1. 12 Aug, 2014 40 commits
    • Alan Stern's avatar
      USB: unbind all interfaces before rebinding any · 2ebf5d66
      Alan Stern authored
      When a driver doesn't have pre_reset, post_reset, or reset_resume
      methods, the USB core unbinds that driver when its device undergoes a
      reset or a reset-resume, and then rebinds it afterward.
      
      The existing straightforward implementation can lead to problems,
      because each interface gets unbound and rebound before the next
      interface is handled.  If a driver claims additional interfaces, the
      claim may fail because the old binding instance may still own the
      additional interface when the new instance tries to claim it.
      
      This patch fixes the problem by first unbinding all the interfaces
      that are marked (i.e., their needs_binding flag is set) and then
      rebinding all of them.
      
      The patch also makes the helper functions in driver.c a little more
      uniform and adjusts some out-of-date comments.
      Signed-off-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      Reported-and-tested-by: default avatar"Poulain, Loic" <loic.poulain@intel.com>
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      
      (cherry picked from commit 6aec044c)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      2ebf5d66
    • Kees Cook's avatar
      usb: gadget: tcm_usb_gadget: stop format strings · 3fe76bad
      Kees Cook authored
      This makes sure that the name coming out of configfs cannot be used
      accidentally as a format string.
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      
      (cherry picked from commit aba37fd9)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      3fe76bad
    • Felix Fietkau's avatar
      ath9k: fix ready time of the multicast buffer queue · 651bd779
      Felix Fietkau authored
      qi->tqi_readyTime is written directly to registers that expect
      microseconds as unit instead of TU.
      When setting the CABQ ready time, cur_conf->beacon_interval is in TU, so
      convert it to microseconds before passing it to ath9k_hw.
      
      This should hopefully fix some Tx DMA issues with buffered multicast
      frames in AP mode.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarFelix Fietkau <nbd@openwrt.org>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      
      (cherry picked from commit 3b3e0efb)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      651bd779
    • Felipe Franciosi's avatar
      mtip32xx: Unmap the DMA segments before completing the IO request · f65fa64a
      Felipe Franciosi authored
      If the buffers are unmapped after completing a request, then stale data
      might be in the request.
      Signed-off-by: default avatarFelipe Franciosi <felipe@paradoxo.org>
      Cc: stable@kernel.org
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      
      (cherry picked from commit 368c89d7)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      f65fa64a
    • Felipe Franciosi's avatar
      mtip32xx: Set queue bounce limit · 7d1a1167
      Felipe Franciosi authored
      We need to set the queue bounce limit during the device initialization to
      prevent excessive bouncing on 32 bit architectures.
      Signed-off-by: default avatarFelipe Franciosi <felipe@paradoxo.org>
      Cc: stable@kernel.org
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      
      (cherry picked from commit 1044b1bb)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      7d1a1167
    • Stefan Sørensen's avatar
      ARM: OMAP2+: INTC: Acknowledge stuck active interrupts · 80030144
      Stefan Sørensen authored
      When an interrupt has become active on the INTC it will stay active
      until it is acked, even if masked or de-asserted. The
      INTC_PENDING_IRQn registers are however updated and since these are
      used by omap_intc_handle_irq to determine which interrupt to handle,
      it will never see the active interrupt. This will result in a storm of
      useless interrupts that is only stopped when another higher priority
      interrupt is asserted.
      
      Fix by sending the INTC an acknowledge if we find no interrupts to
      handle.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarStefan Sørensen <stefan.sorensen@spectralink.com>
      Signed-off-by: default avatarTony Lindgren <tony@atomide.com>
      
      (cherry picked from commit 698b4853)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      80030144
    • Catalin Marinas's avatar
      arm64: Do not synchronise I and D caches for special ptes · 552bacca
      Catalin Marinas authored
      Special pte mappings are not intended to be executable and do not even
      have an associated struct page. This patch ensures that we do not call
      __sync_icache_dcache() on such ptes.
      Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      Reported-by: default avatarSteve Capper <Steve.Capper@arm.com>
      Tested-by: default avatarLaura Abbott <lauraa@codeaurora.org>
      Tested-by: default avatarBharat Bhushan <Bharat.Bhushan@freescale.com>
      Cc: <stable@vger.kernel.org>
      
      (cherry picked from commit 71fdb6bf)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      552bacca
    • Catalin Marinas's avatar
      arm64: Make DMA coherent and strongly ordered mappings not executable · 4785942c
      Catalin Marinas authored
      pgprot_{dmacoherent,writecombine,noncached} don't need to generate
      executable mappings with side-effects like __sync_icache_dcache() being
      called when the mapping is in user space.
      Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      Reported-by: default avatarBharat Bhushan <Bharat.Bhushan@freescale.com>
      Tested-by: default avatarLaura Abbott <lauraa@codeaurora.org>
      Tested-by: default avatarBharat Bhushan <Bharat.Bhushan@freescale.com>
      Cc: <stable@vger.kernel.org>
      
      (cherry picked from commit de2db743)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      4785942c
    • Catalin Marinas's avatar
      arm64: Use Normal NonCacheable memory for writecombine · b705605d
      Catalin Marinas authored
      This provides better performance compared to Device GRE and also allows
      unaligned accesses. Such memory is intended to be used with standard RAM
      (e.g. framebuffers) and not I/O.
      Signed-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      
      (cherry picked from commit 4f00130b)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      b705605d
    • Rusty Russell's avatar
      virtio_balloon: don't softlockup on huge balloon changes. · 39a7dae5
      Rusty Russell authored
      When adding or removing 100G from a balloon:
      
          BUG: soft lockup - CPU#0 stuck for 22s! [vballoon:367]
      
      We have a wait_event_interruptible(), but the condition is always true
      (more ballooning to do) so we don't ever sleep.  We also have a
      wait_event() for the host to ack, but that is also always true as QEMU
      is synchronous for balloon operations.
      Reported-by: default avatarGopesh Kumar Chaudhary <gopchaud@in.ibm.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      
      (cherry picked from commit 1f74ef0f)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      39a7dae5
    • Emmanuel Grumbach's avatar
      iwlwifi: dvm: take mutex when sending SYNC BT config command · 4ae53298
      Emmanuel Grumbach authored
      There is a flow in which we send the host command in SYNC
      mode, but we don't take priv->mutex.
      
      Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1046495
      
      Cc: <stable@vger.kernel.org>
      Reviewed-by: default avatarJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: default avatarEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      
      (cherry picked from commit 82e5a649)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      4ae53298
    • Herve Codina's avatar
      mtd: atmel_nand: Disable subpage NAND write when using Atmel PMECC · 511144a6
      Herve Codina authored
      Crash detected on sam5d35 and its pmecc nand ecc controller.
      
      The problem was a call to chip->ecc.hwctl from nand_write_subpage_hwecc
      (nand_base.c) when we write a sub page.
      chip->ecc.hwctl function is not set when we are using PMECC controller.
      As a workaround, set NAND_NO_SUBPAGE_WRITE for PMECC controller in
      order to disable sub page access in nand_write_page.
      Signed-off-by: default avatarHerve Codina <Herve.CODINA@celad.com>
      Acked-by: default avatarJosh Wu <josh.wu@atmel.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarBrian Norris <computersforpeace@gmail.com>
      
      (cherry picked from commit 90445ff6)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      511144a6
    • Ajesh Kunhipurayil Vijayan's avatar
      jffs2: Fix crash due to truncation of csize · bb99332e
      Ajesh Kunhipurayil Vijayan authored
      mounting JFFS2 partition sometimes crashes with this call trace:
      
      [ 1322.240000] Kernel bug detected[#1]:
      [ 1322.244000] Cpu 2
      [ 1322.244000] $ 0   : 0000000000000000 0000000000000018 000000003ff00070 0000000000000001
      [ 1322.252000] $ 4   : 0000000000000000 c0000000f3980150 0000000000000000 0000000000010000
      [ 1322.260000] $ 8   : ffffffffc09cd5f8 0000000000000001 0000000000000088 c0000000ed300de8
      [ 1322.268000] $12   : e5e19d9c5f613a45 ffffffffc046d464 0000000000000000 66227ba5ea67b74e
      [ 1322.276000] $16   : c0000000f1769c00 c0000000ed1e0200 c0000000f3980150 0000000000000000
      [ 1322.284000] $20   : c0000000f3a80000 00000000fffffffc c0000000ed2cfbd8 c0000000f39818f0
      [ 1322.292000] $24   : 0000000000000004 0000000000000000
      [ 1322.300000] $28   : c0000000ed2c0000 c0000000ed2cfab8 0000000000010000 ffffffffc039c0b0
      [ 1322.308000] Hi    : 000000000000023c
      [ 1322.312000] Lo    : 000000000003f802
      [ 1322.316000] epc   : ffffffffc039a9f8 check_tn_node+0x88/0x3b0
      [ 1322.320000]     Not tainted
      [ 1322.324000] ra    : ffffffffc039c0b0 jffs2_do_read_inode_internal+0x1250/0x1e48
      [ 1322.332000] Status: 5400f8e3    KX SX UX KERNEL EXL IE
      [ 1322.336000] Cause : 00800034
      [ 1322.340000] PrId  : 000c1004 (Netlogic XLP)
      [ 1322.344000] Modules linked in:
      [ 1322.348000] Process jffs2_gcd_mtd7 (pid: 264, threadinfo=c0000000ed2c0000, task=c0000000f0e68dd8, tls=0000000000000000)
      [ 1322.356000] Stack : c0000000f1769e30 c0000000ed010780 c0000000ed010780 c0000000ed300000
              c0000000f1769c00 c0000000f3980150 c0000000f3a80000 00000000fffffffc
              c0000000ed2cfbd8 ffffffffc039c0b0 ffffffffc09c6340 0000000000001000
              0000000000000dec ffffffffc016c9d8 c0000000f39805a0 c0000000f3980180
              0000008600000000 0000000000000000 0000000000000000 0000000000000000
              0001000000000dec c0000000f1769d98 c0000000ed2cfb18 0000000000010000
              0000000000010000 0000000000000044 c0000000f3a80000 c0000000f1769c00
              c0000000f3d207a8 c0000000f1769d98 c0000000f1769de0 ffffffffc076f9c0
              0000000000000009 0000000000000000 0000000000000000 ffffffffc039cf90
              0000000000000017 ffffffffc013fbdc 0000000000000001 000000010003e61c
              ...
      [ 1322.424000] Call Trace:
      [ 1322.428000] [<ffffffffc039a9f8>] check_tn_node+0x88/0x3b0
      [ 1322.432000] [<ffffffffc039c0b0>] jffs2_do_read_inode_internal+0x1250/0x1e48
      [ 1322.440000] [<ffffffffc039cf90>] jffs2_do_crccheck_inode+0x70/0xd0
      [ 1322.448000] [<ffffffffc03a1b80>] jffs2_garbage_collect_pass+0x160/0x870
      [ 1322.452000] [<ffffffffc03a392c>] jffs2_garbage_collect_thread+0xdc/0x1f0
      [ 1322.460000] [<ffffffffc01541c8>] kthread+0xb8/0xc0
      [ 1322.464000] [<ffffffffc0106d18>] kernel_thread_helper+0x10/0x18
      [ 1322.472000]
      [ 1322.472000]
      Code: 67bd0050  94a4002c  2c830001 <00038036> de050218  2403fffc  0080a82d  00431824  24630044
      [ 1322.480000] ---[ end trace b052bb90e97dfbf5 ]---
      
