04 Feb, 2012
40 commits
-
This reverts commit 78fd75340768980ce6ca646106762a6928289e0c (upstream
commit 495174a8ffbaa0d15153d855cf206cdc46d51cf4) as it breaks the build.Reported-by: Tim Gardner
Cc: Mark Brown
Signed-off-by: Greg Kroah-Hartman -
This reverts commit 11a17e56ac9c607c6eaecf64b618cd17c828ade0
(e53e417331c57b9b97e3f8be870214a02c99265c upstream) as it breaks the
build.Reported-by: Tim Gardner
Cc: Mark Brown
Signed-off-by: Greg Kroah-Hartman -
commit 2ab1159e80e8f416071e9f51e4f77b9173948296 upstream.
MMC_CAP_SD_HIGHSPEED is not supported on Snowball board resulting on
initialization errors.Signed-off-by: Mathieu Poirier
Signed-off-by: Fredrik Soderstedt
Signed-off-by: Philippe Langlais
Signed-off-by: Linus Walleij -
commit d1620ca9e7bb0030068c3b45b653defde8839dac upstream.
Allow more baud rates to be set in [1M,2M] baud.
Signed-off-by: Johan Hovold
Cc: Preston Fick
Signed-off-by: Greg Kroah-Hartman -
commit cdc32fd6f7b2b2580d7f1b74563f888e4dd9eb8a upstream.
The newer cp2104 devices require the baud rate to be initialised after
power on. Make sure it is set when port is opened.Signed-off-by: Johan Hovold
Cc: Preston Fick
Signed-off-by: Greg Kroah-Hartman -
commit e5990874e511d5bbca23b3396419480cb2ca0ee7 upstream.
Clean up and refactor speed handling.
Document baud rate handling for CP210{1,2,4,5,10}.Signed-off-by: Johan Hovold
Cc: Preston Fick
Signed-off-by: Greg Kroah-Hartman -
commit 34b76fcaee574017862ea3fa0efdcd77a9d0e57d upstream.
[Based on a patch from Johan, mangled by gregkh to keep things in line]
Fix up the variable usage in the set_termios call.
Signed-off-by: Johan Hovold
Cc: Preston Fick
Signed-off-by: Greg Kroah-Hartman -
commit be125d9c8d59560e7cc2d6e2b65c8fd233498ab7 upstream.
We do not implement B0 hangup yet so map low baudrates to 300bps.
Signed-off-by: Johan Hovold
Cc: Preston Fick
Signed-off-by: Greg Kroah-Hartman -
commit 7f482fc88ac47662228d6b1f05759797c8936a30 upstream.
This fix changes the way baudrates are set on the CP210x devices from
Silicon Labs. The CP2101/2/3 will respond to both a GET/SET_BAUDDIV
command, and GET/SET_BAUDRATE command, while CP2104 and higher devices
only respond to GET/SET_BAUDRATE. The current cp210x.ko driver in
kernel version 3.2.0 only implements the GET/SET_BAUDDIV command.This patch implements the two new codes for the GET/SET_BAUDRATE
commands. Then there is a change in the way that the baudrate is
assigned or retrieved. This is done according to the CP210x USB
specification in AN571. This document can be found here:
http://www.silabs.com/pages/DownloadDoc.aspx?FILEURL=Support%20Documents/TechnicalDocs/AN571.pdf&src=DocumentationWebPartSections 5.3/5.4 describe the USB packets for the old baudrate method.
Sections 5.5/5.6 describe the USB packets for the new method. This
patch also implements the new request scheme, and eliminates the
unnecessary baudrate calculations since it uses the "actual baudrate"
method.This patch solves the problem reported for the CP2104 in bug 42586,
and also keeps support for all other devices (CP2101/2/3).This patchfile is also attached to the bug report on
bugzilla.kernel.org. This patch has been developed and test on the
3.2.0 mainline kernel version under Ubuntu 10.11.Signed-off-by: Preston Fick
[duplicate patch also sent by Johan - gregkh]
Signed-off-by: Johan Hovold
Signed-off-by: Greg Kroah-Hartman -
commit 55b2afbb92ad92e9f6b0aa4354eb1c94589280c3 upstream.
Make sure port is fully initialised before calling generic open.
Signed-off-by: Johan Hovold
Signed-off-by: Greg Kroah-Hartman -
commit 791b7d7cf69de11275e4dccec2f538eec02cbff6 upstream.
