David Brownell [Mon, 6 Jul 2009 22:48:36 +0000 (15:48 -0700)]
i2c-davinci: behave with i2cdetect
Make i2c-davinci cope properly with "i2cdetect": don't spew
syslog spam on perfectly normal behaviors, or respond to any
address other than the one reserved for the SMBus host.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Kevin Hilman <khilman@deeprootsystems.com> Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
jbd2: fix race between write_metadata_buffer and get_write_access
ext4: Fix ext4_mb_initialize_context() to initialize all fields
ext4: fix null handler of ioctls in no journal mode
ext4: Fix buffer head reference leak in no-journal mode
ext4: Move __ext4_journalled_writepage() to avoid forward declaration
ext4: Fix mmap/truncate race when blocksize < pagesize && !nodellaoc
ext4: Fix mmap/truncate race when blocksize < pagesize && delayed allocation
ext4: Don't look at buffer_heads outside i_size.
ext4: Fix goal inum check in the inode allocator
ext4: fix no journal corruption with locale-gen
ext4: Calculate required journal credits for inserting an extent properly
ext4: Fix truncation of symlinks after failed write
jbd2: Fix a race between checkpointing code and journal_get_write_access()
ext4: Use rcu_barrier() on module unload.
ext4: naturally align struct ext4_allocation_request
ext4: mark several more functions in mballoc.c as noinline
ext4: Fix potential reclaim deadlock when truncating partial block
jbd2: Remove GFP_ATOMIC kmalloc from inside spinlock critical region
ext4: Fix type warning on 64-bit platforms in tracing events header
jbd2: fix race between write_metadata_buffer and get_write_access
The function jbd2_journal_write_metadata_buffer() calls
jbd_unlock_bh_state(bh_in) too early; this could potentially allow
another thread to call get_write_access on the buffer head, modify the
data, and dirty it, and allowing the wrong data to be written into the
journal. Fortunately, if we lose this race, the only time this will
actually cause filesystem corruption is if there is a system crash or
other unclean shutdown of the system before the next commit can take
place.
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6:
Staging: stlc45xx: convert config_interface to bss_info_changed, fixing a build error
Staging: comedi: s626: use subvendor:subdevice ids for SAA7146 board
Staging: prevent rtl8192su from crashing dev_ioctl in SIOCGIWNAME
Staging: prevent rtl8187se from crashing dev_ioctl() in SIOCGIWNAME
Staging: rtl8192su: convert to net_device_ops
Staging: serqt_usb2: declare qt_open static in serqt_usb2
Staging: serqt_usb2: fix qt_close parameters in serqt_usb2
Staging: comedi: jr3_pci.c: add required includes
Staging: meilhaus: add email address to TODO
Staging: rspiusb: use NULL virtual address instead of a bogus one
Staging: vt6655: compile fix
Staging: rt2870: Add USB ID for Sitecom WL-608
Dave Kleikamp [Mon, 13 Jul 2009 16:02:24 +0000 (11:02 -0500)]
update JFS entry in MAINTAINERS
JFS hasn't really been supported for a while. It's still maintained,
but saying it's supported is a stretch. Updating my preferred email
address as well.
Signed-off-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
ext4: Fix ext4_mb_initialize_context() to initialize all fields
Pavel Roskin pointed out that kmemcheck indicated that
ext4_mb_store_history() was accessing uninitialized values of
ac->ac_tail and ac->ac_buddy leading to garbage in the mballoc
history. Fix this by initializing the entire structure to all zeros
first.
Also, two fields were getting doubly initialized by the caller of
ext4_mb_initialize_context, so remove them for efficiency's sake.
Peng Tao [Mon, 13 Jul 2009 13:30:17 +0000 (09:30 -0400)]
ext4: fix null handler of ioctls in no journal mode
The EXT4_IOC_GROUP_ADD and EXT4_IOC_GROUP_EXTEND ioctls should not
flush the journal in no_journal mode. Otherwise, running resize2fs on
a mounted no_journal partition triggers the following error messages:
BUG: unable to handle kernel NULL pointer dereference at 00000014
IP: [<c039d282>] _spin_lock+0x8/0x19
*pde = 00000000
Oops: 0002 [#1] SMP
Signed-off-by: Peng Tao <bergwolf@gmail.com> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
ext4: Fix buffer head reference leak in no-journal mode
We found a problem with buffer head reference leaks when using an ext4
partition without a journal. In particular, calls to ext4_forget() would
not to a brelse() on the input buffer head, which will cause pages they
belong to to not be reclaimable.