      The variable csize in structure jffs2_tmp_dnode_info is of type uint16_t, but it
      is used to hold the compressed data length(csize) which is declared as uint32_t.
      So, when the value of csize exceeds 16bits, it gets truncated when assigned to
      tn->csize. This is causing a kernel BUG.
      Changing the definition of csize in jffs2_tmp_dnode_info to uint32_t fixes the issue.
      Signed-off-by: default avatarAjesh Kunhipurayil Vijayan <ajesh@broadcom.com>
      Signed-off-by: default avatarKamlakant Patel <kamlakant.patel@broadcom.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarBrian Norris <computersforpeace@gmail.com>
      
      (cherry picked from commit 41bf1a24)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      bb99332e
    • Kamlakant Patel's avatar
      jffs2: Fix segmentation fault found in stress test · e4ae2a8c
      Kamlakant Patel authored
      Creating a large file on a JFFS2 partition sometimes crashes with this call
      trace:
      
      [  306.476000] CPU 13 Unable to handle kernel paging request at virtual address c0000000dfff8002, epc == ffffffffc03a80a8, ra == ffffffffc03a8044
      [  306.488000] Oops[#1]:
      [  306.488000] Cpu 13
      [  306.492000] $ 0   : 0000000000000000 0000000000000000 0000000000008008 0000000000008007
      [  306.500000] $ 4   : c0000000dfff8002 000000000000009f c0000000e0007cde c0000000ee95fa58
      [  306.508000] $ 8   : 0000000000000001 0000000000008008 0000000000010000 ffffffffffff8002
      [  306.516000] $12   : 0000000000007fa9 000000000000ff0e 000000000000ff0f 80e55930aebb92bb
      [  306.524000] $16   : c0000000e0000000 c0000000ee95fa5c c0000000efc80000 ffffffffc09edd70
      [  306.532000] $20   : ffffffffc2b60000 c0000000ee95fa58 0000000000000000 c0000000efc80000
      [  306.540000] $24   : 0000000000000000 0000000000000004
      [  306.548000] $28   : c0000000ee950000 c0000000ee95f738 0000000000000000 ffffffffc03a8044
      [  306.556000] Hi    : 00000000000574a5
      [  306.560000] Lo    : 6193b7a7e903d8c9
      [  306.564000] epc   : ffffffffc03a80a8 jffs2_rtime_compress+0x98/0x198
      [  306.568000]     Tainted: G        W
      [  306.572000] ra    : ffffffffc03a8044 jffs2_rtime_compress+0x34/0x198
      [  306.580000] Status: 5000f8e3    KX SX UX KERNEL EXL IE
      [  306.584000] Cause : 00800008
      [  306.588000] BadVA : c0000000dfff8002
      [  306.592000] PrId  : 000c1100 (Netlogic XLP)
      [  306.596000] Modules linked in:
      [  306.596000] Process dd (pid: 170, threadinfo=c0000000ee950000, task=c0000000ee6e0858, tls=0000000000c47490)
      [  306.608000] Stack : 7c547f377ddc7ee4 7ffc7f967f5d7fae 7f617f507fc37ff4 7e7d7f817f487f5f
              7d8e7fec7ee87eb3 7e977ff27eec7f9e 7d677ec67f917f67 7f3d7e457f017ed7
              7fd37f517f867eb2 7fed7fd17ca57e1d 7e5f7fe87f257f77 7fd77f0d7ede7fdb
              7fba7fef7e197f99 7fde7fe07ee37eb5 7f5c7f8c7fc67f65 7f457fb87f847e93
              7f737f3e7d137cd9 7f8e7e9c7fc47d25 7dbb7fac7fb67e52 7ff17f627da97f64
              7f6b7df77ffa7ec5 80057ef17f357fb3 7f767fa27dfc7fd5 7fe37e8e7fd07e53
              7e227fcf7efb7fa1 7f547e787fa87fcc 7fcb7fc57f5a7ffb 7fc07f6c7ea97e80
              7e2d7ed17e587ee0 7fb17f9d7feb7f31 7f607e797e887faa 7f757fdd7c607ff3
              7e877e657ef37fbd 7ec17fd67fe67ff7 7ff67f797ff87dc4 7eef7f3a7c337fa6
              7fe57fc97ed87f4b 7ebe7f097f0b8003 7fe97e2a7d997cba 7f587f987f3c7fa9
              ...
      [  306.676000] Call Trace:
      [  306.680000] [<ffffffffc03a80a8>] jffs2_rtime_compress+0x98/0x198
      [  306.684000] [<ffffffffc0394f10>] jffs2_selected_compress+0x110/0x230
      [  306.692000] [<ffffffffc039508c>] jffs2_compress+0x5c/0x388
      [  306.696000] [<ffffffffc039dc58>] jffs2_write_inode_range+0xd8/0x388
      [  306.704000] [<ffffffffc03971bc>] jffs2_write_end+0x16c/0x2d0
      [  306.708000] [<ffffffffc01d3d90>] generic_file_buffered_write+0xf8/0x2b8
      [  306.716000] [<ffffffffc01d4e7c>] __generic_file_aio_write+0x1ac/0x350
      [  306.720000] [<ffffffffc01d50a0>] generic_file_aio_write+0x80/0x168
      [  306.728000] [<ffffffffc021f7dc>] do_sync_write+0x94/0xf8
      [  306.732000] [<ffffffffc021ff6c>] vfs_write+0xa4/0x1a0
      [  306.736000] [<ffffffffc02202e8>] SyS_write+0x50/0x90
      [  306.744000] [<ffffffffc0116cc0>] handle_sys+0x180/0x1a0
      [  306.748000]
      [  306.748000]
      Code: 020b202d  0205282d  90a50000 <90840000> 14a40038  00000000  0060602d  0000282d  016c5823
      [  306.760000] ---[ end trace 79dd088435be02d0 ]---
      Segmentation fault
      
