This is the minimal sequence that jams the allocator:

void *p, *q, *r;
p = alloc_bootmem(PAGE_SIZE);
q = alloc_bootmem(64);
free_bootmem(p, PAGE_SIZE);
p = alloc_bootmem(PAGE_SIZE);
r = alloc_bootmem(64);

after this sequence (assuming that the allocator was empty or page-aligned
before), pointer "q" will be equal to pointer "r".

What's hapenning inside the allocator:
p = alloc_bootmem(PAGE_SIZE);
in allocator: last_end_off == PAGE_SIZE, bitmap contains bits 10000...
q = alloc_bootmem(64);
in allocator: last_end_off == PAGE_SIZE + 64, bitmap contains 11000...
free_bootmem(p, PAGE_SIZE);
in allocator: last_end_off == PAGE_SIZE + 64, bitmap contains 01000...
p = alloc_bootmem(PAGE_SIZE);
in allocator: last_end_off == PAGE_SIZE, bitmap contains 11000...
r = alloc_bootmem(64);

and now:

it finds bit "2", as a place where to allocate (sidx)

it hits the condition

if (bdata->last_end_off && PFN_DOWN(bdata->last_end_off) + 1 == sidx))
start_off = ALIGN(bdata->last_end_off, align);

-you can see that the condition is true, so it assigns start_off =
ALIGN(bdata->last_end_off, align); (that is PAGE_SIZE) and allocates
over already allocated block.

With the patch it tries to continue at the end of previous allocation only
if the previous allocation ended in the middle of the page.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Acked-by: Johannes Weiner <hannes@saeurebad.de>
Cc: David Miller <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6: (47 commits)
  usb: musb: pass configuration specifics via pdata
  usb: musb: fix hanging when rmmod gadget driver
  USB: Add MUSB and TUSB support
  USB: serial: remove CONFIG_USB_DEBUG from sierra and option drivers
  USB: Add vendor/product id of ZTE MF628 to option
  USB: quirk PLL power down mode
  USB: omap_udc: fix compilation with debug enabled
  usb: cdc-acm: drain writes on close
  usb: cdc-acm: stop dropping tx buffers
  usb: cdc-acm: bugfix release()
  usb gadget: issue notifications from ACM function
  usb gadget: remove needless struct members
  USB: sh: r8a66597-hcd: fix disconnect regression
  USB: isp1301: fix compilation
  USB: fix compiler warning fix
  usb-storage: unusual_devs entry for Nokia 5300
  USB: cdc-acm.c: Fix compile warnings
  USB: BandRich BandLuxe C150/C250 HSPA Data Card Driver
  USB: ftdi_sio: add support for PHI Fisco data cable (FT232BM based, VID/PID 0403:e40b)
  usb: isp1760: don't be noisy about short packets.
  ...

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  CRED: Introduce credential access wrappers

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (56 commits)
  netns: Fix crash by making igmp per namespace
  bnx2x: Version update
  bnx2x: Checkpatch compliance
  bnx2x: Spelling mistakes
  bnx2x: Minor code improvements
  bnx2x: Driver info
  bnx2x: 1G LED does not turn off
  bnx2x: 8073 PHY changes
  bnx2x: Change GPIO for any port
  bnx2x: Pause settings
  bnx2x: Link order with external PHY
  bnx2x: No LRO without Rx checksum
  bnx2x: Wrong structure size
  bnx2x: WoL capability
  bnx2x: Clearing MAC addresses filters
  bnx2x: Delay in while loops
  bnx2x: PBA Table Page Alignment Workaround
  bnx2x: Self-test false positive
  bnx2x: Memory allocation
  bnx2x: HW attention lock
  ...

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
  sparc64: Handle stack trace attempts before irqstacks are setup.
  sparc64: Implement IRQ stacks.
  sparc: remove include of linux/of_device.h from asm/of_device.h
  sparc64: Fix recursion in stack overflow detection handling.
  sparc/drivers: use linux/of_device.h instead of asm/of_device.h
  sparc64: Don't MAGIC_SYSRQ ifdef smp_fetch_global_regs and support code.

Use platform_data to pass musb configuration-specific
details to musb driver.

This patch will prevent that other platforms selecting
HAVE_CLK and enabling musb won't break tree building.

The other parts of it will come when linux-omap merge
up more omap2/3 board-files.

Signed-off-by: Felipe Balbi <felipe.balbi@nokia.com>
Acked-by: Paul Mundt <lethal@linux-sh.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

If we try to modprobe a second gadget driver before
rmmoding the first one, the reference for the first
gadget driver would get NULLed avoiding usb to change
gadget drivers later.

Cc: David Brownell <david-b@pacbell.net>
Cc: Tony Lindgren <tony@atomide.com>
Signed-off-by: Felipe Balbi <felipe.balbi@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This patch adds support for MUSB and TUSB controllers
integrated into omap2430 and davinci. It also adds support
for external tusb6010 controller.

