- 25 Sep, 2010 10 commits
-
-
Al Viro authored
We want interrupts disabled on all paths leading to RESTORE_ALL; otherwise, we are risking an IRQ coming between the updates of alpha_mv->hae_cache and *alpha_mv->hae_register and set_hae() within the IRQ getting badly confused. RESTORE_ALL used to play with disabling IRQ itself, but that got removed back in 2002, without making sure we had them disabled on all paths. It's cheaper to make sure we have them disabled than to revert to original variant... Remove the detritus left from that commit back in 2002; we used to need a reload of $0 and $1 since swpipl would change those, but doing that had become pointless when we stopped doing swpipl in there... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.dk/linux-2.6-blockLinus Torvalds authored
* 'for-linus' of git://git.kernel.dk/linux-2.6-block: block: prevent merges of discard and write requests
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6Linus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6: ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory ALSA: hda - Fix auto-parse of SPDIF input of Realtek codecs ASoC: Fix multi-componentism ASoC: Fix soc-cache buffer overflow bug ALSA: oxygen: fix analog capture on Claro halo cards ALSA: hda - Add Dell Latitude E6400 model quirk ASoC: fix clkdev API usage in sh/migor.c
-
Larry Woodman authored
Thomas Pollet noticed that the remap_file_pages() system call in fremap.c has a potential overflow in the first part of the if statement below, which could cause it to process bogus input parameters. Specifically the pgoff + size parameters could be wrap thereby preventing the system call from failing when it should. Reported-by: Thomas Pollet <thomas.pollet@gmail.com> Signed-off-by: Larry Woodman <lwoodman@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Takashi Iwai authored
-
Takashi Iwai authored
-
Dan Rosenberg authored
The SNDRV_HDSP_IOCTL_GET_CONFIG_INFO and SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctls in hdspm.c and hdsp.c allow unprivileged users to read uninitialized kernel stack memory, because several fields of the hdsp{m}_config_info structs declared on the stack are not altered or zeroed before being copied back to the user. This patch takes care of it. Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com> Cc: <stable@kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
Adrian Hunter authored
Add logic to prevent two I/O requests being merged if only one of them is a discard. Ditto secure discard. Without this fix, it is possible for write requests to transform into discard requests. For example: Submit bio 1 to discard 8 sectors from sector n Submit bio 2 to write 8 sectors from sector n + 16 Submit bio 3 to write 8 sectors from sector n + 8 Bio 1 becomes request 1. Bio 2 becomes request 2. Bio 3 is merged with request 2, and then subsequently request 2 is merged with request 1 resulting in just one I/O request which discards all 24 sectors. Signed-off-by: Adrian Hunter <adrian.hunter@nokia.com> (Moved the checks above the position checks /Jens) Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/groeck/stagingLinus Torvalds authored
* 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/staging: x86/hwmon: pkgtemp has no dependency on PCI MAINTAINERS: Update hwmon entry x86/hwmon: register alternate sibling upon CPU removal x86/hwmon: fix initialization of pkgtemp x86/hwmon: fix initialization of coretemp x86/hwmon: don't leak device attribute file from pkgtemp_probe() and pkgtemp_remove() x86/hwmon: avoid deadlock on CPU removal in pkgtemp x86/hwmon: fix module init for hotplug-but-no-device-found case hwmon: (lis3) Fix Oops with NULL platform data
-
git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tileLinus Torvalds authored
* 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile: arch/tile: remove dead code from intvec_32.S
-
- 24 Sep, 2010 30 commits
-
-
Chris Metcalf authored
This "bpt_code" instruction was killed off in our development line a while ago (the actual definition of bpt_code that is used is in kernel/traps.c) but I didn't push it for 2.6.36 because it seemed harmless and I didn't want to try to push more than absolutely necessary. However, we recently fixed a bug in our gcc that had been causing "-gdwarf2" not to be passed to the assembler, and passing this flag causes an erroneous assembler failure in the presence of code in a data section, sometimes. While we'd like to track down the bug in the assembler, we'd also like to make sure 2.6.36 builds with the current toolchain, so I'm removing this dead code as well. Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
-
Linus Torvalds authored
Thomas Pollet points out that the 'end' variable is broken. It was computed based on start/size before they were page-aligned, and as such doesn't actually match any of the other actions we take. The overflow test on end was also redundant, since we had already tested it with the properly aligned version. So just get rid of it entirely. The one remaining use for that broken variable can just use 'start+size' like all the other cases already did. Reported-by: Thomas Pollet <thomas.pollet@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/jlbec/ocfs2Linus Torvalds authored
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jlbec/ocfs2: o2dlm: force free mles during dlm exit ocfs2: Sync inode flags with ext2. ocfs2: Move 'wanted' into parens of ocfs2_resmap_resv_bits. ocfs2: Use cpu_to_le16 for e_leaf_clusters in ocfs2_bg_discontig_add_extent. ocfs2: update ctime when changing the file's permission by setfacl ocfs2/net: fix uninitialized ret in o2net_send_message_vec() Ocfs2: Handle empty list in lockres_seq_start() for dlmdebug.c Ocfs2: Re-access the journal after ocfs2_insert_extent() in dxdir codes. ocfs2: Fix lockdep warning in reflink. ocfs2/lockdep: Move ip_xattr_sem out of ocfs2_xattr_get_nolock.
