| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Add PCI id for Intel Merrifield
Signed-off-by: David Cohen <[email protected]>
Cc: stable <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
In case of usb phy reinitialization:
e.g. insmod usb-module(usb works well) -> rmmod usb-module -> insmod usb-module
It found the PHY_CLK_VALID bit didn't work if it's not with the power-on reset.
So we just check PHY_CLK_VALID bit during the stage with POR, this can be met
by the tricky of checking FSL_SOC_USB_PRICTRL register.
Signed-off-by: Shengzhou Liu <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
There's a bunch of failure exits in ffs_fs_mount() with
seriously broken recovery logics. Most of that appears to stem
from misunderstanding of the ->kill_sb() semantics; unlike
->put_super() it is called for *all* superblocks of given type,
no matter how (in)complete the setup had been. ->put_super()
is called only if ->s_root is not NULL; any failure prior to
setting ->s_root will have the call of ->put_super() skipped.
->kill_sb(), OTOH, awaits every superblock that has come from
sget().
Current behaviour of ffs_fs_mount():
We have struct ffs_sb_fill_data data on stack there. We do
ffs_dev = functionfs_acquire_dev_callback(dev_name);
and store that in data.private_data. Then we call mount_nodev(),
passing it ffs_sb_fill() as a callback. That will either fail
outright, or manage to call ffs_sb_fill(). There we allocate an
instance of struct ffs_data, slap the value of ffs_dev (picked
from data.private_data) into ffs->private_data and overwrite
data.private_data by storing ffs into an overlapping member
(data.ffs_data). Then we store ffs into sb->s_fs_info and attempt
to set the rest of the things up (root inode, root dentry, then
create /ep0 there). Any of those might fail. Should that
happen, we get ffs_fs_kill_sb() called before mount_nodev()
returns. If mount_nodev() fails for any reason whatsoever,
we proceed to
functionfs_release_dev_callback(data.ffs_data);
That's broken in a lot of ways. Suppose the thing has failed in
allocation of e.g. root inode or dentry. We have
functionfs_release_dev_callback(ffs);
ffs_data_put(ffs);
done by ffs_fs_kill_sb() (ffs accessed via sb->s_fs_info), followed by
functionfs_release_dev_callback(ffs);
from ffs_fs_mount() (via data.ffs_data). Note that the second
functionfs_release_dev_callback() has every chance to be done to freed memory.
Suppose we fail *before* root inode allocation. What happens then?
ffs_fs_kill_sb() doesn't do anything to ffs (it's either not called at all,
or it doesn't have a pointer to ffs stored in sb->s_fs_info). And
functionfs_release_dev_callback(data.ffs_data);
is called by ffs_fs_mount(), but here we are in nasal daemon country - we
are reading from a member of union we'd never stored into. In practice,
we'll get what we used to store into the overlapping field, i.e. ffs_dev.
And then we get screwed, since we treat it (struct gfs_ffs_obj * in
disguise, returned by functionfs_acquire_dev_callback()) as struct
ffs_data *, pick what would've been ffs_data ->private_data from it
(*well* past the actual end of the struct gfs_ffs_obj - struct ffs_data
is much bigger) and poke in whatever it points to.
FWIW, there's a minor leak on top of all that in case if ffs_sb_fill()
fails on kstrdup() - ffs is obviously forgotten.
The thing is, there is no point in playing all those games with union.
Just allocate and initialize ffs_data *before* calling mount_nodev() and
pass a pointer to it via data.ffs_data. And once it's stored in
sb->s_fs_info, clear data.ffs_data, so that ffs_fs_mount() knows that
it doesn't need to kill the sucker manually - from that point on
we'll have it done by ->kill_sb().
Signed-off-by: Al Viro <[email protected]>
Acked-by: Michal Nazarewicz <[email protected]>
Cc: stable <[email protected]> # 3.3+
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
The put_device(dev) at the bottom of the loop of device_shutdown
may result in the dev being cleaned up. In device_create_release,
the dev is kfreed.
However, device_shutdown attempts to use the dev pointer again after
put_device by referring to dev->parent.
Copy the parent pointer instead to avoid this condition.
This bug was found on Chromium OS's chromeos-3.8, which is based on v3.8.11.
See bug report : https://code.google.com/p/chromium/issues/detail?id=297842
This can easily be reproduced when shutting down with
hidraw devices that report battery condition.
Two examples are the HP Bluetooth Mouse X4000b and the Apple Magic Mouse.
For example, with the magic mouse :
The dev in question is "hidraw0"
dev->parent is "magicmouse"
In the course of the shutdown for this device, the input event cleanup calls
a put on hidraw0, decrementing its reference count.
When we finally get to put_device(dev) in device_shutdown, kobject_cleanup
is called and device_create_release does kfree(dev).
dev->parent is no longer valid, and we may crash in
put_device(dev->parent).
This change should be applied on any kernel with this change :
d1c6c030fcec6f860d9bb6c632a3ebe62e28440b
Cc: [email protected]
Signed-off-by: Benson Leung <[email protected]>
Reviewed-by: Ming Lei <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
In kobj_ns_current_may_mount the default should be to allow the
mount. The test is only for a single kobj_ns_type at a time, and unless
there is a reason to prevent it the mounting sysfs should be allowed.
Subsystems that are not registered can't have are not involved so can't
have a reason to prevent mounting sysfs.
