03 Apr, 2012
40 commits
-
commit ef3d2dc366c8c32d58dbbf9898cfd4f853ff8fe0 upstream.
The au8522 driver programs the tuner after programming the demodulator,
but the tuner should be programmed first. This patch fixes this behavior.EDIT: Apparantly Devin created a similar patch some time ago, but hasn't
submitted it for merge. I never saw his patch, but I thank him anyhow
for his efforts. In addition, Devin pointed out a flaw in my patch:This newly generated patch takes Devin's comments into account.
Thanks-to: Devin Heitmueller
Signed-off-by: Michael Krufky
Signed-off-by: Mauro Carvalho Chehab
Signed-off-by: Greg Kroah-Hartman -
commit 2b49fad59513b07f976c9711b99f93ae74d081c5 upstream.
Commit b2a29b578d9c21b2e5c88020f830d3c42115c51d sets accidentally
supported delivery systems as DVB-T/T2 whilst it should be
DVB-S/S2. Due to that frontend cannot be used at all.Reported-by: Jiří Zelenka
Signed-off-by: Antti Palosaari
Signed-off-by: Mauro Carvalho Chehab
Signed-off-by: Greg Kroah-Hartman -
commit abf9d005375d6c6160cc9c17e5dcac32e412c8dc upstream.
This patch fixes a regression in kernel 3.3 due to this patch:
http://patchwork.linuxtv.org/patch/8332/
That patch changes "#pragma pack(1)" with "__packed" attributes, but it is not
complete. In fact, in the as102 driver there are a lot of structs/unions
defined inside other structs/unions.
When the "__packed" attribute is applied only on the external struct, it will
not affect the internal struct definitions.
So the regression is fixed by specifiying the "__packed" attribute also on the
internal structs.This patch should go into 3.3, as it fixes a regression introduced in the new
kernel version.Signed-off-by: Gianluca Gennari
Signed-off-by: Ryley Angus
Signed-off-by: Mauro Carvalho Chehab
Signed-off-by: Greg Kroah-Hartman -
commit 34817174fca0c5512c2d5b6ea0fc37a0337ce1d8 upstream.
The error handling in lgdt3303_read_status() and lgdt330x_read_ucblocks()
doesn't work, because i2c_read_demod_bytes() returns a u8 and (err < 0)
is always false.err = i2c_read_demod_bytes(state, 0x58, buf, 1);
if (err < 0)
return err;Change the return type of i2c_read_demod_bytes() to int. Also change
the return value on error to -EIO to make (err < 0) work.Signed-off-by: Xi Wang
Signed-off-by: Mauro Carvalho Chehab
Signed-off-by: Greg Kroah-Hartman -
commit fc0900cbda9243957d812cd6b4cc87965f9fe75f upstream.
Wrong bit was used for sign extension which caused wrong end results.
Thanks to Andre for spotting this bug.Reported-by: Andre Przywara
Signed-off-by: Andreas Herrmann
Acked-by: Guenter Roeck
Signed-off-by: Jean Delvare
Signed-off-by: Greg Kroah-Hartman -
commit 4e474a00d7ff746ed177ddae14fa8b2d4bad7a00 upstream.
Protect code accessing ctl_table by grabbing the header with grab_header()
and after releasing with sysctl_head_finish(). This is needed if poll()
is called in entries created by modules: currently only hostname and
domainname support poll(), but this bug may be triggered when/if modules
use it and if user called poll() in a file that doesn't support it.Dave Jones reported the following when using a syscall fuzzer while
hibernating/resuming:RIP: 0010:[] [] proc_sys_poll+0x4e/0x90
RAX: 0000000000000145 RBX: ffff88020cab6940 RCX: 0000000000000000
RDX: ffffffff81233df0 RSI: 6b6b6b6b6b6b6b6b RDI: ffff88020cab6940
[ ... ]
Code: 00 48 89 fb 48 89 f1 48 8b 40 30 4c 8b 60 e8 b8 45 01 00 00 49 83
7c 24 28 00 74 2e 49 8b 74 24 30 48 85 f6 74 24 48 85 c9 75 32 16
b8 45 01 00 00 48 63 d2 49 39 d5 74 10 8b 06 48 98 48 89If an entry goes away while we are polling() it, ctl_table may not exist
anymore.Reported-by: Dave Jones
Signed-off-by: Lucas De Marchi
Cc: Al Viro
Cc: Linus Torvalds
Cc: Alexey Dobriyan
Signed-off-by: Andrew Morton
Signed-off-by: Eric W. Biederman
Signed-off-by: Greg Kroah-Hartman -
commit 9ddd592a191b32f2ee6c4b6ed2bd52665c3a49f5 upstream.