Cc: David Brownell <dbrownell@users.sourceforge.net>
Cc: Tony Lindgren <tony@atomide.com>
Signed-off-by: Felipe Balbi <felipe.balbi@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

These drivers should not be relying on CONFIG_USB_DEBUG.  By doing this,
it prevents users of kernels that do not enable this option from
enabling debugging in these drivers, unlike all other usb-serial
drivers.

Cc: Matthias Urlichs <smurf@smurf.noris.de>
Cc: Kevin Lloyd <klloyd@sierrawireless.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This adds the vendor and product id (19d2:0015) of the ZTE MF628 HSDPA
modem to the option driver. It still needs a mode switch command issued
beforehand, this is currently handled by a userspace tool.

Signed-off-by: Oliver Martin <oliver.martin@student.tuwien.ac.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

On some AMD 700 series southbridges, ISO OUT transfers (such as audio
playback through speakers) on the USB OHCI controller may be corrupted
when an A-Link express power saving feature is active.

PLL power down mode in conjunction with link power management feature
L1 being enabled is the bad combination ... this patch prevents them
from being enabled when ISO transfers are pending.

Signed-off-by: Crane Cai <crane.cai@amd.com>
Signed-off-by: Libin Yang <libin.yang@amd.com>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Acked-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Add a mechanism to let the write queue drain naturally before
closing the TTY, rather than always losing that data.  There
is a timeout, so it can't wait too long.

Provide missing locking inside acm_wb_is_avail(); it matters
more now.  Note, this presumes an earlier patch was applied,
removing a call to this routine where the lock was held.

Slightly improved diagnostics on write URB completion, so we
can tell when a write URB gets killed and, if so, how much
data it wrote first ... and so that I/O path is normally
silent (and can't much change timings).

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

The "increase cdc-acm write throughput" patch left in place two
now-obsolete mechanisms, either of which can make the cdc-acm
driver drop TX data (nasty!).  This patch removes them:

  - The write_ready flag ... if an URB and buffer were found,
    they can (and should!) always be used.

  - TX path acm_wb_is_used() ... used when the buffer was just
    allocated, so that check is pointless.

Also fix a won't-yet-matter leak of a write buffer on a disconnect path.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Cc:  David Engraf <david.engraf@netcom.eu>
Acked-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Bugfixes to the usb_driver_release_interface() usage;

  (a) make sure releasing *either* interface first will release
      the other, instead of insisting it be the control interface;

  (b) remove the recently-added self-deadlock.

(The "fix disconnect bug in cdc-acm" patch was incomplete and incorrect.)

Plus a small "sparse" fix:  rename a local variable so it doesn't
shadow a function parameter.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Acked-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Update the CDC-ACM gadget code to support the peripheral-to-host
notifications when the tty is opened or closed, or issues a BREAK.
The serial framework code calls new generic hooks; right now only
CDC-ACM uses those hooks.  This resolves several REVISIT comments
in the code.  (Based on a patch from Felipe Balbi.)

Note that this doesn't expose USB_CDC_CAP_BRK to the host, since
this code still rejects USB_CDC_REQ_SEND_BREAK control requests
for host-to-peripheral BREAK signaling (received via /dev/ttyGS*).

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Cc: Felipe Balbi <felipe.balbi@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This removes some unused members from the various USB functions.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

fix the regression in commit 29fab0cd


that this driver executed reconnection processing when disconnected
some devices.

Signed-off-by: Yoshihiro Shimoda <shimoda.yoshihiro@renesas.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Acked-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This patch (as1123b) fixes a compiler warning: do_unbind_rebind() is
defined but not used if CONFIG_PM=n.

Problem originally found and initial patch submitted by Alexander
Beregalov <a.beregalov@gmail.com>.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This patch (as1120) adds an unusual_devs entry for the Nokia 5300.
Maybe once Nokia releases the Symbian code we'll be able to fix all
the problems it has with the USB mass-storage protocol.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Tested-by: Cedric Godin <cedric@belbone.be>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

The irq flags should be unsigned long.

  CC [M]  drivers/usb/class/cdc-acm.o
drivers/usb/class/cdc-acm.c: In function 'acm_waker':
drivers/usb/class/cdc-acm.c:527: warning: comparison of distinct pointer types lacks a cast
drivers/usb/class/cdc-acm.c:529: warning: comparison of distinct pointer types lacks a cast

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This patch adds the Product ID for the BandLuxe C150/C250 3.5G data
card series from BandRich Inc.
After detection, the data card works fine.

It was patched against kernel 2.6.27-rc1 with -mm patch

Signed-off-by: Leon Leong <upleong@bandrich.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Support for PHI Fisco USB to Serial data cable (FTDI FT232BM based).
PHI Fisco cable is supplied for connecting Philips Xenium 9@9++ mobile phones.
PIDs were missing.

Tested successfully with PHI Fisco Data Cable (VID/PID 0403:e40b)

Signed-off-by: Lex V. Ross <lross@mail.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

According to Alan Stern, short packets are quite normal under
certain circumstances. This printk was triggered by usb to
serial converters on every packet and some usb sticks triggered
a few of those while plugging the stick.
This printks are now hidden unless USB debug mode is activated.

