1. 24 Sep, 2010 14 commits
    • Sergei Shtylyov's avatar
      usb: musb: gadget: restart request on clearing endpoint halt · a666e3e6
      Sergei Shtylyov authored
      Commit 46034dca (USB: musb_gadget_ep0: stop
      abusing musb_gadget_set_halt()) forgot to restart a queued request after
      clearing the endpoint halt feature. This results in a couple of USB resets
      while enumerating the file-backed storage gadget due to CSW packet not being
      sent for the MODE SENSE(10) command.
      Signed-off-by: default avatarSergei Shtylyov <sshtylyov@ru.mvista.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      a666e3e6
    • Santosh Shilimkar's avatar
      usb: musb: host: Issue a memory barrier before starting DMA · 4c647338
      Santosh Shilimkar authored
      This patch fixes the issue which was observed while transfering
      a large file ( > 20MB) over USB (OMAP MUSB controller acts as USB host)
      to an attached USB thumb drive.
      
      It was found that CDB field of CBW packet was set to 0x0. This was
      due to missing a barrier before DMA engine starts transfer.
      This  buffer is  allocated using dma_alloc_coherent which gives
      non-cacheble but bufferable memory and hence needed a write
      memory barrier to flush the write buffer.
      
      More info on this thread is here:
      	http://www.spinics.net/lists/linux-omap/msg33987.htmlSigned-off-by: default avatarSantosh Shilimkar <santosh.shilimkar@ti.com>
      Signed-off-by: default avatarMaulik Mankad <x0082077@ti.com>
      Cc: Russell King <rmk+kernel@arm.linux.org.uk>
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      4c647338
    • Ming Lei's avatar
      usb: musb: gadget: fix dma length in txstate · 66af83dd
      Ming Lei authored
      DMA length should not go beyond the availabe space
      of request buffer, so fix it.
      
      Also set max_len of cppi dma channel as max size of
      int type, so make musb dma handling happier.
      Signed-off-by: default avatarMing Lei <tom.leiming@gmail.com>
      Cc: David Brownell <dbrownell@users.sourceforge.net>
      Cc: Anand Gadiyar <gadiyar@ti.com>
      Cc: Mike Frysinger <vapier@gentoo.org>
      Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      66af83dd
    • Ming Lei's avatar
      usb: musb: gadget: complete request only if data is transfered over · bb27bc2c
      Ming Lei authored
      Complete the current request only if the data transfer is over.
      Signed-off-by: default avatarMing Lei <tom.leiming@gmail.com>
      Cc: David Brownell <dbrownell@users.sourceforge.net>
      Cc: Anand Gadiyar <gadiyar@ti.com>
      Cc: Mike Frysinger <vapier@gentoo.org>
      Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      bb27bc2c
    • Ming Lei's avatar
      usb: musb: gadget: fix DMA length for OUT transfer · 1018b4e4
      Ming Lei authored
      DMA length should not go beyond the availabe space of request buffer,
      so fix it.
      Signed-off-by: default avatarMing Lei <tom.leiming@gmail.com>
      Acked-by: default avatarAnand Gadiyar <gadiyar@ti.com>
      Cc: David Brownell <dbrownell@users.sourceforge.net>
      Cc: Anand Gadiyar <gadiyar@ti.com>
      Cc: Mike Frysinger <vapier@gentoo.org>
      Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      1018b4e4
    • Ming Lei's avatar
      usb: musb: gadget: enable autoclear for OUT transfer in both DMA 0 and DMA 1 · 490e5fbe
      Ming Lei authored
      This patch fixes one bugs of OUT transfer in double buffer case:
      
      	-the current code only enable autoclear for dma mode 1, and not
      	for dma mode 0
      
      Without this patch, test #5 of usbtest can't be passed if we
      configure musb as g_zero and use fifo mode 3 to enable double
      buffer mode.
      
      With this patch and the following patch(fix dma length),
      on my beagle B5, test#5(queued bulk out) may go beyond
      18Mbyte/s(seems dma mode 0 is quicker in double buffer case)
      if musb is configured as g_zero and fifo mode 3 is taken, follows
      the test command:
      
          #./testusb -D DEV_NAME -c 1024 -t 5 -s 32768 -g 8   [1]
      
      Also I have tested this patch can't make g_ether broken.
      
