| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch adds a separate evdev node for the DS3 its motion
sensors. We only expose the accelerometers as the gyroscope
is extremely difficult to manage and behavior varies a lot
between hardware revisions.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 510c8b7c168bcad75e2864f73e5125d7218ee3cf)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I566566d2437a0ee70af8a6eb821dd47359d710b3
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
controllers
This patch adds printing when we failed to activate DS3 / Nagivation
controllers and checks the return value for these failures earlier
in sony_input_configured. This paves the way for other configuration
logic for these devices, which we don't want to call if for example
the activation failed.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 80ecc48c0ade5e99cc9d84febd17c44a4f011c13)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I22ca0420b576036f1788bf63fde9abcdde01ac5c
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The axis and button mapping for the DS3 is strange. This is mostly
due to the device reporting many axes as for every digital button
it also has an analog button. Due to amount of analog values it
is even leaking well into the MT axes range.
We felt it is best to remove the many analog buttons and just report
digital and comply to the Linux gamepad spec. The analog buttons are
rarely used on the official platform, let alone on Linux.
This patch does remove motion sensor support (added back in another
patch).
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit e19a267b9987135c00155a51e683e434b9abb56b)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I312b269c97a3a38141683e384bcd3b4595760a52
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently the DS4 touchpad device is neither classified as a direct
input device nor as a pointer device. It makes most sense to mark
it as a pointer device.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit b9f7d245e34b1f42b5389b015962a2f022d4ece2)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I8fa285f5b3c2926e826477c7d366bc2ff8f00d64
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The DualShock 4 dongle isn't connected to a real DualShock 4 at
time of driver loading. When a DualShock 4 is plugged in, we
need to obtain calibration data (the dongle would have zeros).
This patch adds calibration logic, which we schedule on a hotplug
from sony_raw_event. In addition this patch adds dongle state
handling.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit f2f47c385d2babf44cbd2ec2be4f2b29b88041bc)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I34b8e1b47d5c2f8268b9c8ec12f6815b64ade380
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The driver currently uses sony_schedule_work to submit output
reports for the different devices for LEDs or rumble.
This patch adds a new parameter to sony_schedule_work to allow
scheduling for other types of work. The next patch in this series
will utilize this functionality. Considering the driver structure
and all error handling it felt best to reuse sony_schedule_work
and sony_cancel_work. The idea was inspired by the wacom driver
which does something similar.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit b53227360dc2e30fb8809815dfdc39339a34b8dd)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I9eaa71a2b27137602e8fb2c8118947e6b49af75f
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch adds a new quirk, which allows us to differentiate
between the DualShock 4 USB and the dongle. So far they have
been treated the same, but handling of calibration data differs
as the dongle behaves like Bluetooth, for other requests it
behaves like USB.
In addition this patches changes usb/dongle/bt handling in
sony_raw_event, which makes the code cleaner to read. In addition
another patch in this series will add more dongle logic, so this
change paves the road for that.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 35f436c31ea81d240ed53fe3467946e2a53032bb)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: Idbaebf4df720a782d83abd337eb698118a62c9f8
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The DS4 in BT mode sends initial input reports through report 1, which
is described in the HID report descriptors. When activated after sending
a certain feature report, the device uses report 17.
Currently the hid-sony driver fixes up the BT HID report descriptors,
so the HID layer can manage input reports for report 17.
We think it is best to eliminate this fixup and do the handling ourselves,
which is what this patch does. The main motivation is that there are
various users of DS4 through hidraw, including various cross-platform
applications/games, which have their own HID parsing across Linux/Win/OSX.
Due to the fixup the descriptors differ, which is causing pain for many
developers including major game publishers (who reached out privately).
Without the fixup, the Windows titles also have a fighting chance for
working on Wine, which provides HID support now. Overall it felt
best because of these reasons to remove the fixup.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit d03ae2e1080026951376d787b96109169926a15c)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I818f4c7ad907fa81f16b825e522d28e221dbe42a
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Report the hardware timestamp inside each HID report through
MSC_TIMESTAMP for motion sensor values.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 80786eb9abebce64ec471de12d8ab3072834b333)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I2915ce7caf286bf5016aef318e441efdc1c95e95
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The DS4 motion sensors require calibration for accurate operation.
This patch adds calibration for both the accelerometer and the
gyroscope. Calibration requires reading device specific scaling
factors and offsets. For precision reasons we store these values
as a numerator and denominator and apply the values when processing
the data.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 55a07d62db0feda2e37f6962a1b2799e2a8b42ba)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I335e4d0e8720e7dc62041b43d107fd69a592d9a9
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The DS4 motion sensors are currently mapped by the hid-core driver
to non-existing axes in between ABS_MISC and ABS_MT_SLOT, because
the device already exhausted ABS_X-ABS_RZ. For a part the mapping
by hid-core is accomplished by a fixup in hid-sony as the motion
axes actually use vendor specific usage pages.
This patch makes the DS4 use a separate input device for the motion
sensors and reports acceleration data through ABS_X-ABS_Z and
gyroscope data through ABS_RX-ABS_RZ. In addition it extends the
event spec to allow gyroscope data through ABS_RX-ABS_RZ when
INPUT_PROP_ACCELEROMETER is set. This change was suggested by
Peter Hutterer during a discussion on linux-input.
[jkosina@suse.cz: rebase onto slightly newer codebase]
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 227c011b2e046dd4d36d9e00e3d9c88097b2a4c3)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I26c22b0b076f114e9965460b589b22014b0c4b2f
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
USB/BT
When a user connects a DS4 twice using USB and BT, we reject the
second device connection after the setup work. We then perform
a cleanup, but during cleanup we are not removing the touchpad
device. This leads to leakage of an input device, which we would
never remove. It can likely result into a kernel oops as well
when the touchpad evdev node is accessed and the underlaying HID
device has been removed from the system.