      This crash is caused because the 'positions' is declared as an array of signed
      short. The value of position is in the range 0..65535, and will be converted
      to a negative number when the position is greater than 32767 and causes a
      corruption and crash. Changing the definition to 'unsigned short' fixes this
      issue
      Signed-off-by: default avatarJayachandran C <jchandra@broadcom.com>
      Signed-off-by: default avatarKamlakant Patel <kamlakant.patel@broadcom.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarBrian Norris <computersforpeace@gmail.com>
      
      (cherry picked from commit 3367da56)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      e4ae2a8c
    • Li Zefan's avatar
      jffs2: avoid soft-lockup in jffs2_reserve_space_gc() · e30029eb
      Li Zefan authored
      We triggered soft-lockup under stress test on 2.6.34 kernel.
      
      BUG: soft lockup - CPU#1 stuck for 60009ms! [lockf2.test:14488]
      ...
      [<bf09a4d4>] (jffs2_do_reserve_space+0x420/0x440 [jffs2])
      [<bf09a528>] (jffs2_reserve_space_gc+0x34/0x78 [jffs2])
      [<bf0a1350>] (jffs2_garbage_collect_dnode.isra.3+0x264/0x478 [jffs2])
      [<bf0a2078>] (jffs2_garbage_collect_pass+0x9c0/0xe4c [jffs2])
      [<bf09a670>] (jffs2_reserve_space+0x104/0x2a8 [jffs2])
      [<bf09dc48>] (jffs2_write_inode_range+0x5c/0x4d4 [jffs2])
      [<bf097d8c>] (jffs2_write_end+0x198/0x2c0 [jffs2])
      [<c00e00a4>] (generic_file_buffered_write+0x158/0x200)
      [<c00e14f4>] (__generic_file_aio_write+0x3a4/0x414)
      [<c00e15c0>] (generic_file_aio_write+0x5c/0xbc)
      [<c012334c>] (do_sync_write+0x98/0xd4)
      [<c0123a84>] (vfs_write+0xa8/0x150)
      [<c0123d74>] (sys_write+0x3c/0xc0)]
      
      Fix this by adding a cond_resched() in the while loop.
      
      [akpm@linux-foundation.org: don't initialize `ret']
      Signed-off-by: default avatarLi Zefan <lizefan@huawei.com>
      Cc: David Woodhouse <dwmw2@infradead.org>
      Cc: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarBrian Norris <computersforpeace@gmail.com>
      
      (cherry picked from commit 13b546d9)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      e30029eb
    • Li Zefan's avatar
      jffs2: remove from wait queue after schedule() · f5232d40
      Li Zefan authored
      @wait is a local variable, so if we don't remove it from the wait queue
      list, later wake_up() may end up accessing invalid memory.
      
      This was spotted by eyes.
      Signed-off-by: default avatarLi Zefan <lizefan@huawei.com>
      Cc: David Woodhouse <dwmw2@infradead.org>
      Cc: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarBrian Norris <computersforpeace@gmail.com>
      
      (cherry picked from commit 3ead9578)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      f5232d40
    • Hidetoshi Seto's avatar
      Btrfs: skip submitting barrier for missing device · a0e95d77
      Hidetoshi Seto authored
      I got an error on v3.13:
       BTRFS error (device sdf1) in write_all_supers:3378: errno=-5 IO failure (errors while submitting device barriers.)
      
      how to reproduce:
        > mkfs.btrfs -f -d raid1 /dev/sdf1 /dev/sdf2
        > wipefs -a /dev/sdf2
        > mount -o degraded /dev/sdf1 /mnt
        > btrfs balance start -f -sconvert=single -mconvert=single -dconvert=single /mnt
      
      The reason of the error is that barrier_all_devices() failed to submit
      barrier to the missing device.  However it is clear that we cannot do
      anything on missing device, and also it is not necessary to care chunks
      on the missing device.
      
      This patch stops sending/waiting barrier if device is missing.
      Signed-off-by: default avatarHidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarJosef Bacik <jbacik@fb.com>
      
      (cherry picked from commit f88ba6a2)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      a0e95d77
    • Himangi Saraogi's avatar
      staging:serqt_usb2: Fix sparse warning restricted __le16 degrades to integer · 0665486f
      Himangi Saraogi authored
      This patch fixes the following sparse warning :
      drivers/staging/serqt_usb2/serqt_usb2.c:727:40: warning: restricted __le16 degrades to integer
      Signed-off-by: default avatarHimangi Saraogi <himangi774@gmail.com>
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      
      (cherry picked from commit abe5d64d)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      0665486f
    • Mathias Nyman's avatar
      xhci: Prevent runtime pm from autosuspending during initialization · 02d3193c
      Mathias Nyman authored
      xHCI driver has its own pci probe function that will call usb_hcd_pci_probe
      to register its usb-2 bus, and then continue to manually register the
      usb-3 bus. usb_hcd_pci_probe does a pm_runtime_put_noidle at the end and
      might thus trigger a runtime suspend before the usb-3 bus is ready.
      
