Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Acked-by: David Brownell <dbrownell@users.sourceforge.net>
Cc: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

this mentions a new deadlock due to advanced power management.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

"#%x" should have been "%#x"

Signed-off-by: Simon Arlott <simon@fire.lp0.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

add razr v3xx US_FL_FIX_CAPACITY flag to unusual_devs.h in usb-storage

This is another Motorola phone that incorrectly reports the sector count
(off by one).

Problem Description: io errors when mounting phone's sd-card via the
phones usb port

Steps to reproduce: mount Motorola Razr v3xx phones sd-card on Linux Desktop
via usb cable. Phones USB port must be in memory card mode.

DEBUG output:
Jul 9 19:32:41 micky kernel: Buffer I/O error on device sdd, logical block 3970048
Jul 9 19:32:41 micky kernel: sd 11:0:0:0: [sdd] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE,SUGGEST_OK
Jul 9 19:32:41 micky kernel: sd 11:0:0:0: [sdd] Sense Key : Medium Error [current]
Jul 9 19:32:41 micky kernel: sd 11:0:0:0: [sdd] Add. Sense: No additional sense information
Jul 9 19:32:41 micky kernel: end_request: I/O error, dev sdd, sector 3970048


From: Jost Diederichs <jost@qdusa.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This patch upgrades the support for the Sierra Wireless TRU-Install
feature (i.e. zeroCD) to allow for future support of Linux enabled
TRU-Install devices.

By default all devices that do not have a Linux enabled TRU-Install
device (i.e. the device does not have a Linux package on the virtual CD
partition) will be switched into "modem mode." Devices that do contain a
Linux package in the TRU-Install virtual CD will be allowed to enumerate
as a CD-Rom so that either (a) a user can install the packaged software
or (b) a user-space application (e.g. udev) can switch it to modem mode.

This patch does allow for manual override by adding a usb-storage module
parameter 'swi_tru_install' which can force the modem into either mode
regardless of what packages it contains.

Signed-off-by: Kevin Lloyd <klloyd@sierrawireless.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Moves responsbility of TRU-Install (i.e. ZeroCD) to the usb-storage
driver. See patch 04/04 of this set.

Signed-off-by: Kevin Lloyd <klloyd@sierrawireless.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This patch changes the method by which the number of ports per interface is
assigned so that it is more dynamic and calculated on the fly (as opposed to
hard coding it). This will allow for faster and easier addition of products.

Signed-off-by: Kevin Lloyd <klloyd@sierrawireless.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Very minor changes to clean up sierra code. Adds a prefix to debug messages so
that Sierra messages are easily recognized. Removes extraneous code.

This targets kernel 2.6.26-rc9

Signed-off-by: Kevin Lloyd <klloyd@sierrawireless.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

USB ID 4348:5523 is handled by the ch341 driver.  Remove it from the
pl2023 driver.

Reverts 002e8f2c

.

Signed-off-by: Tollef Fog Heen <tfheen@err.no>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This patch (as1115) adds unusual_devs entries with the IGNORE_RESIDE
flag for the iRiver T10 and the Simple Tech/Datafab CF+SM card
reader.  Apparently these devices provide reasonable residue values
for READ and WRITE operations, but not for others like INQUIRY or READ
CAPACITY.

This fixes the iRiver T10 problem reported in Bugzilla #11125.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This makes "USB Monitor" appear under "Miscellaneous USB options"
section instead of in the middle of device specific drivers in the
"USB Imaging devices" section.

Signed-off-by: Simon Arlott <simon@fire.lp0.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This patch (as1119) will help to reduce the clutter of usb-storage's
unusual_devs file by automatically detecting some devices that need
the IGNORE_RESIDUE flag.  The idea is that devices should never return
a non-zero residue for an INQUIRY or a READ CAPACITY command unless
they failed to transfer all the requested data.  So if one of these
commands transfers a standard amount of data but there is a positive
residue, we know that the residue is bogus and we can set the flag.

This fixes the problems reported in Bugzilla #11125.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This patch (as1122) fixes a bug: When an interface is unregistered,
its children (sysfs files and endpoint devices) are unregistered after
it instead of before.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Tested-by: Kay Sievers <kay.sievers@vrfy.org>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This patch (as1121) fixes a bug in the USB serial core.  When a device
is unregistered, the core will give back its minors -- even if the
device hasn't been assigned any!

The patch reserves the highest minor value (255) to mean that no minor
was assigned.  It also removes some dead code and does a small style
fixup.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Without it, we might have trouble when trying to write
some composite gadget drivers.

