1. 24 Sep, 2010 12 commits
    • Ming Lei's avatar
      usb: musb: gadget: fix dma length in txstate · 66af83dd
      Ming Lei authored
      DMA length should not go beyond the availabe space
      of request buffer, so fix it.
      
      Also set max_len of cppi dma channel as max size of
      int type, so make musb dma handling happier.
      Signed-off-by: default avatarMing Lei <tom.leiming@gmail.com>
      Cc: David Brownell <dbrownell@users.sourceforge.net>
      Cc: Anand Gadiyar <gadiyar@ti.com>
      Cc: Mike Frysinger <vapier@gentoo.org>
      Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      66af83dd
    • Ming Lei's avatar
      usb: musb: gadget: complete request only if data is transfered over · bb27bc2c
      Ming Lei authored
      Complete the current request only if the data transfer is over.
      Signed-off-by: default avatarMing Lei <tom.leiming@gmail.com>
      Cc: David Brownell <dbrownell@users.sourceforge.net>
      Cc: Anand Gadiyar <gadiyar@ti.com>
      Cc: Mike Frysinger <vapier@gentoo.org>
      Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      bb27bc2c
    • Ming Lei's avatar
      usb: musb: gadget: fix DMA length for OUT transfer · 1018b4e4
      Ming Lei authored
      DMA length should not go beyond the availabe space of request buffer,
      so fix it.
      Signed-off-by: default avatarMing Lei <tom.leiming@gmail.com>
      Acked-by: default avatarAnand Gadiyar <gadiyar@ti.com>
      Cc: David Brownell <dbrownell@users.sourceforge.net>
      Cc: Anand Gadiyar <gadiyar@ti.com>
      Cc: Mike Frysinger <vapier@gentoo.org>
      Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      1018b4e4
    • Ming Lei's avatar
      usb: musb: gadget: enable autoclear for OUT transfer in both DMA 0 and DMA 1 · 490e5fbe
      Ming Lei authored
      This patch fixes one bugs of OUT transfer in double buffer case:
      
      	-the current code only enable autoclear for dma mode 1, and not
      	for dma mode 0
      
      Without this patch, test #5 of usbtest can't be passed if we
      configure musb as g_zero and use fifo mode 3 to enable double
      buffer mode.
      
      With this patch and the following patch(fix dma length),
      on my beagle B5, test#5(queued bulk out) may go beyond
      18Mbyte/s(seems dma mode 0 is quicker in double buffer case)
      if musb is configured as g_zero and fifo mode 3 is taken, follows
      the test command:
      
          #./testusb -D DEV_NAME -c 1024 -t 5 -s 32768 -g 8   [1]
      
      Also I have tested this patch can't make g_ether broken.
      
      [1],source of testusb : tools/usb/testusb.c under linux kernel;
      Signed-off-by: default avatarMing Lei <tom.leiming@gmail.com>
      Cc: David Brownell <dbrownell@users.sourceforge.net>
      Cc: Anand Gadiyar <gadiyar@ti.com>
      Cc: Mike Frysinger <vapier@gentoo.org>
      Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      490e5fbe
    • Ming Lei's avatar
      usb: musb: gadget: fix bulk IN infinit hangs in double buffer case · eeb1b2a4
      Ming Lei authored
      This patch fixes one infinite hang of bulk IN transfer in double buffer
      case, the hang can be observed easily by test #6 of usbtest if musb is
      configured as g_zero and fifo mode 3 is taken to enable double fifo.
      
      In fact, the patch only removes the check for non-empty fifo before
      loading data from new request into fifo since the check is not correct:
      
      	-in double buffer case, fifo may accommodate more than one packet,
      	even though it has contained one packet already and is non-empty
      
      	-since last DMA is completed before calling musb_g_tx, it is sure
      	that fifo may accommodate at least one packet
      
      Without applying the patch, new requst enqueued from .complte may not
      have a chance to be loaded into fifo, then will never be completed and
      cause infinite hangs.
      