      Prevent the runtime suspend by increasing the usage count in the
      beginning of xhci_pci_probe, and decrease it once the usb-3 bus is
      ready.
      
      xhci-platform driver is not using usb_hcd_pci_probe to set up
      busses and should not need to have it's usage count increased during probe.
      Signed-off-by: default avatarMathias Nyman <mathias.nyman@linux.intel.com>
      Acked-by: default avatarDan Williams <dan.j.williams@intel.com>
      Acked-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      Signed-off-by: default avatarSarah Sharp <sarah.a.sharp@linux.intel.com>
      Cc: stable@vger.kernel.org
      
      (cherry picked from commit bcffae77)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      02d3193c
    • Larry Finger's avatar
      rtlwifi: rtl8723ae: Fix too long disable of IRQs · 0a3d5b52
      Larry Finger authored
      In commit f78bccd7 entitled "rtlwifi:
      rtl8192ce: Fix too long disable of IRQs", Olivier Langlois
      <olivier@trillion01.com> fixed a problem caused by an extra long disabling
      of interrupts. This patch makes the same fix for rtl8723ae.
      Signed-off-by: default avatarLarry Finger <Larry.Finger@lwfinger.net>
      Cc: Stable <stable@vger.kernel.org>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      
      (cherry picked from commit bfc1010c)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      0a3d5b52
    • Larry Finger's avatar
      rtlwifi: rtl8192se: Fix too long disable of IRQs · 8e02da84
      Larry Finger authored
      In commit f78bccd7 entitled "rtlwifi:
      rtl8192ce: Fix too long disable of IRQs", Olivier Langlois
      <olivier@trillion01.com> fixed a problem caused by an extra long disabling
      of interrupts. This patch makes the same fix for rtl8192se.
      Signed-off-by: default avatarLarry Finger <Larry.Finger@lwfinger.net>
      Cc: Stable <stable@vger.kernel.org>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      
      (cherry picked from commit 2610decd)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      8e02da84
    • Larry Finger's avatar
      rtlwifi: rtl8192cu: Fix too long disable of IRQs · b212d4a3
      Larry Finger authored
      In commit f78bccd7 entitled "rtlwifi:
      rtl8192ce: Fix too long disable of IRQs", Olivier Langlois
      <olivier@trillion01.com> fixed a problem caused by an extra long disabling
      of interrupts. This patch makes the same fix for rtl8192cu.
      Signed-off-by: default avatarLarry Finger <Larry.Finger@lwfinger.net>
      Cc: Stable <stable@vger.kernel.org>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      
      (cherry picked from commit a53268be)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      b212d4a3
    • Roman Pen's avatar
      blktrace: fix accounting of partially completed requests · 0d1ad082
      Roman Pen authored
      trace_block_rq_complete does not take into account that request can
      be partially completed, so we can get the following incorrect output
      of blkparser:
      
        C   R 232 + 240 [0]
        C   R 240 + 232 [0]
        C   R 248 + 224 [0]
        C   R 256 + 216 [0]
      
      but should be:
      
        C   R 232 + 8 [0]
        C   R 240 + 8 [0]
        C   R 248 + 8 [0]
        C   R 256 + 8 [0]
      
      Also, the whole output summary statistics of completed requests and
      final throughput will be incorrect.
      
      This patch takes into account real completion size of the request and
      fixes wrong completion accounting.
      Signed-off-by: default avatarRoman Pen <r.peniaev@gmail.com>
      CC: Steven Rostedt <rostedt@goodmis.org>
      CC: Frederic Weisbecker <fweisbec@gmail.com>
      CC: Ingo Molnar <mingo@redhat.com>
      CC: linux-kernel@vger.kernel.org
      Cc: stable@kernel.org
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      
      (cherry picked from commit af5040da)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      0d1ad082
    • Gregory CLEMENT's avatar
      usb: gadget: atmel_usba: fix crashed during stopping when DEBUG is enabled · d28eae1d
      Gregory CLEMENT authored
      commit 511f3c53 (usb: gadget: udc-core: fix a regression during gadget driver
      unbinding) introduced a crash when DEBUG is enabled.
      
      The debug trace in the atmel_usba_stop function made the assumption that the
      driver pointer passed in parameter was not NULL, but since the commit above,
      such assumption was no longer always true.
      
      This commit now uses the driver pointer stored in udc which fixes this
      issue.
      
      [ balbi@ti.com : improved commit log a bit ]
      
      Cc: <stable@vger.kernel.org> # v3.2+
      Acked-by: default avatarAlexandre Belloni <alexandre.belloni@free-electrons.com>
      Signed-off-by: default avatarGregory CLEMENT <gregory.clement@free-electrons.com>
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      
      (cherry picked from commit d8eb6c65)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      d28eae1d
    • Oleksij Rempel's avatar
      [media] uvcvideo: Do not use usb_set_interface on bulk EP · ab2350d5
      Oleksij Rempel authored
      The UVC specification uses alternate setting selection to notify devices
      of stream start/stop. This breaks when using bulk-based devices, as the
      video streaming interface has a single alternate setting in that case,
      making video stream start and video stream stop events to appear
      identical to the device. Bulk-based devices are thus not well supported
      by UVC.
      
      The webcam built in the Asus Zenbook UX302LA ignores the set interface
      request and will keep the video stream enabled when the driver tries to
      stop it. If USB autosuspend is enabled the device will then be suspended
      and will crash, requiring a cold reboot.
      
      USB trace capture showed that Windows sends a CLEAR_FEATURE(HALT)
      request to the bulk endpoint when stopping the stream instead of
      selecting alternate setting 0. The camera then behaves correctly, and
      thus seems to require that behaviour.
      
      Replace selection of alternate setting 0 with clearing of the endpoint
      halt feature at video stream stop for bulk-based devices. Let's refrain
      from blaming Microsoft this time, as it's not clear whether this
      Windows-specific but USB-compliant behaviour was specifically developed
      to handle bulkd-based UVC devices, or if the camera just took advantage
      of it.
      