Further investigation showed that all places where ext4_journal_forget() and
ext4_journal_revoke() are called are subject to the same problem. The patch
below changes __ext4_journal_forget/__ext4_journal_revoke to do an explicit
release of the buffer head when the journal handle isn't valid.
This patch (as1262) fixes a bug in usbfs: It refuses to accept
zero-length transfers, and it insists that the buffer pointer be valid
even if there is no data being transferred.
The patch also consolidates a bunch of repetitive access_ok() checks
into a single check, which incidentally fixes the lack of such a check
for Isochronous URBs.
Alan Stern [Mon, 29 Jun 2009 18:34:59 +0000 (14:34 -0400)]
USB: EHCI: report actual_length for iso transfers
This patch (as1259b) makes ehci-hcd return the total number of bytes
transferred in urb->actual_length for Isochronous transfers.
Until now, the actual_length value was unaccountably left at 0.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Acked-by: David Brownell <dbrownell@users.sourceforge.net> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alan Stern [Thu, 9 Jul 2009 16:58:43 +0000 (12:58 -0400)]
USB: option: remove unnecessary and erroneous code
This patch (as1264) removes a bunch of unnecessary and erroneous stuff
from the option USB-serial driver. Clearly there's no need to verify
that the device pointer stored in the URBs is right or to store the
same pointer over again. After all, the pointer can't change once it
has been set up.
There's also no need to call usb_clear_halt for the IN endpoint
multiple times -- in fact, doing so is an error since every time after
the first there will be active URBs queued for that endpoint. Since
the Clear-Halts don't appear to be needed at all, the patch simply
removes them.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alan Stern [Thu, 9 Jul 2009 16:59:57 +0000 (12:59 -0400)]
USB: cypress_m8: remove invalid Clear-Halt
This patch (as1265) removes an erroneous call to usb_clear_halt from
the cypress_m8 driver. The call isn't valid because it is made from
interrupt context whereas usb_clear_halt is a blocking routine.
Presumably the code has never been executed; if it did it would cause
an oops. So instead treat -EPIPE like any other sort of unexplained
error.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Sergei Shtylyov [Fri, 10 Jul 2009 17:02:44 +0000 (20:02 +0300)]
USB: musb_host: undo incorrect change in musb_advance_schedule()
Commit c9cd06b3d6ea825c62e277def929cc4315802b48 (musb_host: refactor
URB giveback) included due to my overlook the change incorrect in the
context of the current kernel -- undo it.
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Acked-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Daniel Mack [Fri, 10 Jul 2009 09:04:58 +0000 (11:04 +0200)]
USB: fix LANGID=0 regression
commit b7af0bb ("USB: allow malformed LANGID descriptors") broke support
for devices without string descriptor support.
Reporting string descriptors is optional to USB devices, and a device
lets us know it can't deal with strings by responding to the LANGID
request with a STALL token.
The kernel handled that correctly before b7af0bb came in, but failed
hard if the LANGID was reported but broken. More than that, if a device
was not able to provide string descriptors, the LANGID was retrieved
over and over again at each string read request.
This patch changes the behaviour so that
a) the LANGID is only queried once
b) devices which can't handle string requests are not asked again
c) devices with malformed LANGID values have a sane fallback to 0x0409
Signed-off-by: Daniel Mack <daniel@caiaq.de> Acked-by: Alan Stern <stern@rowland.harvard.edu> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alan Stern [Tue, 7 Jul 2009 13:50:14 +0000 (09:50 -0400)]
USB: Sierra: fix oops upon device close
This patch (as1263) fixes a mixup that occurred when conflicting
patches for the sierra driver were merged incorrectly. The former
sierra_shutdown routine should have been become sierra_release, not
sierra_disconnect.
The symptom this fixes is an oops when the device file is closed after
a Sierra device has been unplugged (Bugzilla #13675).
Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Tested-by: Peter Naulls <peter@mushroomnetworks.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Commit 32ebbe7b6ad44ae9c276419710b56de6ba705303 which filters the
SCSI REZERO command in option_ms based on a SCSI INQUIRY with a vendor
of Option breaks my Option Icon 225 (0af0:6971). This device returns a
vendor of ZCOPTION for the ZeroCD device. The following trivial patch
fixes things for me.