This device is a Oscilloscope/Logic Analizer/Pattern Generator/TDR,
using a Silabs CP2103 USB to UART Bridge.Signed-off-by: Renato Caldas
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 8a622e71f58ec9f092fc99eacae0e6cf14f6e742 ]
md5 key is added in socket through remote address.
remote address should be used in finding md5 key when
sending out reset packet.Signed-off-by: shawnlu
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 5b35e1e6e9ca651e6b291c96d1106043c9af314a ]
This commit fixes tcp_trim_head() to recalculate the number of
segments in the skb with the skb's existing MSS, so trimming the head
causes the skb segment count to be monotonically non-increasing - it
should stay the same or go down, but not increase.Previously tcp_trim_head() used the current MSS of the connection. But
if there was a decrease in MSS between original transmission and ACK
(e.g. due to PMTUD), this could cause tcp_trim_head() to
counter-intuitively increase the segment count when trimming bytes off
the head of an skb. This violated assumptions in tcp_tso_acked() that
tcp_trim_head() only decreases the packet count, so that packets_acked
in tcp_tso_acked() could underflow, leading tcp_clean_rtx_queue() to
pass u32 pkts_acked values as large as 0xffffffff to
ca_ops->pkts_acked().As an aside, if tcp_trim_head() had really wanted the skb to reflect
the current MSS, it should have called tcp_set_skb_tso_segs()
unconditionally, since a decrease in MSS would mean that a
single-packet skb should now be sliced into multiple segments.Signed-off-by: Neal Cardwell
Acked-by: Nandita Dukkipati
Acked-by: Ilpo Järvinen
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit efc3dbc37412c027e363736b4f4c74ee5e8ecffc ]
rds_sock_info() triggers locking warnings because we try to perform a
local_bh_enable() (via sock_i_ino()) while hardware interrupts are
disabled (via taking rds_sock_lock).There is no reason for rds_sock_lock to be a hardware IRQ disabling
lock, none of these access paths run in hardware interrupt context.Therefore making it a BH disabling lock is safe and sufficient to
fix this bug.Reported-by: Kumar Sanghvi
Reported-by: Josh Boyer
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit cf778b00e96df6d64f8e21b8395d1f8a859ecdc7 ]
commit a9b3cd7f32 (rcu: convert uses of rcu_assign_pointer(x, NULL) to
RCU_INIT_POINTER) did a lot of incorrect changes, since it did a
complete conversion of rcu_assign_pointer(x, y) to RCU_INIT_POINTER(x,
y).We miss needed barriers, even on x86, when y is not NULL.
Signed-off-by: Eric Dumazet
CC: Stephen Hemminger
CC: Paul E. McKenney
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit d00a9dd21bdf7908b70866794c8313ee8a5abd5c ]
Several problems fixed in this patch :
1) Target of the conditional jump in case a divide by 0 is performed
by a bpf is wrong.2) Must 'generate' the full function prologue/epilogue at pass=0,
or else we can stop too early in pass=1 if the proglen doesnt change.
(if the increase of prologue/epilogue equals decrease of all
instructions length because some jumps are converted to near jumps)3) Change the wrong length detection at the end of code generation to
issue a more explicit message, no need for a full stack trace.Reported-by: Phil Oester
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 4ec7ac1203bcf21f5e3d977c9818b1a56c9ef40d ]
Commit bc416d9768 (macvlan: handle fragmented multicast frames) added a
possible use after free in macvlan_handle_frame(), since
ip_check_defrag() uses pskb_may_pull() : skb header can be reallocated.Signed-off-by: Eric Dumazet
Cc: Ben Greear
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 68315801dbf3ab2001679fd2074c9dc5dcf87dfa ]
When a packet is received on an L2TP IP socket (L2TPv3 IP link
encapsulation), the l2tpip socket's backlog_rcv function calls
xfrm4_policy_check(). This is not necessary, since it was called
before the skb was added to the backlog. With CONFIG_NET_NS enabled,
xfrm4_policy_check() will oops if skb->dev is null, so this trivial
patch removes the call.This bug has always been present, but only when CONFIG_NET_NS is
enabled does it cause problems. Most users are probably using UDP