[jkosina@suse.cz: added stable annotation]
Fixes: ac797b95f532 ("HID: sony: Make the DS4 touchpad a separate device")
Cc: stable@vger.kernel.org
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit a687c5765b5ae19fe559e14615ddc87ebb46d409)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: Iaf021a5624d96efca291c4890df89cb6ed1550b7
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The LED subsystem provides the LED_CORE_SUSPENDRESUME flag to handle
automatically turning off and restoring the state of device LEDs during
suspend/resume. Use this flag instead of saving and restoring the state
locally.
Signed-off-by: Frank Praznik <frank.praznik@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 765a1077c85e5f2efcc43582f80caf43a052e903)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: Ica87d7e4d9bf24a802a0556b82bd4192f237c6b1
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When the DS4 dongle is connected, it always generates HID reports
even when no DS4 is paired to it. This patch adds logic to ignore
HID reports from the dongle if there is no DS4 currently attached.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 405182c2459fe2de4a3994ef39e866993e0e61d1)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I519b484432d92183cdefd3e0f7c89e6e7d32f573
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The DS4 MAC address is reported as a unique identified when
using Bluetooth. For USB there is no unique identifier reported
yet, so use the MAC address.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit c70d5f70ccbbdf56bb86adb42127db90d0c90976)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I366c1dd01049c7039844e691456f5e49eb9d902f
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The error handling code in sony_input_configured in general uses goto
based cleanup. Recently we migrated code from sony_probe to here, but
we didn't update the existing touchpad registration code, which was
already here to use the goto.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 2b6579d4a71afb19c6583470783371b992944f67)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I00b37e52eb1798110427b02c72122e464cb9baab
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The DS4 side of hid-sony used the hid-core layer to assign buttons
and axes based on the HID report descriptors. The default mapping
was strange e.g. right stick using ABS_Z/ABS_RZ or the physical
'south button' being reported as BTN_EAST etcetera.
This patch makes the DS4 side ofi the hid-sony driver comply to
the Linux game controller spec as suggested in a discussion with
Dmitry on the linux-input list.
Currently the main user of the DS4 is the SDL2 library, which has
a mapping table using vendor/device/version as a key. In order to
not break SDL2 we discussed adjusting the version number, so it
can have both mappings. This was discust on linux-input and we
discussed privately with SDL2 developers.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 9131f8cc2b4eaf7c08d402243429e0bfba9aa0d6)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I91f52ca8c6b0c3a7bcd71f3b8bf14df160bd2bb4
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The dualshock 4 supports both analog sticks of which one uses
ABS_X/_Y and a touchpad. In a recent discussion with Dmitry about
some input-mt changes we proposed for disabling pointer emulation from
input_mt_sync_frame, Dmitry mentioned ABS_X/_Y should report the
same data as ABS_MT_POSITION_X/_Y. The current driver is mixing axes
for different subdevices. It was suggested to make the touchpad
its own sub-device.
This patch turns the touchpad into its own device. In addition
this patch also moves the button underneath the touchpad into
the new device. It felt like this button should be part of the
device. No known user space application (not even SDL2) seems to
be using it.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit ac797b95f53276c132c51d53437e38dd912413d7)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: If3f15f2179850a2029e5112dd34bcd424b7b80af
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bluetooth and USB
A previous patch moved most input initialization from sony_probe to
sony_input_configured to avoid some race conditions. The driver has some
special logic to prevent the device to get registered twice in case the
user connects it both over Bluetooth and USB. When this condition
happens sony_input_configured returns a failure, but sony_probe continues
as hid_hw_start doesn't fail. As was discussed on linux-input, it is
acceptable for this function to fail.
This patch adds a check for the HID_CLAIMED_INPUT flag within sony_probe
to determine whether initialization succeeded correctly. The flag is
not set by the HID layer when sony_input_configured fails.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 4f967f6d73746f66514528cc1191025f0b5d69b3)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I894f9cb08c672a769975aa5ecf062ee920e55785
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The motion sensor values are 16-bit, so make the value range match.
It is hard to reach the upper values, but they can be reached. At
least the current accelerometer value of 8192 is very easy to pass.
It is still not nice that the motion sensors live in no man's land
in between ABS_MISC and ABS_MT_SLOT, but that's something for another
time, which the proposed ABS_ACCEL_*/ABS_GYRO_* were meant for.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit bdae9e0e95364123fb7d372872bd7efd1760867c)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I86982a23a443662a88600fe42cbe5ed8ae2686a4
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Read the touch history field in the HID descriptor and use this value
to determine how many touch events to read from the report. As part
of this patch, we did a first attempt of making the offset calculation
code less magical.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit cdc1c0215ab449077cd160dde4fcd1c5f41dec6e)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: Ie32bd4ca29d7c0087c10e18c87ac8a6746516df4
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a CRC value to each output report. This removes the need for the
'no output reports on interrupt end-point' quirk.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit e7ef53adbf47734e90f9fd6e2a7a57df6f1fbc6b)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I5ac1c999b5f2253ae2ef1ceaa9531180a752d4d3
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 49b9ca6c6c361a19d223ff84bd0ff871c01b528a)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I433db7acd8a8e96d4c859e1c7df2abc7d8136085
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Put the report type (feature / output) in the report size definitions.
This prevents name collisions later on for other different reports, which use
the same report id, but have a different size.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 2c159de05082a70d3b3e75d8e167f4b5ca996405)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I00ce66a3bbec824503daa6c5affd2e4d2ab4a334
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Early on the sony_probe function calls hid_hw_start to start the hardware.
Afterwards it issues some hardware requests, initializes other functionality
like Force Feedback, power classes and others. However by the time
hid_hw_start returns, the device nodes have already been created, which leads
to a race condition by user space applications which may detect the device
prior to completion of initialization. We have observed this problem many
times, this patch fixes the problem.