Unfortunatly the interrupts for the event log and the
peripheral page-faults are only enabled at boot but not
re-enabled at resume. Fix that.Signed-off-by: Joerg Roedel
Signed-off-by: Greg Kroah-Hartman -
commit cebd5fa4d3046d5b43ce1836a0120612822a7fb0 upstream.
Fix the following section warning in drivers/iommu/amd_iommu.c :
WARNING: vmlinux.o(.text+0x526e77): Section mismatch in reference from the function prealloc_protection_domains() to the function .init.text:alloc_passthrough_domain()
The function prealloc_protection_domains() references
the function __init alloc_passthrough_domain().
This is often because prealloc_protection_domains lacks a __init
annotation or the annotation of alloc_passthrough_domain is wrong.Signed-off-by: Steffen Persvold
Signed-off-by: Joerg Roedel
Signed-off-by: Greg Kroah-Hartman -
commit 1b26c9b334044cff6d1d2698f2be41bc7d9a0864 upstream.
The namespace cleanup path leaks a dentry which holds a reference count
on a network namespace. Keeping that network namespace from being freed
when the last user goes away. Leaving things like vlan devices in the
leaked network namespace.If you use ip netns add for much real work this problem becomes apparent
pretty quickly. It light testing the problem hides because frequently
you simply don't notice the leak.Use d_set_d_op() so that DCACHE_OP_* flags are set correctly.
This issue exists back to 3.0.
Acked-by: "Eric W. Biederman"
Reported-by: Justin Pettit
Signed-off-by: Pravin B Shelar
Signed-off-by: Jesse Gross
Cc: David Miller
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman -
commit 29a2e2836ff9ea65a603c89df217f4198973a74f upstream.
The problem occurs on !CONFIG_VM86 kernels [1] when a kernel-mode task
returns from a system call with a pending signal.A real-life scenario is a child of 'khelper' returning from a failed
kernel_execve() in ____call_usermodehelper() [ kernel/kmod.c ].
kernel_execve() fails due to a pending SIGKILL, which is the result of
"kill -9 -1" (at least, busybox's init does it upon reboot).The loop is as follows:
* syscall_exit_work:
- work_pending: // start_of_the_loop
- work_notify_sig:
- do_notify_resume()
- do_signal()
- if (!user_mode(regs)) return;
- resume_userspace // TIF_SIGPENDING is still set
- work_pending // so we call work_pending => goto
// start_of_the_loopMore information can be found in another LKML thread:
http://www.serverphorums.com/read.php?12,457826[1] the problem was also seen on MIPS.
Signed-off-by: Dmitry Adamushko
Link: http://lkml.kernel.org/r/1332448765.2299.68.camel@dimm
Cc: Oleg Nesterov
Cc: Roland McGrath
Cc: Andrew Morton
Signed-off-by: H. Peter Anvin
Signed-off-by: Greg Kroah-Hartman -
commit 13354dc412c36fe554f9904a92f1268c74af7e87 upstream.
Syscall 282 was mistakenly named mq_getsetaddr instead of mq_getsetattr.
When building uClibc against the Linux kernel this would result in a
shared library that doesn't provide the mq_getattr() and mq_setattr()
functions.Signed-off-by: Thierry Reding
Link: http://lkml.kernel.org/r/1332366608-2695-2-git-send-email-thierry.reding@avionic-design.de
Signed-off-by: H. Peter Anvin
Signed-off-by: Greg Kroah-Hartman -
commit 5d5440a835710d09f0ef18da5000541ec98b537a upstream.
URB unlinking is always racing with its completion and tx_complete
may be called before or during running usb_unlink_urb, so tx_complete
must not clear urb->dev since it will be used in unlink path,
otherwise invalid memory accesses or usb device leak may be caused
inside usb_unlink_urb.Cc: Alan Stern
Cc: Oliver Neukum
Signed-off-by: Ming Lei
Acked-by: Greg Kroah-Hartman
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
commit 0956a8c20b23d429e79ff86d4325583fc06f9eb4 upstream.
