linux-stable.git/drivers/of, branch linux-3.17.y Linux kernel stable tree of/fdt: memblock_reserve /memreserve/ regions in the case of partial overlap 2014-12-16T17:37:07+00:00 Ian Campbell ian.campbell@citrix.com 2014-11-25T15:05:13+00:00 bb4be8b28092bd32120c7ffc1f1a8295262cbb74 commit 094cb98179f19b75acf9ff471daabf3948ce98e6 upstream. memblock_is_region_reserved() returns true in the case of a partial overlap, meaning that the current code fails to reserve the non-overlapping portion. This call was introduced as part of d1552ce449eb "of/fdt: move memreserve and dtb memory reservations into core" which went into v3.16. I observed this causing a Midway system with a buggy fdt (the header declares itself to be larger than it really is) failing to boot because the over-inflated size of the fdt was causing it to seem to run into the swapper_pg_dir region, meaning the DT wasn't reserved. The symptoms were failing to find an disks or network and failing to boot. However given the ambiguity of whether things like the initrd are covered by /memreserve/ and similar I think it is best to also register the region rather than just ignoring it. Since memblock_reserve() handles overlaps just fine lets just warn and carry on. Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Signed-off-by: Grant Likely <grant.likely@linaro.org> Cc: Rob Herring <robh+dt@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 094cb98179f19b75acf9ff471daabf3948ce98e6 upstream.

memblock_is_region_reserved() returns true in the case of a partial
overlap, meaning that the current code fails to reserve the
non-overlapping portion.

This call was introduced as part of d1552ce449eb "of/fdt: move
memreserve and dtb memory reservations into core" which went into
v3.16.

I observed this causing a Midway system with a buggy fdt (the header
declares itself to be larger than it really is) failing to boot
because the over-inflated size of the fdt was causing it to seem to
run into the swapper_pg_dir region, meaning the DT wasn't reserved.
The symptoms were failing to find an disks or network and failing to
boot.

However given the ambiguity of whether things like the initrd are
covered by /memreserve/ and similar I think it is best to also
register the region rather than just ignoring it.

Since memblock_reserve() handles overlaps just fine lets just warn and
carry on.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Grant Likely <grant.likely@linaro.org>
Cc: Rob Herring <robh+dt@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
of/selftest: Fix off-by-one error in removal path 2014-12-06T23:57:29+00:00 Grant Likely grant.likely@linaro.org 2014-11-19T16:22:32+00:00 1f8d238e13cd3bdc43b1c2623755347a24f4ce7e commit c1a2086e2d8c4eb4e8630ba752e911ec180dec67 upstream. The removal path for selftest data has an off by one error that causes the code to dereference beyond the end of the nodes[] array on the first pass through. The old code only worked by chance on a lot of platforms, but the bug was recently exposed on aarch64. The fix is simple. Decrement the node count before dereferencing, not after. Reported-by: Kevin Hilman <khilman@linaro.org> Cc: Rob Herring <robh+dt@kernel.org> Cc: Gaurav Minocha <gaurav.minocha.os@gmail.com> 
commit c1a2086e2d8c4eb4e8630ba752e911ec180dec67 upstream.

The removal path for selftest data has an off by one error that causes
the code to dereference beyond the end of the nodes[] array on the first
pass through. The old code only worked by chance on a lot of platforms,
but the bug was recently exposed on aarch64.

The fix is simple. Decrement the node count before dereferencing, not
after.