This patch moves most of sony_probe to sony_input_configured, which is called
prior to device registration. This fixes the race condition and the same
approach is used in other HID drivers.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit e1bc84d0071f59c8b38232e2cb093c47c47e4f9f)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: If8ea300e33413de73aa8ae1bd95f64c810edae58
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Update the copyright notice with the current year and add a note
about values for controlling the Dualshock 4 reporting rate.
Processing reports at the default full rate of 1000hz can be too
demanding for some low-power embedded processors so noting
alternate values for people working with this hardware can be useful.
Thanks to Rostislav Pehlivanov for finding these values.
Signed-off-by: Frank Praznik <frank.praznik@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit c4425c8f26aad2b49c5959fad277c9d109fb8ca3)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I65a91d4583662c09253595f7486246a7fe7ca0e0
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When initially connected via USB the Sixaxis isn't fully initialized
until the PS logo button is pressed and won't send any input reports
nor will any state set by output reports be retained.
This adds a 'defer_initialization' flag to the sony_sc struct which,
when set, will delay sending any output reports until the first input
report has arrived. This flag is used with the USB Sixaxis to ensure
that any state sent will persist since, until the PS button is pushed,
any changes sent to the controller via an output report will be lost
after a couple of seconds.
The initial state of the controller is still configured at the time
of the initial connection and won't be internally modified after that,
so any state set by the user between that time and the recepit of the
first input report won't be lost.
Signed-off-by: Frank Praznik <frank.praznik@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 2a2429327711558aa23fd73d770b6fd5e0d10de7)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: Icf7e4903af38d7a16e0216f7c961f16aa0b7208b
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some USB-only devices which masquerade as Sixaxis controllers report the
same generic Bluetooth address for all hardware when queried via the HID
report. This causes these devices to be wrongly rejected as duplicates
when more than one is connected at once.
This introduces a connection type comparison when checking for duplicates
and only rejects the newly connected device if the existing matching
device is connected using a different connection protocol.
The results of the connection type comparison are also used when
registering power supply info as the device Bluetooth address is used
as the unique identifier string. In cases where more than one valid
device has the same Bluetooth address the device ID is now appended
to the power supply name string to avoid name collisions when
registering the power supply information.
Signed-off-by: Frank Praznik <frank.praznik@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 0f3982308b5fc7373c8d4e6dcfc8a02ee5a3408d)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: Id4b0565faa76b5e3b8fc3efacbf660cb55c90143
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Double-underscore prefixed types are unnecessary in pure kernel code,
replace them with the non prefixed equivalents.
Signed-off-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Antonio Ospite <ao2@ao2.it>
Acked-by: Frank Praznik <frank.praznik@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 1adf904e90059a5b577dbf49b57c27da29b1e69e)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I6d89bb735b641748e3e382e5590448e718ecb8a0
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
WARNING: Block comments use a trailing */ on a separate line
#822: FILE: drivers/hid/hid-sony.c:822:
+ * number but it's not needed for correct operation */
WARNING: Block comments use a trailing */ on a separate line
#828: FILE: drivers/hid/hid-sony.c:828:
+ * buttons multiple keypresses are allowed */
WARNING: Block comments use a trailing */ on a separate line
#854: FILE: drivers/hid/hid-sony.c:854:
+ * 0xff and 11th is for press indication */
WARNING: Missing a blank line after declarations
#1930: FILE: drivers/hid/hid-sony.c:1930:
+ struct sony_sc *sc = container_of(work, struct sony_sc, state_worker);
+ sc->send_output_report(sc);
WARNING: Block comments use a trailing */ on a separate line
#2510: FILE: drivers/hid/hid-sony.c:2510:
+ * Logitech joystick from the device descriptor. */
Signed-off-by: Antonio Ospite <ao2@ao2.it>
Acked-by: Frank Praznik <frank.praznik@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit ef916ef5ef75fe0206b2c0cfcd696b32aa1ea872)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: Ia40a8548c56301b8c320b95b0d991503512d9208
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
./scripts/checkpatch.pl \
--types "SPACING,TRAILING_WHITESPACE,POINTER_LOCATION,CODE_INDENT" \
-f drivers/hid/hid-sony.c
ERROR: trailing whitespace
#933: FILE: drivers/hid/hid-sony.c:933:
+^I * $
ERROR: space prohibited after that open square bracket '['
#947: FILE: drivers/hid/hid-sony.c:947:
+ [ 1] = BTN_TRIGGER_HAPPY1,
ERROR: space prohibited after that open square bracket '['
#948: FILE: drivers/hid/hid-sony.c:948:
+ [ 2] = BTN_TRIGGER_HAPPY2,
ERROR: space prohibited after that open square bracket '['
#949: FILE: drivers/hid/hid-sony.c:949:
+ [ 3] = BTN_TRIGGER_HAPPY3,
ERROR: space prohibited after that open square bracket '['
#950: FILE: drivers/hid/hid-sony.c:950:
+ [ 4] = BTN_TRIGGER_HAPPY4,
ERROR: space prohibited after that open square bracket '['
#951: FILE: drivers/hid/hid-sony.c:951:
+ [ 5] = BTN_TRIGGER_HAPPY5,
ERROR: space prohibited after that open square bracket '['
#952: FILE: drivers/hid/hid-sony.c:952:
+ [ 6] = BTN_TRIGGER_HAPPY6,
ERROR: space prohibited after that open square bracket '['
#953: FILE: drivers/hid/hid-sony.c:953:
+ [ 7] = BTN_TRIGGER_HAPPY7,
ERROR: space prohibited after that open square bracket '['
#954: FILE: drivers/hid/hid-sony.c:954:
+ [ 8] = BTN_TRIGGER_HAPPY8,
ERROR: space prohibited after that open square bracket '['
#955: FILE: drivers/hid/hid-sony.c:955:
+ [ 9] = BTN_TRIGGER_HAPPY9,
ERROR: "(foo*)" should be "(foo *)"
#1032: FILE: drivers/hid/hid-sony.c:1032:
+ void(*send_output_report)(struct sony_sc*);
WARNING: missing space after return type
#1032: FILE: drivers/hid/hid-sony.c:1032:
+ void(*send_output_report)(struct sony_sc*);
ERROR: "(foo*)" should be "(foo *)"
#2261: FILE: drivers/hid/hid-sony.c:2261:
+ void(*send_output_report)(struct sony_sc*))
WARNING: missing space after return type
#2261: FILE: drivers/hid/hid-sony.c:2261:
+ void(*send_output_report)(struct sony_sc*))
ERROR: code indent should use tabs where possible
#2449: FILE: drivers/hid/hid-sony.c:2449:
+ */$
total: 13 errors, 2 warnings, 2570 lines checked
Signed-off-by: Antonio Ospite <ao2@ao2.it>
Acked-by: Frank Praznik <frank.praznik@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit 09593e3888a9b041f9f9a728a56893915e2fbeda)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: Ic01f6b061d48d364a617241796647250b70ef8ff
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Signed-off-by: Antonio Ospite <ao2@ao2.it>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit d542176f94c790016cc340dff74ba00d57410728)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: Idb9a261581bc3bc45e51bbde96bfd9b640713b09
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The nyko core controller uses the same output report format as the
sixaxis controllers, but it expects the report id at offset 1.