Commit 4231d47e6fe69f061f96c98c30eaf9fb4c14b96d(net/usbnet: avoid
recursive locking in usbnet_stop()) fixes the recursive locking
problem by releasing the skb queue lock, but it makes usb_unlink_urb
racing with defer_bh, and the URB to being unlinked may be freed before
or during calling usb_unlink_urb, so use-after-free problem may be
triggerd inside usb_unlink_urb.The patch fixes the use-after-free problem by increasing URB
reference count with skb queue lock held before calling
usb_unlink_urb, so the URB won't be freed until return from
usb_unlink_urb.Cc: Sebastian Andrzej Siewior
Cc: Alan Stern
Cc: Oliver Neukum
Reported-by: Dave Jones
Signed-off-by: Ming Lei
Acked-by: Greg Kroah-Hartman
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
commit 540a0f7584169651f485e8ab67461fcb06934e38 upstream.
The problem is that for the case of priority queues, we
have to assume that __rpc_remove_wait_queue_priority will move new
elements from the tk_wait.links lists into the queue->tasks[] list.
We therefore cannot use list_for_each_entry_safe() on queue->tasks[],
since that will skip these new tasks that __rpc_remove_wait_queue_priority
is adding.Without this fix, rpc_wake_up and rpc_wake_up_status will both fail
to wake up all functions on priority wait queues, which can result
in some nasty hangs.Reported-by: Andy Adamson
Signed-off-by: Trond Myklebust
Signed-off-by: Greg Kroah-Hartman -
commit 7eb3aa65853e1b223bfc786b023b702018cb76c0 upstream.
The 'find_wl_entry()' function expects the maximum difference as the second
argument, not the maximum absolute value. So the "unknown" eraseblock picking
was incorrect, as Shmulik Ladkani spotted. This patch fixes the issue.Reported-by: Shmulik Ladkani
Signed-off-by: Artem Bityutskiy
Reviewed-by: Shmulik Ladkani
Signed-off-by: Greg Kroah-Hartman -
commit a29852be492d61001d86c6ebf5fff9b93d7b4be9 upstream.
Two bad things can happen in ubi_scan():
1. If kmem_cache_create() fails we jump to out_si and call
ubi_scan_destroy_si() which calls kmem_cache_destroy().
But si->scan_leb_slab is NULL.
2. If process_eb() fails we jump to out_vidh, call
kmem_cache_destroy() and ubi_scan_destroy_si() which calls
again kmem_cache_destroy().Signed-off-by: Richard Weinberger
Signed-off-by: Artem Bityutskiy
Signed-off-by: Greg Kroah-Hartman -
commit ce85852b90a214cf577fc1b4f49d99fd7e98784a upstream.
Signed-off-by: Pavel Shilovsky
Reviewed-by: Jeff Layton
Reported-by: Ben Hutchings
Signed-off-by: Steve French
Signed-off-by: Greg Kroah-Hartman -
commit 1daaae8fa4afe3df78ca34e724ed7e8187e4eb32 upstream.
This patch fixes an issue when cifs_mount receives a
STATUS_BAD_NETWORK_NAME error during cifs_get_tcon but is able to
continue after an DFS ROOT referral. In this case, the return code
variable is not reset prior to trying to mount from the system referred
to. Thus, is_path_accessible is not executed and the final DFS referral
is not performed causing a mount error.Use case: In DNS, example.com resolves to the secondary AD server
ad2.example.com Our primary domain controller is ad1.example.com and has
a DFS redirection set up from \\ad1\share\Users to \\files\share\Users.
Mounting \\example.com\share\Users fails.Regression introduced by commit 724d9f1.
Reviewed-by: Pavel Shilovsky
Signed-off-by: Jeff Layton
Signed-off-by: Steve French
Signed-off-by: Greg Kroah-Hartman -
commit 10b9b98e41ba248a899f6175ce96ee91431b6194 upstream.
Some servers sets this value less than 50 that was hardcoded and
we lost the connection if when we exceed this limit. Fix this by
respecting this value - not sending more than the server allows.Reviewed-by: Jeff Layton
Signed-off-by: Pavel Shilovsky
Signed-off-by: Steve French
Signed-off-by: Greg Kroah-Hartman -
commit f30d500f809eca67a21704347ab14bb35877b5ee upstream.