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6: USB: update Kconfig help text for CONFIG_USB_SUSPEND usb: musb: gadget: restart request on clearing endpoint halt usb: musb: host: Issue a memory barrier before starting DMA usb: musb: gadget: fix dma length in txstate usb: musb: gadget: complete request only if data is transfered over usb: musb: gadget: fix DMA length for OUT transfer usb: musb: gadget: enable autoclear for OUT transfer in both DMA 0 and DMA 1 usb: musb: gadget: fix bulk IN infinit hangs in double buffer case usb: musb: gadget: fix kernel panic if using out ep with FIFO_TXRX style USB: fix bug in initialization of interface minor numbers
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6: Staging: ti-st: remove st_get_plat_device
-
git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6Linus Torvalds authored
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6: vgaarb: trivial fix drm: radeon cleanup fixes... drm: fix trivial coding errors drm: ttm sparse fixes. drm/nouveau: fix panels using straps-based mode detection drm/ttm: Clear the ghost cpu_writers flag on ttm_buffer_object_transfer. drm/radeon: don't allow device to be opened if powered down
-
Al Viro authored
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Al Viro authored
It's a userland pointer; worse, an untrustable one since ptrace has just provided a chance to modify it. X-Roothole-Covering-Cabal: TINRCC Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Al Viro authored
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Al Viro authored
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Al Viro authored
do_signal() should know about saved_mask for it to work... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Jan Beulich authored
Other than coretemp, from which this code was apparently derived, there is no PCI specific code in this driver. Signed-off-by: Jan Beulich <jbeulich@novell.com> Cc: Fenghua Yu <fenghua.yu@intel.com> Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
-
Guenter Roeck authored
Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
-
Jan Beulich authored
Just like pkgtemp registers another core of the same package when one gets removed, coretemp should register another hyperthread (if available) in that situation. As pointed out in the patch fixing the respective code in pkgtemp, the list protectng mutex must be dropped before calling coretemp_device_add(), and due to the restructured loop (including an explicit return) the "safe" variant of the list iterator isn't needed anymore. Signed-off-by: Jan Beulich <jbeulich@novell.com> Cc: Rudolf Marek <r.marek@assembler.cz> Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
-
Jan Beulich authored
Feature availability should also be checked in the hotplug code path. Signed-off-by: Jan Beulich <jbeulich@novell.com> Cc: Fenghua Yu <fenghua.yu@intel.com> Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
-
Jan Beulich authored
Using cpuid_eax() to determine feature availability on other than the current CPU is invalid. And feature availability should also be checked in the hotplug code path. Signed-off-by: Jan Beulich <jbeulich@novell.com> Cc: Rudolf Marek <r.marek@assembler.cz> Cc: Fenghua Yu <fenghua.yu@intel.com> Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
-
Jan Beulich authored
While apparently inherited from coretemp source, this particular error handling cleanup and exit path wasn't copied properly (or perhaps got discarded intermediately and not re-added properly later). Signed-off-by: Jan Beulich <jbeulich@novell.com> Cc: Fenghua Yu <fenghua.yu@intel.com> Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com> (added device file removal in pkgtemp_remove)
-
Jan Beulich authored