This is a bug-fix to:
commit 7dc5dbc879bd0779924b5132a48b731a0bc04a1e
Author: Eric W. Biederman <[email protected]>
Date: Mon Mar 25 20:07:01 2013 -0700
sysfs: Restrict mounting sysfs
Don't allow mounting sysfs unless the caller has CAP_SYS_ADMIN rights
over the net namespace. The principle here is if you create or have
capabilities over it you can mount it, otherwise you get to live with
what other people have mounted.
Instead of testing this with a straight forward ns_capable call,
perform this check the long and torturous way with kobject helpers,
this keeps direct knowledge of namespaces out of sysfs, and preserves
the existing sysfs abstractions.
Acked-by: Greg Kroah-Hartman <[email protected]>
Signed-off-by: "Eric W. Biederman" <[email protected]>
That came in via the userns tree during the 3.12 merge window.
Reported-by: James Hogan <[email protected]>
Signed-off-by: "Eric W. Biederman" <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
commit 666b9adc801ef012612c4e43e0f44b2cdc1979cf terminated vmbus
version negotiation incorrectly. We need to terminate the version
negotiation only if the current negotiation were to timeout.
Signed-off-by: K. Y. Srinivasan <[email protected]>
Cc: Olaf Hering <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
The current code does not correctly negotiate the version numbers for the util
driver when hosted on earlier hosts. The version numbers presented by this
driver were not compatible with the version numbers supported by Windows Server
2008. Fix this problem.
I would like to thank Olaf Hering ([email protected]) for identifying the problem.
Reported-by: Olaf Hering <[email protected]>
Signed-off-by: K. Y. Srinivasan <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Unset init_clients_timer and amthif_stall_timers
in mei_reset in order to cancel timer ticking and hence
avoid recursive reset calls.
Cc: <[email protected]> # 3.9+
Signed-off-by: Alexander Usyskin <[email protected]>
Signed-off-by: Tomas Winkler <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Bus layer omitted check for client state transition while waiting
for read completion
The client state transition may occur for example as result
of firmware initiated reset
Add mei_cl_is_transitioning wrapper to reduce the code
repetition.:
Cc: <[email protected]> # 3.9+
Signed-off-by: Tomas Winkler <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
1. u8 counters are prone to hard to detect overflow:
make them unsigned long to match bit_ functions argument type
2. don't check me_clients_num for negativity, it is unsigned.
3. init all the me client counters from one place
Cc: <[email protected]> # 3.9+
Signed-off-by: Tomas Winkler <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Outgoing packets sent by via-rhine have their VLAN PCP field off by one
(when hardware acceleration is enabled). The TX descriptor expects only VID
and PCP (without a CFI/DEI bit).
Peter Boström noticed and reported the bug.
Signed-off-by: Roger Luethi <[email protected]>
Cc: Peter Boström <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Commit 'tty: ar933x_uart: add device tree support
and binding documentation' introduced a new doc in
bindins/tty/serial.
According to a recent thread [1] on the linux-serial
list, the binding documentation of serial drivers
should be added into bindings/serial.
Move the documentation of qca,ar9330-uart to the
correct place.
1. http://marc.info/?l=linux-serial&m=137771295411517
Cc: [email protected]
Signed-off-by: Gabor Juhos <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
For controller versions greater than 1.6, setting ULPI_PHY_CLK_SEL
bit when USB_EN bit is already set causes instability issues with
PHY_CLK_VLD bit. So USB_EN is set only for IP controller version
below 1.6 before setting ULPI_PHY_CLK_SEL bit
Signed-off-by: Ramneek Mehresh <[email protected]>