When we get concurrent lookups of the same inode that is not in the
per-AG inode cache, there is a race condition that triggers warnings
in unlock_new_inode() indicating that we are initialising an inode
that isn't in a the correct state for a new inode.When we do an inode lookup via a file handle or a bulkstat, we don't
serialise lookups at a higher level through the dentry cache (i.e.
pathless lookup), and so we can get concurrent lookups of the same
inode.The race condition is between the insertion of the inode into the
cache in the case of a cache miss and a concurrently lookup:Thread 1 Thread 2
xfs_iget()
xfs_iget_cache_miss()
xfs_iread()
lock radix tree
radix_tree_insert()
rcu_read_lock
radix_tree_lookup
lock inode flags
XFS_INEW not set
igrab()
unlock inode flags
rcu_read_unlock
use uninitialised inode
.....
lock inode flags
set XFS_INEW
unlock inode flags
unlock radix tree
xfs_setup_inode()
inode flags = I_NEW
unlock_new_inode()
WARNING as inode flags != I_NEWThis can lead to inode corruption, inode list corruption, etc, and
is generally a bad thing to occur.Fix this by setting XFS_INEW before inserting the inode into the
radix tree. This will ensure any concurrent lookup will find the new
inode with XFS_INEW set and that forces the lookup to wait until the
XFS_INEW flag is removed before allowing the lookup to succeed.Signed-off-by: Dave Chinner
Reviewed-by: Christoph Hellwig
Signed-off-by: Ben Myers
Signed-off-by: Greg Kroah-Hartman -
commit 3114ea7a24d3264c090556a2444fc6d2c06176d4 upstream.
If a setattr() fails because of an NFS4ERR_OPENMODE error, it is
probably due to us holding a read delegation. Ensure that the
recovery routines return that delegation in this case.Reported-by: Miklos Szeredi
Signed-off-by: Trond Myklebust
Signed-off-by: Greg Kroah-Hartman -
commit a1d0b5eebc4fd6e0edb02688b35f17f67f42aea5 upstream.
If we know that the delegation stateid is bad or revoked, we need to
remove that delegation as soon as possible, and then mark all the
stateids that relied on that delegation for recovery. We cannot use
the delegation as part of the recovery process.Also note that NFSv4.1 uses a different error code (NFS4ERR_DELEG_REVOKED)
to indicate that the delegation was revoked.Finally, ensure that setlk() and setattr() can both recover safely from
a revoked delegation.Signed-off-by: Trond Myklebust
Signed-off-by: Greg Kroah-Hartman -
commit cc715d99e529d470dde2f33a6614f255adea71f3 upstream.
Stuart Foster reported on bugzilla that copying large amounts of data
from NTFS caused an OOM kill on 32-bit X86 with 16G of memory. Andrew
Morton correctly identified that the problem was NTFS was using 512
blocks meaning each page had 8 buffer_heads in low memory pinning it.In the past, direct reclaim used to scan highmem even if the allocating
process did not specify __GFP_HIGHMEM but not any more. kswapd no longer
will reclaim from zones that are above the high watermark. The intention
in both cases was to minimise unnecessary reclaim. The downside is on
machines with large amounts of highmem that lowmem can be fully consumed
by buffer_heads with nothing trying to free them.The following patch is based on a suggestion by Andrew Morton to extend
the buffer_heads_over_limit case to force kswapd and direct reclaim to
scan the highmem zone regardless of the allocation request or watermarks.Addresses https://bugzilla.kernel.org/show_bug.cgi?id=42578
[hughd@google.com: move buffer_heads_over_limit check up]
[akpm@linux-foundation.org: buffer_heads_over_limit is unlikely]
Reported-by: Stuart Foster
Tested-by: Stuart Foster
Signed-off-by: Mel Gorman
Signed-off-by: Hugh Dickins
Cc: Johannes Weiner
Cc: Rik van Riel
Cc: Christoph Lameter
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman -
commit 0c0efbacab8d70700d13301e0ae7975783c0cb0a upstream.
handle_ir_buffer_fill() assumed that a completed descriptor would be
indicated by a non-zero transfer_status (as in most other descriptors).