Reported-by: Kevin Hilman <khilman@linaro.org>
Cc: Rob Herring <robh+dt@kernel.org>
Cc: Gaurav Minocha <gaurav.minocha.os@gmail.com>
of: Fix crash if an earlycon driver is not found 2014-12-06T23:57:29+00:00 Kevin Cernekee cernekee@gmail.com 2014-11-09T08:55:47+00:00 b7b660a4ddc1c09b6eec40a5c211d7082aaa2dd4 commit ab74d00a39f70e1bc34a01322bb59f3750ca7a8c upstream. __earlycon_of_table_sentinel.compatible is a char[128], not a pointer, so it will never be NULL. Checking it against NULL causes the match loop to run past the end of the array, and eventually match a bogus entry, under the following conditions: - Kernel command line specifies "earlycon" with no parameters - DT has a stdout-path pointing to a UART node - The UART driver doesn't use OF_EARLYCON_DECLARE (or maybe the console driver is compiled out) Fix this by checking to see if match->compatible is a non-empty string. Signed-off-by: Kevin Cernekee <cernekee@gmail.com> Signed-off-by: Rob Herring <robh@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit ab74d00a39f70e1bc34a01322bb59f3750ca7a8c upstream.

__earlycon_of_table_sentinel.compatible is a char[128], not a pointer, so
it will never be NULL.  Checking it against NULL causes the match loop to
run past the end of the array, and eventually match a bogus entry, under
the following conditions:

 - Kernel command line specifies "earlycon" with no parameters
 - DT has a stdout-path pointing to a UART node
 - The UART driver doesn't use OF_EARLYCON_DECLARE (or maybe the console
   driver is compiled out)

Fix this by checking to see if match->compatible is a non-empty string.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
of/base: Fix PowerPC address parsing hack 2014-12-06T23:57:22+00:00 Benjamin Herrenschmidt benh@kernel.crashing.org 2014-11-14T06:55:03+00:00 cc91f8b2a55b80a7b4dd6ca0ce364c03fe50a56d commit 746c9e9f92dde2789908e51a354ba90a1962a2eb upstream. We have a historical hack that treats missing ranges properties as the equivalent of an empty one. This is needed for ancient PowerMac "bad" device-trees, and shouldn't be enabled for any other PowerPC platform, otherwise we get some nasty layout of devices in sysfs or even duplication when a set of otherwise identically named devices is created multiple times under a different parent node with no ranges property. This fix is needed for the PowerNV i2c busses to be exposed properly and will fix a number of other embedded cases. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Acked-by: Grant Likely <grant.likely@linaro.org> Signed-off-by: Rob Herring <robh@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 746c9e9f92dde2789908e51a354ba90a1962a2eb upstream.

We have a historical hack that treats missing ranges properties as the
equivalent of an empty one. This is needed for ancient PowerMac "bad"
device-trees, and shouldn't be enabled for any other PowerPC platform,
otherwise we get some nasty layout of devices in sysfs or even
duplication when a set of otherwise identically named devices is
created multiple times under a different parent node with no ranges
property.

This fix is needed for the PowerNV i2c busses to be exposed properly
and will fix a number of other embedded cases.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Acked-by: Grant Likely <grant.likely@linaro.org>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
of: Fix overflow bug in string property parsing functions 2014-11-14T18:10:40+00:00 Grant Likely grant.likely@linaro.org 2014-11-03T15:15:35+00:00 fe716b704f7395459cdad92ce4c5fc83f6b55f7a commit a87fa1d81a9fb5e9adca9820e16008c40ad09f33 upstream. The string property read helpers will run off the end of the buffer if it is handed a malformed string property. Rework the parsers to make sure that doesn't happen. At the same time add new test cases to make sure the functions behave themselves. The original implementations of of_property_read_string_index() and of_property_count_strings() both open-coded the same block of parsing code, each with it's own subtly different bugs. The fix here merges functions into a single helper and makes the original functions static inline wrappers around the helper. One non-bugfix aspect of this patch is the addition of a new wrapper, of_property_read_string_array(). The new wrapper is needed by the device_properties feature that Rafael is working on and planning to merge for v3.19. The implementation is identical both with and without the new static inline wrapper, so it just got left in to reduce the churn on the header file. Signed-off-by: Grant Likely <grant.likely@linaro.org> Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com> Cc: Mika Westerberg <mika.westerberg@linux.intel.com> Cc: Rob Herring <robh+dt@kernel.org> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Darren Hart <darren.hart@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit a87fa1d81a9fb5e9adca9820e16008c40ad09f33 upstream.

