- 26 Mar, 2018 1 commit
-
-
Yavuz, Tuba authored
It looks like there is a possibility of a double-free vulnerability on an error path of the f_midi_set_alt function in the f_midi driver. If the path is feasible then free_ep_req gets called twice: req->complete = f_midi_complete; err = usb_ep_queue(midi->out_ep, req, GFP_ATOMIC); => ... usb_gadget_giveback_request => f_midi_complete (CALLBACK) (inside f_midi_complete, for various cases of status) free_ep_req(ep, req); // first kfree if (err) { ERROR(midi, "%s: couldn't enqueue request: %d\n", midi->out_ep->name, err); free_ep_req(midi->out_ep, req); // second kfree return err; } The double-free possibility was introduced with commit ad0d1a05 ("usb: gadget: f_midi: fix leak on failed to enqueue out requests"). Found by MOXCAFE tool. Signed-off-by:Tuba Yavuz <tuba@ece.ufl.edu> Fixes: ad0d1a05 ("usb: gadget: f_midi: fix leak on failed to enqueue out requests") Acked-by:
Felipe Balbi <felipe.balbi@linux.intel.com> Cc: stable <stable@vger.kernel.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 25 Mar, 2018 3 commits
-
-
Kai-Heng Feng authored
There's a new quirk, USB_QUIRK_DELAY_CTRL_MSG. Add it to usbcore quirks for completeness. Signed-off-by:
Kai-Heng Feng <kai.heng.feng@canonical.com> Signed-off-by:
-
Kai-Heng Feng authored
strsep() slices string, so the string gets copied by param_set_copystring() at the end of quirks_param_set() is not the original value. Fix that by calling param_set_copystring() earlier. The null check for val is unnecessary, the caller of quirks_param_set() does not pass null string. Remove the superfluous null check. This is found by Smatch. Fixes: 027bd6ca ("usb: core: Add "quirks" parameter for usbcore") Cc: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
-
Benson Leung authored
Print bcdDevice which is used by vendors to identify different versions of the same product (or different versions of firmware). Adding this to the logs will be useful for support purposes. Match the %2x.%02x formatting that's used by lsusb -v for this same value. Signed-off-by:
Benson Leung <bleung@chromium.org> Signed-off-by:
-
- 23 Mar, 2018 7 commits
-
-
Zhengjun Xing authored
USB3 hubs don't support global suspend. USB3 specification 10.10, Enhanced SuperSpeed hubs only support selective suspend and resume, they do not support global suspend/resume where the hub downstream facing ports states are not affected. When system enters hibernation it first enters freeze process where only the root hub enters suspend, usb_port_suspend() is not called for other devices, and suspend status flags are not set for them. Other devices are expected to suspend globally. Some external USB3 hubs will suspend the downstream facing port at global suspend. These devices won't be resumed at thaw as the suspend status flag is not set. A USB3 removable hard disk connected through a USB3 hub that won't resume at thaw will fail to synchronize SCSI cache, return “cmd cmplt err -71” error, and needs a 60 seconds timeout which causing system hang for 60s before the USB host reset the port for the USB3 removable hard disk to recover. Fix this by always calling usb_port_suspend() during freeze for USB3 devices. Signed-off-by:
Zhengjun Xing <zhengjun.xing@linux.intel.com> Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Tomeu Vizoso authored
Currently we warn the user when the root hub lost power after resume, but the user cannot do anything about it so it should probably be a notice. This will reduce the noise in the console during suspend and resume, which is already quite significant in many systems. Signed-off-by:
Tomeu Vizoso <tomeu.vizoso@collabora.com> Signed-off-by:
-
Greg Kroah-Hartman authored
Merge tag 'usb-for-v4.17' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-testing Felipe writes: usb: changes for v4.17 merge window Quite a lot happened in this cycle, with a total of 95 non-merge commits. The most interesting parts are listed below: Synopsys has been adding better support for USB 3.1 to dwc3. The same series also sets g_mass_storage's max speed to SSP. Roger Quadros (TI) added support for dual-role using the OTG block available in some dwc3 implementations, this makes sure that AM437x can swap roles in runtime. We have a new SoC supported in dwc3 now - Amlogic Meson GX - thanks to the work of Martin Blumenstingl. We also have a ton of changes in dwc2 (51% of all changes, in fact). The most interesting part there is the support for Hibernation (a Synopsys PM feature). Apart from these, we have our regular set of non-critical fixes all over the place.