However, this field is written by the controller as soon as (the end of)
the first packet has been written into the buffer. As a consequence, if
we happen to run into such a descriptor when the interrupt handler is
executed after such a packet has completed, the descriptor would be
taken out of the list of active descriptors as soon as the buffer had
been partially filled, so the event for the buffer being completely
filled would never be sent.To fix this, handle descriptors only when they have been completely
filled, i.e., when res_count == 0. (This also matches the condition
that is reported by the controller with an interrupt.)Signed-off-by: Clemens Ladisch
Signed-off-by: Stefan Richter
Signed-off-by: Greg Kroah-Hartman -
commit 9716387311c790de381214c03e7f1b72b91a8189 upstream.
According to the HT6560H datasheet, the recovery timing field is 4-bit wide,
with a value of 0 meaning 16 cycles. Correct obvious thinko in the recovery
field mask.Signed-off-by: Sergei Shtylyov
Signed-off-by: Jeff Garzik
Signed-off-by: Greg Kroah-Hartman -
commit d408e2b14fba4fa214fa5bc24b7baae8a55e563c upstream.
Some platforms need to make use of the AHCI_HFLAG_DELAY_ENGINE flag.
Signed-off-by: Brian Norris
Signed-off-by: Jeff Garzik
Signed-off-by: Greg Kroah-Hartman -
commit 55d5ec316627b64c3764e4c1b4b8e1988e272c1f upstream.
We will need this macro in both ahci.c and ahci_platform.c, so just move it
to the header.Signed-off-by: Brian Norris
Signed-off-by: Jeff Garzik
Signed-off-by: Greg Kroah-Hartman -
commit 66583c9fa63d05d5580e409f9a58d3cad6d76d17 upstream.
The following commit was intended to fix problems with specific AHCI
controller(s) that would become bricks if the AHCI specification was not
followed strictly (that is, if ahci_start_engine() was called while the
controller was in the wrong state):commit 7faa33da9b7add01db9f1ad92c6a5d9145e940a7
ahci: start engine only during soft/hard resetsHowever, some devices currently have issues with that fix, so we must
implement a flag that delays the ahci_start_engine() call only for specific
controllers.This commit simply introduces the flag, without enabling it in any driver.
Note that even when AHCI_HFLAG_DELAY_ENGINE is not enabled, this patch does
not constitue a full revert to commit 7faa33da; there is still a change in
behavior to the ahci_port_suspend() failure path.Signed-off-by: Brian Norris
Signed-off-by: Jeff Garzik
Signed-off-by: Greg Kroah-Hartman -
commit 6c30d5a53229aad22bb675e0bd6eb518ecaa4316 upstream.
Add support for the camera key. The hotkey for
Asus S.H.E(Super Hybrid Engine) mode is mapped to KEY_KEY_PROG1
just for notifying the userspace.Signed-off-by: Keng-Yu Lin
Signed-off-by: Jiri Kosina
Signed-off-by: Greg Kroah-Hartman -
commit 3596bb929f2abd3433c2eaa5755fad48ac207af1 upstream.
The Asus All-In-One PC has a wireless keyboard with wifi toggle,
brightness up, brightness down and display off hotkeys.This patch adds suppoort for these hotkeys.
Signed-off-by: Keng-Yu Lin
Signed-off-by: Jiri Kosina
Signed-off-by: Greg Kroah-Hartman -
commit 6b6ba88b5bb8779156b21bb957520a448c3642e2 upstream.
The ID is found on Asus K54HR and K53U.
Blacklist the AR3011-based device ID [0489:e03d]
and add to ath3k.c for firmware loading.Below is the output of usb-devices script:
Before the fiwmware loading:
T: Bus=01 Lev=02 Prnt=02 Port=00 Cnt=01 Dev#= 3 Spd=12 MxCh= 0
D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0489 ProdID=e03d Rev=00.01
C: #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
I: If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusbAfter the fiwmware loading:
T: Bus=01 Lev=02 Prnt=02 Port=00 Cnt=01 Dev#= 5 Spd=12 MxCh= 0
D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=0cf3 ProdID=3005 Rev=00.01
C: #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
I: If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusbSigned-off-by: Keng-Yu Lin
Signed-off-by: Gustavo F. Padovan
Signed-off-by: Johan Hedberg
Signed-off-by: Greg Kroah-Hartman -
commit 33395fb8a13731c7ef7b175dbf5a4d8a6738fe6c upstream.