      With the patch, on my beagle B5, test#6(queued bulk in) can be passed and
      test result may go beyond 33Mbyte/s if musb is configured as g_zero and
      fifo mode 3 is taken, follows the test command:
      
      	#testusb -D DEV_NAME -c 1024 -t 6 -s 32768 -g 8   [1]
      
      [1],
          -source of testusb : tools/usb/testusb.c under linux kernel;
      Signed-off-by: default avatarMing Lei <tom.leiming@gmail.com>
      Acked-by: default avatarAnand Gadiyar <gadiyar@ti.com>
      Cc: David Brownell <dbrownell@users.sourceforge.net>
      Cc: Anand Gadiyar <gadiyar@ti.com>
      Cc: Mike Frysinger <vapier@gentoo.org>
      Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      eeb1b2a4
    • Ming Lei's avatar
      usb: musb: gadget: fix kernel panic if using out ep with FIFO_TXRX style · bd2e74d6
      Ming Lei authored
      For shared fifo hw endpoint(with FIFO_TXRX style), only ep_in
      field of musb_hw_ep is intialized in musb_g_init_endpoints, and
      ep_out is not initialized, but musb_g_rx and rxstate may access
      ep_out field of musb_hw_ep by the method below:
      
      	musb_ep = &musb->endpoints[epnum].ep_out
      
      which can cause the kernel panic[1] below, this patch fixes the issue
      by getting 'musb_ep' from '&musb->endpoints[epnum].ep_in' for shared fifo
      endpoint.
      