pkgtemp_device_remove(), holding the list protecting mutex, calls pkgtemp_device_add(), which itself wants to acquire the same mutex. Holding the mutex over the entire loop body in pkgtemp_device_remove() isn't really necessary, as long as the loop gets exited after processing the matched CPU. Once exiting the loop after removing an eventual match, there's no need for using the "safe" list iterator anymore. Signed-off-by: Jan Beulich <jbeulich@novell.com> Cc: Fenghua Yu <fenghua.yu@intel.com> Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
-
Jan Beulich authored
In commit 0dca94ba the call to platform_driver_unregister() was made conditional upon !HOTPLUG_CPU, but the return value from coretemp_init() was left to indicate an error. This isn't correct, as the negative return value indicates to the module loader that initialization failed, which isn't intended here and results in dangling pointers. Signed-off-by: Jan Beulich <jbeulich@novell.com> Cc: Chen Gong <gong.chen@linux.intel.com> Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
-
Takashi Iwai authored
The recent addition of threaded irq handler causes a NULL dereference when used with hp_accel driver, which has NULL pdata. Acked-by: Samu Onkalo <samu.p.onkalo@nokia.com> Cc: <stable@kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
-
Alan Stern authored
This patch (as1429) updates the Kconfig help text for CONFIG_USB_SUSPEND. The power/level file is now deprecated; we should tell people to use power/control instead. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Sergei Shtylyov authored
Commit 46034dca (USB: musb_gadget_ep0: stop abusing musb_gadget_set_halt()) forgot to restart a queued request after clearing the endpoint halt feature. This results in a couple of USB resets while enumerating the file-backed storage gadget due to CSW packet not being sent for the MODE SENSE(10) command. Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Cc: stable@kernel.org Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Santosh Shilimkar authored
This patch fixes the issue which was observed while transfering a large file ( > 20MB) over USB (OMAP MUSB controller acts as USB host) to an attached USB thumb drive. It was found that CDB field of CBW packet was set to 0x0. This was due to missing a barrier before DMA engine starts transfer. This buffer is allocated using dma_alloc_coherent which gives non-cacheble but bufferable memory and hence needed a write memory barrier to flush the write buffer. More info on this thread is here: http://www.spinics.net/lists/linux-omap/msg33987.htmlSigned-off-by: Santosh Shilimkar <santosh.shilimkar@ti.com> Signed-off-by: Maulik Mankad <x0082077@ti.com> Cc: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Ming Lei authored
DMA length should not go beyond the availabe space of request buffer, so fix it. Also set max_len of cppi dma channel as max size of int type, so make musb dma handling happier. Signed-off-by: Ming Lei <tom.leiming@gmail.com> Cc: David Brownell <dbrownell@users.sourceforge.net> Cc: Anand Gadiyar <gadiyar@ti.com> Cc: Mike Frysinger <vapier@gentoo.org> Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Ming Lei authored
Complete the current request only if the data transfer is over. Signed-off-by: Ming Lei <tom.leiming@gmail.com> Cc: David Brownell <dbrownell@users.sourceforge.net> Cc: Anand Gadiyar <gadiyar@ti.com> Cc: Mike Frysinger <vapier@gentoo.org> Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Ming Lei authored
DMA length should not go beyond the availabe space of request buffer, so fix it. Signed-off-by: Ming Lei <tom.leiming@gmail.com> Acked-by: Anand Gadiyar <gadiyar@ti.com> Cc: David Brownell <dbrownell@users.sourceforge.net> Cc: Anand Gadiyar <gadiyar@ti.com> Cc: Mike Frysinger <vapier@gentoo.org> Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Ming Lei authored