      CC: stable@vger.kernel.org
      Signed-off-by: default avatarOleksij Rempel <linux@rempel-privat.de>
      Signed-off-by: default avatarLaurent Pinchart <laurent.pinchart@ideasonboard.com>
      Signed-off-by: default avatarMauro Carvalho Chehab <m.chehab@samsung.com>
      
      (cherry picked from commit b1e43f23)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      ab2350d5
    • Claudio Takahasi's avatar
      Bluetooth: Fix removing Long Term Key · 8dedbff9
      Claudio Takahasi authored
      This patch fixes authentication failure on LE link re-connection when
      BlueZ acts as slave (peripheral). LTK is removed from the internal list
      after its first use causing PIN or Key missing reply when re-connecting
      the link. The LE Long Term Key Request event indicates that the master
      is attempting to encrypt or re-encrypt the link.
      
      Pre-condition: BlueZ host paired and running as slave.
      How to reproduce(master):
      
        1) Establish an ACL LE encrypted link
        2) Disconnect the link
        3) Try to re-establish the ACL LE encrypted link (fails)
      
      > HCI Event: LE Meta Event (0x3e) plen 19
            LE Connection Complete (0x01)
              Status: Success (0x00)
              Handle: 64
              Role: Slave (0x01)
      ...
      @ Device Connected: 00:02:72:DC:29:C9 (1) flags 0x0000
      > HCI Event: LE Meta Event (0x3e) plen 13
            LE Long Term Key Request (0x05)
              Handle: 64
              Random number: 875be18439d9aa37
              Encryption diversifier: 0x76ed
      < HCI Command: LE Long Term Key Request Reply (0x08|0x001a) plen 18
              Handle: 64
              Long term key: 2aa531db2fce9f00a0569c7d23d17409
      > HCI Event: Command Complete (0x0e) plen 6
            LE Long Term Key Request Reply (0x08|0x001a) ncmd 1
              Status: Success (0x00)
              Handle: 64
      > HCI Event: Encryption Change (0x08) plen 4
              Status: Success (0x00)
              Handle: 64
              Encryption: Enabled with AES-CCM (0x01)
      ...
      @ Device Disconnected: 00:02:72:DC:29:C9 (1) reason 3
      < HCI Command: LE Set Advertise Enable (0x08|0x000a) plen 1
              Advertising: Enabled (0x01)
      > HCI Event: Command Complete (0x0e) plen 4
            LE Set Advertise Enable (0x08|0x000a) ncmd 1
              Status: Success (0x00)
      > HCI Event: LE Meta Event (0x3e) plen 19
            LE Connection Complete (0x01)
              Status: Success (0x00)
              Handle: 64
              Role: Slave (0x01)
      ...
      @ Device Connected: 00:02:72:DC:29:C9 (1) flags 0x0000
      > HCI Event: LE Meta Event (0x3e) plen 13
            LE Long Term Key Request (0x05)
              Handle: 64
              Random number: 875be18439d9aa37
              Encryption diversifier: 0x76ed
      < HCI Command: LE Long Term Key Request Neg Reply (0x08|0x001b) plen 2
              Handle: 64
      > HCI Event: Command Complete (0x0e) plen 6
            LE Long Term Key Request Neg Reply (0x08|0x001b) ncmd 1
              Status: Success (0x00)
              Handle: 64
      > HCI Event: Disconnect Complete (0x05) plen 4
              Status: Success (0x00)
              Handle: 64
              Reason: Authentication Failure (0x05)
      @ Device Disconnected: 00:02:72:DC:29:C9 (1) reason 0
      Signed-off-by: default avatarClaudio Takahasi <claudio.takahasi@openbossa.org>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
      
      (cherry picked from commit 5981a882)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      8dedbff9
    • Hannes Reinecke's avatar
      tty: Set correct tty name in 'active' sysfs attribute · 76ea3858
      Hannes Reinecke authored
      The 'active' sysfs attribute should refer to the currently active tty
      devices the console is running on, not the currently active console.
      
      The console structure doesn't refer to any device in sysfs, only the tty
      the console is running on has.  So we need to print out the tty names in
      'active', not the console names.
      
      This resolves an issue on s390 platforms in determining the correct
      console device to use.
      
      Cc: Lennart Poettering <lennart@poettering.net>
      Cc: Kay Sievers <kay@vrfy.org>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: David Herrmann <dh.herrmann@gmail.com>
      Signed-off-by: default avatarWerner Fink <werner@suse.de>
      Signed-off-by: default avatarHannes Reinecke <hare@suse.de>
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      
      (cherry picked from commit d8a5dc30)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      76ea3858
    • Malcolm Priestley's avatar
      [media] m88rs2000: prevent frontend crash on continuous transponder scans · cca6382b
      Malcolm Priestley authored
      Add m88rs2000_get_tune_settings, min delay of 2000 ms on symbol
      rate more than 3000000 and delay of 3000ms less than this.
      
      Adding min delay prevents crashing the frontend on continuous
      transponder scans. Other dvb_frontend_tune_settings remain as default.
      