Cc: stable <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
This patch adds explicit call to bcma_core_pci_power_save() from
a non-atomic context resolving 'scheduling while atomic' issue.
[ 13.224317] BUG: scheduling while atomic: dhcpcd/1800/0x00000202
[ 13.224322] Modules linked in: brcmsmac nouveau coretemp kvm_intel kvm cordic brcmutil bcma dell_wmi atl1c ttm mxm_wmi wmi
[ 13.224354] CPU: 0 PID: 1800 Comm: dhcpcd Tainted: G W 3.11.0-wl #1
[ 13.224359] Hardware name: Alienware M11x R2/M11x R2, BIOS A04 11/23/2010
[ 13.224363] ffff880177c12c40 ffff880170fd1968 ffffffff8169af5b 0000000000000007
[ 13.224374] ffff880170fd1ad0 ffff880170fd1978 ffffffff81697ee2 ffff880170fd19f8
[ 13.224383] ffffffff816a19f5 00000000000f4240 000000000000d080 ffff880170fd1fd8
[ 13.224391] Call Trace:
[ 13.224399] [<ffffffff8169af5b>] dump_stack+0x4f/0x84
[ 13.224403] [<ffffffff81697ee2>] __schedule_bug+0x43/0x51
[ 13.224409] [<ffffffff816a19f5>] __schedule+0x6e5/0x810
[ 13.224412] [<ffffffff816a1c34>] schedule+0x24/0x70
[ 13.224416] [<ffffffff816a04fc>] schedule_hrtimeout_range_clock+0x10c/0x150
[ 13.224420] [<ffffffff810684e0>] ? update_rmtp+0x60/0x60
[ 13.224424] [<ffffffff8106915f>] ? hrtimer_start_range_ns+0xf/0x20
[ 13.224429] [<ffffffff816a054e>] schedule_hrtimeout_range+0xe/0x10
[ 13.224432] [<ffffffff8104f6fb>] usleep_range+0x3b/0x40
[ 13.224437] [<ffffffffa003733a>] bcma_pcie_mdio_read.isra.5+0x8a/0x100 [bcma]
[ 13.224442] [<ffffffffa00374a5>] bcma_pcie_mdio_writeread.isra.6.constprop.13+0x25/0x30 [bcma]
[ 13.224448] [<ffffffffa00374f9>] bcma_core_pci_power_save+0x49/0x80 [bcma]
[ 13.224452] [<ffffffffa003765d>] bcma_core_pci_up+0x2d/0x60 [bcma]
[ 13.224460] [<ffffffffa03dc17c>] brcms_c_up+0xfc/0x430 [brcmsmac]
[ 13.224467] [<ffffffffa03d1a7d>] brcms_up+0x1d/0x20 [brcmsmac]
[ 13.224473] [<ffffffffa03d2498>] brcms_ops_start+0x298/0x340 [brcmsmac]
[ 13.224478] [<ffffffff81600a12>] ? cfg80211_netdev_notifier_call+0xd2/0x5f0
[ 13.224483] [<ffffffff815fa53d>] ? packet_notifier+0xad/0x1d0
[ 13.224487] [<ffffffff81656e75>] ieee80211_do_open+0x325/0xf80
[ 13.224491] [<ffffffff8106ac09>] ? __raw_notifier_call_chain+0x9/0x10
[ 13.224495] [<ffffffff81657b41>] ieee80211_open+0x71/0x80
[ 13.224498] [<ffffffff81526267>] __dev_open+0x87/0xe0
[ 13.224502] [<ffffffff8152650c>] __dev_change_flags+0x9c/0x180
[ 13.224505] [<ffffffff815266a3>] dev_change_flags+0x23/0x70
[ 13.224509] [<ffffffff8158cd68>] devinet_ioctl+0x5b8/0x6a0
[ 13.224512] [<ffffffff8158d5c5>] inet_ioctl+0x75/0x90
[ 13.224516] [<ffffffff8150b38b>] sock_do_ioctl+0x2b/0x70
[ 13.224519] [<ffffffff8150b681>] sock_ioctl+0x71/0x2a0
[ 13.224523] [<ffffffff8114ed47>] do_vfs_ioctl+0x87/0x520
[ 13.224528] [<ffffffff8113f159>] ? ____fput+0x9/0x10
[ 13.224533] [<ffffffff8106228c>] ? task_work_run+0x9c/0xd0
[ 13.224537] [<ffffffff8114f271>] SyS_ioctl+0x91/0xb0
[ 13.224541] [<ffffffff816aa252>] system_call_fastpath+0x16/0x1b
Cc: <[email protected]> # 3.11.x
Cc: Tod Jackson <[email protected]>
Cc: Joe Perches <[email protected]>
Cc: Rafal Milecki <[email protected]>
Cc: Hauke Mehrtens <[email protected]>
Reviewed-by: Hante Meuleman <[email protected]>
Signed-off-by: Arend van Spriel <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
This patch removes the bcma_core_pci_power_save() call from
the bcma_core_pci_{up,down}() functions as it tries to schedule
thus requiring to call them from non-atomic context. The function
bcma_core_pci_power_save() is now exported so the calling module
can explicitly use it in non-atomic context. This fixes the
'scheduling while atomic' issue reported by Tod Jackson and
Joe Perches.
[ 13.210710] BUG: scheduling while atomic: dhcpcd/1800/0x00000202
[ 13.210718] Modules linked in: brcmsmac nouveau coretemp kvm_intel kvm cordic brcmutil bcma dell_wmi atl1c ttm mxm_wmi wmi
[ 13.210756] CPU: 2 PID: 1800 Comm: dhcpcd Not tainted 3.11.0-wl #1
