- 21 Mar, 2013 23 commits
-
-
Johan Hovold authored
Use the port wait queue and make sure to check the serial disconnected flag before accessing private port data after waking up. This is is needed as the private port data (including the wait queue itself) can be gone when waking up after a disconnect. Cc: stable <stable@vger.kernel.org> Signed-off-by:
Johan Hovold <jhovold@gmail.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Johan Hovold authored
Use the port wait queue and make sure to check the serial disconnected flag before accessing private port data after waking up. This is is needed as the private port data (including the wait queue itself) can be gone when waking up after a disconnect. Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Johan Hovold authored
Use the port wait queue and make sure to check the serial disconnected flag before accessing private port data after waking up. This is is needed as the private port data (including the wait queue itself) can be gone when waking up after a disconnect. Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Johan Hovold authored
Use the port wait queue and make sure to check the serial disconnected flag before accessing private port data after waking up. This is is needed as the private port data (including the wait queue itself) can be gone when waking up after a disconnect. Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Johan Hovold authored
Use the port wait queue and make sure to check the serial disconnected flag before accessing private port data after waking up. This is is needed as the private port data (including the wait queue itself) can be gone when waking up after a disconnect. Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Johan Hovold authored
Use the port wait queue and make sure to check the serial disconnected flag before accessing private port data after waking up. This is is needed as the private port data (including the wait queue itself) can be gone when waking up after a disconnect. Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Johan Hovold authored
Make sure waiting processes are woken on modem-status changes. Currently processes are only woken on termios changes regardless of whether the modem status has changed. Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Johan Hovold authored
Use the port wait queue and make sure to check the serial disconnected flag before accessing private port data after waking up. This is is needed as the private port data (including the wait queue itself) can be gone when waking up after a disconnect. Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Johan Hovold authored
Use the port wait queue and make sure to check the serial disconnected flag before accessing private port data after waking up. This is is needed as the private port data (including the wait queue itself) can be gone when waking up after a disconnect. Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Johan Hovold authored
Use the port wait queue and make sure to check the serial disconnected flag before accessing private port data after waking up. This is is needed as the private port data (including the wait queue itself) can be gone when waking up after a disconnect. Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Johan Hovold authored
Use the port wait queue and make sure to check the serial disconnected flag before accessing private port data after waking up. This is is needed as the private port data (including the wait queue itself) can be gone when waking up after a disconnect. When switching to tty ports, some lifetime assumptions were changed. Specifically, close can now be called before the final tty reference is dropped as part of hangup at device disconnect. Even with the ftdi private-data refcounting this means that the port private data can be freed while a process is sleeping on modem-status changes and thus cannot be relied on to detect disconnects when woken up. Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Johan Hovold authored
Use the port wait queue and make sure to check the serial disconnected flag before accessing private port data after waking up. This is is needed as the private port data (including the wait queue itself) can be gone when waking up after a disconnect. Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Johan Hovold authored
Use the port wait queue and make sure to check the serial disconnected flag before accessing private port data after waking up. This is is needed as the private port data (including the wait queue itself) can be gone when waking up after a disconnect. Also remove bogus test for private data pointer being NULL as it is never assigned in the loop. Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Johan Hovold authored
Use the port wait queue and make sure to check the serial disconnected flag before accessing private port data after waking up. This is is needed as the private port data (including the wait queue itself) can be gone when waking up after a disconnect. Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Johan Hovold authored
