Commit Graph

62 Commits

Author SHA1 Message Date
André Draszik
ace1686200 ramips: mt7620: eMMC: stop invalid memory access if only one device is defined
pdev->id is -1 when only one device exists, and is used:
* as an index into drv_mode[] to determine whether to use
  PIO or DMA mode (via host->id)
* as an index into msdc_6575_host[], to store the
  mmc_priv() data.

Obviously, -1 is not a valid index in either case, causing
us to read invalid memory, and memory corruption,
respectively.

The invalid memory read is causing non-deterministic
behaviour, in particular in the v4.4 kernel it still
picked DMA mode, but in the v4.9 it now always picks
PIO mode.
Also, PIO mode doesn't work, causing the following:

/ # echo 3 > /proc/sys/vm/drop_caches
[ 3845.249237] sh (128): drop_caches: 3

/ # /root/usr/lib/libc.so
[ 3846.096070] do_page_fault(): sending SIGSEGV to libc.so for invalid read access from 7f9cb5a0
[ 3846.104758] epc = 779b0ea4 in libc.so[7792f000+c3000]
[ 3846.109907] ra  = 779a8004 in libc.so[7792f000+c3000]
Segmentation fault

/ # /root/usr/lib/libc.so
musl libc (mipsel-sf)
Version 1.1.16-git-40-g54807d47
Dynamic Program Loader
Usage: /root/usr/lib/libc.so [options] [--] pathname [args]

(i.e. initial page-in of any binary causes a segfault,
subsequent access works.)

While this change doesn't fix PIO mode, it at least makes
us deterministically use DMA (which works), and it also
stops us from corrupting memory.

Signed-off-by: André Draszik <git@andred.net>
2018-04-04 08:29:17 +02:00
André Draszik
dcbf6284e5 ramips: mt7620: eMMC: fix MODULE_DEVICE_TABLE
This was referencing an undefined symbol, probably
due to copy/paste error.

Signed-off-by: André Draszik <git@andred.net>
2018-04-04 08:29:16 +02:00
André Draszik
7d44b36c98 ramips: mt7620: eMMC: fix compiler warning (misleading indentation)
drivers/mmc/host/mtk-mmc/sd.c:2782:5: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
     if ((hw->flags & MSDC_SDIO_IRQ) || (hw->flags & MSDC_EXT_SDIO_IRQ))
     ^~
drivers/mmc/host/mtk-mmc/sd.c:2785:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
  cd_active_low = !of_property_read_bool(pdev->dev.of_node, "mediatek,cd-high");
  ^~~~~~~~~~~~~

Signed-off-by: André Draszik <git@andred.net>
2018-04-04 08:29:16 +02:00
André Draszik
bbbd71e3ea ramips: mt7620: eMMC: clear owner field
a) This is not needed in recent kernels anymore (> 3.x ??)
b) this allows driver unloading now

Signed-off-by: André Draszik <git@andred.net>
2018-04-04 08:29:16 +02:00
Hauke Mehrtens
a74fd570a2 kernel: update kernel 4.14 to 4.14.32
The following patches are now included upstream:
* 0052-MIPS-lantiq-fix-usb-clocks.patch
* 0053-MIPS-lantiq-enable-AHB-Bus-for-USB.patch
* 0060-lantiq-ase-enable-MFD-SYSCON.patch

Closes: FS#1466

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stijn Segers <foss@volatilesystems.org>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-03 23:26:45 +02:00
Stijn Segers
41a881a8d9 Kernel: bump 4.14 to 4.14.29
Right patch version this time, sorry!

* Patch 180-usb-xhci-add-support-for-performing-fake-doorbell.patch had to be adjusted slightly because of upstream adapted code.
* Refreshed patches.

Compile-tested: ramips/mt7621, x86/64
Run-tested: ramips/mt7621, x86/64
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Tested-by: Rosen Penev <rosenp@gmail.com>
2018-03-23 23:49:55 +01:00
Stijn Segers
b5469b38cd kernel: bump 4.14 to 4.14.23
This patch bumps the 4.14 kernel to .23.
- Refreshed patches.
- Deleted bcm53xx/patches-4.14/089-PCI-iproc-Fix-NULL-pointer-dereference-for-BCMA.patch. Has been accepted upstream.
- Deleted generic/pending-4.14/821-usb-Remove-annoying-warning-about-bogus-URB.patch. The upstream URB code was changed,
  the patch no longer applies. I discussed this with the patch author and removed it for now, we'll see how it goes.

Compile-tested on: ramips/mt7621, x86/64
Run-tested on: ramips/mt7621, x86/64

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2018-03-02 21:33:08 +01:00
Felix Fietkau
d8655868ca ramips: fix spurious IRQ7 events when using perf on 4.14
Upstream handling of MIPS CPU IRQs is rather hackish and the interrupts
are being enabled unconditionally in various places because of legacy
code.
Performance counter events are routed both through the GIC and through
legacy CPU IRQ7 events, causing spurious interrupts.

Fix this by disabling IRQ7 when trying to access the performance counter
IRQ.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-27 17:30:33 +01:00
Felix Fietkau
bcf4a5f474 ramips: remove chunked-io patch and set spi->max_transfer_size instead
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-24 16:05:28 +01:00
Felix Fietkau
79f9cadd00 ramips: fix MT7621 PCI driver on 4.14
The .map_irq hook can now be called after init.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 14:46:45 +01:00
Stijn Tintel
88ba41453d kernel: bump 4.14 to 4.14.20
Refresh patches.
Remove upstreamed patches:
- backport/080-v4.15-0001-arch-define-weak-abort.patch
- backport/081-v4.15-0002-kernel-exit.c-export-abort-to-modules.patch
Update patch that no longer applies:
pending/493-ubi-set-ROOT_DEV-to-ubiblock-rootfs-if-unset.patch

Fixes CVE-2017-8824.

Compile-tested: octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-02-18 02:59:48 +01:00
Roman Yeryomin
f4e5880d0f ramips: preliminary support for 4.14
- removed upstreamed patches
- 0901-spansion_nand_id_fix.patch is disabled, not clear if it's needed

Signed-off-by: Roman Yeryomin <roman@advem.lv>
Signed-off-by: John Crispin <john@phrozen.org>
2018-02-15 10:46:39 +01:00