-
Clemens Werther authored
Add device id for Harman FirmwareHubEmulator to make the device auto-detectable by the driver. Signed-off-by:
Clemens Werther <clemens.werther@gmail.com> Cc: stable <stable@vger.kernel.org> Signed-off-by:
Johan Hovold <johan@kernel.org> Signed-off-by:
-
Johan Hovold authored
Add device id for ELDAT Easywave RX09 tranceiver. Reported-by:
Jan Jansen <nattelip@hotmail.com> Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Major Hayden authored
This patch adds a device ID for the RT Systems cable used to program Yaesu VX-8R/VX-8DR handheld radios. It uses the main FTDI VID instead of the common RT Systems VID. Signed-off-by:
Major Hayden <major@mhtx.net> Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Benjamin Herrenschmidt authored
Some UDC may want to allocate endpoints dynamically, either because the HW supports an arbitrary large number or because (like the Aspeed BMC SoCs), the pool of HW endpoints is shared between multiple gadgets. The allocation side can be done rather easily using the existing match_ep() UDC hook. However we have no good place to "free" them. This implements a "simple" variant of this, which calls an EP dispose callback on all EPs associated with a gadget when the composite device gets unbound. This is required by my upcoming Aspeed vHub driver. Signed-off-by:
Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by:
-
- 22 Mar, 2018 29 commits
-
-
Chunfeng Yun authored
The phys has already been initialized when add primary hcd, including usb2 phys and usb3 phys also if exist, so needn't re-parse "phys" property again. Signed-off-by:
Chunfeng Yun <chunfeng.yun@mediatek.com> Reviewed-by:
Roger Quadros <rogerq@ti.com> Signed-off-by:
-
Linus Walleij authored
The AB8540 was an evolved version of the AB8500, but it was never mass produced or put into products, only reference designs exist. The upstream support was never completed and it is unlikely that this will happen so drop the support for now to simplify maintenance of the AB8500. Cc: Loic Pallardy <loic.pallardy@st.com> Signed-off-by:
Linus Walleij <linus.walleij@linaro.org> Signed-off-by:
-
Hans de Goede authored
The AXP288 BC1.2 charger detection / extcon code may seem like a strange place to add code to control the USB role-switch on devices with an AXP288, but there are 2 reasons to do this inside the axp288 extcon code: 1) On many devices the USB role is controlled by ACPI AML code, but the AML code only switches between the host and none roles, because of Windows not really using device mode. To make device mode work we need to toggle between the none/device roles based on Vbus presence, and the axp288 extcon gets interrupts on Vbus insertion / removal. 2) In order for our BC1.2 charger detection to work properly the role mux must be properly set to device mode before we do the detection. Also note the Kconfig help-text / obsolete depends on USB_PHY which are remnants from older never upstreamed code also controlling the mux from the axp288 extcon code. This commit also adds code to get notifications from the INT3496 extcon device, which is used on some devices to notify the kernel about id-pin changes instead of them being handled through AML code. This fixes: -Device mode not working on most CHT devices with an AXP288 -Host mode not working on devices with an INT3496 ACPI device -Charger-type misdetection (always SDP) on devices with an INT3496 when the USB role (always) gets initialized as host Signed-off-by:
Hans de Goede <hdegoede@redhat.com> Reviewed-by:
Andy Shevchenko <andy.shevchenko@gmail.com> Signed-off-by:
Heikki Krogerus <heikki.krogerus@linux.intel.com> Signed-off-by:
-
Hans de Goede authored
We need to add device-connections for the Type-C mux/switch and usb-role code to be able to find the PI3USB30532 Type-C cross-switch and the device/host role-switch integrated in the CHT SoC. Signed-off-by:
-
Hans de Goede authored
Add a driver for the Pericom PI3USB30532 Type-C cross switch / mux chip found on some devices with a Type-C port. Signed-off-by:
-