Use the port wait queue and make sure to check the serial disconnected flag before accessing private port data after waking up. This is is needed as the private port data (including the wait queue itself) can be gone when waking up after a disconnect. Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Johan Hovold authored
Add modem-status-change wait queue to struct usb_serial_port that subdrivers can use to implement TIOCMIWAIT. Currently subdrivers use a private wait queue which may have been released when waking up after device disconnected. Note that we're adding a new wait queue rather than reusing the tty-port one as we do not want to get woken up at hangup (yet). Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Johan Hovold authored
Make sure the interface is not released before our serial device. Note that drivers are still not allowed to access the interface in any way that may interfere with another driver that may have gotten bound to the same interface after disconnect returns. Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Johan Hovold authored
Add missing get_icount field to two-port driver. The two-port driver was not updated when switching to the new icount interface in commit 0bca1b91 ("tty: Convert the USB drivers to the new icount interface"). Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Johan Hovold authored
Remove bogus disconnect test introduced by 95bef012 ("USB: more serial drivers writing after disconnect") which prevented queued data from being freed on disconnect. The possible IO it was supposed to prevent is long gone. Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Johan Hovold authored
Unregister tty device in disconnect as is required by the USB stack. By deferring unregistration to when the last tty reference is dropped, the parent interface device can get unregistered before the child resulting in broken hotplug events being generated when the tty is finally closed: KERNEL[2290.798128] remove /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:3.1 (usb) KERNEL[2290.804589] remove /devices/pci0000:00/0000:00:1d.7/usb2/2-1 (usb) KERNEL[2294.554799] remove /2-1:3.1/tty/ttyACM0 (tty) The driver must deal with tty callbacks after disconnect by checking the disconnected flag. Specifically, further opens must be prevented and this is already implemented. Cc: stable <stable@vger.kernel.org> Cc: Oliver Neukum <oneukum@suse.de> Acked-by:
Oliver Neukum <oneukum@suse.de> Signed-off-by:
-
Alexey Khoroshilov authored
acm_probe() ignores errors in tty_port_register_device() and leaves intfdata pointing to freed memory on alloc_fail7 error path. The patch fixes the both issues. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by:
Alexey Khoroshilov <khoroshilov@ispras.ru> Acked-by:
Oliver Neukum <oliver@neukum.org> Signed-off-by:
-
Greg Kroah-Hartman authored
Merge tag 'fixes-for-v3.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus Felipe writes: usb: fixes for v3.9-rc4 udc-core learned that it shouldn't use invalid pointers when unloading a gadget driver. net2272 and net2280 got a fix for a regression caused by the udc_start/udc_stop conversion. We're defining a static inline no-op for otg_ulpi_create() to prevent build errors when that driver isn't enabled. FunctionFS got a fix for an off-by-one error when binding and unbinding instances of FunctionFS. MUSB learned that it shouldn't try to unmap buffers which weren't previously mapped. f_rndis got a fix for a possible NULL pointer dereference in a debugging message code. MUSB's DA8xx glue layer got a build fix due to a typo.
-
Paul Bolle authored
The Kconfig symbol USB_GADGET_NET2272_DMA was renamed to USB_NET2272_DMA in commit 193ab2a6 ("usb: gadget: allow multiple gadgets to be built"). That commit did not convert the only occurrence of the corresponding Kconfig macro. Convert that macro now. Signed-off-by:
Paul Bolle <pebolle@tiscali.nl> Signed-off-by:
Felipe Balbi <balbi@ti.com>
-
- 20 Mar, 2013 7 commits
-
-
Alan Stern authored
This patch (as1670) fixes a regression caused by commit 6402c796 (USB: EHCI: work around silicon bug in Intel's EHCI controllers). The workaround goes through two IAA cycles for each QH being unlinked. During the first cycle, the QH is not added to the async_iaa list (because it isn't fully gone from the hardware yet), which means that list will be empty. Unfortunately, I forgot to update the IAA watchdog timer routine. It thinks that an empty async_iaa list means the timer expiration was an error, which isn't true any more. This problem didn't show up during initial testing because the controllers being tested all had working IAA interrupts. But not all controllers do, and when the watchdog timer expires, the empty-list check prevents the second IAA cycle from starting. As a result, URB unlinks never complete. The check needs to be removed. Among the symptoms of the regression are processes stuck in D wait states and hangs during system shutdown. Signed-off-by:
Alan Stern <stern@rowland.harvard.edu> Reported-and-tested-by:
Stephen Warren <swarren@wwwdotorg.org> Reported-and-tested-by:
Sven Joachim <svenjoac@gmx.de> Reported-by:
Andreas Bombe <aeb@debian.org> Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Truls Bengtsson authored