This does not interfere with the official controllers as this byte
is considered a padding byte by the current code.
Signed-off-by: Scott Moreau <oreaus@gmail.com>
Acked-by: Antonio Ospite <ao2@ao2.it>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit ad07b7a6cf8898e1ec76a2641f6186c80d0b8a29)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: I7f72917bc229fb1a0600979f3e81aab53c5bad2d
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Sony has modified the HID descriptor in new revisions of the Dualshock 4 which
causes the size check in the descriptor replacement function to fail. Remove it
so that new revisions of the controller will work correctly.
The module is completely replacing the descriptor instead of patching it, so the
size check isn't really necessary anyways.
Signed-off-by: Frank Praznik <frank.praznik@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit b71b5578a84d297954e4812ba0ca2d466e61cf42)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: Idad96e31466c4d36533f79b55768f3a98213a3c9
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
On hardware which provides standby power for charging devices the state of the
LEDs and force-feedback on controllers can persist even when the system is in
standby. Additionally, the state of the controllers on resume may be different
from the state they were in at the time when they were suspended (ie. LEDs are
cleared on resume).
This implements the suspend and resume callbacks which saves and clears the
state of the LEDs on suspend and restores them on resume. Force-feedback is
stopped on suspend but not automatically restored on resume until a new event is
received to avoid potentially damaging hardware.
USB Sixaxis and navigation controllers must be reinitialized when the hardware
is reset on resume or they won't send any input reports.
Signed-off-by: Frank Praznik <frank.praznik@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit decd946c99f6b3826bda0bfd5d1b2ddd56ef6b54)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: Ib697f09822fb1239ca0846671648d82e483f66fe
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Refactor the output report sending functions to allow for the sending of output
reports without enqueuing a work item. Output reports for any device can now be
sent via the send_output_report function pointer in the sony_sc struct which
points to the appropriate output function. The individual state worker
functions have been replaced with a universal sony_state_worker function which
uses this function pointer.
Signed-off-by: Frank Praznik <frank.praznik@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
(cherry picked from commit d8aaccda7144df1c3d35251313197aed4cbea7bc)
Bug: 111431828
Signed-off-by: Kim Low <kim-huei.low@sony.com>
Change-Id: If9492e32078878762329ac2e46c77b7668621fab
Signed-off-by: Siarhei Vishniakou <svv@google.com>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* refs/heads/tmp-3f5703c
Linux 4.4.199
Revert "ALSA: hda: Flush interrupts on disabling"
xfs: Correctly invert xfs_buftarg LRU isolation logic
sctp: not bind the socket in sctp_connect
sctp: fix the issue that flags are ignored when using kernel_connect
sch_netem: fix rcu splat in netem_enqueue()
net: usb: sr9800: fix uninitialized local variable
bonding: fix potential NULL deref in bond_update_slave_arr
llc: fix sk_buff leak in llc_conn_service()
llc: fix sk_buff leak in llc_sap_state_process()
rtlwifi: Fix potential overflow on P2P code
s390/cmm: fix information leak in cmm_timeout_handler()
nl80211: fix validation of mesh path nexthop
HID: fix error message in hid_open_report()
HID: Fix assumption that devices have inputs
USB: serial: whiteheat: fix line-speed endianness
USB: serial: whiteheat: fix potential slab corruption
USB: ldusb: fix control-message timeout
USB: ldusb: fix ring-buffer locking
USB: gadget: Reject endpoints with 0 maxpacket value
UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
ALSA: bebob: Fix prototype of helper function to return negative value
fuse: truncate pending writes on O_TRUNC
fuse: flush dirty data/metadata before non-truncate setattr
ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
thunderbolt: Use 32-bit writes when writing ring producer/consumer
USB: legousbtower: fix a signedness bug in tower_probe()
tracing: Initialize iter->seq after zeroing in tracing_read_pipe()
NFSv4: Fix leak of clp->cl_acceptor string
MIPS: fw: sni: Fix out of bounds init of o32 stack
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc()
fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()
efi/x86: Do not clean dummy variable in kexec path
efi/cper: Fix endianness of PCIe class code
serial: mctrl_gpio: Check for NULL pointer
fs: cifs: mute -Wunused-const-variable message
RDMA/iwcm: Fix a lock inversion issue
perf map: Fix overlapped map handling
iio: fix center temperature of bmc150-accel-core
exec: load_script: Do not exec truncated interpreter path
usb: handle warm-reset port requests on hub resume
scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks
x86/cpu: Add Atom Tremont (Jacobsville)
sc16is7xx: Fix for "Unexpected interrupt: 8"
dm: Use kzalloc for all structs with embedded biosets/mempools
dm snapshot: rework COW throttling to fix deadlock
dm snapshot: introduce account_start_copy() and account_end_copy()
dm snapshot: use mutex instead of rw_semaphore
ANDROID: cpufreq: times: add /proc/uid_concurrent_{active,policy}_time
Conflicts:
drivers/cpufreq/cpufreq_times.c
Change-Id: I2c27599db8577afa4853222b11d9aec20071e752
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.199
dm snapshot: use mutex instead of rw_semaphore
dm snapshot: introduce account_start_copy() and account_end_copy()
dm snapshot: rework COW throttling to fix deadlock
dm: Use kzalloc for all structs with embedded biosets/mempools
sc16is7xx: Fix for "Unexpected interrupt: 8"
x86/cpu: Add Atom Tremont (Jacobsville)
scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks
usb: handle warm-reset port requests on hub resume
exec: load_script: Do not exec truncated interpreter path
iio: fix center temperature of bmc150-accel-core
perf map: Fix overlapped map handling
RDMA/iwcm: Fix a lock inversion issue
fs: cifs: mute -Wunused-const-variable message
serial: mctrl_gpio: Check for NULL pointer
efi/cper: Fix endianness of PCIe class code
efi/x86: Do not clean dummy variable in kexec path
fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc()
MIPS: fw: sni: Fix out of bounds init of o32 stack
NFSv4: Fix leak of clp->cl_acceptor string
tracing: Initialize iter->seq after zeroing in tracing_read_pipe()
USB: legousbtower: fix a signedness bug in tower_probe()
thunderbolt: Use 32-bit writes when writing ring producer/consumer
ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
fuse: flush dirty data/metadata before non-truncate setattr
fuse: truncate pending writes on O_TRUNC
ALSA: bebob: Fix prototype of helper function to return negative value
UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
USB: gadget: Reject endpoints with 0 maxpacket value
USB: ldusb: fix ring-buffer locking
USB: ldusb: fix control-message timeout
USB: serial: whiteheat: fix potential slab corruption
USB: serial: whiteheat: fix line-speed endianness
HID: Fix assumption that devices have inputs
HID: fix error message in hid_open_report()
nl80211: fix validation of mesh path nexthop
s390/cmm: fix information leak in cmm_timeout_handler()
rtlwifi: Fix potential overflow on P2P code
llc: fix sk_buff leak in llc_sap_state_process()
llc: fix sk_buff leak in llc_conn_service()
bonding: fix potential NULL deref in bond_update_slave_arr
net: usb: sr9800: fix uninitialized local variable
sch_netem: fix rcu splat in netem_enqueue()
sctp: fix the issue that flags are ignored when using kernel_connect
sctp: not bind the socket in sctp_connect
xfs: Correctly invert xfs_buftarg LRU isolation logic
Revert "ALSA: hda: Flush interrupts on disabling"
Linux 4.4.199
Change-Id: Ia26458456401f9ec050f4c11bd5bdf24b8a21b24
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit b3a81c777dcb093020680490ab970d85e2f6f04f upstream.
On HID report descriptor parsing error the code displays bogus
pointer instead of error offset (subtracts start=NULL from end).
Make the message more useful by displaying correct error offset
and include total buffer size for reference.
This was carried over from ancient times - "Fixed" commit just
promoted the message from DEBUG to ERROR.
Cc: stable@vger.kernel.org
Fixes: 8c3d52fc393b ("HID: make parser more verbose about parsing errors by default")
Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit d9d4b1e46d9543a82c23f6df03f4ad697dab361b upstream.
The syzbot fuzzer found a slab-out-of-bounds write bug in the hid-gaff
driver. The problem is caused by the driver's assumption that the
device must have an input report. While this will be true for all
normal HID input devices, a suitably malicious device can violate the
assumption.
The same assumption is present in over a dozen other HID drivers.
This patch fixes them by checking that the list of hid_inputs for the
hid_device is nonempty before allowing it to be used.
Reported-and-tested-by: syzbot+403741a091bf41d4ae79@syzkaller.appspotmail.com
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\ \ \ |
|
| | |\| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* refs/heads/tmp-736005d
Linux 4.4.196
NFC: fix attrs checks in netlink interface
smack: use GFP_NOFS while holding inode_smack::smk_lock
Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
net/rds: Fix error handling in rds_ib_add_one()
xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
sch_dsmark: fix potential NULL deref in dsmark_init()
nfc: fix memory leak in llcp_sock_bind()
net: qlogic: Fix memory leak in ql_alloc_large_buffers
net: ipv4: avoid mixed n_redirects and rate_tokens usage
ipv6: drop incoming packets having a v4mapped source address
hso: fix NULL-deref on tty open
ANDROID: binder: synchronize_rcu() when using POLLFREE.
ANDROID: binder: remove waitqueue when thread exits.
kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
ocfs2: wait for recovering done after direct unlock request
hypfs: Fix error number left in struct pointer member
fat: work around race with userspace's read via blockdev while mounting
security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb()
HID: apple: Fix stuck function keys when using FN
ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes
mfd: intel-lpss: Remove D3cold delay
scsi: core: Reduce memory required for SCSI logging
powerpc/pseries: correctly track irq state in default idle
powerpc/64s/exception: machine check use correct cfar for late handler
vfio_pci: Restore original state on release
pinctrl: tegra: Fix write barrier placement in pmx_writel
powerpc/pseries/mobility: use cond_resched when updating device tree
powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function
powerpc/rtas: use device model APIs and serialization during LPM
clk: sirf: Don't reference clk_init_data after registration
clk: qoriq: Fix -Wunused-const-variable
ipmi_si: Only schedule continuously in the thread in maintenance mode
gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property()
video: ssd1307fb: Start page range at page_offset
Change-Id: If2b47b65954e56510e7a8b963a7110ebc9a4f1cc
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | | |\|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes in 4.4.196
video: ssd1307fb: Start page range at page_offset
gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property()
ipmi_si: Only schedule continuously in the thread in maintenance mode
clk: qoriq: Fix -Wunused-const-variable
clk: sirf: Don't reference clk_init_data after registration
powerpc/rtas: use device model APIs and serialization during LPM
powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function
powerpc/pseries/mobility: use cond_resched when updating device tree
pinctrl: tegra: Fix write barrier placement in pmx_writel
vfio_pci: Restore original state on release
powerpc/64s/exception: machine check use correct cfar for late handler
powerpc/pseries: correctly track irq state in default idle
scsi: core: Reduce memory required for SCSI logging
mfd: intel-lpss: Remove D3cold delay
ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes
HID: apple: Fix stuck function keys when using FN
security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb()
fat: work around race with userspace's read via blockdev while mounting
hypfs: Fix error number left in struct pointer member
ocfs2: wait for recovering done after direct unlock request
kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
ANDROID: binder: remove waitqueue when thread exits.