Signed-Off-By: Jonathan McDowell <noodles@earth.li> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Randy Dunlap [Fri, 3 Jul 2009 20:26:57 +0000 (13:26 -0700)]
USB: gadget audio: select SND_PCM
Fix USB gadget audio: select SND_PCM, like many other sound
drivers do, to fix build errors:
drivers/built-in.o: In function `f_audio_playback_work':
audio.c:(.text+0x15a3e7): undefined reference to `snd_pcm_kernel_ioctl'
audio.c:(.text+0x15a471): undefined reference to `snd_pcm_lib_write'
drivers/built-in.o: In function `_snd_pcm_hw_param_set':
audio.c:(.text+0x15aca7): undefined reference to `snd_interval_refine'
drivers/built-in.o: In function `gaudio_setup':
(.init.text+0x12adf): undefined reference to `_snd_pcm_hw_params_any'
drivers/built-in.o: In function `gaudio_setup':
(.init.text+0x12b43): undefined reference to `snd_pcm_kernel_ioctl'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Acked-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Martin Geleynse [Thu, 2 Jul 2009 17:10:35 +0000 (13:10 -0400)]
USB: ftdi: support NDI devices
It enhances the driver for FTDI-based USB serial adapters to recognize and
support Northern Digital Inc (NDI) measurement equipment. NDI has been
providing this patch for various kernel flavors for several years and we would
like to see these changes built in to the driver so that our equipement works
without the need for customers to patch the kernel themselves.
The patch makes small modifications to 2 files: ./drivers/usb/serial/ftdi_sio.c
and ./drivers/usb/serial/ftdi_sio.h. It accomplishes 3 things:
1. Define the VID and PIDs to allow the driver to recognize the NDI devices.
2. Map the 19200 baud rate setting to our higher baud rate of 1.2Mb
We would have chosen to map 38400 to the higher rate, similar to what
several other vendors have done, but some of our legacy customers actually
use 38400, therefore we remap 19200 to the higher rate.
3. We set the default transmit latency in the FTDI chip to 1ms for our devices.
Our devices are typically polled at 60Hz and the default ftdi latency
seriously affects turn-around time and results in missed data frames. We
have created a modprobe option that allows this setting to be increased.
This has proven necessary particularly in some virtualized environments.
Signed-off-by: Martin P. Geleynse <mgeleyns@ndigital.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Revert USB: usbfs: deprecate and hide option for !embedded
This reverts commit cc71329b3b89b4a5be849b617f2c4f151f0b9213, so that
Red Hat machines can boot properly. It seems that the Red Hat initrd
code tries to watch the /proc/bus/usb/devices file to monitor usb
devices showing up. While this task is prone to lots of races and does
not show the true state of the system, they seem to like it.
So for now, don't move this option under the EMBEDDED config option.
Cc: Scott James Remnant <scott@canonical.com> Cc: Kay Sievers <kay.sievers@vrfy.org> Cc: Dave Airlie <airlied@gmail.com> Cc: Peter Jones <pjones@redhat.com> Cc: Jeff Chua <jeff.chua.linux@gmail.com> Cc: Dave Jones <davej@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Randy Dunlap [Thu, 18 Jun 2009 17:39:11 +0000 (10:39 -0700)]
USB: usb.h: fix kernel-doc notation
Fix usb.h kernel-doc warnings:
Warning(include/linux/usb.h:918): Excess struct/union/enum/typedef member 'nodename' description in 'usb_device_driver'
Warning(include/linux/usb.h:939): No description found for parameter 'nodename'
Warning(include/linux/usb.h:1219): No description found for parameter 'sg'
Warning(include/linux/usb.h:1219): No description found for parameter 'num_sgs'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Brownell [Fri, 19 Jun 2009 10:09:04 +0000 (03:09 -0700)]
USB: RNDIS gadget, fix issues talking from PXA
The reworked Ethernet gadget has an RNDIS interop problem when used
with the CDC subset driver ... e.g. on PXA 2xx and 3xx hardware,
which currently has a hard time talking to MS-Windows hosts.
The issue is that Microsoft requires USB_CLASS_COMM. Fix by tweaking
the CDC subset driver to not switch to USB_CLASS_VENDOR_SPEC if RNDIS
is used in some other device configuration.
