Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
Merge tag 'char-misc-4.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc fixes from Greg KH:
"Here are six small fixes of some of the char/misc drivers that have
been sent in to resolve reported issues.
Nothing major, a binder use-after-free fix, some thunderbolt bugfixes,
a hyper-v bugfix, and an nvmem driver fix. All of these have been in
linux-next with no reported issues for a while"
* tag 'char-misc-4.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
nvmem: meson-mx-efuse: fix reading from an offset other than 0
binder: fix proc->files use-after-free
vmbus: unregister device_obj->channels_kset
thunderbolt: Mask ring interrupt properly when polling starts
MAINTAINERS: Add thunderbolt.rst to the Thunderbolt driver entry
thunderbolt: Make pathname to force_power shorter
+1
-1
Documentation/admin-guide/thunderbolt.rst
+1
-1
Documentation/admin-guide/thunderbolt.rst
···
230
a sysfs attribute called "force_power".
231
232
For example the intel-wmi-thunderbolt driver exposes this attribute in:
233
-
/sys/devices/platform/PNP0C14:00/wmi_bus/wmi_bus-PNP0C14:00/86CCFD48-205E-4A77-9C48-2021CBEDE341/force_power
234
235
To force the power to on, write 1 to this attribute file.
236
To disable force power, write 0 to this attribute file.
···
230
a sysfs attribute called "force_power".
231
232
For example the intel-wmi-thunderbolt driver exposes this attribute in:
233
+
/sys/bus/wmi/devices/86CCFD48-205E-4A77-9C48-2021CBEDE341/force_power
234
235
To force the power to on, write 1 to this attribute file.
236
To disable force power, write 0 to this attribute file.
+1
MAINTAINERS
+1
MAINTAINERS
+31
-13
drivers/android/binder.c
+31
-13
drivers/android/binder.c
···
482
* @tsk task_struct for group_leader of process
483
* (invariant after initialized)
484
* @files files_struct for process
485
-
* (invariant after initialized)
486
* @deferred_work_node: element for binder_deferred_list
487
* (protected by binder_deferred_lock)
488
* @deferred_work: bitmap of deferred work to perform
···
531
int pid;
532
struct task_struct *tsk;
533
struct files_struct *files;
534
struct hlist_node deferred_work_node;
535
int deferred_work;
536
bool is_dead;
···
879
880
static int task_get_unused_fd_flags(struct binder_proc *proc, int flags)
881
{
882
-
struct files_struct *files = proc->files;
883
unsigned long rlim_cur;
884
unsigned long irqs;
885
886
-
if (files == NULL)
887
-
return -ESRCH;
888
-
889
-
if (!lock_task_sighand(proc->tsk, &irqs))
890
-
return -EMFILE;
891
-
892
rlim_cur = task_rlimit(proc->tsk, RLIMIT_NOFILE);
893
unlock_task_sighand(proc->tsk, &irqs);
894
895
-
return __alloc_fd(files, 0, rlim_cur, flags);
896
}
897
898
/*
···
907
static void task_fd_install(
908
struct binder_proc *proc, unsigned int fd, struct file *file)
909
{
910
if (proc->files)
911
__fd_install(proc->files, fd, file);
912
}
913
914
/*
···
920
{
921
int retval;
922
923
-
if (proc->files == NULL)
924
-
return -ESRCH;
925
-
926
retval = __close_fd(proc->files, fd);
927
/* can't restart close syscall because file table entry was cleared */
928
if (unlikely(retval == -ERESTARTSYS ||
···
932
retval == -ERESTARTNOHAND ||
933
retval == -ERESTART_RESTARTBLOCK))
934
retval = -EINTR;
935
-
936
return retval;
937
}
938
···
4640
ret = binder_alloc_mmap_handler(&proc->alloc, vma);
4641
if (ret)
4642
return ret;
4643
proc->files = get_files_struct(current);
4644
return 0;
4645
4646