ANDROID: binder: synchronize_rcu() when using POLLFREE.
hso: fix NULL-deref on tty open
ipv6: drop incoming packets having a v4mapped source address
net: ipv4: avoid mixed n_redirects and rate_tokens usage
net: qlogic: Fix memory leak in ql_alloc_large_buffers
nfc: fix memory leak in llcp_sock_bind()
sch_dsmark: fix potential NULL deref in dsmark_init()
xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
net/rds: Fix error handling in rds_ib_add_one()
sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
smack: use GFP_NOFS while holding inode_smack::smk_lock
NFC: fix attrs checks in netlink interface
Linux 4.4.196
Change-Id: I7e03bb3ca1865988df014b8e38336b76430842a9
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ Upstream commit aec256d0ecd561036f188dbc8fa7924c47a9edfd ]
This fixes an issue in which key down events for function keys would be
repeatedly emitted even after the user has raised the physical key. For
example, the driver fails to emit the F5 key up event when going through
the following steps:
- fnmode=1: hold FN, hold F5, release FN, release F5
- fnmode=2: hold F5, hold FN, release F5, release FN
The repeated F5 key down events can be easily verified using xev.
Signed-off-by: Joao Moreno <mail@joaomoreno.com>
Co-developed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |\| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* refs/heads/tmp-4af3204
Linux 4.4.195
Btrfs: fix race setting up and completing qgroup rescan workers
btrfs: Relinquish CPUs in btrfs_compare_trees
Btrfs: fix use-after-free when using the tree modification log
ovl: filter of trusted xattr results in audit
CIFS: Fix oplock handling for SMB 2.1+ protocols
i2c: riic: Clear NACK in tend isr
hwrng: core - don't wait on add_early_randomness()
quota: fix wrong condition in is_quota_modification()
ext4: fix punch hole for inline_data file systems
/dev/mem: Bail out upon SIGKILL.
cfg80211: Purge frame registrations on iftype change
md/raid6: Set R5_ReadError when there is read failure on parity disk
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
ASoC: Intel: Fix use of potentially uninitialized variable
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
KVM: x86: Manually calculate reserved bits when loading PDPTRS
KVM: x86: set ctxt->have_exception in x86_decode_insn()
KVM: x86: always stop emulation on page fault
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
fuse: fix missing unlock_page in fuse_writepage()
printk: Do not lose last line in kmsg buffer dump
ALSA: firewire-tascam: check intermediate state of clock status and retry
ALSA: firewire-tascam: handle error code when getting current source of clock
media: omap3isp: Set device on omap3isp subdevs
btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
libertas: Add missing sentinel at end of if_usb.c fw_table
mmc: sdhci: Fix incorrect switch to HS mode
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
kprobes: Prohibit probing on BUG() and WARN() address
dmaengine: ti: edma: Do not reset reserved paRAM slots
md/raid1: fail run raid1 array when active disk less than one
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
ACPI: custom_method: fix memory leaks
libtraceevent: Change users plugin directory
ACPI / CPPC: do not require the _PSD method
media: ov9650: add a sanity check
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
media: cpia2_usb: fix memory leaks
media: saa7146: add cleanup in hexium_attach()
media: hdpvr: add terminating 0 at end of string
media: radio/si470x: kill urb on error
net: lpc-enet: fix printk format strings
media: omap3isp: Don't set streaming state on random subdevs
dmaengine: iop-adma: use correct printk format strings
media: gspca: zero usb_buf on error
efi: cper: print AER info of PCIe fatal error
md: don't set In_sync if array is frozen
md: don't call spare_active in md_reap_sync_thread if all member devices can't work
ia64:unwind: fix double free for mod->arch.init_unw_table
ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
base: soc: Export soc_device_register/unregister APIs
media: iguanair: add sanity checks
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
ALSA: hda - Show the fatal CORB/RIRB error more clearly
x86/apic: Soft disable APIC before initializing it
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
sched/core: Fix CPU controller for !RT_GROUP_SCHED
sched/fair: Fix imbalance due to CPU affinity
media: hdpvr: Add device num check and handling
media: dib0700: fix link error for dibx000_i2c_set_speed
leds: leds-lp5562 allow firmware files up to the maximum length
dmaengine: bcm2835: Print error in case setting DMA mask fails
ASoC: sgtl5000: Fix charge pump source assignment
ALSA: hda: Flush interrupts on disabling
nfc: enforce CAP_NET_RAW for raw sockets
ieee802154: enforce CAP_NET_RAW for raw sockets
ax25: enforce CAP_NET_RAW for raw sockets
appletalk: enforce CAP_NET_RAW for raw sockets
mISDN: enforce CAP_NET_RAW for raw sockets
usbnet: sanity checking of packet sizes and device mtu
usbnet: ignore endpoints with invalid wMaxPacketSize
skge: fix checksum byte order
sch_netem: fix a divide by zero in tabledist()
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
net/phy: fix DP83865 10 Mbps HDX loopback disable function
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
arcnet: provide a buffer big enough to actually receive packets
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
drm: Flush output polling on shutdown
f2fs: fix to do sanity check on segment bitmap of LFS curseg
Revert "f2fs: avoid out-of-range memory access"
f2fs: check all the data segments against all node ones
irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
locking/lockdep: Add debug_locks check in __lock_downgrade()
mac80211: handle deauthentication/disassociation from TDLS peer
mac80211: Print text for disassociation reason
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
net: rds: Fix NULL ptr use in rds_tcp_kill_sock