Cc: David Brownell <dbrownell@users.sourceforge.net>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Felipe Balbi <felipe.balbi@nokia.com>
Acked-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

usb-storage: quirk around v1.11 firmware on Nikon D40

https://bugzilla.redhat.com/show_bug.cgi?id=454028


Just as in earlier firmware versions, we need to perform this
quirk for the latest version too.

Speculatively do the entry for the D80 too, as they seem to
have the same firmware problems historically.

Signed-off-by: Dave Jones <davej@redhat.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This patch (as1114) fixes a problem that was revealed by an earlier
patch (as1069b).  Some broken controllers seem never to turn off their
RHCS interrupt status bit, even when told to do so.  As a result they
generate an interrupt storm and hang the system.

The patch avoids enabling RHSC interrupt requests when the RHCS status
bit is already set.  This should have no adverse affects on normal
controllers, since they won't set the status bit until a root-hub
status change actually occurs, in which case we wouldn't enable RHSC
interrupt requests anyway -- we would wait until the status change had
been processed and cleared.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Tested by: Andrey Borzenkov <arvidjaar@mail.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

usb/core/driver: fix warning:
drivers/usb/core/driver.c:834: warning: 'do_unbind_rebind' defined but not used

Signed-off-by: Alexander Beregalov <a.beregalov@gmail.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This patch (as1117) adds a kerneldoc line for the "needs_binding"
field in struct usb_interface.  It was accidentally omitted when the
field was added.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

The Patch adds support for Luminance Stellaris Evaluation/Development
Kits (FTDI 2232C based).
The PIDs were missing.

Successfully tested with a Stellaris LM3S8962 Evaluation kit.

Signed-off-by: Frederik Kriewitz <frederik@kriewitz.eu>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

USB product id registration for the ELV HS485 USB adapter (www.elv.de) to
their home automation bus system. Applies to 2.6.26.

Signed-off-by: Andre Schenk <andre@melior.s.bawue.de>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

USB: fix USB boot crash, ecm_do_notify(), list_add corruption. prev->next should be next (ffff88003b8f82f8)

This fixes a BUG() turned up by Ingo via randconfig testing, where
CONFIG_LIST_DEBUG turned up list corruption.  The corruption was
caused by the dummy_hcd (single-machine test harness for gadget and
HCD code) trashing the request queue when driven by the new CDC
composite gadget an I/O pattern that was previously uncommon.
Fix suggested by Alan Stern.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Tested-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This patch removes the auerswald USB driver from the linux kernel
2.6.26.

This driver was included into the kernel mainly to connect to the ISDN
framework. This was done in linux 2.4.x. For 2.6.x, due to the fragile
and moving ISDN support, this connection was never realized, and the
only use of this driver was for device configuration. In the age of DSL,
the demand of ISDN support is getting very low.

Meanwhile, with the advent of libusb, an userspace driver was done for
the device configuration which works fine for linux and mac. (Thanks to
the libusb developers!). The userspace driver is downloadable from the
auerswald web site.

So this driver is obsolete now and has to be removed. Many thanks to all
developers which helped me to bring this driver up and working.

Signed-off-by: Wolfgang Muees <wolfgang@iksw-muees.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: padlock - fix VIA PadLock instruction usage with irq_ts_save/restore()
  crypto: hash - Add missing top-level functions
  crypto: hash - Fix digest size check for digest type
  crypto: tcrypt - Fix AEAD chunk testing
  crypto: talitos - Add handling for SEC 3.x treatment of link table

* git://oss.sgi.com:8090/xfs/linux-2.6: (45 commits)
  [XFS] Fix use after free in xfs_log_done().
  [XFS] Make xfs_bmap_*_count_leaves void.
  [XFS] Use KM_NOFS for debug trace buffers
  [XFS] use KM_MAYFAIL in xfs_mountfs
  [XFS] refactor xfs_mount_free
  [XFS] don't call xfs_freesb from xfs_unmountfs
  [XFS] xfs_unmountfs should return void
  [XFS] cleanup xfs_mountfs
  [XFS] move root inode IRELE into xfs_unmountfs
  [XFS] stop using file_update_time
  [XFS] optimize xfs_ichgtime
  [XFS] update timestamp in xfs_ialloc manually
  [XFS] remove the sema_t from XFS.
  [XFS] replace dquot flush semaphore with a completion
  [XFS] replace inode flush semaphore with a completion
  [XFS] extend completions to provide XFS object flush requirements
  [XFS] replace the XFS buf iodone semaphore with a completion
  [XFS] clean up stale references to semaphores
  [XFS] use get_unaligned_* helpers
  [XFS] Fix compile failure in xfs_buf_trace()
  ...