Hans de Goede authored
Various Intel SoCs (Cherry Trail, Broxton and others) have an internal USB role switch for swiching the OTG USB data lines between the xHCI host controller and the dwc3 gadget controller. Note on some Cherry Trail systems there is ACPI/AML code listening to edge interrupts on the id-pin (through an _AIE ACPI method) and switching the role between ROLE_HOST and ROLE_NONE based on the id-pin. Note it does not set the role to ROLE_DEVICE, because device-mode is usually not used under Windows. The presence of AML code which modifies the cfg0 reg (on some systems) means that our read/write/modify of cfg0 may race with the AML code doing the same to avoid this we take the global ACPI lock while doing the read/write/modify. Signed-off-by:
-
Hans de Goede authored
The xHCI controller on various Intel SoCs has an extended cap mmio-range which contains registers to control the muxing to the xHCI (host mode) or the dwc3 (device mode) and vbus-detection for the otg usb-phy. Having a role-sw driver included in the xHCI code (under drivers/usb/host) is not desirable. So this commit adds a simple handler for this extended capability, which creates a platform device with the caps mmio region as resource, this allows us to write a separate platform role-sw driver for the role-switch. Note this commit adds a call to the new xhci_ext_cap_init() function to xhci_pci_probe(), it is added here because xhci_ext_cap_init() must be called only once. If in the future we also want to handle ext-caps on non pci xHCI HCDs from xhci_ext_cap_init() a call to it should also be added to other bus probe paths. Signed-off-by:
Mathias Nyman <mathias.nyman@linux.intel.com> Reviewed-by:
-
Mathias Nyman authored
Modify xhci_find_next_ext_cap(base, offset, id) to return the next capability offset if 0 is passed for id. Otherwise it will behave as previously and return the offset of the next capability with matching id capability id 0 is not used by xHCI (reserved) This is useful when we want to loop through all capabilities. Signed-off-by:
-
Hans de Goede authored
Remove the unused (not implemented anywhere) tcpc_mux_dev abstraction and replace it with calling the new typec_set_orientation, usb_role_switch_set and typec_set_mode functions. Signed-off-by:
Guenter Roeck <linux@roeck-us.net> Reviewed-by:
-
Hans de Goede authored
Setting the mux to MUX_NONE and the switch to USB_SWITCH_DISCONNECT when the data-role is device is not correct. Plenty of devices support operating as USB device through a (separate) USB device controller. We really need 2 different versions of USB_SWITCH_CONNECT, USB_SWITCH_CONNECT_HOST and USB_SWITCH_DEVICE. Rather then modifying the tcpc_usb_switch enum for this, simply remove it and switch to the usb_role enum which provides exactly this, this will save use needing to convert betweent the 2 enums when calling an usb-role-switch driver later. Besides switching to the usb_role type, this commit also actually sets the mux to TYPEC_MUX_USB and the switch to USB_ROLE_DEVICE instead of setting both to none when the data-role is device. This commit also makes tcpm_reset_port() call tcpm_mux_set(port, TYPEC_MUX_NONE, USB_ROLE_NONE) so that the mux and switch do _not_ stay in their last mode after a detach. Signed-off-by:
-
Heikki Krogerus authored
USB Type-C specification v1.2 separated the power and data roles more clearly. Dual-Role-Data term was introduced, and the meaning of DRP was changed from "Dual-Role-Port" to "Dual-Role-Power". In order to allow the port drivers to describe the capabilities of the ports more clearly according to the newest specifications, introducing separate definitions for the data roles. Reviewed-by:
-
Heikki Krogerus authored