      This makes very little time difference to good channel scans, but slows down
      the set frontend where lock can never be achieved i.e. DVB-S2.
      Signed-off-by: default avatarMalcolm Priestley <tvboxspy@gmail.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMichael Krufky <mkrufky@linuxtv.org>
      Signed-off-by: default avatarMauro Carvalho Chehab <m.chehab@samsung.com>
      
      (cherry picked from commit 8272d0a0)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      cca6382b
    • Malcolm Priestley's avatar
      [media] m88rs2000: add caps FE_CAN_INVERSION_AUTO · c1a49959
      Malcolm Priestley authored
      The m88rs2000 frontend is always auto inversion.
      Signed-off-by: default avatarMalcolm Priestley <tvboxspy@gmail.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMichael Krufky <mkrufky@linuxtv.org>
      Signed-off-by: default avatarMauro Carvalho Chehab <m.chehab@samsung.com>
      
      (cherry picked from commit 3c8023a7)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      c1a49959
    • Wolfram Sang's avatar
      [media] media: gspca: sn9c20x: add ID for Genius Look 1320 V2 · b789b284
      Wolfram Sang authored
      Signed-off-by: default avatarWolfram Sang <wsa@the-dreams.de>
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMauro Carvalho Chehab <m.chehab@samsung.com>
      
      (cherry picked from commit 61f03191)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      b789b284
    • Fenghua Yu's avatar
      x86, AVX-512: AVX-512 Feature Detection · 1e53b2cd
      Fenghua Yu authored
      AVX-512 is an extention of AVX2. Its spec can be found at:
      http://download-software.intel.com/sites/default/files/managed/71/2e/319433-017.pdf
      
      This patch detects AVX-512 features by CPUID.
      Signed-off-by: default avatarFenghua Yu <fenghua.yu@intel.com>
      Link: http://lkml.kernel.org/r/1392931491-33237-1-git-send-email-fenghua.yu@intel.comSigned-off-by: default avatarH. Peter Anvin <hpa@linux.intel.com>
      Cc: <stable@vger.kernel.org> # hw enabling
      
      (cherry picked from commit 8e5780fd)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      1e53b2cd
    • Huang Rui's avatar
      usb: dwc3: fix wrong bit mask in dwc3_event_devt · 44decaae
      Huang Rui authored
      Around DWC USB3 2.30a release another bit has been added to the
      Device-Specific Event (DEVT) Event Information (EvtInfo) bitfield.
      
      Because of that, what used to be 8 bits long, has become 9 bits long.
      
      Per dwc3 2.30a+ spec in the Device-Specific Event (DEVT), the field of
      Event Information Bits(EvtInfo) uses [24:16] bits, and it has 9 bits
      not 8 bits. And the following reserved field uses [31:25] bits not
      [31:24] bits, and it has 7 bits.
      
      So in dwc3_event_devt, the bit mask should be:
      event_info	[24:16]		9 bits
      reserved31_25	[31:25]		7 bits
      
      This patch makes sure that newer core releases will work fine with
      Linux and that we will decode the event information properly on new
      core releases.
      
      [ balbi@ti.com : improve commit log a bit ]
      
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarHuang Rui <ray.huang@amd.com>
      Signed-off-by: default avatarFelipe Balbi <balbi@ti.com>
      
      (cherry picked from commit 06f9b6e5)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      44decaae
    • Paul Gortmaker's avatar
      hvc: ensure hvc_init is only ever called once in hvc_console.c · 4dbaa580
      Paul Gortmaker authored
      Commit 3e6c6f63 ("Delay creation of
      khcvd thread") moved the call of hvc_init from being a device_initcall
      into hvc_alloc, and used a non-null hvc_driver as indication of whether
      hvc_init had already been called.
      
      The problem with this is that hvc_driver is only assigned a value
      at the bottom of hvc_init, and so there is a window where multiple
      hvc_alloc calls can be in progress at the same time and hence try
      and call hvc_init multiple times.  Previously the use of device_init
      guaranteed that hvc_init was only called once.
      
      This manifests itself as sporadic instances of two hvc_init calls
      racing each other, and with the loser of the race getting -EBUSY
      from tty_register_driver() and hence that virtual console fails:
      
          Couldn't register hvc console driver
          virtio-ports vport0p1: error -16 allocating hvc for port
      
      Here we add an atomic_t to guarantee we'll never run hvc_init twice.
      
      Cc: stable@vger.kernel.org  # v2.6.24+
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Fixes: 3e6c6f63 ("Delay creation of khcvd thread")
      Reported-by: default avatarJim Somerville <Jim.Somerville@windriver.com>
      Tested-by: default avatarJim Somerville <Jim.Somerville@windriver.com>
      Signed-off-by: default avatarPaul Gortmaker <paul.gortmaker@windriver.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      
      (cherry picked from commit f76a1cbe)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      4dbaa580
    • Mikulas Patocka's avatar
      tgafb: fix data copying · 77489b53
      Mikulas Patocka authored
      The functions for data copying copyarea_foreward_8bpp and
      copyarea_backward_8bpp are buggy, they produce screen corruption.
      
      This patch fixes the functions and moves the logic to one function
      "copyarea_8bpp". For simplicity, the function only handles copying that
      is aligned on 8 pixes. If we copy an unaligned area, generic function
      cfb_copyarea is used.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarTomi Valkeinen <tomi.valkeinen@ti.com>
      
      (cherry picked from commit 6b0df682)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      77489b53
    • Mikulas Patocka's avatar
      tgafb: fix mode setting with fbset · e653ad71
      Mikulas Patocka authored
      Mode setting in the TGA driver is broken for these reasons:
      
      - info->fix.line_length is set just once in tgafb_init_fix function. If
        we change videomode, info->fix.line_length is not recalculated - so
        the video mode is changed but the screen is corrupted because of wrong
        info->fix.line_length.
      
      - info->fix.smem_len is set in tgafb_init_fix to the size of the default
        video mode (640x480). If we set a higher resolution,
        info->fix.smem_len is smaller than the current screen size, preventing
        the userspace program from mapping the framebuffer.
      
      This patch fixes it:
      
      - info->fix.line_length initialization is moved to tgafb_set_par so that
        it is recalculated with each mode change.
      
      - info->fix.smem_len is set to a fixed value representing the real
        amount of video ram (the values are taken from xfree86 driver).
      
      - add a check to tgafb_check_var to prevent us from setting a videomode
        that doesn't fit into videoram.
      