      [1],source of testusb : tools/usb/testusb.c under linux kernel;
      Signed-off-by: default avatarMing Lei <tom.leiming@gmail.com>
      Cc: David Brownell <dbrownell@users.sourceforge.net>
      Cc: Anand Gadiyar <gadiyar@ti.com>
      Cc: Mike Frysinger <vapier@gentoo.org>
      Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      490e5fbe
    • Ming Lei's avatar
      usb: musb: gadget: fix bulk IN infinit hangs in double buffer case · eeb1b2a4
      Ming Lei authored
      This patch fixes one infinite hang of bulk IN transfer in double buffer
      case, the hang can be observed easily by test #6 of usbtest if musb is
      configured as g_zero and fifo mode 3 is taken to enable double fifo.
      
      In fact, the patch only removes the check for non-empty fifo before
      loading data from new request into fifo since the check is not correct:
      
      	-in double buffer case, fifo may accommodate more than one packet,
      	even though it has contained one packet already and is non-empty
      
      	-since last DMA is completed before calling musb_g_tx, it is sure
      	that fifo may accommodate at least one packet
      
      Without applying the patch, new requst enqueued from .complte may not
      have a chance to be loaded into fifo, then will never be completed and
      cause infinite hangs.
      
      With the patch, on my beagle B5, test#6(queued bulk in) can be passed and
      test result may go beyond 33Mbyte/s if musb is configured as g_zero and
      fifo mode 3 is taken, follows the test command:
      
      	#testusb -D DEV_NAME -c 1024 -t 6 -s 32768 -g 8   [1]
      
      [1],
          -source of testusb : tools/usb/testusb.c under linux kernel;
      Signed-off-by: default avatarMing Lei <tom.leiming@gmail.com>
      Acked-by: default avatarAnand Gadiyar <gadiyar@ti.com>
      Cc: David Brownell <dbrownell@users.sourceforge.net>
      Cc: Anand Gadiyar <gadiyar@ti.com>
      Cc: Mike Frysinger <vapier@gentoo.org>
      Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      eeb1b2a4
    • Ming Lei's avatar
      usb: musb: gadget: fix kernel panic if using out ep with FIFO_TXRX style · bd2e74d6
      Ming Lei authored
      For shared fifo hw endpoint(with FIFO_TXRX style), only ep_in
      field of musb_hw_ep is intialized in musb_g_init_endpoints, and
      ep_out is not initialized, but musb_g_rx and rxstate may access
      ep_out field of musb_hw_ep by the method below:
      
      	musb_ep = &musb->endpoints[epnum].ep_out
      
      which can cause the kernel panic[1] below, this patch fixes the issue
      by getting 'musb_ep' from '&musb->endpoints[epnum].ep_in' for shared fifo
      endpoint.
      