crypto: talitos - fix missing break in switch statement
mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
HID: hidraw: Fix invalid read in hidraw_ioctl
HID: logitech: Fix general protection fault caused by Logitech driver
HID: lg: make transfer buffers DMA capable
HID: prodikeys: Fix general protection fault during probe
Revert "Bluetooth: validate BLE connection interval updates"
ANDROID: usb: gadget: Fix dependency for f_accessory
Remove taskname from lowmemorykiller kill reports
ANDROID: Fixes to locking around handle_lmk_event
Conflicts:
drivers/staging/android/lowmemorykiller.c
fs/f2fs/segment.c
fs/f2fs/super.c
Change-Id: Id4b74ec2b0512aa13bc4392d61d5092f633fed0e
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | | |\|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes in 4.4.195
Revert "Bluetooth: validate BLE connection interval updates"
HID: prodikeys: Fix general protection fault during probe
HID: lg: make transfer buffers DMA capable
HID: logitech: Fix general protection fault caused by Logitech driver
HID: hidraw: Fix invalid read in hidraw_ioctl
mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
crypto: talitos - fix missing break in switch statement
net: rds: Fix NULL ptr use in rds_tcp_kill_sock
ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
mac80211: Print text for disassociation reason
mac80211: handle deauthentication/disassociation from TDLS peer
locking/lockdep: Add debug_locks check in __lock_downgrade()
irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
f2fs: check all the data segments against all node ones
Revert "f2fs: avoid out-of-range memory access"
f2fs: fix to do sanity check on segment bitmap of LFS curseg
drm: Flush output polling on shutdown
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
arcnet: provide a buffer big enough to actually receive packets
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
net/phy: fix DP83865 10 Mbps HDX loopback disable function
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
sch_netem: fix a divide by zero in tabledist()
skge: fix checksum byte order
usbnet: ignore endpoints with invalid wMaxPacketSize
usbnet: sanity checking of packet sizes and device mtu
mISDN: enforce CAP_NET_RAW for raw sockets
appletalk: enforce CAP_NET_RAW for raw sockets
ax25: enforce CAP_NET_RAW for raw sockets
ieee802154: enforce CAP_NET_RAW for raw sockets
nfc: enforce CAP_NET_RAW for raw sockets
ALSA: hda: Flush interrupts on disabling
ASoC: sgtl5000: Fix charge pump source assignment
dmaengine: bcm2835: Print error in case setting DMA mask fails
leds: leds-lp5562 allow firmware files up to the maximum length
media: dib0700: fix link error for dibx000_i2c_set_speed
media: hdpvr: Add device num check and handling
sched/fair: Fix imbalance due to CPU affinity
sched/core: Fix CPU controller for !RT_GROUP_SCHED
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
x86/apic: Soft disable APIC before initializing it
ALSA: hda - Show the fatal CORB/RIRB error more clearly
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
media: iguanair: add sanity checks
base: soc: Export soc_device_register/unregister APIs
ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
ia64:unwind: fix double free for mod->arch.init_unw_table
md: don't call spare_active in md_reap_sync_thread if all member devices can't work
md: don't set In_sync if array is frozen
efi: cper: print AER info of PCIe fatal error
media: gspca: zero usb_buf on error
dmaengine: iop-adma: use correct printk format strings
media: omap3isp: Don't set streaming state on random subdevs
net: lpc-enet: fix printk format strings
media: radio/si470x: kill urb on error
media: hdpvr: add terminating 0 at end of string
media: saa7146: add cleanup in hexium_attach()
media: cpia2_usb: fix memory leaks
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
media: ov9650: add a sanity check
ACPI / CPPC: do not require the _PSD method
libtraceevent: Change users plugin directory
ACPI: custom_method: fix memory leaks
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
md/raid1: fail run raid1 array when active disk less than one
dmaengine: ti: edma: Do not reset reserved paRAM slots
kprobes: Prohibit probing on BUG() and WARN() address
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
mmc: sdhci: Fix incorrect switch to HS mode
libertas: Add missing sentinel at end of if_usb.c fw_table
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
media: omap3isp: Set device on omap3isp subdevs
ALSA: firewire-tascam: handle error code when getting current source of clock
ALSA: firewire-tascam: check intermediate state of clock status and retry
printk: Do not lose last line in kmsg buffer dump
fuse: fix missing unlock_page in fuse_writepage()
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
KVM: x86: always stop emulation on page fault
KVM: x86: set ctxt->have_exception in x86_decode_insn()
KVM: x86: Manually calculate reserved bits when loading PDPTRS
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
ASoC: Intel: Fix use of potentially uninitialized variable
ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
md/raid6: Set R5_ReadError when there is read failure on parity disk
cfg80211: Purge frame registrations on iftype change
/dev/mem: Bail out upon SIGKILL.
ext4: fix punch hole for inline_data file systems
quota: fix wrong condition in is_quota_modification()
hwrng: core - don't wait on add_early_randomness()
i2c: riic: Clear NACK in tend isr
CIFS: Fix oplock handling for SMB 2.1+ protocols
ovl: filter of trusted xattr results in audit
Btrfs: fix use-after-free when using the tree modification log
btrfs: Relinquish CPUs in btrfs_compare_trees
Btrfs: fix race setting up and completing qgroup rescan workers
Linux 4.4.195
Change-Id: I0a333f55c8fd4273b37044e4e4e89ac1fb0fad1a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 416dacb819f59180e4d86a5550052033ebb6d72c upstream.