encapsulation for L2TP, hence the problem has only recently
surfaced.EIP: 0060:[] EFLAGS: 00210246 CPU: 0
EIP is at l2tp_ip_recvmsg+0xd4/0x2a7
EAX: 00000001 EBX: d77b5180 ECX: 00000000 EDX: 00200246
ESI: 00000000 EDI: d63cbd30 EBP: d63cbd18 ESP: d63cbcf4
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Call Trace:
[] sock_common_recvmsg+0x31/0x46
[] __sock_recvmsg_nosec+0x45/0x4d
[] __sock_recvmsg+0x31/0x3b
[] sock_recvmsg+0x96/0xab
[] ? might_fault+0x47/0x81
[] ? might_fault+0x47/0x81
[] ? _copy_from_user+0x31/0x115
[] ? copy_from_user+0x8/0xa
[] ? verify_iovec+0x3e/0x78
[] __sys_recvmsg+0x10a/0x1aa
[] ? sock_recvmsg+0x0/0xab
[] ? __lock_acquire+0xbdf/0xbee
[] ? do_page_fault+0x193/0x375
[] ? fcheck_files+0x9b/0xca
[] ? fget_light+0x2a/0x9c
[] sys_recvmsg+0x2b/0x43
[] sys_socketcall+0x16d/0x1a5
[] ? trace_hardirqs_on_thunk+0xc/0x10
[] sysenter_do_call+0x12/0x38
Code: c6 05 8c ea a8 c1 01 e8 0c d4 d9 ff 85 f6 74 07 3e ff 86 80 00 00 00 b9 17 b6 2b c1 ba 01 00 00 00 b8 78 ed 48 c1 e8 23 f6 d9 ff 76 0c 68 28 e3 30 c1 68 2d 44 41 c1 e8 89 57 01 00 83 c4 0cSigned-off-by: James Chapman
Acked-by: Eric Dumazet
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit b924551bed09f61b64f21bffe241afc5526b091a ]
bond_alb_init_slave() is called from bond_enslave() and sets the slave's MAC
address. This is done differently for TLB and ALB modes.
bond->alb_info.rlb_enabled is used to discriminate between the two modes but
this flag may be uninitialized if the slave is being enslaved prior to calling
bond_open() -> bond_alb_initialize() on the master.It turns out all the callers of alb_set_slave_mac_addr() pass
bond->alb_info.rlb_enabled as the hw parameter.This patch cleans up the unnecessary parameter of alb_set_slave_mac_addr() and
makes the function decide based on the bonding mode instead, which fixes the
above problem.Reported-by: Narendra K
Signed-off-by: Jiri Bohac
Signed-off-by: Jay Vosburgh
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 6f01fd6e6f6809061b56e78f1e8d143099716d70 ]
Commit 0884d7aa24 (AF_UNIX: Fix poll blocking problem when reading from
a stream socket) added a regression for epoll() in Edge Triggered mode
(EPOLLET)Appropriate fix is to use skb_peek()/skb_unlink() instead of
skb_dequeue(), and only call skb_unlink() when skb is fully consumed.This remove the need to requeue a partial skb into sk_receive_queue head
and the extra sk->sk_data_ready() calls that added the regression.This is safe because once skb is given to sk_receive_queue, it is not
modified by a writer, and readers are serialized by u->readlock mutex.This also reduce number of spinlock acquisition for small reads or
MSG_PEEK users so should improve overall performance.Reported-by: Nick Mathewson
Signed-off-by: Eric Dumazet
Cc: Alexey Moiseytsev
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 8a8ee9aff6c3077dd9c2c7a77478e8ed362b96c6 ]
caif is a subsystem and as such it needs to register with
register_pernet_subsys instead of register_pernet_device.Among other problems using register_pernet_device was resulting in
net_generic being called before the caif_net structure was allocated.
Which has been causing net_generic to fail with either BUG_ON's or by
return NULL pointers.A more ugly problem that could be caused is packets in flight why the
subsystem is shutting down.To remove confusion also remove the cruft cause by inappropriately
trying to fix this bug.With the aid of the previous patch I have tested this patch and
confirmed that using register_pernet_subsys makes the failure go away as
it should.Signed-off-by: Eric W. Biederman
Acked-by: Sjur Brændeland
Tested-by: Sasha Levin
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 5ee4433efe99b9f39f6eff5052a177bbcfe72cea ]
By definition net_generic should never be called when it can return
NULL. Fail conspicously with a BUG_ON to make it clear when people mess
up that a NULL return should never happen.Recently there was a bug in the CAIF subsystem where it was registered
with register_pernet_device instead of register_pernet_subsys. It was
erroneously concluded that net_generic could validly return NULL and
that net_assign_generic was buggy (when it was just inefficient).