[ 13.210762] Hardware name: Alienware M11x R2/M11x R2, BIOS A04 11/23/2010
[ 13.210767] ffff880177c92c40 ffff880170fd1948 ffffffff8169af5b 0000000000000007
[ 13.210777] ffff880170fd1ab0 ffff880170fd1958 ffffffff81697ee2 ffff880170fd19d8
[ 13.210785] ffffffff816a19f5 00000000000f4240 000000000000d080 ffff880170fd1fd8
[ 13.210794] Call Trace:
[ 13.210813] [<ffffffff8169af5b>] dump_stack+0x4f/0x84
[ 13.210826] [<ffffffff81697ee2>] __schedule_bug+0x43/0x51
[ 13.210837] [<ffffffff816a19f5>] __schedule+0x6e5/0x810
[ 13.210845] [<ffffffff816a1c34>] schedule+0x24/0x70
[ 13.210855] [<ffffffff816a04fc>] schedule_hrtimeout_range_clock+0x10c/0x150
[ 13.210867] [<ffffffff810684e0>] ? update_rmtp+0x60/0x60
[ 13.210877] [<ffffffff8106915f>] ? hrtimer_start_range_ns+0xf/0x20
[ 13.210887] [<ffffffff816a054e>] schedule_hrtimeout_range+0xe/0x10
[ 13.210897] [<ffffffff8104f6fb>] usleep_range+0x3b/0x40
[ 13.210910] [<ffffffffa00371af>] bcma_pcie_mdio_set_phy.isra.3+0x4f/0x80 [bcma]
[ 13.210921] [<ffffffffa003729f>] bcma_pcie_mdio_write.isra.4+0xbf/0xd0 [bcma]
[ 13.210932] [<ffffffffa0037498>] bcma_pcie_mdio_writeread.isra.6.constprop.13+0x18/0x30 [bcma]
[ 13.210942] [<ffffffffa00374ee>] bcma_core_pci_power_save+0x3e/0x80 [bcma]
[ 13.210953] [<ffffffffa003765d>] bcma_core_pci_up+0x2d/0x60 [bcma]
[ 13.210975] [<ffffffffa03dc17c>] brcms_c_up+0xfc/0x430 [brcmsmac]
[ 13.210989] [<ffffffffa03d1a7d>] brcms_up+0x1d/0x20 [brcmsmac]
[ 13.211003] [<ffffffffa03d2498>] brcms_ops_start+0x298/0x340 [brcmsmac]
[ 13.211020] [<ffffffff81600a12>] ? cfg80211_netdev_notifier_call+0xd2/0x5f0
[ 13.211030] [<ffffffff815fa53d>] ? packet_notifier+0xad/0x1d0
[ 13.211064] [<ffffffff81656e75>] ieee80211_do_open+0x325/0xf80
[ 13.211076] [<ffffffff8106ac09>] ? __raw_notifier_call_chain+0x9/0x10
[ 13.211086] [<ffffffff81657b41>] ieee80211_open+0x71/0x80
[ 13.211101] [<ffffffff81526267>] __dev_open+0x87/0xe0
[ 13.211109] [<ffffffff8152650c>] __dev_change_flags+0x9c/0x180
[ 13.211117] [<ffffffff815266a3>] dev_change_flags+0x23/0x70
[ 13.211127] [<ffffffff8158cd68>] devinet_ioctl+0x5b8/0x6a0
[ 13.211136] [<ffffffff8158d5c5>] inet_ioctl+0x75/0x90
[ 13.211147] [<ffffffff8150b38b>] sock_do_ioctl+0x2b/0x70
[ 13.211155] [<ffffffff8150b681>] sock_ioctl+0x71/0x2a0
[ 13.211169] [<ffffffff8114ed47>] do_vfs_ioctl+0x87/0x520
[ 13.211180] [<ffffffff8113f159>] ? ____fput+0x9/0x10
[ 13.211198] [<ffffffff8106228c>] ? task_work_run+0x9c/0xd0
[ 13.211202] [<ffffffff8114f271>] SyS_ioctl+0x91/0xb0
[ 13.211208] [<ffffffff816aa252>] system_call_fastpath+0x16/0x1b
[ 13.211217] NOHZ: local_softirq_pending 202
The issue was introduced in v3.11 kernel by following commit:
commit aa51e598d04c6acf5477934cd6383f5a17ce9029
Author: Hauke Mehrtens <[email protected]>
Date: Sat Aug 24 00:32:31 2013 +0200
brcmsmac: use bcma PCIe up and down functions
replace the calls to bcma_core_pci_extend_L1timer() by calls to the
newly introduced bcma_core_pci_ip() and bcma_core_pci_down()
Signed-off-by: Hauke Mehrtens <[email protected]>
Cc: Arend van Spriel <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
This fix has been discussed with Hauke Mehrtens [1] selection
option 3) and is intended for v3.12.
Ref:
[1] http://mid.gmane.org/[email protected]
Cc: <[email protected]> # 3.11.x
Cc: Tod Jackson <[email protected]>
Cc: Joe Perches <[email protected]>
Cc: Rafal Milecki <[email protected]>
Cc: Hauke Mehrtens <[email protected]>
Reviewed-by: Hante Meuleman <[email protected]>
Signed-off-by: Arend van Spriel <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
The driver uses platform_driver_probe() to obtain platform data
if any. However, that function is placed in the .init section so
it must be called upon driver module initialization.
The problem was reported by Fenguang Wu resulting in a kernel
oops because the .init section was already freed.