The old code did (MSB << 8) & 0xff, which always evaluates to 0. Just use
get_unaligned_be16() so we don't have to worry about whether our open-coded
version is correct or not.Signed-off-by: Roland Dreier
Signed-off-by: Nicholas Bellinger
Signed-off-by: Greg Kroah-Hartman -
commit 47f1b8803e1e358ebbf4f82bfdb98971c912a2c3 upstream.
transport_kmap_data_sg can return NULL. I never saw this trigger, but
returning -ENOMEM seems better than a crash. Also removes a pointless
case while at it.Signed-off-by: Joern Engel
Signed-off-by: Nicholas Bellinger
Signed-off-by: Greg Kroah-Hartman -
commit 382436f8804fe1cb20b9a2a811a10eb2d8554721 upstream.
Fix possible NULL pointer dereference in target_report_luns failure path.
Signed-off-by: Joern Engel
Signed-off-by: Nicholas Bellinger
Signed-off-by: Greg Kroah-Hartman -
commit effc6cc8828257c32c37635e737f14fd6e19ecd7 upstream.
SPC-4 says about the WBUS16 and SYNC bits:
The meanings of these fields are specific to SPI-5 (see 6.4.3).
For SCSI transport protocols other than the SCSI Parallel
Interface, these fields are reserved.We don't have a SPI fabric module, so we should never set these bits.
(The comment was misleading, since it only mentioned Sync but the
actual code set WBUS16 too).Signed-off-by: Roland Dreier
Signed-off-by: Nicholas Bellinger
Signed-off-by: Greg Kroah-Hartman -
commit 089461dda1770c10fea0b988ff74519a9be81d7e upstream.
Current code sets the peripheral device type to 0x3f == "not present
unknown" for virtual LUN 0 for standard INQUIRY commands, but leaves it
as 0 == "connected direct access block" for VPD INQUIRY commands. This
is just because the check for LUN 0 only happens in some code paths.Make our peripheral device type consistent by moving the LUN 0 check
into the common emulate_inquiry() code.Signed-off-by: Roland Dreier
Signed-off-by: Nicholas Bellinger
Signed-off-by: Greg Kroah-Hartman -
commit d95b82461c56a6ff8ff248b101049a69ebb20278 upstream.
If the initiator sends us an INQUIRY command with an allocation length
that's shorter than what we want to return, we're simply supposed to
truncate our response and return what the initiator gave us space for,
without signaling any error. Current target code has various tests that
don't fill out the full response if the buffer is too short and
sometimes return errors incorrectly.Fix this up by allocating a bounce buffer for INQUIRY responses if we
need to, ie if we have cmd->data_length too small as well as
SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC set in cmd->se_cmd_flags -- for most
fabrics, we always allocate at least a full page, but for tcm_loop we
may have a small buffer coming directly from the SCSI stack.This lets us delete a lot of cmd->data_length checking, and also makes
our INQUIRY handling correct per SPC in a lot more cases.Signed-off-by: Roland Dreier
Signed-off-by: Nicholas Bellinger
Signed-off-by: Greg Kroah-Hartman -
commit 4c1b2d2da3451f5c8dd59bd7e05bd9729d2aee05 upstream.
vbios lists DVI-I port as VGA and DVI-D.
Fixes:
https://bugs.freedesktop.org/show_bug.cgi?id=47007Signed-off-by: Alex Deucher
Signed-off-by: Dave Airlie
Signed-off-by: Greg Kroah-Hartman -
commit e00e8b5e760cbbe9067daeae5454d67c44c8d035 upstream.
We digital encoders have a detect function as well (for
DP to VGA bridges), so we make sure we choose the analog
one here.Fixes:
https://bugs.freedesktop.org/show_bug.cgi?id=47007Signed-off-by: Alex Deucher
Signed-off-by: Dave Airlie
Signed-off-by: Greg Kroah-Hartman -
commit c4353016dac10133fa5d8535af83f0c4845a2915 upstream.
The hardware only takes 27 bits for the offset, so larger offsets are
truncated, and the hardware cursor shows random bits other than the intended
ones.Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=46796
Signed-off-by: Michel Dänzer
Reviewed-by: Alex Deucher
Signed-off-by: Dave Airlie