Hopefully this BUG_ON will prevent people to coming to similar erroneous
conclusions in the futrue.Signed-off-by: Eric W. Biederman
Tested-by: Sasha Levin
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 073862ba5d249c20bd5c49fc6d904ff0e1f6a672 ]
When a new net namespace is created, we should attach to it a "struct
net_generic" with enough slots (even empty), or we can hit the following
BUG_ON() :[ 200.752016] kernel BUG at include/net/netns/generic.h:40!
...
[ 200.752016] [] ? get_cfcnfg+0x3a/0x180
[ 200.752016] [] ? lockdep_rtnl_is_held+0x10/0x20
[ 200.752016] [] caif_device_notify+0x2e/0x530
[ 200.752016] [] notifier_call_chain+0x67/0x110
[ 200.752016] [] raw_notifier_call_chain+0x11/0x20
[ 200.752016] [] call_netdevice_notifiers+0x32/0x60
[ 200.752016] [] register_netdevice+0x196/0x300
[ 200.752016] [] register_netdev+0x19/0x30
[ 200.752016] [] loopback_net_init+0x4a/0xa0
[ 200.752016] [] ops_init+0x42/0x180
[ 200.752016] [] setup_net+0x6b/0x100
[ 200.752016] [] copy_net_ns+0x86/0x110
[ 200.752016] [] create_new_namespaces+0xd9/0x190net_alloc_generic() should take into account the maximum index into the
ptr array, as a subsystem might use net_generic() anytime.This also reduces number of reallocations in net_assign_generic()
Reported-by: Sasha Levin
Tested-by: Sasha Levin
Signed-off-by: Eric Dumazet
Cc: Sjur Brændeland
Cc: Eric W. Biederman
Cc: Pavel Emelyanov
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
commit 15699e6fafc3a90e5fdc2ef30555a04dee62286f upstream.
The probe does not strictly require the USB_CDC_DMM_TYPE
descriptor, which is a good thing as it makes the driver
usable on non-conforming interfaces. A user could e.g.
bind to it to a CDC ECM interface by using the new_id and
bind sysfs files. But this would fail with a 0 buffer length
due to the missing descriptor.Fix by defining a reasonable fallback size: The minimum
device receive buffer size required by the CDC WMC standard,
revision 1.1Signed-off-by: Bjørn Mork
Signed-off-by: Greg Kroah-Hartman -
commit 655e247daf52b202a6c2d0f8a06dd2051e756ce4 upstream.
As it turns out, there was a mismatch between the allocated inbuf size
(desc->bMaxPacketSize0, typically something like 64) and the length we
specified in the URB (desc->wMaxCommand, typically something like 2048)Signed-off-by: Bjørn Mork
Cc: Oliver Neukum
Signed-off-by: Greg Kroah-Hartman -
commit 62aaf24dc125d7c55c93e313d15611f152b030c7 upstream.
wdm_disconnect() waits for the mutex held by wdm_read() before
calling wake_up_all(). This causes a deadlock, preventing device removal
to complete. Do the wake_up_all() before we start waiting for the locks.Signed-off-by: Bjørn Mork
Cc: Oliver Neukum
Cc: stable
Signed-off-by: Greg Kroah-Hartman -
commit 6edf3c30af01854c416f8654d3d5d2652470afd4 upstream.
When no platform data was supplied, returned error code was 0.
Signed-off-by: Vivien Didelot
Signed-off-by: Guenter Roeck
Signed-off-by: Greg Kroah-Hartman -
commit ad77c3e1808f07fa70f707b1c92a683b7c7d3f85 upstream.
NCT6776F only supports pwm mode for pwm2 and pwm3. Return error if an attempt
is made to set those pwm channels to DC mode.Signed-off-by: Guenter Roeck
Acked-by: Jean Delvare
Signed-off-by: Guenter Roeck
Signed-off-by: Greg Kroah-Hartman -
commit 86b2bbfdbd1fcc4a3aa62ccd3f245c40c5ad5b85 upstream.
Properly clamp temperature limits set by the user. Without this fix,
attempts to write temperature limits above the maximum supported by
the chip (255 degrees Celsius) would arbitrarily and unexpectedly
result in the limit being set to 0 degree Celsius.Signed-off-by: Jean Delvare
Signed-off-by: Guenter Roeck
Signed-off-by: Greg Kroah-Hartman -
commit 006896fc612f11bf0624db7814a75d0d5410855f upstream.
Commit 0020afb369859472a461ef4af6410732e929d402 (ARM: mach-davinci:
remove mach/memory.h) removed mach/memory.h for DaVinci which broke
DaVinci MUSB build.mach/memory.h is not actually needed in davinci.c, so remove it.