[ 48.966342] Switched to clocksource tsc
[ 48.970002] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
[ 48.970851] BUG: unable to handle kernel paging request at ffffffff82196446
[ 48.970957] IP: [<ffffffff82196446>] classes_init+0x26/0x26
[ 48.970957] PGD 1e76067 PUD 1e77063 PMD f388063 PTE 8000000002196163
[ 48.970957] Oops: 0011 [#1]
[ 48.970957] CPU: 0 PID: 17 Comm: kworker/0:1 Not tainted 3.11.0-rc7-00444-gc52dd7f #23
[ 48.970957] Workqueue: events brcmf_driver_init
[ 48.970957] task: ffff8800001d2000 ti: ffff8800001d4000 task.ti: ffff8800001d4000
[ 48.970957] RIP: 0010:[<ffffffff82196446>] [<ffffffff82196446>] classes_init+0x26/0x26
[ 48.970957] RSP: 0000:ffff8800001d5d40 EFLAGS: 00000286
[ 48.970957] RAX: 0000000000000001 RBX: ffffffff820c5620 RCX: 0000000000000000
[ 48.970957] RDX: 0000000000000001 RSI: ffffffff816f7380 RDI: ffffffff820c56c0
[ 48.970957] RBP: ffff8800001d5d50 R08: ffff8800001d2508 R09: 0000000000000002
[ 48.970957] R10: 0000000000000000 R11: 0001f7ce298c5620 R12: ffff8800001c76b0
[ 48.970957] R13: ffffffff81e91d40 R14: 0000000000000000 R15: ffff88000e0ce300
[ 48.970957] FS: 0000000000000000(0000) GS:ffffffff81e84000(0000) knlGS:0000000000000000
[ 48.970957] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 48.970957] CR2: ffffffff82196446 CR3: 0000000001e75000 CR4: 00000000000006b0
[ 48.970957] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 48.970957] DR3: 0000000000000000 DR6: 0000000000000000 DR7: 0000000000000000
[ 48.970957] Stack:
[ 48.970957] ffffffff816f7df8 ffffffff820c5620 ffff8800001d5d60 ffffffff816eeec9
[ 48.970957] ffff8800001d5de0 ffffffff81073dc5 ffffffff81073d68 ffff8800001d5db8
[ 48.970957] 0000000000000086 ffffffff820c5620 ffffffff824f7fd0 0000000000000000
[ 48.970957] Call Trace:
[ 48.970957] [<ffffffff816f7df8>] ? brcmf_sdio_init+0x18/0x70
[ 48.970957] [<ffffffff816eeec9>] brcmf_driver_init+0x9/0x10
[ 48.970957] [<ffffffff81073dc5>] process_one_work+0x1d5/0x480
[ 48.970957] [<ffffffff81073d68>] ? process_one_work+0x178/0x480
[ 48.970957] [<ffffffff81074188>] worker_thread+0x118/0x3a0
[ 48.970957] [<ffffffff81074070>] ? process_one_work+0x480/0x480
[ 48.970957] [<ffffffff8107aa17>] kthread+0xe7/0xf0
[ 48.970957] [<ffffffff810829f7>] ? finish_task_switch.constprop.57+0x37/0xd0
[ 48.970957] [<ffffffff8107a930>] ? __kthread_parkme+0x80/0x80
[ 48.970957] [<ffffffff81a6923a>] ret_from_fork+0x7a/0xb0
[ 48.970957] [<ffffffff8107a930>] ? __kthread_parkme+0x80/0x80
[ 48.970957] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
cc cc cc cc cc cc <cc> cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
[ 48.970957] RIP [<ffffffff82196446>] classes_init+0x26/0x26
[ 48.970957] RSP <ffff8800001d5d40>
[ 48.970957] CR2: ffffffff82196446
[ 48.970957] ---[ end trace 62980817cd525f14 ]---
Cc: <[email protected]> # 3.10.x, 3.11.x
Reported-by: Fengguang Wu <[email protected]>
Reviewed-by: Hante Meuleman <[email protected]>
Reviewed-by: Pieter-Paul Giesberts <[email protected]>
Tested-by: Fengguang Wu <[email protected]>
Signed-off-by: Arend van Spriel <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
Bug 60815 - Interface hangs in mwifiex_usb
https://bugzilla.kernel.org/show_bug.cgi?id=60815
[ 2.883807] BUG: unable to handle kernel NULL pointer dereference
at 0000000000000048
[ 2.883813] IP: [<ffffffff815a65e0>] pfifo_fast_enqueue+0x90/0x90
[ 2.883834] CPU: 1 PID: 3220 Comm: kworker/u8:90 Not tainted
3.11.1-monotone-l0 #6
[ 2.883834] Hardware name: Microsoft Corporation Surface with
Windows 8 Pro/Surface with Windows 8 Pro,
BIOS 1.03.0450 03/29/2013
On Surface Pro, suspend to ram gives a NULL pointer dereference in
pfifo_fast_enqueue(). The stack trace reveals that the offending
call is clearing carrier in mwifiex_usb suspend handler.
Since commit 1499d9f "mwifiex: don't drop carrier flag over suspend"
has removed the carrier flag handling over suspend/resume in SDIO
and PCIe drivers, I'm removing it in USB driver too. This also fixes
the bug for Surface Pro.
Cc: <[email protected]> # 3.5+
Tested-by: Dmitry Khromov <[email protected]>
Signed-off-by: Bing Zhao <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
Bug 60815 - Interface hangs in mwifiex_usb
https://bugzilla.kernel.org/show_bug.cgi?id=60815
We have 4 bytes of interface header for packets delivered to SDIO
and PCIe, but not for USB interface.
In Tx AMSDU case, currently 4 bytes of garbage data is unnecessarily
appended for USB packets. This sometimes leads to a firmware hang,
because it may not interpret the data packet correctly.
Problem is fixed by removing this redundant headroom for USB.
Cc: <[email protected]> # 3.5+
Tested-by: Dmitry Khromov <[email protected]>
Signed-off-by: Amitkumar Karwar <[email protected]>
Signed-off-by: Bing Zhao <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
Added USB ID for Corega WLUSB2GTST USB adapter.
Cc: <[email protected]>
Reported-by: Joerg Kalisch <[email protected]>
Signed-off-by: Christian Lamparter <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
This supercedes the older patch ("cw1200: Don't perform SPI transfers in
interrupt context") that badly attempted to fix this problem.
This is a far simpler solution, which has the added benefit of
actually working.
Signed-off-by: Solomon Peachy <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
This reverts commit aec8e88c947b7017e2b4bbcb68a4bfc4a1f8ad35.
This solution turned out to cause interrupt delivery problems, and
rather than trying to fix this approach, it has been scrapped in favor
of an alternative (and far simpler) implementation.