This patch fixes one bugs of OUT transfer in double buffer case: -the current code only enable autoclear for dma mode 1, and not for dma mode 0 Without this patch, test #5 of usbtest can't be passed if we configure musb as g_zero and use fifo mode 3 to enable double buffer mode. With this patch and the following patch(fix dma length), on my beagle B5, test#5(queued bulk out) may go beyond 18Mbyte/s(seems dma mode 0 is quicker in double buffer case) if musb is configured as g_zero and fifo mode 3 is taken, follows the test command: #./testusb -D DEV_NAME -c 1024 -t 5 -s 32768 -g 8 [1] Also I have tested this patch can't make g_ether broken. [1],source of testusb : tools/usb/testusb.c under linux kernel; Signed-off-by: Ming Lei <tom.leiming@gmail.com> Cc: David Brownell <dbrownell@users.sourceforge.net> Cc: Anand Gadiyar <gadiyar@ti.com> Cc: Mike Frysinger <vapier@gentoo.org> Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Ming Lei authored
This patch fixes one infinite hang of bulk IN transfer in double buffer case, the hang can be observed easily by test #6 of usbtest if musb is configured as g_zero and fifo mode 3 is taken to enable double fifo. In fact, the patch only removes the check for non-empty fifo before loading data from new request into fifo since the check is not correct: -in double buffer case, fifo may accommodate more than one packet, even though it has contained one packet already and is non-empty -since last DMA is completed before calling musb_g_tx, it is sure that fifo may accommodate at least one packet Without applying the patch, new requst enqueued from .complte may not have a chance to be loaded into fifo, then will never be completed and cause infinite hangs. With the patch, on my beagle B5, test#6(queued bulk in) can be passed and test result may go beyond 33Mbyte/s if musb is configured as g_zero and fifo mode 3 is taken, follows the test command: #testusb -D DEV_NAME -c 1024 -t 6 -s 32768 -g 8 [1] [1], -source of testusb : tools/usb/testusb.c under linux kernel; Signed-off-by: Ming Lei <tom.leiming@gmail.com> Acked-by: Anand Gadiyar <gadiyar@ti.com> Cc: David Brownell <dbrownell@users.sourceforge.net> Cc: Anand Gadiyar <gadiyar@ti.com> Cc: Mike Frysinger <vapier@gentoo.org> Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Ming Lei authored
For shared fifo hw endpoint(with FIFO_TXRX style), only ep_in field of musb_hw_ep is intialized in musb_g_init_endpoints, and ep_out is not initialized, but musb_g_rx and rxstate may access ep_out field of musb_hw_ep by the method below: musb_ep = &musb->endpoints[epnum].ep_out which can cause the kernel panic[1] below, this patch fixes the issue by getting 'musb_ep' from '&musb->endpoints[epnum].ep_in' for shared fifo endpoint. [1], kernel panic [root@OMAP3EVM /]# musb_interrupt 1583: ** IRQ peripheral usb0008 tx0000 rx4000 musb_stage0_irq 460: <== Power=f0, DevCtl=99, int_usb=0x8 musb_g_rx 772: <== (null), rxcsr 4007 ffffffe8 musb_g_rx 786: iso overrun on ffffffe8 Unable to handle kernel NULL pointer dereference at virtual address 00000008 pgd = c0004000 [00000008] *pgd=00000000 Internal error: Oops: 17 [#1] PREEMPT last sysfs file: /sys/devices/platform/musb_hdrc/usb1/usb_device/usbdev1.1/dev Modules linked in: g_zero CPU: 0 Tainted: G W (2.6.35-rc6-gkh-wl+ #92) PC is at musb_g_rx+0xfc/0x2ec LR is at vprintk+0x3f4/0x458 pc : [<c02c07a4>] lr : [<c006ccb0>] psr: 20000193 sp : c760bd78 ip : c03c9d70 fp : c760bdbc r10: 00000000 r9 : fa0ab1e0 r8 : 0000000e r7 : c7e80158 r6 : ffffffe8 r5 : 00000001 r4 : 00004003 r3 : 00010003 r2 : c760bcd8 r1 : c03cd030 r0 : 0000002e Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment kernel Control: 10c5387d Table: 8778c019 DAC: 00000017 Process kmemleak (pid: 421, stack limit = 0xc760a2e8) Stack: (0xc760bd78 to 0xc760c000) bd60: ffffffe8 c04b1b58 bd80: ffffffe8 c7c01ac0 00000000 c7e80d24 c0084238 00000001 00000001 c7e80158 bda0: 0000000e 00000008 00000099 000000f0 c760be04 c760bdc0 c02bcd68 c02c06b4 bdc0: 00000099 00000008 00004000 c760bdd8 c03cc4f8 00000000 00000002 c7e80158 bde0: c7d2e300 60000193 c760a000 0000005c 00000000 00000000 c760be24 c760be08 be00: c02bcecc c02bc1ac c7d2e300 c7d2e300 0000005c c760a000 c760be54 c760be28 be20: c00ad698 c02bce6c 00000000 c7d2e300 c067c258 0000005c c067c294 00000001 be40: c760a000 00000000 c760be74 c760be58 c00af984 c00ad5fc 0000005c 00000000 be60: 00000000 00000002 c760be8c c760be78 c0039080 