The udc_irq service runs the isr_tr_complete_handler which in turn "nukes" the endpoints, including a call to rndis_response_complete, if appropriate. If the rndis_msg_parser fails here, an error will be printed using a dev_err call (through the ERROR() macro). However, if the usb cable was just disconnected the device (cdev) might not be available and will be null. Since the dev_err macro will dereference the cdev pointer we get a null pointer exception. Reviewed-by:
Radovan Lekanovic <radovan.lekanovic@sonymobile.com> Signed-off-by:
Truls Bengtsson <truls.bengtsson@sonymobile.com> Signed-off-by:
Oskar Andero <oskar.andero@sonymobile.com> Acked-by:
Michal Nazarewicz <mina86@mina86.com> Signed-off-by:
-
Fabio Estevam authored
Building a kernel for imx_v4_v5_defconfig with CONFIG_USB_ULPI disabled, results in the following error: arch/arm/mach-imx/built-in.o: In function 'pca100_init': platform-mx2-emma.c:(.init.text+0x6788): undefined reference to 'otg_ulpi_create' platform-mx2-emma.c:(.init.text+0x682c): undefined reference to 'mxc_ulpi_access_ops' Fix this by providing a no-op definition of *otg_ulpi_create for the case when CONFIG_USB_ULPI is not defined. Acked-by:
Igor Grinberg <grinberg@compulab.co.il> Signed-off-by:
Fabio Estevam <fabio.estevam@freescale.com> Signed-off-by:
-
Andrzej Pietrasiewicz authored
This patch fixes an "off-by-one" bug found in 581791f5 (FunctionFS: enable multiple functions). During gfs_bind/gfs_unbind the functionfs_bind/functionfs_unbind should be called for every functionfs instance. With the "i" pre-decremented they were not called for the zeroth instance. Acked-by:
Andrzej Pietrasiewicz <andrzej.p@samsung.com> Signed-off-by:
Kyungmin Park <kyungmin.park@samsung.com> Cc: <stable@vger.kernel.org> [ balbi@ti.com : added offending commit's subject ] Signed-off-by:
-
Alan Stern authored
This patch (as1667) removes an incorrect driver->unbind() call from the net2280 driver. If startup fails, the UDC core takes care of unbinding the gadget driver automatically; the controller driver shouldn't do it too. Signed-off-by:
-
Alan Stern authored
This patch (as1666) fixes a regression in the UDC core. The core takes care of unbinding gadget drivers, and it does the unbinding before telling the UDC driver to turn off the controller hardware. When the call to the udc_stop callback is made, the gadget no longer has a driver. The callback routine should not be invoked with a pointer to the old driver; doing so can cause problems (such as use-after-free accesses in net2280). This patch should be applied, with appropriate context changes, to all the stable kernels going back to 3.1. Signed-off-by:
-
Felipe Balbi authored
with the latest udc_start/udc_stop conversion, too much code was deleted which ended up creating a regression in net2272 and net2280 drivers. To fix the regression we revert one hunk of the original commits. Signed-off-by:
-
- 18 Mar, 2013 3 commits
-
-
Greg Kroah-Hartman authored
Merge tag 'for-usb-linus-2013-03-18' of git://git.kernel.org/pub/scm/linux/kernel/git/sarah/xhci into usb-linus Sarah writes: xHCI bug fix for 3.9 Hi Greg, Here's one xHCI bug fix. We had two register bits flipped. Sarah Sharp
-
Dmitry Torokhov authored
According to XHCI specification (5.5.2.1) the IP is bit 0 and IE is bit 1 of IMAN register. Previously their definitions were reversed. Even though there are no ill effects being observed from the swapped definitions (because IMAN_IP is RW1C and in legacy PCI case we come in with it already set to 1 so it was clearing itself even though we were setting IMAN_IE instead of IMAN_IP), we should still correct the values. This patch should be backported to kernels as old as 2.6.36, that contain the commit 4e833c0b "xhci: don't re-enable IE constantly". Signed-off-by:
Dmitry Torokhov <dtor@vmware.com> Signed-off-by:
Sarah Sharp <sarah.a.sharp@linux.intel.com> Cc: stable@vger.kernel.org
-
Kishon Vijay Abraham I authored
musb does not use DMA buffer for ep0 but it uses the same giveback function *musb_g_giveback* for all endpoints (*musb_g_ep0_giveback* calls *musb_g_giveback*). So for ep0 case request.dma will be '0' and will result in kernel OOPS if tried to *unmap_dma_buffer* for requests in ep0. Fixed it by doing *unmap_dma_buffer* only for valid DMA addr and checking that musb_ep->dma is valid when unmapping. Signed-off-by:
Kishon Vijay Abraham I <kishon@ti.com> Signed-off-by:
-
- 15 Mar, 2013 5 commits
-
-
Alan Stern authored
This patch (as1663) fixes a regression caused by commit 6e0c3339 (USB: EHCI: unlink one async QH at a time). In order to avoid keeping multiple QHs in an unusable intermediate state, that commit changed unlink_empty_async() so that it unlinks only one empty QH at a time. However, when the EHCI root hub is suspended, _all_ async QHs need to be unlinked. ehci_bus_suspend() used to do this by calling unlink_empty_async(), but now this only unlinks one of the QHs, not all of them. The symptom is that when the root hub is resumed, USB communications don't work for some period of time. This is because ehci-hcd doesn't realize it needs to restart the async schedule; it assumes that because some QHs are already on the schedule, the schedule must be running. The easiest way to fix the problem is add a new function that unlinks all the async QHs when the root hub is suspended. This patch should be applied to all kernels that have the 6e0c3339 commit. Signed-off-by:
Adrian Bassett <adrian.bassett@hotmail.co.uk> Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Dmitry Artamonow authored
Device stucks on filesystem writes, unless following quirk is passed: echo 04e8:5136:m > /sys/module/usb_storage/parameters/quirks Add corresponding entry to unusual_devs.h Signed-off-by:
Dmitry Artamonow <mad_soft@inbox.ru> Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Hannes Reinecke authored
xhci has its own interrupt enabling routine, which will try to use MSI-X/MSI if present. So the usb core shouldn't try to enable legacy interrupts; on some machines the xhci legacy IRQ setting is invalid. v3: Be careful to not break XHCI_BROKEN_MSI workaround (by trenn) Cc: Bjorn Helgaas <bhelgaas@google.com> Cc: Oliver Neukum <oneukum@suse.de> Cc: Thomas Renninger <trenn@suse.de> Cc: Yinghai Lu <yinghai@kernel.org> Cc: Frederik Himpe <fhimpe@vub.ac.be> Cc: David Haerdeman <david@hardeman.nu> Cc: Alan Stern <stern@rowland.harvard.edu> Acked-by:
Thomas Renninger <trenn@suse.de> Signed-off-by:
Hannes Reinecke <hare@suse.de> Cc: stable <stable@vger.kernel.org> Signed-off-by:
-
Stephane Eranian authored
This patch fixes a kernel crash when using precise sampling (PEBS) after a suspend/resume. Turns out the CPU notifier code is not invoked on CPU0 (BP). Therefore, the DS_AREA (used by PEBS) is not restored properly by the kernel and keeps it power-on/resume value of 0 causing any PEBS measurement to crash when running on CPU0. The workaround is to add a hook in the actual resume code to restore the DS Area MSR value. It is invoked for all CPUS. So for all but CPU0, the DS_AREA will be restored twice but this is harmless. Reported-by:
Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:
Stephane Eranian <eranian@google.com> Signed-off-by:
-
Michel Lespinasse authored
The vm_flags introduced in 6d7825b1 ("mm/fremap.c: fix oops on error path") is supposed to avoid a compiler warning about unitialized vm_flags without changing the generated code. However I am concerned that this is going to be very brittle, and fail with some compiler versions. The failure could be either of: - compiler could actually load vma->vm_flags before checking for the !vma condition, thus reintroducing the oops - compiler could optimize out the !vma check, since the pointer just got dereferenced shortly before (so the compiler knows it can't be NULL!) I propose reversing this part of the change and initializing vm_flags to 0 just to avoid the bogus uninitialized use warning. Signed-off-by:
Michel Lespinasse <walken@google.com> Cc: Tommi Rantala <tt.rantala@gmail.com> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
-
- 14 Mar, 2013 2 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcuLinus Torvalds authored
Pull fix for hlist_entry_safe() regression from Paul McKenney: "This contains a single commit that fixes a regression in hlist_entry_safe(). This macro references its argument twice, which can cause NULL-pointer errors. This commit applies a gcc statement expression, creating a temporary variable to avoid the double reference. This has been posted to LKML at https://lkml.org/lkml/2013/3/9/75. Kudos to CAI Qian, whose testing uncovered this, to Eric Dumazet, who spotted root cause, and to Li Zefan, who tested this commit." * 'rcu/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu: list: Fix double fetch of pointer in hlist_entry_safe() -
Paul E. McKenney authored
The current version of hlist_entry_safe() fetches the pointer twice, once to test for NULL and the other to compute the offset back to the enclosing structure. This is OK for normal lock-based use because in that case, the pointer cannot change. However, when the pointer is protected by RCU (as in "rcu_dereference(p)"), then the pointer can change at any time. This use case can result in the following sequence of events: 1. CPU 0 invokes hlist_entry_safe(), fetches the RCU-protected pointer as sees that it is non-NULL. 2. CPU 1 invokes hlist_del_rcu(), deleting the entry that CPU 0 just fetched a pointer to. Because this is the last entry in the list, the pointer fetched by CPU 0 is now NULL. 3. CPU 0 refetches the pointer, obtains NULL, and then gets a NULL-pointer crash. This commit therefore applies gcc's "({ })" statement expression to create a temporary variable so that the specified pointer is fetched only once, avoiding the above sequence of events. Please note that it is the caller's responsibility to use rcu_dereference() as needed. This allows RCU-protected uses to work correctly without imposing any additional overhead on the non-RCU case. Many thanks to Eric Dumazet for spotting root cause! Reported-by:CAI Qian <caiqian@redhat.com> Reported-by:
Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by:
Paul E. McKenney <paulmck@linux.vnet.ibm.com> Tested-by:
Li Zefan <lizefan@huawei.com>
-
