Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-5.1.y 2019-01-30T14:24:45Z 2019-01-30T14:24:45Z Alexander Usyskin alexander.usyskin@intel.com 2019-01-30T08:12:26Z urn:sha1:cee4c4d63ba7b0df9b2d2a6724c41b2a260d72ec There is a little window during disconnection flow when read cb is moved between lists and may be not freed. Remove moving read cbs explicitly during flash fixes this memory leak. Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-11-26T15:59:48Z Tomas Winkler tomas.winkler@intel.com 2018-11-22T11:11:40Z urn:sha1:c30362cc326ac5c3d4e6c96aa8f68dbd86955489 Implement a circular buffer on allocated system memory. Read and write indices are stored on the control block which is also shared between the device and the host. Two new functions are exported from the DMA module: mei_dma_ring_write, and mei_dma_ring_empty_slots. The former simply copy a packet on the TX DMA circular buffer and later, returns the number of empty slots on the TX DMA circular buffer. Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-11-26T15:59:48Z Tomas Winkler tomas.winkler@intel.com 2018-11-22T11:11:39Z urn:sha1:6316321f12ad30cf5af176f26bb39897b320ef46 Implement circular buffer protocol over receive dma buffer. Add extension to the mei message header that holds length of the buffer on the dma buffer. Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-11-07T12:53:03Z Alexander Usyskin alexander.usyskin@intel.com 2018-11-06T10:04:40Z urn:sha1:a19bf05359e6c5249766cbbf2937ef83fc9001f9 The notify set operation ioctl will wait till timeout is expired even in case when the FW returned an error. Check the status field of the client object in wait_event_timeout() to determine if the caller can return earlier. Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-11-07T12:53:03Z Alexander Usyskin alexander.usyskin@intel.com 2018-11-06T10:04:39Z urn:sha1:87d63352b49e421bb272dbb553bcf7db316c168f During queues flush, the me client in most cases is already unlinked hence the me client id is unavailable. The host client structure pointer is enough for identification. The function mei_cl_cmp_id() is dropped as it has no more usage. Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-09-12T07:14:24Z John Hubbard jhubbard@nvidia.com 2018-08-23T06:16:58Z urn:sha1:c1a214ad82d7ac6f19fe48f90b13403b40ead9dc KASAN reports a use-after-free during startup, in mei_cl_write: BUG: KASAN: use-after-free in mei_cl_write+0x601/0x870 [mei] (drivers/misc/mei/client.c:1770) This is caused by commit 98e70866aacb ("mei: add support for variable length mei headers."), which changed the return value from len, to buf->size. That ends up using a stale buf pointer, because blocking call, the cb (callback) is deleted in me_cl_complete() function. However, fortunately, len remains unchanged throughout the function (and I don't see anything else that would require re-reading buf->size either), so the fix is to simply revert the change, and return len, as before. Fixes: 98e70866aacb ("mei: add support for variable length mei headers.") CC: Arnd Bergmann <arnd@arndb.de> CC: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: John Hubbard <jhubbard@nvidia.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-08-02T08:18:30Z Tomas Winkler tomas.winkler@intel.com 2018-07-31T06:35:35Z urn:sha1:9d89ddfc624649e200aeec57912635dbe259d07b Add dma_ring bit in the mei message header for conveying that the message data itself are on the dma ring. Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-08-02T08:18:29Z Tomas Winkler tomas.winkler@intel.com 2018-07-31T06:35:33Z urn:sha1:98e70866aacb1fcaa7b710fc6bca9862bf47421a Remove header size knowledge from me and txe hw layers, this requires to change the write handler to accept header and its length as well as data and its length. HBM messages are fixed to use basic header, hence we add mei_hbm2slots() that converts HBM message length and mei message header, while mei_data2slots() converts data length directly to the slots. Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-07-24T12:16:57Z Tomas Winkler tomas.winkler@intel.com 2018-07-23T10:21:24Z urn:sha1:a1c4d08b6b95a0e296285ee53cc1438b3f168f98 Wrap the mei header boilerplate initialization code in mei_msg_hdr_init function. On the way remove 'completed' field from mei_cl_cb structure as this information is already included in the header and is local to particular fragment. Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-07-24T12:16:57Z Tomas Winkler tomas.winkler@intel.com 2018-07-23T10:21:23Z urn:sha1:8c8d964ce90f16877b76c3f00b27165bf865af69 The host buffer depth is hardware specific so it's better to handle it inside the me and txe hw modules. In me the depth is read from register in txe it's a constant number. The value is now retrieved via mei_hbuf_depth accessor, while it replaces mei_hbuf_max_len. Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>