Signed-off-by: Solomon Peachy <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
For pcie8897, the hs_cfg cancel command (0xe5) times out when host
comes out of suspend. This is caused by an incompleted host sleep
handshake between driver and firmware.
Like SDIO interface, PCIe also needs to go through firmware power
save events to complete the handshake for host sleep configuration.
Only USB interface doesn't require power save events for hs_cfg.
Cc: <[email protected]> # 3.10+
Signed-off-by: Bing Zhao <[email protected]>
Signed-off-by: Amitkumar Karwar <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
The private array at the end of the rtl_priv struct is not aligned.
On ARM architecture, this causes an alignment trap and is fixed by aligning
that array with __align(sizeof(void *)). That should properly align that
space according to the requirements of all architectures.
Reported-by: Jason Andrews <[email protected]>
Tested-by: Jason Andrews <[email protected]>
Signed-off-by: Larry Finger <[email protected]>
Cc: Stable <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
Prevents race conditions when un-aggregated frames are pending in the
driver.
Signed-off-by: Felix Fietkau <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
If request_firmware_nowait() fails in p54u_load_firmware(),
p54u_load_firmware_cb is not called and no one decrements usb_dev refcnt.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
When .release_buffered_frames was implemented, only A-MPDU packets were
buffered internally. Now that this has changed, the BUF_AMPDU flag needs
to be checked before calling ath_tx_addto_baw
Signed-off-by: Felix Fietkau <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
The commit "ath9k: Optimize LNA check" tried
to use the "rs_firstaggr" flag to optimize the LNA
combining algorithm when processing subframes in
an A-MPDU. This doesn't appear to work well in practice,
so revert it and use the old method of relying on
"rs_moreaggr".
Cc: [email protected] # 3.11
Signed-off-by: Sujith Manoharan <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
This might trip up tx completion processing, although the condition that
triggers this should not (yet) occur in practice.
Signed-off-by: Felix Fietkau <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
Fixes a regression from commit
"ath9k: shrink a few data structures by reordering fields"
When cloning a buffer, the stale flag (part of bf_state now) needs to be
reset after copying the state to prevent tx processing hangs.
Signed-off-by: Felix Fietkau <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth
|
|
Commit f5ea1100 cleans up the disk to host conversions for
node directory entries, but because a variable is reused in
xfs_node_toosmall() the next node is not correctly found.
If the original node is small enough (<= 3/8 of the node size),
this change may incorrectly cause a node collapse when it should
not. That will cause an assert in xfstest generic/319:
Assertion failed: first <= last && last < BBTOB(bp->b_length),
file: /root/newest/xfs/fs/xfs/xfs_trans_buf.c, line: 569
Keep the original node header to get the correct forward node.
(When a node is considered for a merge with a sibling, it overwrites the
sibling pointers of the original incore nodehdr with the sibling's
pointers. This leads to loop considering the original node as a merge
candidate with itself in the second pass, and so it incorrectly
determines a merge should occur.)
Signed-off-by: Mark Tinguely <[email protected]>
Reviewed-by: Ben Myers <[email protected]>
Signed-off-by: Ben Myers <[email protected]>
[v3: added Dave Chinner's (slightly modified) suggestion to the commit header,
cleaned up whitespace. -bpm]
|
|
Determine if we've created a new file by examining the directory change
attribute and/or the O_EXCL flag.
This fixes a regression when doing a non-exclusive create of a new file.
If the FILE_CREATED flag is not set, the atomic_open() command will
perform full file access permissions checks instead of just checking
for MAY_OPEN.
Signed-off-by: Trond Myklebust <[email protected]>
|
|
Add missing break into the restore function.
Signed-off-by: Marek Vasut <[email protected]>
Cc: Fabio Estevam <[email protected]>
Cc: Shawn Guo <[email protected]>
Cc: Tomi Valkeinen <[email protected]>
Signed-off-by: Tomi Valkeinen <[email protected]>
|
|
This patch avoids to dereference the uninitialized data pointer if the
error path is entered before devm_kzalloc is called (or if the allocation
fails). It fixes the following warning:
sound/soc/fsl/imx-sgtl5000.c: In function 'imx_sgtl5000_probe':
sound/soc/fsl/imx-sgtl5000.c:175:18: warning: 'data' may be used uninitialized in this function [-Wmaybe-uninitialized]
Signed-off-by: Philipp Zabel <[email protected]>
Signed-off-by: Mark Brown <[email protected]>
|
|
Calling devm_clk_get with any device pointer other than our own confuses