While at it, also remove some more machine specific inclulde
files which are not needed for build.Tested on DM644x EVM using USB card reader.
Signed-off-by: Sekhar Nori
Signed-off-by: Felipe Balbi
Signed-off-by: Greg Kroah-Hartman -
commit cf840551a884360841bd3d3ce1ad0868ff0b759a upstream.
When a TD length mismatch is found during isoc TRB enqueue, it directly
returns -EINVAL. However, isoc transfer is partially enqueued at this time,
and the ring should be cleared.This should be backported to kernels as old as 2.6.36, which contain the
commit 522989a27c7badb608155b1f1dea3487ed431f74 "xhci: Fix failed
enqueue in the middle of isoch TD."Signed-off-by: Andiry Xu
Signed-off-by: Sarah Sharp
Signed-off-by: Greg Kroah-Hartman -
commit d0cd5d482b8a6dc92c6c69a5387baf72ea84f23a upstream.
The xHCI hub port code gets passed a zero-based port number by the USB
core. It then adds one to in order to find a device slot by port number
and device speed by calling xhci_find_slot_id_by_port. That function
clearly states it requires a one-based port number. The xHCI port
status change event handler was using a zero-based port number that it
got from find_faked_portnum_from_hw_portnum, not a one-based port
number. This lead to the doorbells never being rung for a device after
a resume, or worse, a different device with the same speed having its
doorbell rung (which could lead to bad power management in the xHCI host
controller).This patch should be backported to kernels as old as 2.6.39.
Signed-off-by: Sarah Sharp
Acked-by: Andiry Xu
Signed-off-by: Greg Kroah-Hartman -
commit 2492c6e6454ff3edb11e273b071a6ea80a199c71 upstream.
Add missing iounmap in error handling code, in a case where the function
already preforms iounmap on some other execution path.A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)//
@@
expression e;
statement S,S1;
int ret;
@@
e = \(ioremap\|ioremap_nocache\)(...)
... when != iounmap(e)
if () S
... when any
when != iounmap(e)
*if (...)
{ ... when != iounmap(e)
return ...; }
... when any
iounmap(e);
//Signed-off-by: Julia Lawall
Acked-by: Alan Stern
Signed-off-by: Greg Kroah-Hartman -
commit a85016390135d577c457876d0e905095600751de upstream.
Fix some endian issues for storage gadgets.
Signed-off-by: Andiry Xu
Signed-off-by: Felipe Balbi
Signed-off-by: Greg Kroah-Hartman -
commit 37fd37108449d574da11aa9055c5c8afb39ff226 upstream.
UDC core will call disconnect() and unbind() for us upon the gadget
removal, so we should not do it ourselves. Otherwise, a composite
gadget will explode, for example. Others might too.This was introduced during conversion to new style gadget in 2c7f0989
(usb: gadget: langwell: convert to new style).Signed-off-by: Alexander Shishkin
Cc: Heikki Krogerus
Cc: linux-usb@vger.kernel.org
Signed-off-by: Felipe Balbi
Signed-off-by: Greg Kroah-Hartman -
commit 1097ccebe630170080c41df0edcf88e0626e9c75 upstream.
This changes the max length for the usb seven segment delcom device to 8
from 6. Delcom has both 6 and 8 variants and having 8 works fine with
devices which are only 6.Signed-off-by: Harrison Metzger
Signed-off-by: Stuart Pook
Signed-off-by: Greg Kroah-Hartman -
commit b3ef051db763b640d1ff724b616ffba940896b44 upstream.
Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=784345Reported-by: Francis Moreau
Reported-and-tested-by: Christian D
Reported-and-tested-by: Jimmy Dorff
Reported-and-tested-by: collura@ieee.org
Signed-off-by: Stanislaw Gruszka
Signed-off-by: Greg Kroah-Hartman -
commit bf9c05d5b6d19b3e4c9fe21047694e94f48db89b upstream.
The assignment of handle in vmw_framebuffer_create_handle doesn't actually do anything useful and is incorrectly assigning an integer value to a pointer argument. It appears that this is a typo and should be dereferencing handle rather than assigning to it directly. This fixes a bug where an undefined handle value is potentially returned to user-space.
Signed-off-by: Ryan Mallon
Reviewed-by: Jakob Bornecrantz
Signed-off-by: Dave Airlie
Signed-off-by: Greg Kroah-Hartman