The syzbot fuzzer has reported a pair of problems in the
hidraw_ioctl() function: slab-out-of-bounds read and use-after-free
read. An example of the first:
BUG: KASAN: slab-out-of-bounds in strlen+0x79/0x90 lib/string.c:525
Read of size 1 at addr ffff8881c8035f38 by task syz-executor.4/2833
CPU: 1 PID: 2833 Comm: syz-executor.4 Not tainted 5.3.0-rc2+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0xca/0x13e lib/dump_stack.c:113
print_address_description+0x6a/0x32c mm/kasan/report.c:351
__kasan_report.cold+0x1a/0x33 mm/kasan/report.c:482
kasan_report+0xe/0x12 mm/kasan/common.c:612
strlen+0x79/0x90 lib/string.c:525
strlen include/linux/string.h:281 [inline]
hidraw_ioctl+0x245/0xae0 drivers/hid/hidraw.c:446
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:509 [inline]
do_vfs_ioctl+0xd2d/0x1330 fs/ioctl.c:696
ksys_ioctl+0x9b/0xc0 fs/ioctl.c:713
__do_sys_ioctl fs/ioctl.c:720 [inline]
__se_sys_ioctl fs/ioctl.c:718 [inline]
__x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:718
do_syscall_64+0xb7/0x580 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459829
Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f7a68f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
RDX: 0000000000000000 RSI: 0000000080404805 RDI: 0000000000000004
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7a68f6e6d4
R13: 00000000004c21de R14: 00000000004d5620 R15: 00000000ffffffff
The two problems have the same cause: hidraw_ioctl() fails to test
whether the device has been removed. This patch adds the missing test.
Reported-and-tested-by: syzbot+5a6c4ec678a0c6ee84ba@syzkaller.appspotmail.com
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 5f9242775bb61f390f0885f23fc16397262c7538 upstream.
The syzbot fuzzer found a general protection fault in the HID subsystem:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
CPU: 0 PID: 3715 Comm: syz-executor.3 Not tainted 5.2.0-rc6+ #15
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:__pm_runtime_resume+0x49/0x180 drivers/base/power/runtime.c:1069
Code: ed 74 d5 fe 45 85 ed 0f 85 9a 00 00 00 e8 6f 73 d5 fe 48 8d bd c1 02
00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48
89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 fe 00 00 00
RSP: 0018:ffff8881d99d78e0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000020 RCX: ffffc90003f3f000
RDX: 0000000416d8686d RSI: ffffffff82676841 RDI: 00000020b6c3436a
RBP: 00000020b6c340a9 R08: ffff8881c6d64800 R09: fffffbfff0e84c25
R10: ffff8881d99d7940 R11: ffffffff87426127 R12: 0000000000000004
R13: 0000000000000000 R14: ffff8881d9b94000 R15: ffffffff897f9048
FS: 00007f047f542700(0000) GS:ffff8881db200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b30f21000 CR3: 00000001ca032000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
pm_runtime_get_sync include/linux/pm_runtime.h:226 [inline]
usb_autopm_get_interface+0x1b/0x50 drivers/usb/core/driver.c:1707
usbhid_power+0x7c/0xe0 drivers/hid/usbhid/hid-core.c:1234
hid_hw_power include/linux/hid.h:1038 [inline]
hidraw_open+0x20d/0x740 drivers/hid/hidraw.c:282
chrdev_open+0x219/0x5c0 fs/char_dev.c:413
do_dentry_open+0x497/0x1040 fs/open.c:778
do_last fs/namei.c:3416 [inline]
path_openat+0x1430/0x3ff0 fs/namei.c:3533
do_filp_open+0x1a1/0x280 fs/namei.c:3563
do_sys_open+0x3c0/0x580 fs/open.c:1070
do_syscall_64+0xb7/0x560 arch/x86/entry/common.c:301
entry_SYSCALL_64_after_hwframe+0x49/0xbe
It turns out the fault was caused by a bug in the HID Logitech driver,
which violates the requirement that every pathway calling
hid_hw_start() must also call hid_hw_stop(). This patch fixes the bug
by making sure the requirement is met.
Reported-and-tested-by: syzbot+3cbe5cd105d2ad56a1df@syzkaller.appspotmail.com
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 061232f0d47fa10103f3efa3e890f002a930d902 upstream.
Kernel v4.9 strictly enforces DMA capable buffers, so we need to remove
buffers allocated on the stack.
[jkosina@suse.cz: fix up second usage of hid_hw_raw_request(), spotted by
0day build bot]
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
commit 98375b86c79137416e9fd354177b85e768c16e56 upstream.
The syzbot fuzzer provoked a general protection fault in the
hid-prodikeys driver:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.3.0-rc5+ #28
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: usb_hub_wq hub_event
RIP: 0010:pcmidi_submit_output_report drivers/hid/hid-prodikeys.c:300 [inline]
RIP: 0010:pcmidi_set_operational drivers/hid/hid-prodikeys.c:558 [inline]
RIP: 0010:pcmidi_snd_initialise drivers/hid/hid-prodikeys.c:686 [inline]
RIP: 0010:pk_probe+0xb51/0xfd0 drivers/hid/hid-prodikeys.c:836
Code: 0f 85 50 04 00 00 48 8b 04 24 4c 89 7d 10 48 8b 58 08 e8 b2 53 e4 fc
48 8b 54 24 20 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f
85 13 04 00 00 48 ba 00 00 00 00 00 fc ff df 49 8b
The problem is caused by the fact that pcmidi_get_output_report() will
return an error if the HID device doesn't provide the right sort of
output report, but pcmidi_set_operational() doesn't bother to check
the return code and assumes the function call always succeeds.
This patch adds the missing check and aborts the probe operation if
necessary.
Reported-and-tested-by: syzbot+1088533649dafa1c9004@syzkaller.appspotmail.com
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