The string property read helpers will run off the end of the buffer if
it is handed a malformed string property. Rework the parsers to make
sure that doesn't happen. At the same time add new test cases to make
sure the functions behave themselves.

The original implementations of of_property_read_string_index() and
of_property_count_strings() both open-coded the same block of parsing
code, each with it's own subtly different bugs. The fix here merges
functions into a single helper and makes the original functions static
inline wrappers around the helper.

One non-bugfix aspect of this patch is the addition of a new wrapper,
of_property_read_string_array(). The new wrapper is needed by the
device_properties feature that Rafael is working on and planning to
merge for v3.19. The implementation is identical both with and without
the new static inline wrapper, so it just got left in to reduce the
churn on the header file.

Signed-off-by: Grant Likely <grant.likely@linaro.org>
Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Cc: Mika Westerberg <mika.westerberg@linux.intel.com>
Cc: Rob Herring <robh+dt@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Darren Hart <darren.hart@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
of/fdt: fix memory range check 2014-09-25T10:55:50+00:00 Srinivas Kandagatla srinivas.kandagatla@linaro.org 2014-09-23T09:59:09+00:00 9aacd602f0246f1b1f3c4684b2ab13d0772976f7 In cases where board has below memory DT node memory{ device_type = "memory"; reg = <0x80000000 0x80000000>; }; Check on the memory range in fdt.c will always fail because it is comparing MAX_PHYS_ADDR with base + size, in fact it should compare it with base + size - 1. This issue was originally noticed on Qualcomm IFC6410 board. Without this patch kernel shows up noticed unnecessary warnings [ 0.000000] Machine model: Qualcomm APQ8064/IFC6410 [ 0.000000] Ignoring memory range 0xffffffff - 0x100000000 [ 0.000000] cma: Reserved 64 MiB at ab800000 as a result the size get reduced to 0x7fffffff which looks wrong. This patch fixes the check involved in generating this warning and as a result it also fixes the wrong size calculation. Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org> [grant.likely: adjust new size calculation also] Signed-off-by: Grant Likely <grant.likely@linaro.org> 
In cases where board has below memory DT node

memory{
	device_type = "memory";
	reg = <0x80000000 0x80000000>;
};

Check on the memory range in fdt.c will always fail because it is
comparing MAX_PHYS_ADDR with base + size, in fact it should compare
it with base + size - 1.

This issue was originally noticed on Qualcomm IFC6410 board.
Without this patch kernel shows up noticed unnecessary warnings

[    0.000000] Machine model: Qualcomm APQ8064/IFC6410
[    0.000000] Ignoring memory range 0xffffffff - 0x100000000
[    0.000000] cma: Reserved 64 MiB at ab800000

as a result the size get reduced to 0x7fffffff which looks wrong.

This patch fixes the check involved in generating this warning and
as a result it also fixes the wrong size calculation.

Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
[grant.likely: adjust new size calculation also]
Signed-off-by: Grant Likely <grant.likely@linaro.org>
of: Fix memory block alignment in early_init_dt_add_memory_arch() 2014-09-08T14:57:26+00:00 Geert Uytterhoeven geert+renesas@glider.be 2014-08-20T15:10:31+00:00 8f73d4b7011061f46ba6f46006b2848b412ff43f If a memory block is not aligned to PAGE_SIZE, its base address must be rounded up, not down, and its size must be reduced. Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Signed-off-by: Grant Likely <grant.likely@linaro.org> 
If a memory block is not aligned to PAGE_SIZE, its base address must be
rounded up, not down, and its size must be reduced.

Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Grant Likely <grant.likely@linaro.org>
of: make sure of_alias is initialized before accessing it 2014-09-08T14:57:26+00:00 Laurentiu Tudor b10716@freescale.com 2014-08-27T14:09:39+00:00 7dbe5849fb50fc9b5b77a8f590c87a577ddc9bb6 Simply swap of_alias and of_chosen initialization so that of_alias ends up read first. This must be done because it is accessed couple of lines below when trying to initialize the of_stdout using the alias based legacy method. [Fixes a752ee5 - tty: Update hypervisor tty drivers to use core stdout parsing code] Signed-off-by: Laurentiu Tudor <Laurentiu.Tudor@freescale.com> [glikely: Don't move the 'if (!of_aliases)' test] Signed-off-by: Grant Likely <grant.likely@linaro.org> 
Simply swap of_alias and of_chosen initialization so
that of_alias ends up read first. This must be done
because it is accessed couple of lines below when
trying to initialize the of_stdout using the alias
based legacy method.

[Fixes a752ee5 - tty: Update hypervisor tty drivers to
use core stdout parsing code]

Signed-off-by: Laurentiu Tudor <Laurentiu.Tudor@freescale.com>
[glikely: Don't move the 'if (!of_aliases)' test]
Signed-off-by: Grant Likely <grant.likely@linaro.org>
of: Disabling OF functions that use sysfs if CONFIG_SYSFS disabled 2014-09-08T14:57:25+00:00 Gaurav Minocha gaurav.minocha.os@gmail.com 2014-09-05T16:56:13+00:00 ef69d74035befbddd7c2b7e86120e49191107acc This patch is to the fix the recent runtime bug in kernel reported by <fengguang.wu@intel.com>. The bug was exposed by commit b951f9dc, "Enabling OF selftest to run without machine's devicetree" and is exposed when CONFIG_OF_SELFTEST is enabled and CONFIG_SYSFS is disabled. Mail Subject: [OF test] BUG: unable to handle kernel NULL pointer dereference at 00000038 Tested on x86 and arm architecture Signed-off-by: Gaurav Minocha <gaurav.minocha.os@gmail.com> Signed-off-by: Grant Likely <grant.likely@linaro.org> 
This patch is to the fix the recent runtime bug in kernel reported by
<fengguang.wu@intel.com>. The bug was exposed by commit b951f9dc,
"Enabling OF selftest to run without machine's devicetree" and is
exposed when CONFIG_OF_SELFTEST is enabled and CONFIG_SYSFS is
disabled.

Mail Subject: [OF test] BUG: unable to handle kernel NULL pointer
dereference at 00000038

Tested on x86 and arm architecture

Signed-off-by: Gaurav Minocha <gaurav.minocha.os@gmail.com>
Signed-off-by: Grant Likely <grant.likely@linaro.org>
of: correct of_console_check()'s return value 2014-09-08T14:57:24+00:00 Brian Norris computersforpeace@gmail.com 2014-09-03T18:06:43+00:00 5f74d8b7b8546255db6af45b017e9cbb18aed609 The comments above of_console_check() say that it will return TRUE if it registers a preferred console, but add_preferred_console() uses a 0-equals-success convention, so this leaves of_console_check() with an inconsistent policy for its return values. Fortunately, nobody was actually checking the return value of of_console_check(), so this isn't significant at the moment. But let's match the comments, so we're doing what we say. Fixes: 3482f2c52b77 ('of: Create of_console_check() for selecting a console specified in /chosen') Signed-off-by: Brian Norris <computersforpeace@gmail.com> Signed-off-by: Grant Likely <grant.likely@linaro.org> 
The comments above of_console_check() say that it will return TRUE if it
registers a preferred console, but add_preferred_console() uses a
0-equals-success convention, so this leaves of_console_check() with an
inconsistent policy for its return values.

Fortunately, nobody was actually checking the return value of
of_console_check(), so this isn't significant at the moment.

But let's match the comments, so we're doing what we say.

Fixes: 3482f2c52b77 ('of: Create of_console_check() for selecting a console specified in /chosen')
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Grant Likely <grant.likely@linaro.org>