      [1], kernel panic
      [root@OMAP3EVM /]# musb_interrupt 1583: ** IRQ peripheral usb0008 tx0000 rx4000
      musb_stage0_irq 460: <== Power=f0, DevCtl=99, int_usb=0x8
      musb_g_rx 772: <== (null), rxcsr 4007 ffffffe8
      musb_g_rx 786:  iso overrun on ffffffe8
      Unable to handle kernel NULL pointer dereference at virtual address 00000008
      pgd = c0004000
      [00000008] *pgd=00000000
      Internal error: Oops: 17 [#1] PREEMPT
      last sysfs file: /sys/devices/platform/musb_hdrc/usb1/usb_device/usbdev1.1/dev
      Modules linked in: g_zero
      CPU: 0    Tainted: G        W    (2.6.35-rc6-gkh-wl+ #92)
      PC is at musb_g_rx+0xfc/0x2ec
      LR is at vprintk+0x3f4/0x458
      pc : [<c02c07a4>]    lr : [<c006ccb0>]    psr: 20000193
      sp : c760bd78  ip : c03c9d70  fp : c760bdbc
      r10: 00000000  r9 : fa0ab1e0  r8 : 0000000e
      r7 : c7e80158  r6 : ffffffe8  r5 : 00000001  r4 : 00004003
      r3 : 00010003  r2 : c760bcd8  r1 : c03cd030  r0 : 0000002e
      Flags: nzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
      Control: 10c5387d  Table: 8778c019  DAC: 00000017
      Process kmemleak (pid: 421, stack limit = 0xc760a2e8)
      Stack: (0xc760bd78 to 0xc760c000)
      bd60:                                                       ffffffe8 c04b1b58
      bd80: ffffffe8 c7c01ac0 00000000 c7e80d24 c0084238 00000001 00000001 c7e80158
      bda0: 0000000e 00000008 00000099 000000f0 c760be04 c760bdc0 c02bcd68 c02c06b4
      bdc0: 00000099 00000008 00004000 c760bdd8 c03cc4f8 00000000 00000002 c7e80158
      bde0: c7d2e300 60000193 c760a000 0000005c 00000000 00000000 c760be24 c760be08
      be00: c02bcecc c02bc1ac c7d2e300 c7d2e300 0000005c c760a000 c760be54 c760be28
      be20: c00ad698 c02bce6c 00000000 c7d2e300 c067c258 0000005c c067c294 00000001
      be40: c760a000 00000000 c760be74 c760be58 c00af984 c00ad5fc 0000005c 00000000
      be60: 00000000 00000002 c760be8c c760be78 c0039080 c00af8d0 ffffffff fa200000
      be80: c760beec c760be90 c0039b6c c003900c 00000001 00000000 c7d1e240 00000000
      bea0: 00000000 c068bae8 00000000 60000013 00000001 00000000 00000000 c760beec
      bec0: c0064ecc c760bed8 c00ff7d0 c003a0a8 60000013 ffffffff 00000000 c068bae8
      bee0: c760bf24 c760bef0 c00ff7d0 c0064ec4 00000001 00000000 c00ff700 00000000
      bf00: c0087f00 00000000 60000013 c0d76a70 c0e23795 00000001 c760bf4c c760bf28
      bf20: c00ffdd8 c00ff70c c068bb08 c068bae8 60000013 c0100938 c068bb30 00000000
      bf40: c760bf84 c760bf50 c010014c c00ffd84 00000001 00000000 c010000c 00012c00
      bf60: c7c33f04 00012c00 c7c33f04 00000000 c0100938 00000000 c760bf9c c760bf88
      bf80: c01009a8 c0100018 c760bfa8 c7c33f04 c760bff4 c760bfa0 c0088000 c0100944
      bfa0: c760bf98 00000000 00000000 00000001 dead4ead ffffffff ffffffff c08ba2bc
      bfc0: 00000000 c049e7fa 00000000 c0087f70 c760bfd0 c760bfd0 c7c33f04 c0087f70
      bfe0: c006f5e8 00000013 00000000 c760bff8 c006f5e8 c0087f7c 7f0004ff df2000ff
      Backtrace:
      [<c02c06a8>] (musb_g_rx+0x0/0x2ec) from [<c02bcd68>] (musb_interrupt+0xbc8/0xcc0)
      [<c02bc1a0>] (musb_interrupt+0x0/0xcc0) from [<c02bcecc>] (generic_interrupt+0x6c/0x84)
      [<c02bce60>] (generic_interrupt+0x0/0x84) from [<c00ad698>] (handle_IRQ_event+0xa8/0x1ec)
       r7:c760a000 r6:0000005c r5:c7d2e300 r4:c7d2e300
      [<c00ad5f0>] (handle_IRQ_event+0x0/0x1ec) from [<c00af984>] (handle_level_irq+0xc0/0x13c)
      [<c00af8c4>] (handle_level_irq+0x0/0x13c) from [<c0039080>] (asm_do_IRQ+0x80/0xa0)
       r7:00000002 r6:00000000 r5:00000000 r4:0000005c
      [<c0039000>] (asm_do_IRQ+0x0/0xa0) from [<c0039b6c>] (__irq_svc+0x4c/0xb4)
      Exception stack(0xc760be90 to 0xc760bed8)
      be80:                                     00000001 00000000 c7d1e240 00000000
      bea0: 00000000 c068bae8 00000000 60000013 00000001 00000000 00000000 c760beec
      bec0: c0064ecc c760bed8 c00ff7d0 c003a0a8 60000013 ffffffff
       r5:fa200000 r4:ffffffff
      [<c0064eb8>] (sub_preempt_count+0x0/0x100) from [<c00ff7d0>] (find_and_get_object+0xd0/0x110)
       r5:c068bae8 r4:00000000
      [<c00ff700>] (find_and_get_object+0x0/0x110) from [<c00ffdd8>] (scan_block+0x60/0x104)
       r8:00000001 r7:c0e23795 r6:c0d76a70 r5:60000013 r4:00000000
      [<c00ffd78>] (scan_block+0x0/0x104) from [<c010014c>] (kmemleak_scan+0x140/0x484)
      [<c010000c>] (kmemleak_scan+0x0/0x484) from [<c01009a8>] (kmemleak_scan_thread+0x70/0xcc)
       r8:00000000 r7:c0100938 r6:00000000 r5:c7c33f04 r4:00012c00
      [<c0100938>] (kmemleak_scan_thread+0x0/0xcc) from [<c0088000>] (kthread+0x90/0x98)
       r5:c7c33f04 r4:c760bfa8
      [<c0087f70>] (kthread+0x0/0x98) from [<c006f5e8>] (do_exit+0x0/0x684)
       r7:00000013 r6:c006f5e8 r5:c0087f70 r4:c7c33f04
      Code: e3002312 e58d6000 e2833e16 eb0422d5 (e5963020)
      ---[ end trace f3d5e96f75c297b7 ]---
      Signed-off-by: default avatarMing Lei <tom.leiming@gmail.com>
      Reviewed-by: default avatarSergei Shtylyov <sshtylyov@mvista.com>
      Cc: David Brownell <dbrownell@users.sourceforge.net>
      Cc: Anand Gadiyar <gadiyar@ti.com>
      Cc: Mike Frysinger <vapier@gentoo.org>
      Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
      Cc: stable <stable@kernel.org>
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      bd2e74d6
    • Alan Stern's avatar
      USB: fix bug in initialization of interface minor numbers · 0026e005
      Alan Stern authored
      Recent changes in the usbhid layer exposed a bug in usbcore.  If
      CONFIG_USB_DYNAMIC_MINORS is enabled then an interface may be assigned
      a minor number of 0.  However interfaces that aren't registered as USB
      class devices also have their minor number set to 0, during
      initialization.  As a result usb_find_interface() may return the
      wrong interface, leading to a crash.
      