err_bad_arg:
···
4666
spin_lock_init(&proc->outer_lock);
4667
get_task_struct(current->group_leader);
4668
proc->tsk = current->group_leader;
4669
INIT_LIST_HEAD(&proc->todo);
4670
proc->default_priority = task_nice(current);
4671
binder_dev = container_of(filp->private_data, struct binder_device,
···
4919
4920
files = NULL;
4921
if (defer & BINDER_DEFERRED_PUT_FILES) {
4922
files = proc->files;
4923
if (files)
4924
proc->files = NULL;
4925
}
4926
4927
if (defer & BINDER_DEFERRED_FLUSH)
···
482
* @tsk task_struct for group_leader of process
483
* (invariant after initialized)
484
* @files files_struct for process
485
+
* (protected by @files_lock)
486
+
* @files_lock mutex to protect @files
487
* @deferred_work_node: element for binder_deferred_list
488
* (protected by binder_deferred_lock)
489
* @deferred_work: bitmap of deferred work to perform
···
530
int pid;
531
struct task_struct *tsk;
532
struct files_struct *files;
533
+
struct mutex files_lock;
534
struct hlist_node deferred_work_node;
535
int deferred_work;
536
bool is_dead;
···
877
878
static int task_get_unused_fd_flags(struct binder_proc *proc, int flags)
879
{
880
unsigned long rlim_cur;
881
unsigned long irqs;
882
+
int ret;
883
884
+
mutex_lock(&proc->files_lock);
885
+
if (proc->files == NULL) {
886
+
ret = -ESRCH;
887
+
goto err;
888
+
}
889
+
if (!lock_task_sighand(proc->tsk, &irqs)) {
890
+
ret = -EMFILE;
891
+
goto err;
892
+
}
893
rlim_cur = task_rlimit(proc->tsk, RLIMIT_NOFILE);
894
unlock_task_sighand(proc->tsk, &irqs);
895
896
+
ret = __alloc_fd(proc->files, 0, rlim_cur, flags);
897
+
err:
898
+
mutex_unlock(&proc->files_lock);
899
+
return ret;
900
}
901
902
/*
···
899
static void task_fd_install(
900
struct binder_proc *proc, unsigned int fd, struct file *file)
901
{
902
+
mutex_lock(&proc->files_lock);
903
if (proc->files)
904
__fd_install(proc->files, fd, file);
905
+
mutex_unlock(&proc->files_lock);
906
}
907
908
/*
···
910
{
911
int retval;
912
913
+
mutex_lock(&proc->files_lock);
914
+
if (proc->files == NULL) {
915
+
retval = -ESRCH;
916
+
goto err;
917
+
}
918
retval = __close_fd(proc->files, fd);
919
/* can't restart close syscall because file table entry was cleared */
920
if (unlikely(retval == -ERESTARTSYS ||
···
920
retval == -ERESTARTNOHAND ||
921
retval == -ERESTART_RESTARTBLOCK))
922
retval = -EINTR;
923
+
err:
924
+
mutex_unlock(&proc->files_lock);
925
return retval;
926
}
927
···
4627
ret = binder_alloc_mmap_handler(&proc->alloc, vma);
4628
if (ret)
4629
return ret;
4630
+
mutex_lock(&proc->files_lock);
4631
proc->files = get_files_struct(current);
4632
+
mutex_unlock(&proc->files_lock);
4633
return 0;
4634
4635
err_bad_arg:
···
4651
spin_lock_init(&proc->outer_lock);
4652
get_task_struct(current->group_leader);
4653
proc->tsk = current->group_leader;
4654
+
mutex_init(&proc->files_lock);
4655
INIT_LIST_HEAD(&proc->todo);
4656
proc->default_priority = task_nice(current);
4657
binder_dev = container_of(filp->private_data, struct binder_device,
···
4903
4904
files = NULL;
4905
if (defer & BINDER_DEFERRED_PUT_FILES) {
4906
+
mutex_lock(&proc->files_lock);
4907
files = proc->files;
4908
if (files)
4909
proc->files = NULL;
4910
+
mutex_unlock(&proc->files_lock);
4911
}
4912
4913
if (defer & BINDER_DEFERRED_FLUSH)
+2
drivers/hv/vmbus_drv.c
+2
drivers/hv/vmbus_drv.c
+2
-2
drivers/nvmem/meson-mx-efuse.c
+2
-2
drivers/nvmem/meson-mx-efuse.c
+1
-1
drivers/thunderbolt/nhi.c
+1
-1
drivers/thunderbolt/nhi.c