      - in tgafb_register, tgafb_init_fix is moved upwards, to be called
        before fb_find_mode (because fb_find_mode already needs the videoram
        size set in tgafb_init_fix).
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Cc: stable@vga.kernel.org
      Signed-off-by: default avatarTomi Valkeinen <tomi.valkeinen@ti.com>
      
      (cherry picked from commit 62496658)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      e653ad71
    • Mikulas Patocka's avatar
      mach64: fix cursor when character width is not a multiple of 8 pixels · f2c5d023
      Mikulas Patocka authored
      This patch fixes the hardware cursor on mach64 when font width is not a
      multiple of 8 pixels.
      
      If you load such a font, the cursor is expanded to the next 8-byte
      boundary and a part of the next character after the cursor is not
      visible.
      For example, when you load a font with 12-pixel width, the cursor width
      is 16 pixels and when the cursor is displayed, 4 pixels of the next
      character are not visible.
      
      The reason is this: atyfb_cursor is called with proper parameters to
      load an image that is 12-pixel wide. However, the number is aligned on
      the next 8-pixel boundary on the line
      "unsigned int width = (cursor->image.width + 7) >> 3;" and the whole
      function acts as it is was loading a 16-pixel image.
      
      This patch fixes it so that the value written to the framebuffer is
      padded with 0xaaaa (the transparent pattern) when the image size it not
      a multiple of 8 pixels. The transparent pattern causes that the cursor
      will not interfere with the next character.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarTomi Valkeinen <tomi.valkeinen@ti.com>
      
      (cherry picked from commit 43751a1b)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      f2c5d023
    • Mikulas Patocka's avatar
      mach64: use unaligned access · 16cefd47
      Mikulas Patocka authored
      This patch fixes mach64 to use unaligned access to the font bitmap.
      
      This fixes unaligned access warning on sparc64 when 14x8 font is loaded.
      
      On x86(64), unaligned access is handled in hardware, so both functions
      le32_to_cpup and get_unaligned_le32 perform the same operation.
      
      On RISC machines, unaligned access is not handled in hardware, so we
      better use get_unaligned_le32 to avoid the unaligned trap and warning.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarTomi Valkeinen <tomi.valkeinen@ti.com>
      
      (cherry picked from commit c29dd869)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      16cefd47
    • Mikulas Patocka's avatar
      framebuffer: fix cfb_copyarea · 5ec49937
      Mikulas Patocka authored
      The function cfb_copyarea is buggy when the copy operation is not aligned on
      long boundary (4 bytes on 32-bit machines, 8 bytes on 64-bit machines).
      
      How to reproduce:
      - use x86-64 machine
      - use a framebuffer driver without acceleration (for example uvesafb)
      - set the framebuffer to 8-bit depth
      	(for example fbset -a 1024x768-60 -depth 8)
      - load a font with character width that is not a multiple of 8 pixels
      	note: the console-tools package cannot load a font that has
      	width different from 8 pixels. You need to install the packages
      	"kbd" and "console-terminus" and use the program "setfont" to
      	set font width (for example: setfont Uni2-Terminus20x10)
      - move some text left and right on the bash command line and you get a
      	screen corruption
      
      To expose more bugs, put this line to the end of uvesafb_init_info:
      info->flags |= FBINFO_HWACCEL_COPYAREA | FBINFO_READS_FAST;
      - Now framebuffer console will use cfb_copyarea for console scrolling.
      You get a screen corruption when console is scrolled.
      
      This patch is a rewrite of cfb_copyarea. It fixes the bugs, with this
      patch, console scrolling in 8-bit depth with a font width that is not a
      multiple of 8 pixels works fine.
      
      The cfb_copyarea code was very buggy and it looks like it was written
      and never tried with non-8-pixel font.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarTomi Valkeinen <tomi.valkeinen@ti.com>
      
      (cherry picked from commit 00a9d699)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      5ec49937
    • Mikulas Patocka's avatar
      matroxfb: restore the registers M_ACCESS and M_PITCH · 61e67584
      Mikulas Patocka authored
      When X11 is running and the user switches back to console, the card
      modifies the content of registers M_MACCESS and M_PITCH in periodic
      intervals.
      
      This patch fixes it by restoring the content of these registers before
      issuing any accelerator command.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarTomi Valkeinen <tomi.valkeinen@ti.com>
      
      (cherry picked from commit a772d473)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      61e67584
    • Will Deacon's avatar
      ARM: 7954/1: mm: remove remaining domain support from ARMv6 · c5cd5024
      Will Deacon authored
      CPU_32v6 currently selects CPU_USE_DOMAINS if CPU_V6 and MMU. This is
      because ARM 1136 r0pX CPUs lack the v6k extensions, and therefore do
      not have hardware thread registers. The lack of these registers requires
      the kernel to update the vectors page at each context switch in order to
      write a new TLS pointer. This write must be done via the userspace
      mapping, since aliasing caches can lead to expensive flushing when using
      kmap. Finally, this requires the vectors page to be mapped r/w for
      kernel and r/o for user, which has implications for things like put_user
      which must trigger CoW appropriately when targetting user pages.
      
      The upshot of all this is that a v6/v7 kernel makes use of domains to
      segregate kernel and user memory accesses. This has the nasty
      side-effect of making device mappings executable, which has been
      observed to cause subtle bugs on recent cores (e.g. Cortex-A15
      performing a speculative instruction fetch from the GIC and acking an
      interrupt in the process).
      
      This patch solves this problem by removing the remaining domain support
      from ARMv6. A new memory type is added specifically for the vectors page
      which allows that page (and only that page) to be mapped as user r/o,
      kernel r/w. All other user r/o pages are mapped also as kernel r/o.
      Patch co-developed with Russell King.
      
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
      
      (cherry picked from commit b6ccb980)
      Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
      c5cd5024