      This patch (as1418) fixes the problem by initializing every
      interface's minor number to -1.  It also cleans up the
      usb_register_dev() function, which besides being somewhat awkwardly
      written, does not unwind completely on all its error paths.
      Signed-off-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      Tested-by: default avatarPhilip J. Turmel <philip@turmel.org>
      Tested-by: default avatarGabriel Craciunescu <nix.or.die@googlemail.com>
      Tested-by: default avatarAlex Riesen <raa.lkml@gmail.com>
      Tested-by: default avatarMatthias Bayer <jackdachef@gmail.com>
      CC: Jiri Kosina <jkosina@suse.cz>
      Cc: stable <stable@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      0026e005
    • Naoya Horiguchi's avatar
      hugetlb, rmap: add BUG_ON(!PageLocked) in hugetlb_add_anon_rmap() · a850ea30
      Naoya Horiguchi authored
      Confirming page lock is held in hugetlb_add_anon_rmap() may be useful
      to detect possible future problems.
      Signed-off-by: default avatarNaoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Acked-by: default avatarRik van Riel <riel@redhat.com>
      Acked-by: default avatarAndrea Arcangeli <aarcange@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a850ea30
    • Naoya Horiguchi's avatar
      hugetlb, rmap: fix confusing page locking in hugetlb_cow() · 56c9cfb1
      Naoya Horiguchi authored
      The "if (!trylock_page)" block in the avoidcopy path of hugetlb_cow()
      looks confusing and is buggy.  Originally this trylock_page() was
      intended to make sure that old_page is locked even when old_page !=
      pagecache_page, because then only pagecache_page is locked.
      
      This patch fixes it by moving page locking into hugetlb_fault().
      Signed-off-by: default avatarNaoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Acked-by: default avatarRik van Riel <riel@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      56c9cfb1
    • Naoya Horiguchi's avatar
      hugetlb, rmap: use hugepage_add_new_anon_rmap() in hugetlb_cow() · cd67f0d2
      Naoya Horiguchi authored
      Obviously, setting anon_vma for COWed hugepage should be done
      by hugepage_add_new_anon_rmap() to scan vmas faster.
      This patch fixes it.
      Signed-off-by: default avatarNaoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Acked-by: default avatarAndrea Arcangeli <aarcange@redhat.com>
      Reviewed-by: default avatarRik van Riel <riel@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      cd67f0d2
    • Naoya Horiguchi's avatar
      hugetlb, rmap: always use anon_vma root pointer · 433abed6
      Naoya Horiguchi authored
      This patch applies Andrea's fix given by the following patch into hugepage
      rmapping code:
      
        commit 288468c3
        Author: Andrea Arcangeli <aarcange@redhat.com>
        Date:   Mon Aug 9 17:19:09 2010 -0700
      
      This patch uses anon_vma->root and avoids unnecessary overwriting when
      anon_vma is already set up.
      Signed-off-by: default avatarNaoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Acked-by: default avatarAndrea Arcangeli <aarcange@redhat.com>
      Reviewed-by: default avatarRik van Riel <riel@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      433abed6
    • Linus Torvalds's avatar
      Merge branch 'kvm-updates/2.6.36' of git://git.kernel.org/pub/scm/virt/kvm/kvm · bcf835e5
      Linus Torvalds authored
      * 'kvm-updates/2.6.36' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: Fix reboot on Intel hosts
        KVM: fix irqfd assign/deassign race
      bcf835e5
  2. 23 Sep, 2010 28 commits