devres. Use clk_get instead. This avoids hitting the following warning in
the imx-sgtl5000 error path:
imx-sgtl5000 sound.12: snd_soc_register_card failed (-517)
platform sound.12: Driver imx-sgtl5000 requests probe deferral
------------[ cut here ]------------
WARNING: CPU: 0 PID: 75 at drivers/base/dd.c:272 driver_probe_device+0x194/0x218()
Modules linked in: snd_soc_sgtl5000(+) snd_soc_imx_sgtl5000 coda snd_soc_imx_audmux imx_sdma snd_soc_fsl_spdif snd_soc_fsl_ssi
CPU: 0 PID: 75 Comm: udevd Not tainted 3.11.0-rc6+ #4682
Backtrace:
[<80010bc4>] (dump_backtrace+0x0/0x10c) from [<80010d60>] (show_stack+0x18/0x1c)
r6:00000110 r5:00000009 r4:00000000 r3:00000000
[<80010d48>] (show_stack+0x0/0x1c) from [<804f0764>] (dump_stack+0x20/0x28)
[<804f0744>] (dump_stack+0x0/0x28) from [<8001a4a4>] (warn_slowpath_common+0x6c/0x8c)
[<8001a438>] (warn_slowpath_common+0x0/0x8c) from [<8001a4e8>] (warn_slowpath_null+0x24/0x2c)
r8:7f032000 r7:7f02f93c r6:cf8eaa54 r5:cf8eaa20 r4:80728a0c
[<8001a4c4>] (warn_slowpath_null+0x0/0x2c) from [<80286bdc>] (driver_probe_device+0x194/0x218)
[<80286a48>] (driver_probe_device+0x0/0x218) from [<80286cf4>] (__driver_attach+0x94/0x98)
r7:00000000 r6:cf8eaa54 r5:7f02f93c r4:cf8eaa20
[<80286c60>] (__driver_attach+0x0/0x98) from [<802851c8>] (bus_for_each_dev+0x5c/0x90)
r6:80286c60 r5:7f02f93c r4:00000000 r3:cf8ef03c
[<8028516c>] (bus_for_each_dev+0x0/0x90) from [<80286654>] (driver_attach+0x24/0x28)
r6:806d0424 r5:cf16a580 r4:7f02f93c
[<80286630>] (driver_attach+0x0/0x28) from [<802861e4>] (bus_add_driver+0xdc/0x234)
[<80286108>] (bus_add_driver+0x0/0x234) from [<802871d4>] (driver_register+0x80/0x154)
r8:7f032000 r7:00000001 r6:7f02fa68 r5:7f02fa74 r4:7f02f93c
[<80287154>] (driver_register+0x0/0x154) from [<8033c278>] (i2c_register_driver+0x34/0xbc)
[<8033c244>] (i2c_register_driver+0x0/0xbc) from [<7f032018>] (sgtl5000_i2c_driver_init+0x18/0x24 [snd_soc_sgtl5000])
r5:7f02fa74 r4:cfb7ff48
[<7f032000>] (sgtl5000_i2c_driver_init+0x0/0x24 [snd_soc_sgtl5000]) from [<80008738>] (do_one_initcall+0xf4/0x150)
[<80008644>] (do_one_initcall+0x0/0x150) from [<80053f64>] (load_module+0x174c/0x1db4)
[<80052818>] (load_module+0x0/0x1db4) from [<800546ac>] (SyS_init_module+0xe0/0xf4)
[<800545cc>] (SyS_init_module+0x0/0xf4) from [<8000e540>] (ret_fast_syscall+0x0/0x30)
r6:00005b22 r5:00afed68 r4:00000000
---[ end trace b24c5c3bb145dbdd ]---
Signed-off-by: Philipp Zabel <[email protected]>
Acked-by: Shawn Guo <[email protected]>
Reviewed-by: Fabio Estevam <[email protected]>
Signed-off-by: Mark Brown <[email protected]>
|
|
After reports from Chris and Josh Boyer of a rare crash in applesmc,
Guenter pointed at the initialization problem fixed below. The patch
has not been verified to fix the crash, but should be applied
regardless.
Reported-by: <[email protected]>
Suggested-by: Guenter Roeck <[email protected]>
Signed-off-by: Henrik Rydberg <[email protected]>
Cc: [email protected]
Signed-off-by: Guenter Roeck <[email protected]>
|
|
of_get_display_timing(s) use of_find_node_by_name
to get child node, this is incorrect, of_get_child_by_name
should be used instead. The patch fixes it.
Small typo is also corrected.
Signed-off-by: Andrzej Hajda <[email protected]>
Signed-off-by: Kyungmin Park <[email protected]>
Signed-off-by: Tomi Valkeinen <[email protected]>
|
|
Fix to return a negative error code from the error handling
case instead of 0, as done elsewhere in this function.
Signed-off-by: Wei Yongjun <[email protected]>
Signed-off-by: Tomi Valkeinen <[email protected]>
|
|
Fix to return -EINVAL when virtual vertical size smaller than real
instead of 0, as done elsewhere in this function. Also remove dup code.
Signed-off-by: Wei Yongjun <[email protected]>
Signed-off-by: Tomi Valkeinen <[email protected]>
|
|
The nice thing about devm_* is that the driver doesn't need to free the
resources but the driver core takes care about that. This also
simplifies the error path quite a bit and removes the wrong check for a
clock pointer being NULL.
Russell King - ARM Linux <[email protected]>:
"And this patch also fixes the above: disabling/unpreparing _after_ putting
the thing - which was quite silly... :)"
Signed-off-by: Uwe Kleine-König <[email protected]>
Signed-off-by: Tomi Valkeinen <[email protected]>
|
|
The DSI-CM driver uses the backlight class so needs to build depend on it.
Signed-off-by: Mark Brown <[email protected]>
Reviewed-by: Jingoo Han <[email protected]>
Signed-off-by: Tomi Valkeinen <[email protected]>
|
|
BIOS can mark a pin as "no physical connection" if the port is used by an
integrated display which is not audio capable. And audio driver will overlook
such pins.
On Haswell, such a disconneted pin will keep muted and connected to the 1st
converter by default. But if the 1st convertor is assigned to a connected pin
for audio streaming. The muted disconnected pin can make the connected pin
no sound output.
