >= sizeof(*st))
|
||||
+ memcpy(st, dev->st_buf, sizeof(*st));
|
||||
+
|
||||
+ return count;
|
||||
+}
|
||||
+
|
||||
static void ds_reset_device(struct ds_device *dev)
|
||||
{
|
||||
ds_send_control_cmd(dev, CTL_RESET_DEVICE, 0);
|
||||
@@ -344,7 +353,6 @@ static void ds_reset_device(struct ds_device *dev)
|
||||
static int ds_recv_data(struct ds_device *dev, unsigned char *buf, int size)
|
||||
{
|
||||
int count, err;
|
||||
- struct ds_status st;
|
||||
|
||||
/* Careful on size. If size is less than what is available in
|
||||
* the input buffer, the device fails the bulk transfer and
|
||||
@@ -359,14 +367,9 @@ static int ds_recv_data(struct ds_device *dev, unsigned char *buf, int size)
|
||||
err = usb_bulk_msg(dev->udev, usb_rcvbulkpipe(dev->udev, dev->ep[EP_DATA_IN]),
|
||||
buf, size, &count, 1000);
|
||||
if (err < 0) {
|
||||
- u8 buf[ST_SIZE];
|
||||
- int count;
|
||||
-
|
||||
pr_info("Clearing ep0x%x.\n", dev->ep[EP_DATA_IN]);
|
||||
usb_clear_halt(dev->udev, usb_rcvbulkpipe(dev->udev, dev->ep[EP_DATA_IN]));
|
||||
-
|
||||
- count = ds_recv_status_nodump(dev, &st, buf, sizeof(buf));
|
||||
- ds_dump_status(dev, buf, count);
|
||||
+ ds_recv_status(dev, NULL, true);
|
||||
return err;
|
||||
}
|
||||
|
||||
@@ -404,7 +407,6 @@ int ds_stop_pulse(struct ds_device *dev, int limit)
|
||||
{
|
||||
struct ds_status st;
|
||||
int count = 0, err = 0;
|
||||
- u8 buf[ST_SIZE];
|
||||
|
||||
do {
|
||||
err = ds_send_control(dev, CTL_HALT_EXE_IDLE, 0);
|
||||
@@ -413,7 +415,7 @@ int ds_stop_pulse(struct ds_device *dev, int limit)
|
||||
err = ds_send_control(dev, CTL_RESUME_EXE, 0);
|
||||
if (err)
|
||||
break;
|
||||
- err = ds_recv_status_nodump(dev, &st, buf, sizeof(buf));
|
||||
+ err = ds_recv_status(dev, &st, false);
|
||||
if (err)
|
||||
break;
|
||||
|
||||
@@ -456,18 +458,17 @@ int ds_detect(struct ds_device *dev, struct ds_status *st)
|
||||
|
||||
static int ds_wait_status(struct ds_device *dev, struct ds_status *st)
|
||||
{
|
||||
- u8 buf[ST_SIZE];
|
||||
int err, count = 0;
|
||||
|
||||
do {
|
||||
st->status = 0;
|
||||
- err = ds_recv_status_nodump(dev, st, buf, sizeof(buf));
|
||||
+ err = ds_recv_status(dev, st, false);
|
||||
#if 0
|
||||
if (err >= 0) {
|
||||
int i;
|
||||
printk("0x%x: count=%d, status: ", dev->ep[EP_STATUS], err);
|
||||
for (i=0; i<err; ++i)
|
||||
- printk("%02x ", buf[i]);
|
||||
+ printk("%02x ", dev->st_buf[i]);
|
||||
printk("\n");
|
||||
}
|
||||
#endif
|
||||
@@ -485,7 +486,7 @@ static int ds_wait_status(struct ds_device *dev, struct ds_status *st)
|
||||
* can do something with it).
|
||||
*/
|
||||
if (err > 16 || count >= 100 || err < 0)
|
||||
- ds_dump_status(dev, buf, err);
|
||||
+ ds_dump_status(dev, dev->st_buf, err);
|
||||
|
||||
/* Extended data isn't an error. Well, a short is, but the dump
|
||||
* would have already told the user that and we can't do anything
|
||||
@@ -608,7 +609,6 @@ static int ds_write_byte(struct ds_device *dev, u8 byte)
|
||||
{
|
||||
int err;
|
||||
struct ds_status st;
|
||||
- u8 rbyte;
|
||||
|
||||
err = ds_send_control(dev, COMM_BYTE_IO | COMM_IM | dev->spu_bit, byte);
|
||||
if (err)
|
||||
@@ -621,11 +621,11 @@ static int ds_write_byte(struct ds_device *dev, u8 byte)
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
- err = ds_recv_data(dev, &rbyte, sizeof(rbyte));
|
||||
+ err = ds_recv_data(dev, &dev->byte_buf, 1);
|
||||
if (err < 0)
|
||||
return err;
|
||||
|
||||
- return !(byte == rbyte);
|
||||
+ return !(byte == dev->byte_buf);
|
||||
}
|
||||
|
||||
static int ds_read_byte(struct ds_device *dev, u8 *byte)
|
||||
@@ -712,7 +712,6 @@ static void ds9490r_search(void *data, struct w1_master *master,
|
||||
int err;
|
||||
u16 value, index;
|
||||
struct ds_status st;
|
||||
- u8 st_buf[ST_SIZE];
|
||||
int search_limit;
|
||||
int found = 0;
|
||||
int i;
|
||||
@@ -724,7 +723,12 @@ static void ds9490r_search(void *data, struct w1_master *master,
|
||||
/* FIFO 128 bytes, bulk packet size 64, read a multiple of the
|
||||
* packet size.