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/dlm:
  dlm: rename structs
  dlm: add missing kfrees

Done as a script (well, a single "git mv" actually) on request from
Yoshinori Sato as a way to avoid a huge diff.

Requested-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Add a dlm_ prefix to the struct names in config.c.  This resolves a
conflict with struct node in particular, when include/linux/node.h
happens to be included.

Reported-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David Teigland <teigland@redhat.com>

A couple of unlikely error conditions were missing a kfree on the error
exit path.

Reported-by: Juha Leppanen <juha_motorsportcom@luukku.com>
Signed-off-by: David Teigland <teigland@redhat.com>

Wolfgang Walter reported this oops on his via C3 using padlock for
AES-encryption:

##################################################################

BUG: unable to handle kernel NULL pointer dereference at 000001f0
IP: [<c01028c5>] __switch_to+0x30/0x117
*pde = 00000000
Oops: 0002 [#1] PREEMPT
Modules linked in:

Pid: 2071, comm: sleep Not tainted (2.6.26 #11)
EIP: 0060:[<c01028c5>] EFLAGS: 00010002 CPU: 0
EIP is at __switch_to+0x30/0x117
EAX: 00000000 EBX: c0493300 ECX: dc48dd00 EDX: c0493300
ESI: dc48dd00 EDI: c0493530 EBP: c04cff8c ESP: c04cff7c
 DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Process sleep (pid: 2071, ti=c04ce000 task=dc48dd00 task.ti=d2fe6000)
Stack: dc48df30 c0493300 00000000 00000000 d2fe7f44 c03b5b43 c04cffc8 00000046
       c0131856 0000005a dc472d3c c0493300 c0493470 d983ae00 00002696 00000000
       c0239f54 00000000 c04c4000 c04cffd8 c01025fe c04f3740 00049800 c04cffe0
Call Trace:
 [<c03b5b43>] ? schedule+0x285/0x2ff
 [<c0131856>] ? pm_qos_requirement+0x3c/0x53
 [<c0239f54>] ? acpi_processor_idle+0x0/0x434
 [<c01025fe>] ? cpu_idle+0x73/0x7f
 [<c03a4dcd>] ? rest_init+0x61/0x63
 =======================

Wolfgang also found out that adding kernel_fpu_begin() and kernel_fpu_end()
around the padlock instructions fix the oops.

Suresh wrote:

These padlock instructions though don't use/touch SSE registers, but it behaves
similar to other SSE instructions. For example, it might cause DNA faults
when cr0.ts is set. While this is a spurious DNA trap, it might cause
oops with the recent fpu code changes.

This is the code sequence  that is probably causing this problem:

a) new app is getting exec'd and it is somewhere in between
   start_thread() and flush_old_exec() in the load_xyz_binary()

b) At pont "a", task's fpu state (like TS_USEDFPU, used_math() etc) is
   cleared.

c) Now we get an interrupt/softirq which starts using these encrypt/decrypt
   routines in the network stack. This generates a math fault (as
   cr0.ts is '1') which sets TS_USEDFPU and restores the math that is
   in the task's xstate.

d) Return to exec code path, which does start_thread() which does
   free_thread_xstate() and sets xstate pointer to NULL while
   the TS_USEDFPU is still set.

e) At the next context switch from the new exec'd task to another task,
   we have a scenarios where TS_USEDFPU is set but xstate pointer is null.
   This can cause an oops during unlazy_fpu() in __switch_to()

Now:

1) This should happen with or with out pre-emption. Viro also encountered
   similar problem with out CONFIG_PREEMPT.

2) kernel_fpu_begin() and kernel_fpu_end() will fix this problem, because
   kernel_fpu_begin() will manually do a clts() and won't run in to the
   situation of setting TS_USEDFPU in step "c" above.

3) This was working before the fpu changes, because its a spurious
   math fault  which doesn't corrupt any fpu/sse registers and the task's
   math state was always in an allocated state.

With out the recent lazy fpu allocation changes, while we don't see oops,
there is a possible race still present in older kernels(for example,
while kernel is using kernel_fpu_begin() in some optimized clear/copy
page and an interrupt/softirq happens which uses these padlock
instructions generating DNA fault).