[ UPDATED: some "statements" were comma-terminated; fix that. ]
USB: serial: FTDI with product code FB80 and vendor id 0403
It seems an USB device with vendor id 0403 and product code FB80 has an
FTDI serial io chip as well: http://ftdichip.com/Drivers/D2XX.htm
This device in fact is a true random generantor by comsci:
http://comscire.com/Products/R2000KU/
So the following patch should add support for this device if I am
correct. Not tested as I do not own this device (I would like support in
the kernel so that my entropybroker application (which distributes
entrop data (random values) between servers and clients)).
From: Folkert van Heusden <folkert@vanheusden.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Jason Wessel [Mon, 22 Jun 2009 16:32:20 +0000 (11:32 -0500)]
USB: console: Fix regression in usb console on kernel boot
The commit 335f8514f200e63d689113d29cb7253a5c282967 introduced a
regression which stopped usb consoles from working correctly as a
kernel boot console as well as interactive login device.
The addition of the serial_close() which in turn calls
tty_port_close_start() will change the reference count of port.count
and warn about it. The usb console code had previously incremented
the port.count to indicate it was making use of the device as a
console and the forced change causes a double open on the usb device
which leads to a non obvious kernel oops later on when the tty is
freed.
To fix the problem instead make use of port->console to track if the
port is in fact an active console port to avoid double initialization
of the usb serial device. The port.count is incremented and
decremented only with in the scope of usb_console_setup() for the
purpose of the low level driver initialization.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Acked-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alan Stern [Mon, 29 Jun 2009 21:36:14 +0000 (17:36 -0400)]
USB: EHCI: check for STALL before other errors
This patch (as1257) revises the way ehci-hcd detects STALLs. The
logic is a little peculiar because there's no hardware status bit
specifically meant to indicate a STALL. You just have to guess that a
STALL was received if the BABBLE bit (which is fatal) isn't set and
the transfer stopped before all its retries were used up.
The existing code doesn't do this properly, because it tests for MMF
(Missed MicroFrame) and DBE (Data Buffer Error) before testing the
retry counter. Thus, if a transaction gets either MMF or DBE the
corresponding flag is set and the transaction is retried. If the
second attempt receives a STALL then -EPIPE is the correct return
value. But the existing code would see the MMF or DBE flag instead
and return -EPROTO, -ENOSR, or -ECOMM.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Acked-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Alan Stern [Mon, 29 Jun 2009 14:47:30 +0000 (10:47 -0400)]
USB: EHCI: use the new clear_tt_buffer interface
This patch (as1256) changes ehci-hcd and all the other drivers in the
EHCI family to make use of the new clear_tt_buffer callbacks. When a
Clear-TT-Buffer request is in progress for a QH, the QH is not allowed
to be linked into the async schedule until the request is finished.
At that time, if there are any URBs queued for the QH, it is linked
into the async schedule.
Alan Stern [Mon, 29 Jun 2009 14:43:32 +0000 (10:43 -0400)]
USB: fix the clear_tt_buffer interface
This patch (as1255) updates the interface for calling
usb_hub_clear_tt_buffer(). Even the name of the function is changed!
When an async URB (i.e., Control or Bulk) going through a high-speed
hub to a non-high-speed device is cancelled or fails, the hub's
Transaction Translator buffer may be left busy still trying to
complete the transaction. The buffer has to be cleared; that's what
usb_hub_clear_tt_buffer() does.
It isn't safe to send any more URBs to the same endpoint until the TT
buffer is fully clear. Therefore the HCD needs to be told when the
Clear-TT-Buffer request has finished. This patch adds a callback
method to struct hc_driver for that purpose, and makes the hub driver
invoke the callback at the proper time.
The patch also changes a couple of names; "hub_tt_kevent" and
"tt.kevent" now look rather antiquated.
This patch introduces a work around for cdc-acm devices which are
low speed contrary to the specification, which requires bulk endpoints
which are banned in low speed and converted by usbcore to virtual
interrupt endpoints if they are used nevertheless.