USB role switch is a device that can be used to choose the data role for USB connector. With dual-role capable USB controllers, the controller itself will be the switch, but on some platforms the USB host and device controllers are separate IPs and there is a mux between them and the connector. On those platforms the mux driver will need to register the switch. With USB Type-C connectors, the host-to-device relationship is negotiated over the Configuration Channel (CC). That means the USB Type-C drivers need to be in control of the role switch. The class provides a simple API for the USB Type-C drivers for the control. For other types of USB connectors (mainly microAB) the class provides user space control via sysfs attribute file that can be used to request role swapping from the switch. Reviewed-by:
-
Heikki Krogerus authored
USB Type-C connectors consist of various muxes and switches that route the pins on the connector to the right locations. The USB Type-C drivers need to be able to control the muxes, as they are the ones that know things like the cable plug orientation, and the current mode that was negotiated with the partner. This introduces a small API for registering and controlling cable plug orientation switches, and separate small API for registering and controlling pin multiplexer/demultiplexer switches that are needed with Accessory/Alternate Modes. Reviewed-by:
-
Heikki Krogerus authored
Several frameworks - clk, gpio, phy, pmw, etc. - maintain lookup tables for describing connections and provide custom API for handling them. This introduces a single generic lookup table and API for the connections. The motivation for this commit is centralizing the connection lookup, but the goal is to ultimately extract the connection descriptions also from firmware by using the fwnode_graph_* functions and other mechanisms that are available. Reviewed-by:
-
Shuah Khan authored
usbipd includes exported devices in response to exportable device list. Exclude exported devices from exportable device list to avoid: - import requests for devices that are exported only to fail the request. - revealing devices that are imported by a client to another client. Signed-off-by:
Shuah Khan <shuahkh@osg.samsung.com> Signed-off-by:
-
Richard Leitner authored
For some userspace applications information on the number of over-current conditions at specific USB hub ports is relevant. In our case we have a series of USB hardware (using the cp210x driver) which communicates using a proprietary protocol. These devices sometimes trigger an over-current situation on some hubs. In case of such an over-current situation the USB devices offer an interface for reducing the max used power. As these conditions are quite rare and imply performance reductions of the device we don't want to reduce the max power always. Therefore give user-space applications the possibility to react adequately by introducing an over_current_counter in the usb port struct which is exported via sysfs. Signed-off-by:
Richard Leitner <richard.leitner@skidata.com> Signed-off-by:
-
Linus Walleij authored
The AB8540 was an evolved version of the AB8500, but it was never mass produced or put into products, only reference designs exist. The upstream support was never completed and it is unlikely that this will happen so drop the support for now to simplify maintenance of the AB8500. Cc: Loic Pallardy <loic.pallardy@st.com> Signed-off-by:
-
Roger Quadros authored
On TI's AM437x, the DWC3 controller looses state after a system suspend/resume. We are re-initializing the controller but we miss restoring the PRTCAP register. This causes USB host to break on AM437x after a system suspend/resume. Fix this by restoring the PRTCAP register on system resume. Signed-off-by:
-
Thinh Nguyen authored
DWC_usb3 speed can only be set up to SuperSpeed. Limit the setting to SuperSpeed only should the value be higher. Otherwise, the controller will read an invalid speed value and set the device to an incorrect speed. Signed-off-by:
Thinh Nguyen <thinhn@synopsys.com> Signed-off-by:
-
Thinh Nguyen authored
Dump LSP and BMU debug info. Signed-off-by:
-
Thinh Nguyen authored
Check and configure TX/RX threshold for DWC_usb31. Update dwc3 structure with new fields to store these threshold configurations. Signed-off-by:
-
Thinh Nguyen authored