|
||||
*/
|
||||
- u64 buf[2*64/8];
|
||||
+ const size_t bufsize = 2 * 64;
|
||||
+ u64 *buf;
|
||||
+
|
||||
+ buf = kmalloc(bufsize, GFP_KERNEL);
|
||||
+ if (!buf)
|
||||
+ return;
|
||||
|
||||
mutex_lock(&master->bus_mutex);
|
||||
|
||||
@@ -745,10 +749,9 @@ static void ds9490r_search(void *data, struct w1_master *master,
|
||||
do {
|
||||
schedule_timeout(jtime);
|
||||
|
||||
- if (ds_recv_status_nodump(dev, &st, st_buf, sizeof(st_buf)) <
|
||||
- sizeof(st)) {
|
||||
+ err = ds_recv_status(dev, &st, false);
|
||||
+ if (err < 0 || err < sizeof(st))
|
||||
break;
|
||||
- }
|
||||
|
||||
if (st.data_in_buffer_status) {
|
||||
/* Bulk in can receive partial ids, but when it does
|
||||
@@ -758,7 +761,7 @@ static void ds9490r_search(void *data, struct w1_master *master,
|
||||
* bulk without first checking if status says there
|
||||
* is data to read.
|
||||
*/
|
||||
- err = ds_recv_data(dev, (u8 *)buf, sizeof(buf));
|
||||
+ err = ds_recv_data(dev, (u8 *)buf, bufsize);
|
||||
if (err < 0)
|
||||
break;
|
||||
for (i = 0; i < err/8; ++i) {
|
||||
@@ -794,9 +797,14 @@ static void ds9490r_search(void *data, struct w1_master *master,
|
||||
}
|
||||
search_out:
|
||||
mutex_unlock(&master->bus_mutex);
|
||||
+ kfree(buf);
|
||||
}
|
||||
|
||||
#if 0
|
||||
+/*
|
||||
+ * FIXME: if this disabled code is ever used in the future all ds_send_data()
|
||||
+ * calls must be changed to use a DMAable buffer.
|
||||
+ */
|
||||
static int ds_match_access(struct ds_device *dev, u64 init)
|
||||
{
|
||||
int err;
|
||||
@@ -845,13 +853,12 @@ static int ds_set_path(struct ds_device *dev, u64 init)
|
||||
|
||||
static u8 ds9490r_touch_bit(void *data, u8 bit)
|
||||
{
|
||||
- u8 ret;
|
||||
struct ds_device *dev = data;
|
||||
|
||||
- if (ds_touch_bit(dev, bit, &ret))
|
||||
+ if (ds_touch_bit(dev, bit, &dev->byte_buf))
|
||||
return 0;
|
||||
|
||||
- return ret;
|
||||
+ return dev->byte_buf;
|
||||
}
|
||||
|
||||
#if 0
|
||||
@@ -866,13 +873,12 @@ static u8 ds9490r_read_bit(void *data)
|
||||
{
|
||||
struct ds_device *dev = data;
|
||||
int err;
|
||||
- u8 bit = 0;
|
||||
|
||||
- err = ds_touch_bit(dev, 1, &bit);
|
||||
+ err = ds_touch_bit(dev, 1, &dev->byte_buf);
|
||||
if (err)
|
||||
return 0;
|
||||
|
||||
- return bit & 1;
|
||||
+ return dev->byte_buf & 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -887,32 +893,52 @@ static u8 ds9490r_read_byte(void *data)
|
||||
{
|
||||
struct ds_device *dev = data;
|
||||
int err;
|
||||
- u8 byte = 0;
|
||||
|
||||
- err = ds_read_byte(dev, &byte);
|
||||
+ err = ds_read_byte(dev, &dev->byte_buf);
|
||||
if (err)
|
||||
return 0;
|
||||
|
||||
- return byte;
|
||||
+ return dev->byte_buf;
|
||||
}
|
||||
|
||||
static void ds9490r_write_block(void *data, const u8 *buf, int len)
|
||||
{
|
||||
struct ds_device *dev = data;
|
||||
+ u8 *tbuf;
|
||||
+
|
||||
+ if (len <= 0)
|
||||
+ return;
|
||||
+
|
||||
+ tbuf = kmalloc(len, GFP_KERNEL);
|
||||
+ if (!tbuf)
|
||||
+ return;
|
||||
|
||||
- ds_write_block(dev, (u8 *)buf, len);
|
||||
+ memcpy(tbuf, buf, len);
|
||||
+ ds_write_block(dev, tbuf, len);
|
||||
+
|
||||
+ kfree(tbuf);
|
||||
}
|
||||
|
||||
static u8 ds9490r_read_block(void *data, u8 *buf, int len)
|
||||
{
|
||||
struct ds_device *dev = data;
|
||||
int err;
|
||||
+ u8 *tbuf;
|
||||
|
||||
- err = ds_read_block(dev, buf, len);
|
||||
- if (err < 0)
|
||||
+ if (len <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ tbuf = kmalloc(len, GFP_KERNEL);
|
||||
+ if (!tbuf)
|
||||
return 0;
|
||||
|
||||
- return len;
|
||||
+ err = ds_read_block(dev, tbuf, len);
|
||||
+ if (err >= 0)
|
||||
+ memcpy(buf, tbuf, len);
|
||||
+
|
||||
+ kfree(tbuf);
|
||||
+
|
||||
+ return err >= 0 ? len : 0;
|
||||
}
|
||||
|
||||
static u8 ds9490r_reset(void *data)
|
Loading…
Reference in New Issue