David Brownell [Wed, 1 Jul 2009 10:36:16 +0000 (03:36 -0700)]
USB: musb: silence "suspend as a_wait_vrise is_active" msgs
Get rid of some obnoxious and inappropriate messaging, mostly on
DaVinci, when usbcore tries to autosuspend a root hub if just a
mini/micro-A connector is connected. Symptom: endless stream of
messages reading like:
musb_bus_suspend 2221: trying to suspend as a_wait_vrise is_active=1
Improve that musb bus suspend primitive a bit. Take advantage of
this call to update the OTG state machine if appropriate, moving
the device out of the A_WAIT_VRISE state. There's basically no
timer for that state transition just now, except with tusb6010;
that can make trouble.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
David Brownell [Wed, 1 Jul 2009 10:43:58 +0000 (03:43 -0700)]
USB: gadget: pxa25x compiler warning fix
Fix config-dependent compiler warning:
CC drivers/usb/gadget/pxa25x_udc.o
drivers/usb/gadget/pxa25x_udc.c: In function 'pxa25x_udc_irq':
drivers/usb/gadget/pxa25x_udc.c:1806: warning: array subscript is above array bounds
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Kevin Hilman [Wed, 1 Jul 2009 10:33:46 +0000 (03:33 -0700)]
USB: musb: davinci dm6446evm GPIO renumbering
Numbering for GPIOs on the pcf857x chips on the dm644x EVM board
changed when DaVinci chips with more GPIOs were supported. Update
the GPIO number used for nVBUS_DRV.
Longer term, we need a better abstraction of board-specific setup in
this code so we're not hard-coding board specific GPIOs into the
driver, but for now this at least gets it back to working with
mainline davinci core code.
Signed-off-by: Kevin Hilman <khilman@deeprootsystems.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[ dbrownell@users.sourceforge.net: remove OID_802_3_MAXIMUM_LIST_SIZE
setting ... it was bogus, this code only handles one entry, not 32.
And we don't know what would break if we lied about that... ]
Signed-off-by: Helen Chen <helen.chen@intel.com> Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Arnd Bergmann [Fri, 19 Jun 2009 12:35:34 +0000 (05:35 -0700)]
USB: buildfix ppc randconfig
We could just make the USB_OHCI_HCD_PPC_OF option implicit
and selected only if at least one of USB_OHCI_HCD_PPC_OF_BE
and USB_OHCI_HCD_PPC_OF_LE are set.
[ dbrownell@users.sourceforge.net: fix patch manglation and dependencies ]
commit 1a1fab513734b3a4fca1bee8229e5ff7e1cb873c accidentally added the
device id to both tables in the driver, which causes problems as this is
only a single port device, not a multiple port device.
Alan Stern [Thu, 11 Jun 2009 18:56:22 +0000 (14:56 -0400)]
USB: EHCI: update toggle state for linked QHs
This is an update to the "usb-ehci-update-toggle-state-for-linked-qhs"
patch. Since an HCD's endpoint_reset method can be called in
interrupt context, it mustn't assume that interrupts are enabled or
that it can sleep.
So we revert to the original way of refreshing QHs' toggle bits. Now
the endpoint_reset method merely clears the toggle flag in the device
structure (as was done before) and starts an async QH unlink. When the
QH is linked again, after the unlink finishes and an URB is queued,
the qh_refresh() routine will update the QH's toggle bit.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Tested-by: David <david@unsolicited.net> CC: David Brownell <david-b@pacbell.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
USB: pl2303: New vendor and product id for the prolific driver
I recently bought a PC interface for the Cressi Edy dive computer
(www.cressi.it) and discovered that it uses the pl2303 chip, albeit
with ad-hoc vendor and product ids (04b8, 0521 respectively). Being in
the process of writing a linux software for such device (cressi only
provides a windows software), I patched the pl2303 linux driver to
have the interface recognized. I am submitting you the patch (very
basic) for inclusion in next kernel version.
Staging: comedi: s626: use subvendor:subdevice ids for SAA7146 board
The current s626 comedi driver in staging conflicts with philips SAA7146
media/dvb based cards, because it claims the same vendor:device pci id
for all subdevice/subvendor ids. What happens is that for people that have a
philips SAA7146 media/dvb based card, s626 if available gets loaded by udev
and makes system freeze (https://qa.mandriva.com/show_bug.cgi?id=51445).
The s626 driver shouldn't claim all 1131:7146 devices. Fix this by
specifying specific known subvendor:subdevice ids in its pci id table
list.
Also s626_attach is modified to use now pci_get_subsys instead of
pci_get_device as reported by Ian Abbott, and now we loop over pci id
table entries in case more ids are added in the future.