      [1], kernel panic
      [root@OMAP3EVM /]# musb_interrupt 1583: ** IRQ peripheral usb0008 tx0000 rx4000
      musb_stage0_irq 460: <== Power=f0, DevCtl=99, int_usb=0x8
      musb_g_rx 772: <== (null), rxcsr 4007 ffffffe8
      musb_g_rx 786:  iso overrun on ffffffe8
      Unable to handle kernel NULL pointer dereference at virtual address 00000008
      pgd = c0004000
      [00000008] *pgd=00000000
      Internal error: Oops: 17 [#1] PREEMPT
      last sysfs file: /sys/devices/platform/musb_hdrc/usb1/usb_device/usbdev1.1/dev
      Modules linked in: g_zero
      CPU: 0    Tainted: G        W    (2.6.35-rc6-gkh-wl+ #92)
      PC is at musb_g_rx+0xfc/0x2ec
      LR is at vprintk+0x3f4/0x458
      pc : [<c02c07a4>]    lr : [<c006ccb0>]    psr: 20000193
      sp : c760bd78  ip : c03c9d70  fp : c760bdbc
      r10: 00000000  r9 : fa0ab1e0  r8 : 0000000e
      r7 : c7e80158  r6 : ffffffe8  r5 : 00000001  r4 : 00004003
      r3 : 00010003  r2 : c760bcd8  r1 : c03cd030  r0 : 0000002e
      Flags: nzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
      Control: 10c5387d  Table: 8778c019  DAC: 00000017
      Process kmemleak (pid: 421, stack limit = 0xc760a2e8)
      Stack: (0xc760bd78 to 0xc760c000)
      bd60:                                                       ffffffe8 c04b1b58
      bd80: ffffffe8 c7c01ac0 00000000 c7e80d24 c0084238 00000001 00000001 c7e80158
      bda0: 0000000e 00000008 00000099 000000f0 c760be04 c760bdc0 c02bcd68 c02c06b4
      bdc0: 00000099 00000008 00004000 c760bdd8 c03cc4f8 00000000 00000002 c7e80158
      bde0: c7d2e300 60000193 c760a000 0000005c 00000000 00000000 c760be24 c760be08
      be00: c02bcecc c02bc1ac c7d2e300 c7d2e300 0000005c c760a000 c760be54 c760be28
      be20: c00ad698 c02bce6c 00000000 c7d2e300 c067c258 0000005c c067c294 00000001
      be40: c760a000 00000000 c760be74 c760be58 c00af984 c00ad5fc 0000005c 00000000
      be60: 00000000 00000002 c760be8c c760be78 c0039080 c00af8d0 ffffffff fa200000
      be80: c760beec c760be90 c0039b6c c003900c 00000001 00000000 c7d1e240 00000000
      bea0: 00000000 c068bae8 00000000 60000013 00000001 00000000 00000000 c760beec
      bec0: c0064ecc c760bed8 c00ff7d0 c003a0a8 60000013 ffffffff 00000000 c068bae8
      bee0: c760bf24 c760bef0 c00ff7d0 c0064ec4 00000001 00000000 c00ff700 00000000
      bf00: c0087f00 00000000 60000013 c0d76a70 c0e23795 00000001 c760bf4c c760bf28
      bf20: c00ffdd8 c00ff70c c068bb08 c068bae8 60000013 c0100938 c068bb30 00000000
      bf40: c760bf84 c760bf50 c010014c c00ffd84 00000001 00000000 c010000c 00012c00
      bf60: c7c33f04 00012c00 c7c33f04 00000000 c0100938 00000000 c760bf9c c760bf88
      bf80: c01009a8 c0100018 c760bfa8 c7c33f04 c760bff4 c760bfa0 c0088000 c0100944
      bfa0: c760bf98 00000000 00000000 00000001 dead4ead ffffffff ffffffff c08ba2bc
      bfc0: 00000000 c049e7fa 00000000 c0087f70 c760bfd0 c760bfd0 c7c33f04 c0087f70
      bfe0: c006f5e8 00000013 00000000 c760bff8 c006f5e8 c0087f7c 7f0004ff df2000ff
      Backtrace:
      [<c02c06a8>] (musb_g_rx+0x0/0x2ec) from [<c02bcd68>] (musb_interrupt+0xbc8/0xcc0)
      [<c02bc1a0>] (musb_interrupt+0x0/0xcc0) from [<c02bcecc>] (generic_interrupt+0x6c/0x84)
      [<c02bce60>] (generic_interrupt+0x0/0x84) from [<c00ad698>] (handle_IRQ_event+0xa8/0x1ec)
       r7:c760a000 r6:0000005c r5:c7d2e300 r4:c7d2e300
      [<c00ad5f0>] (handle_IRQ_event+0x0/0x1ec) from [<c00af984>] (handle_level_irq+0xc0/0x13c)
      [<c00af8c4>] (handle_level_irq+0x0/0x13c) from [<c0039080>] (asm_do_IRQ+0x80/0xa0)
       r7:00000002 r6:00000000 r5:00000000 r4:0000005c
      [<c0039000>] (asm_do_IRQ+0x0/0xa0) from [<c0039b6c>] (__irq_svc+0x4c/0xb4)
      Exception stack(0xc760be90 to 0xc760bed8)
      be80:                                     00000001 00000000 c7d1e240 00000000
      bea0: 00000000 c068bae8 00000000 60000013 00000001 00000000 00000000 c760beec
      bec0: c0064ecc c760bed8 c00ff7d0 c003a0a8 60000013 ffffffff
       r5:fa200000 r4:ffffffff
      [<c0064eb8>] (sub_preempt_count+0x0/0x100) from [<c00ff7d0>] (find_and_get_object+0xd0/0x110)
       r5:c068bae8 r4:00000000
      [<c00ff700>] (find_and_get_object+0x0/0x110) from [<c00ffdd8>] (scan_block+0x60/0x104)
       r8:00000001 r7:c0e23795 r6:c0d76a70 r5:60000013 r4:00000000
      [<c00ffd78>] (scan_block+0x0/0x104) from [<c010014c>] (kmemleak_scan+0x140/0x484)
      [<c010000c>] (kmemleak_scan+0x0/0x484) from [<c01009a8>] (kmemleak_scan_thread+0x70/0xcc)
       r8:00000000 r7:c0100938 r6:00000000 r5:c7c33f04 r4:00012c00
      [<c0100938>] (kmemleak_scan_thread+0x0/0xcc) from [<c0088000>] (kthread+0x90/0x98)
       r5:c7c33f04 r4:c760bfa8
      [<c0087f70>] (kthread+0x0/0x98) from [<c006f5e8>] (do_exit+0x0/0x684)
       r7:00000013 r6:c006f5e8 r5:c0087f70 r4:c7c33f04
      Code: e3002312 e58d6000 e2833e16 eb0422d5 (e5963020)
      ---[ end trace f3d5e96f75c297b7 ]---
      Signed-off-by: default avatarMing Lei <tom.leiming@gmail.com>
      Reviewed-by: default avatarSergei Shtylyov <sshtylyov@mvista.com>
      Cc: David Brownell <dbrownell@users.sourceforge.net>
      Cc: Anand Gadiyar <gadiyar@ti.com>
      Cc: Mike Frysinger <vapier@gentoo.org>
      Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
      Cc: stable <stable@kernel.org>
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      bd2e74d6
    • Alan Stern's avatar
      USB: fix bug in initialization of interface minor numbers · 0026e005
      Alan Stern authored
      Recent changes in the usbhid layer exposed a bug in usbcore.  If
      CONFIG_USB_DYNAMIC_MINORS is enabled then an interface may be assigned
      a minor number of 0.  However interfaces that aren't registered as USB
      class devices also have their minor number set to 0, during
      initialization.  As a result usb_find_interface() may return the
      wrong interface, leading to a crash.
      