DWC_usb31 periodic transfer at 48K+ bytes per interval may need modification to the TX/RX packet threshold to achieve optimal result. Add properties to make it configurable. By default, periodic ESS TX and RX threshold are not enabled. To enable TX or RX threshold (host mode only), both packet threshold count and max burst size properties must be set to a valid non-zero value 1-16. DWC_usb31 programming guide section 1.2.3 and 1.2.4. Cc: John Youn <johnyoun@synopsys.com> Reviewed-by:
Rob Herring <robh@kernel.org> Signed-off-by:
-
Thinh Nguyen authored
Add new GTXTHRCFG bit field macros for DWC_usb31. The GTXTHRCFG register fields for DWC_usb31 is as follows: +-------+--------------------------+-----------------------------------+ | BITS | Name | Description | +=======+==========================+===================================+ | 31:27 | reserved | | | 26 | UsbTxPktCntSel | Async ESS transmit packet | | | | threshold enable | | 25:21 | UsbTxPktCnt | Async ESS transmit packet | | | | threshold count | | 20:16 | UsbMaxTxBurstSize | Async ESS Max transmit burst size | | 15 | UsbTxThrNumPktSel_HS_Prd | HS high bandwidth periodic | | | | transmit packet threshold enable | | 14:13 | UsbTxThrNumPkt_HS_Prd | HS high bandwidth periodic | | | | transmit packet threshold count | | 12:11 | reserved | | | 10 | UsbTxThrNumPktSel_Prd | Periodic ESS transmit packet | | | | threshold enable | | 9:5 | UsbTxThrNumPkt_Prd | Periodic ESS transmit packet | | | | threshold count | | 4:0 | UsbMaxTxBurstSize_Prd | Max periodic ESS TX burst size | +-------+--------------------------+-----------------------------------+ Signed-off-by:
-
Thinh Nguyen authored
DWC_usb31 controller has a different UsbRxPktCnt bit fields from GRXTHRCFG register. Check for DWC_usb31 IP revision to read the appropriate value. Signed-off-by:
-
Thinh Nguyen authored
Add new GRXTHRCFG bit field macros for DWC_usb31. The GRXTHRCFG register fields for DWC_usb31 is as follows: +-------+--------------------------+----------------------------------+ | BITS | Name | Description | +=======+==========================+==================================+ | 31:27 | reserved | | | 26 | UsbRxPktCntSel | Async ESS receive packet | | | | threshold enable | | 25:21 | UsbRxPktCnt | Async ESS receive packet | | | | threshold count | | 20:16 | UsbMaxRxBurstSize | Async ESS Max receive burst size | | 15 | UsbRxThrNumPktSel_HS_Prd | HS high bandwidth periodic | | | | receive packet threshold enable | | 14:13 | UsbRxThrNumPkt_HS_Prd | HS high bandwidth periodic | | | | receive packet threshold count | | 12:11 | reserved | | | 10 | UsbRxThrNumPktSel_Prd | Periodic ESS receive packet | | | | threshold enable | | 9:5 | UsbRxThrNumPkt_Prd | Periodic ESS receive packet | | | | threshold count | | 4:0 | UsbMaxRxBurstSize_Prd | Max periodic ESS RX burst size | +-------+--------------------------+----------------------------------+ Signed-off-by:
-
Thinh Nguyen authored
DWC_usb31 controller has different GTXFIFOSIZE bit field for TXFDEF. Check for DWC_usb31 IP revision to read the appropriate bit fields. Signed-off-by:
-
Thinh Nguyen authored
Update two GTXFIFOSIZ bit fields for the DWC_usb31 controller. TXFDEP is a 15-bit value instead of 16-bit value, and bit 15 is TXFRAMNUM. The GTXFIFOSIZ register for DWC_usb31 is as follows: +-------+-----------+----------------------------------+ | BITS | Name | Description | +=======+===========+==================================+ | 31:16 | TXFSTADDR | Transmit FIFOn RAM Start Address | | 15 | TXFRAMNUM | Asynchronous/Periodic TXFIFO | | 14:0 | TXFDEP | TXFIFO Depth | +-------+-----------+----------------------------------+ Signed-off-by:
-
Thinh Nguyen authored
From DWC_usb31 programming guide section 1.3.2, once DWC3_DCTL_CSFTRST bit is cleared, we must wait at least 50ms before accessing the PHY domain (synchronization delay). Signed-off-by:
-
Thinh Nguyen authored
Platform device is allocated before adding resources. Make sure to properly cleanup on error case. Cc: <stable@vger.kernel.org> Fixes: f1c7e710 ("usb: dwc3: convert to pcim_enable_device()") Signed-off-by:
-