Reference: http://lkml.org/lkml/2009/6/16/552
Signed-off-by: Herton Ronaldo Krzesinski <herton@mandriva.com.br> Signed-off-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Dan Aloni [Wed, 24 Jun 2009 19:34:39 +0000 (22:34 +0300)]
Staging: prevent rtl8192su from crashing dev_ioctl in SIOCGIWNAME
(adapted from the rtl8187se patch)
ieee80211_wx_get_name() ignores sizeof(wrqu->name) which is IFNAMSIZ (16), and
on certain conditions, the concatenated string will be larger than IFNAMSIZ
including the terminating zero.
Dan Aloni [Sat, 20 Jun 2009 13:32:22 +0000 (16:32 +0300)]
Staging: prevent rtl8187se from crashing dev_ioctl() in SIOCGIWNAME
I repeatedly get __stack_chk_fail panic()s with this driver before
applying the attached fix.
ieee80211_wx_get_name() ignores sizeof(wrqu->name) which is IFNAMSIZ (16), and
on certain conditions, the concatenated string will be larger than IFNAMSIZ
including the terminating zero.
Loosely based on Alexander's patch for rtl8187se, untested.
Cc: Alexander Beregalov <a.beregalov@gmail.com> Cc: David S. Miller <davem@davemloft.net> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Fix this build errors:
jr3_pci.c:739: error: 'jiffies' undeclared
jr3_pci.c:748: error: implicit declaration of function 'msecs_to_jiffies'
jr3_pci.c:763: error: implicit declaration of function 'add_timer'
jr3_pci.c:790: error: implicit declaration of function 'init_timer'
jr3_pci.c:951: error: implicit declaration of function 'del_timer_sync'
Signed-off-by: Alexander Beregalov <a.beregalov@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
You cannot take a DMA address, cast it to a _pointer to_ a DMA address,
and then regard it as a virtual address of the transfer buffer.
However, finding the right virtual address was too hard for me,
so I just stubbed it with NULL. At least usbmon won't oops then
(it will not show any data but it's better than crashing).
Also, too big a buffer was allocated elsewhere.
And since we're at it, drop clearly unnecessary usb_buffer_alloc too,
leaving it where it may be useful.
Signed-off-by: Pete Zaitcev <zaitcev@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
dev_set/get_drvdata() should be used instead, as driver_data is going
away.
Cc: Imre Deak <imre.deak@nokia.com> Cc: Russell King <rmk+kernel@arm.linux.org.uk> Cc: Andrew Morton <akpm@linux-foundation.org> Acked-by: Trilok Soni <soni.trilok@gmail.com> Cc: Tony Lindgren <tony@atomide.com> Cc: Felipe Contreras <felipe.contreras@nokia.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Heiko Carstens [Thu, 11 Jun 2009 13:14:40 +0000 (15:14 +0200)]
partitions: fix broken uevent_suppress conversion
git commit f67f129e "Driver core: implement uevent suppress in kobject"
contains this chunk for fs/partitions/check.c:
/* suppress uevent if the disk supresses it */
- if (!ddev->uevent_suppress)
+ if (!dev_get_uevent_suppress(pdev))
kobject_uevent(&pdev->kobj, KOBJ_ADD);
However that should have been
- if (!ddev->uevent_suppress)
+ if (!dev_get_uevent_suppress(ddev))
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Acked-by: Ming Lei <tom.leiming@gmail.com> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
devres: WARN() and return, don't crash on device_del() of uninitialized device
I just debugged an obscure crash caused by a device_del() of a all NULL'd
out struct device (in usb-serial) and found that a patch like this one would
have saved me time (in addition to improved chances of a bug report from
users hitting similar driver bugs).
[akpm@linux-foundation.org: cleanup] Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Kay Sievers <kay.sievers@vrfy.org> Cc: Tejun Heo <tj@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Merge branch 'kmemleak' of git://linux-arm.org/linux-2.6
* 'kmemleak' of git://linux-arm.org/linux-2.6:
kmemleak: Remove alloc_bootmem annotations introduced in the past
kmemleak: Add callbacks to the bootmem allocator
kmemleak: Allow partial freeing of memory blocks
kmemleak: Trace the kmalloc_large* functions in slub
kmemleak: Scan objects allocated during a scanning episode
kmemleak: Do not acquire scan_mutex in kmemleak_open()
kmemleak: Remove the reported leaks number limitation
kmemleak: Add more cond_resched() calls in the scanning thread
kmemleak: Renice the scanning thread to +10
fs/afs/dir.c: In function 'afs_d_revalidate':
fs/afs/dir.c:567: warning: 'fid.vnode' may be used uninitialized in this function
fs/afs/dir.c:567: warning: 'fid.unique' may be used uninitialized in this function
by marking the 'fid' variable as an uninitialized_var. The problem is
that gcc doesn't always manage to work out that fid is always set on the
path through the function that uses it.