c00af8d0 ffffffff fa200000 be80: c760beec c760be90 c0039b6c c003900c 00000001 00000000 c7d1e240 00000000 bea0: 00000000 c068bae8 00000000 60000013 00000001 00000000 00000000 c760beec bec0: c0064ecc c760bed8 c00ff7d0 c003a0a8 60000013 ffffffff 00000000 c068bae8 bee0: c760bf24 c760bef0 c00ff7d0 c0064ec4 00000001 00000000 c00ff700 00000000 bf00: c0087f00 00000000 60000013 c0d76a70 c0e23795 00000001 c760bf4c c760bf28 bf20: c00ffdd8 c00ff70c c068bb08 c068bae8 60000013 c0100938 c068bb30 00000000 bf40: c760bf84 c760bf50 c010014c c00ffd84 00000001 00000000 c010000c 00012c00 bf60: c7c33f04 00012c00 c7c33f04 00000000 c0100938 00000000 c760bf9c c760bf88 bf80: c01009a8 c0100018 c760bfa8 c7c33f04 c760bff4 c760bfa0 c0088000 c0100944 bfa0: c760bf98 00000000 00000000 00000001 dead4ead ffffffff ffffffff c08ba2bc bfc0: 00000000 c049e7fa 00000000 c0087f70 c760bfd0 c760bfd0 c7c33f04 c0087f70 bfe0: c006f5e8 00000013 00000000 c760bff8 c006f5e8 c0087f7c 7f0004ff df2000ff Backtrace: [<c02c06a8>] (musb_g_rx+0x0/0x2ec) from [<c02bcd68>] (musb_interrupt+0xbc8/0xcc0) [<c02bc1a0>] (musb_interrupt+0x0/0xcc0) from [<c02bcecc>] (generic_interrupt+0x6c/0x84) [<c02bce60>] (generic_interrupt+0x0/0x84) from [<c00ad698>] (handle_IRQ_event+0xa8/0x1ec) r7:c760a000 r6:0000005c r5:c7d2e300 r4:c7d2e300 [<c00ad5f0>] (handle_IRQ_event+0x0/0x1ec) from [<c00af984>] (handle_level_irq+0xc0/0x13c) [<c00af8c4>] (handle_level_irq+0x0/0x13c) from [<c0039080>] (asm_do_IRQ+0x80/0xa0) r7:00000002 r6:00000000 r5:00000000 r4:0000005c [<c0039000>] (asm_do_IRQ+0x0/0xa0) from [<c0039b6c>] (__irq_svc+0x4c/0xb4) Exception stack(0xc760be90 to 0xc760bed8) be80: 00000001 00000000 c7d1e240 00000000 bea0: 00000000 c068bae8 00000000 60000013 00000001 00000000 00000000 c760beec bec0: c0064ecc c760bed8 c00ff7d0 c003a0a8 60000013 ffffffff r5:fa200000 r4:ffffffff [<c0064eb8>] (sub_preempt_count+0x0/0x100) from [<c00ff7d0>] (find_and_get_object+0xd0/0x110) r5:c068bae8 r4:00000000 [<c00ff700>] (find_and_get_object+0x0/0x110) from [<c00ffdd8>] (scan_block+0x60/0x104) r8:00000001 r7:c0e23795 r6:c0d76a70 r5:60000013 r4:00000000 [<c00ffd78>] (scan_block+0x0/0x104) from [<c010014c>] (kmemleak_scan+0x140/0x484) [<c010000c>] (kmemleak_scan+0x0/0x484) from [<c01009a8>] (kmemleak_scan_thread+0x70/0xcc) r8:00000000 r7:c0100938 r6:00000000 r5:c7c33f04 r4:00012c00 [<c0100938>] (kmemleak_scan_thread+0x0/0xcc) from [<c0088000>] (kthread+0x90/0x98) r5:c7c33f04 r4:c760bfa8 [<c0087f70>] (kthread+0x0/0x98) from [<c006f5e8>] (do_exit+0x0/0x684) r7:00000013 r6:c006f5e8 r5:c0087f70 r4:c7c33f04 Code: e3002312 e58d6000 e2833e16 eb0422d5 (e5963020) ---[ end trace f3d5e96f75c297b7 ]--- Signed-off-by: Ming Lei <tom.leiming@gmail.com> Reviewed-by: Sergei Shtylyov <sshtylyov@mvista.com> Cc: David Brownell <dbrownell@users.sourceforge.net> Cc: Anand Gadiyar <gadiyar@ti.com> Cc: Mike Frysinger <vapier@gentoo.org> Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com> Cc: stable <stable@kernel.org> Signed-off-by: Felipe Balbi <balbi@ti.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Alan Stern authored
Recent changes in the usbhid layer exposed a bug in usbcore. If CONFIG_USB_DYNAMIC_MINORS is enabled then an interface may be assigned a minor number of 0. However interfaces that aren't registered as USB class devices also have their minor number set to 0, during initialization. As a result usb_find_interface() may return the wrong interface, leading to a crash. This patch (as1418) fixes the problem by initializing every interface's minor number to -1. It also cleans up the usb_register_dev() function, which besides being somewhat awkwardly written, does not unwind completely on all its error paths. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Tested-by: Philip J. Turmel <philip@turmel.org> Tested-by: Gabriel Craciunescu <nix.or.die@googlemail.com> Tested-by: Alex Riesen <raa.lkml@gmail.com> Tested-by: Matthias Bayer <jackdachef@gmail.com> CC: Jiri Kosina <jkosina@suse.cz> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-