      This patch (as1418) fixes the problem by initializing every
      interface's minor number to -1.  It also cleans up the
      usb_register_dev() function, which besides being somewhat awkwardly
      written, does not unwind completely on all its error paths.
      Signed-off-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      Tested-by: default avatarPhilip J. Turmel <philip@turmel.org>
      Tested-by: default avatarGabriel Craciunescu <nix.or.die@googlemail.com>
      Tested-by: default avatarAlex Riesen <raa.lkml@gmail.com>
      Tested-by: default avatarMatthias Bayer <jackdachef@gmail.com>
      CC: Jiri Kosina <jkosina@suse.cz>
      Cc: stable <stable@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      0026e005
    • Naoya Horiguchi's avatar
      hugetlb, rmap: add BUG_ON(!PageLocked) in hugetlb_add_anon_rmap() · a850ea30
      Naoya Horiguchi authored
      Confirming page lock is held in hugetlb_add_anon_rmap() may be useful
      to detect possible future problems.
      Signed-off-by: default avatarNaoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Acked-by: default avatarRik van Riel <riel@redhat.com>
      Acked-by: default avatarAndrea Arcangeli <aarcange@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a850ea30
    • Naoya Horiguchi's avatar
      hugetlb, rmap: fix confusing page locking in hugetlb_cow() · 56c9cfb1
      Naoya Horiguchi authored
      The "if (!trylock_page)" block in the avoidcopy path of hugetlb_cow()
      looks confusing and is buggy.  Originally this trylock_page() was
      intended to make sure that old_page is locked even when old_page !=
      pagecache_page, because then only pagecache_page is locked.
      
      This patch fixes it by moving page locking into hugetlb_fault().
      Signed-off-by: default avatarNaoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Acked-by: default avatarRik van Riel <riel@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      56c9cfb1
    • Naoya Horiguchi's avatar
      hugetlb, rmap: use hugepage_add_new_anon_rmap() in hugetlb_cow() · cd67f0d2
      Naoya Horiguchi authored
      Obviously, setting anon_vma for COWed hugepage should be done
      by hugepage_add_new_anon_rmap() to scan vmas faster.
      This patch fixes it.
      Signed-off-by: default avatarNaoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Acked-by: default avatarAndrea Arcangeli <aarcange@redhat.com>
      Reviewed-by: default avatarRik van Riel <riel@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      cd67f0d2
    • Naoya Horiguchi's avatar
      hugetlb, rmap: always use anon_vma root pointer · 433abed6
      Naoya Horiguchi authored
      This patch applies Andrea's fix given by the following patch into hugepage
      rmapping code:
      
        commit 288468c3
        Author: Andrea Arcangeli <aarcange@redhat.com>
        Date:   Mon Aug 9 17:19:09 2010 -0700
      
      This patch uses anon_vma->root and avoids unnecessary overwriting when
      anon_vma is already set up.
      Signed-off-by: default avatarNaoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Acked-by: default avatarAndrea Arcangeli <aarcange@redhat.com>
      Reviewed-by: default avatarRik van Riel <riel@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      433abed6
    • Linus Torvalds's avatar
      Merge branch 'kvm-updates/2.6.36' of git://git.kernel.org/pub/scm/virt/kvm/kvm · bcf835e5
      Linus Torvalds authored
      * 'kvm-updates/2.6.36' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: Fix reboot on Intel hosts
        KVM: fix irqfd assign/deassign race
      bcf835e5
  2. 23 Sep, 2010 26 commits