So this patch avoids using assigned converters for all unused pins for Haswell,
including the disconected pins.
Signed-off-by: Mengdong Lin <[email protected]>
Reviewed-by: David Henningsson <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
Currently we assume that userspace will shut down the compressed stream
correctly. However, if userspcae dies (e.g. cplay & ctrl-C) we dont
stop the stream before freeing it.
This now checks that the stream is stopped before freeing.
Signed-off-by: Liam Girdwood <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
This fixes a compile error where CONFIG_PCI is disabled:
LD init/built-in.o
arch/arm/mach-integrator/built-in.o: In function `ap_map_io':
integrator_cp.c:(.init.text+0x570): undefined reference to `pci_v3_early_init'
make[1]: *** [vmlinux] Error 1
make: *** [sub-make] Error 2
Cc: [email protected]
Signed-off-by: Joerg Roedel <[email protected]>
Reviewed-by: Linus Walleij <[email protected]>
Signed-off-by: Olof Johansson <[email protected]>
|
|
From Nicolas Ferre, first fixes series for 3.12:
- removal of void IRQF_DISABLED flag in timer drivers
- two little fixes in DT for at91sam9x5 family
* tag 'at91-fixes' of git://github.com/at91linux/linux-at91:
ARM: at91: remove IRQF_DISABLED
ARM: at91: at91sam9x5: set default mmc[01] pinctrl-names
ARM: at91: serial: fix wrong pinctrl_usart2_rts
Signed-off-by: Olof Johansson <[email protected]>
|
|
Commit 'e7f3880cd9b98c5bf9391ae7acdec82b75403776'
tty: Fix recursive deadlock in tty_perform_flush()
introduced a regression where tcflush() does not generate
SIGTTOU for background process groups.
Make sure ioctl(TCFLSH) calls tty_check_change() when
invoked from the line discipline.
Cc: [email protected] # v3.10+
Reported-by: Oleg Nesterov <[email protected]>
Signed-off-by: Peter Hurley <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Update the STI driver by setting cpu_possible_mask to make EMEV2
SMP work as expected together with the ARM broadcast timer.
This breakage was introduced by:
f7db706 ARM: 7674/1: smp: Avoid dummy clockevent being preferred over real hardware clock-event
Without this fix SMP operation is broken on EMEV2 since no
broadcast timer interrupts trigger on the secondary CPU cores.
Signed-off-by: Magnus Damm <[email protected]>
Tested-by: Simon Horman <[email protected]>
Reviewed-by: Stephen Boyd <[email protected]>
Signed-off-by: Simon Horman <[email protected]>
Signed-off-by: Daniel Lezcano <[email protected]>
|
|
direction bit
Trying to read data from the Pegasus Technologies NoteTaker (0e20:0101)
[1] with the Windows App (EasyNote) works natively but fails when
Windows is running under KVM (and the USB device handed to KVM).
The reason is a USB control message
usb 4-2.2: control urb: bRequestType=22 bRequest=09 wValue=0200 wIndex=0001 wLength=0008
This goes to endpoint address 0x01 (wIndex); however, endpoint address
0x01 does not exist. There is an endpoint 0x81 though (same number,
but other direction); the app may have meant that endpoint instead.
The kernel thus rejects the IO and thus we see the failure.
Apparently, Linux is more strict here than Windows ... we can't change
the Win app easily, so that's a problem.
It seems that the Win app/driver is buggy here and the driver does not
behave fully according to the USB HID class spec that it claims to
belong to. The device seems to happily deal with that though (and
seems to not really care about this value much).
So the question is whether the Linux kernel should filter here.
Rejecting has the risk that somewhat non-compliant userspace apps/
drivers (most likely in a virtual machine) are prevented from working.
Not rejecting has the risk of confusing an overly sensitive device with
such a transfer. Given the fact that Windows does not filter it makes
this risk rather small though.
The patch makes the kernel more tolerant: If the endpoint address in
wIndex does not exist, but an endpoint with toggled direction bit does,
it will let the transfer through. (It does NOT change the message.)
With attached patch, the app in Windows in KVM works.
usb 4-2.2: check_ctrlrecip: process 13073 (qemu-kvm) requesting ep 01 but needs 81
I suspect this will mostly affect apps in virtual environments; as on
Linux the apps would have been adapted to the stricter handling of the
kernel. I have done that for mine[2].
[1] http://www.pegatech.com/
[2] https://sourceforge.net/projects/notetakerpen/
Signed-off-by: Kurt Garloff <[email protected]>
Acked-by: Alan Stern <[email protected]>
Cc: stable <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
If NO_DMA=y:
drivers/built-in.o: In function `dma_set_coherent_mask':
include/linux/dma-mapping.h:93: undefined reference to `dma_supported'
Reviewed-and-tested-by: Peter Chen <[email protected]>
Signed-off-by: Geert Uytterhoeven <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
There is a pending TD which is not freed after request finishes,
we do this due to a controller bug. This TD needs to be freed when
the driver is removed. It prints below error message when unload
chipidea driver at current code:
"ci_hdrc ci_hdrc.0: dma_pool_destroy ci_hw_td, b0001000 busy"
It indicates the buffer at dma pool are still in use.
This commit will free the pending TD at driver's removal procedure,
it can fix the problem described above.
Acked-by: Michael Grzeschik <[email protected]>
Signed-off-by: Peter Chen <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|