* Remove smp_lock.h from files which don't need it (including some headers!)
* Add smp_lock.h to files which do need it
* Make smp_lock.h include conditional in hardirq.h
It's needed only for one kernel_locked() usage which is under CONFIG_PREEMPT
This will make hardirq.h inclusion cheaper for every PREEMPT=n config
(which includes allmodconfig/allyesconfig, BTW)
Julien Tinnes [Fri, 26 Jun 2009 18:27:40 +0000 (20:27 +0200)]
personality: fix PER_CLEAR_ON_SETID
We have found that the current PER_CLEAR_ON_SETID mask on Linux doesn't
include neither ADDR_COMPAT_LAYOUT, nor MMAP_PAGE_ZERO.
The current mask is READ_IMPLIES_EXEC|ADDR_NO_RANDOMIZE.
We believe it is important to add MMAP_PAGE_ZERO, because by using this
personality it is possible to have the first page mapped inside a
process running as setuid root. This could be used in those scenarios:
- Exploiting a NULL pointer dereference issue in a setuid root binary
- Bypassing the mmap_min_addr restrictions of the Linux kernel: by
running a setuid binary that would drop privileges before giving us
control back (for instance by loading a user-supplied library), we
could get the first page mapped in a process we control. By further
using mremap and mprotect on this mapping, we can then completely
bypass the mmap_min_addr restrictions.
Less importantly, we believe ADDR_COMPAT_LAYOUT should also be added
since on x86 32bits it will in practice disable most of the address
space layout randomization (only the stack will remain randomized).
Signed-off-by: Julien Tinnes <jt@cr0.org> Signed-off-by: Tavis Ormandy <taviso@sdf.lonestar.org> Cc: stable@kernel.org Acked-by: Christoph Hellwig <hch@infradead.org> Acked-by: Kees Cook <kees@ubuntu.com> Acked-by: Eugene Teo <eugene@redhat.com>
[ Shortened lines and fixed whitespace as per Christophs' suggestion ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Don't use '-fwrapv' compiler option: it's buggy in gcc-4.1.x
This causes kernel images that don't run init to completion with certain
broken gcc versions.
This fixes kernel bugzilla entry:
http://bugzilla.kernel.org/show_bug.cgi?id=13012
I suspect the gcc problem is this:
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28230
Fix the problem by using the -fno-strict-overflow flag instead, which
not only does not exist in the known-to-be-broken versions of gcc (it
was introduced later than fwrapv), but seems to be much less disturbing
to gcc too: the difference in the generated code by -fno-strict-overflow
are smaller (compared to using neither flag) than when using -fwrapv.
Reported-by: Barry K. Nathan <barryn@pobox.com> Pushed-by: Frans Pop <elendil@planet.nl> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
hwmon: (abituguru3) DMI probing for AB9, AB9 QuadQT and IX38 QuadGT
Switch the AB9, AB9 QuadQT and IX38 QuadGT over from port
probing to the preferred DMI probe method.
Signed-off-by: Alistair John Strachan <alistair@devzero.co.uk> Tested-by: dan <dan@deeog.com> Tested-by: Nygel Lyndley <nygel.lyndley@gmail.com> Tested-by: Dmitriy Fedchenko <dmitriy-fedc@yandex.ru> Acked-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Jean Delvare <khali@linux-fr.org>
commit 5404ac8e4418ab3d254950ee4f9bcafc1da20b4a ("isofs: cleanup mount
option processing") missed conversion of joliet option flag resulting
in non-working Joliet support.
CC: walt <w41ter@gmail.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Alan Cox [Thu, 9 Jul 2009 12:36:22 +0000 (13:36 +0100)]
tty: Fix USB kref leak
The sysrq code acquired a kref leak. Fix it by passing the tty separately
from the caller (thus effectively using the callers kref which all the
callers hold anyway)
Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>