This is the failing scenario that existed even before the lazy fpu allocation
changes:

0. CPU's TS flag is set

1. kernel using FPU in some optimized copy  routine and while doing
kernel_fpu_begin() takes an interrupt just before doing clts()

2. Takes an interrupt and ipsec uses padlock instruction. And we
take a DNA fault as TS flag is still set.

3. We handle the DNA fault and set TS_USEDFPU and clear cr0.ts

4. We complete the padlock routine

5. Go back to step-1, which resumes clts() in kernel_fpu_begin(), finishes
the optimized copy routine and does kernel_fpu_end(). At this point,
we have cr0.ts again set to '1' but the task's TS_USEFPU is stilll
set and not cleared.

6. Now kernel resumes its user operation. And at the next context
switch, kernel sees it has do a FP save as TS_USEDFPU is still set
and then will do a unlazy_fpu() in __switch_to(). unlazy_fpu()
will take a DNA fault, as cr0.ts is '1' and now, because we are
in __switch_to(), math_state_restore() will get confused and will
restore the next task's FP state and will save it in prev tasks's FP state.
Remember, in __switch_to() we are already on the stack of the next task
but take a DNA fault for the prev task.

This causes the fpu leakage.

Fix the padlock instruction usage by calling them inside the
context of new routines irq_ts_save/restore(), which clear/restore cr0.ts
manually in the interrupt context. This will not generate spurious DNA
in the  context of the interrupt which will fix the oops encountered and
the possible FPU leakage issue.

Reported-and-bisected-by: Wolfgang Walter <wolfgang.walter@stwm.de>
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

The top-level functions init/update/final were missing for ahash.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

The changeset ca786dc7



	crypto: hash - Fixed digest size check

missed one spot for the digest type.  This patch corrects that
error.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

My changeset 4b22f0dd



	crypto: tcrpyt - Remove unnecessary kmap/kunmap calls

introduced a typo that broke AEAD chunk testing.  In particular,
axbuf should really be xbuf.

There is also an issue with testing the last segment when encrypting.
The additional part produced by AEAD wasn't tested.  Similarly, on
decryption the additional part of the AEAD input is mistaken for
corruption.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Later SEC revision requires the link table (used for scatter/gather)
to have an extra entry to account for the total length in descriptor [4],
which contains cipher Input and ICV.
This only applies to decrypt, not encrypt.
Without this change, on 837x, a gather return/length error results
when a decryption uses a link table to gather the fragments.
This is observed by doing a ping with size of 1447 or larger with AES,
or a ping with size 1455 or larger with 3des.

So, add check for SEC compatible "fsl,3.0" for using extra link table entry.

Signed-off-by: Lee Nipper <lee.nipper@freescale.com>
Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

The ticket allocation code got reworked in 2.6.26 and we now free tickets
whereas before we used to cache them so the use-after-free went
undetected.

SGI-PV: 985525

SGI-Modid: xfs-linux-melb:xfs-kern:31877a

Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Signed-off-by: David Chinner <david@fromorbit.com>

xfs_bmap_count_leaves and xfs_bmap_disk_count_leaves always return always
0, make them void.

SGI-PV: 981498

SGI-Modid: xfs-linux-melb:xfs-kern:31844a

Signed-off-by: Ruben Porras <ruben.porras@linworks.de>
Signed-off-by: Donald Douwsma <donaldd@sgi.com>
Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>

Use KM_NOFS to prevent recursion back into the filesystem which can cause
deadlocks.

In the case of xfs_iread() we hold the lock on the inode cluster buffer
while allocating memory for the trace buffers. If we recurse back into XFS
to flush data that may require a transaction to allocate extents which
needs log space. This can deadlock with the xfsaild thread which can't
push the tail of the log because it is trying to get the inode cluster
buffer lock.

SGI-PV: 981498

SGI-Modid: xfs-linux-melb:xfs-kern:31838a

Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Signed-off-by: David Chinner <david@fromorbit.com>

Use KM_MAYFAIL for the m_perag allocation, we can deal with the error
easily and blocking forever during mount is not a good idea either.

SGI-PV: 981498

SGI-Modid: xfs-linux-melb:xfs-kern:31837a

Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>

xfs_mount_free mostly frees the perag data, which is something that is
duplicated in the mount error path.

Move the XFS_QM_DONE call to the caller and remove the useless
mutex_destroy/spinlock_destroy calls so that we can re-use it for the
mount error path. Also rename it to xfs_free_perag to reflect what it
does.

SGI-PV: 981498

SGI-Modid: xfs-linux-melb:xfs-kern:31836a

Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>

xfs_readsb is called before xfs_mount so xfs_freesb should be called after
xfs_unmountfs, too. This means it now happens after a few things during
the of xfs_unmount which all have nothing to do with the superblock.

SGI-PV: 981498

SGI-Modid: xfs-linux-melb:xfs-kern:31835a

Signed-off-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>