Cc: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

ISP1760 requires a delay of 90ns between programming the address and
reading the data.  Current driver solves this by a mdelay(1) which is
very heavy weighted and slow.  This patch applies the workaround from
the ISP1760 FAQ by using two different banks for PTD and payload data
and using a common wait for them.  This wait is done by an additional
ISP1760 access (whose timing constraints guarantee the 90ns delay).
This improves speed when reading from an USB stick from:

  $ time dd if=/dev/sda of=/dev/zero bs=65536 count=1638
  real    1m 15.43s
  user    0m 0.44s
  sys     0m 39.46s

to

  $ time dd if=/dev/sda of=/dev/zero bs=65536 count=1638
  real    0m 18.53s
  user    0m 0.16s
  sys     0m 12.97s

[bigeasy@linutronix.de: fixed comment formating, moved define into
   header file, obey 80 char rule]

Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Sebastian Siewior <bigeasy@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

if the enqueue function returns -ESHUTDOWN or -ENOMEM then
we return 0 instead of an error. This leads to a timeout and
then to a dequeue request of an not enqueued urb.

Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Update RX path handling in new serial gadget code to cope better with
RX blockage:  queue every RX packet until its contents can safely be
passed up to the ldisc.  Most of the RX path work is now done in the
RX tasklet, instead of just the final "push to ldisc" step.  This
addresses some cases of data loss:

  - A longstanding serial gadget bug: when tty_insert_flip_string()
    didn't copy the entire buffer, the rest of the characters were
    dropped!  Now that packet stays queued until the rest of its data
    is pushed to the ldisc.

  - Another longstanding issue:  in the unlikely case that an RX
    transfer returns data and also reports a fault, that data is
    no longer discarded.

  - In the recently added RX throttling logic:  it needs to stop
    pushing data into the TTY layer, instead of just not submitting
    new USB read requests.  When the TTY is throttled long enough,
    backpressure will eventually make the OUT endpoint NAK.

Also: an #ifdef is removed (no longer necessary); and start switching
to a better convention for debug messages (prefix them with tty name).

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Acked-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Acked-by: David Brownell <dbrownell@users.sourceforge.net>
Cc: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

this mentions a new deadlock due to advanced power management.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

"#%x" should have been "%#x"

Signed-off-by: Simon Arlott <simon@fire.lp0.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

add razr v3xx US_FL_FIX_CAPACITY flag to unusual_devs.h in usb-storage

This is another Motorola phone that incorrectly reports the sector count
(off by one).

Problem Description: io errors when mounting phone's sd-card via the
phones usb port

Steps to reproduce: mount Motorola Razr v3xx phones sd-card on Linux Desktop
via usb cable. Phones USB port must be in memory card mode.

DEBUG output:
Jul 9 19:32:41 micky kernel: Buffer I/O error on device sdd, logical block 3970048
Jul 9 19:32:41 micky kernel: sd 11:0:0:0: [sdd] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE,SUGGEST_OK
Jul 9 19:32:41 micky kernel: sd 11:0:0:0: [sdd] Sense Key : Medium Error [current]
Jul 9 19:32:41 micky kernel: sd 11:0:0:0: [sdd] Add. Sense: No additional sense information
Jul 9 19:32:41 micky kernel: end_request: I/O error, dev sdd, sector 3970048


From: Jost Diederichs <jost@qdusa.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This patch upgrades the support for the Sierra Wireless TRU-Install
feature (i.e. zeroCD) to allow for future support of Linux enabled
TRU-Install devices.

By default all devices that do not have a Linux enabled TRU-Install
device (i.e. the device does not have a Linux package on the virtual CD
partition) will be switched into "modem mode." Devices that do contain a
Linux package in the TRU-Install virtual CD will be allowed to enumerate
as a CD-Rom so that either (a) a user can install the packaged software
or (b) a user-space application (e.g. udev) can switch it to modem mode.

This patch does allow for manual override by adding a usb-storage module
parameter 'swi_tru_install' which can force the modem into either mode
regardless of what packages it contains.

Signed-off-by: Kevin Lloyd <klloyd@sierrawireless.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Moves responsbility of TRU-Install (i.e. ZeroCD) to the usb-storage
driver. See patch 04/04 of this set.

Signed-off-by: Kevin Lloyd <klloyd@sierrawireless.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This patch changes the method by which the number of ports per interface is
assigned so that it is more dynamic and calculated on the fly (as opposed to
hard coding it). This will allow for faster and easier addition of products.

Signed-off-by: Kevin Lloyd <klloyd@sierrawireless.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Very minor changes to clean up sierra code. Adds a prefix to debug messages so
that Sierra messages are easily recognized. Removes extraneous code.

This targets kernel 2.6.26-rc9

Signed-off-by: Kevin Lloyd <klloyd@sierrawireless.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

USB ID 4348:5523 is handled by the ch341 driver.  Remove it from the
pl2023 driver.

Reverts 002e8f2c

.

Signed-off-by: Tollef Fog Heen <tfheen@err.no>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This patch (as1115) adds unusual_devs entries with the IGNORE_RESIDE
flag for the iRiver T10 and the Simple Tech/Datafab CF+SM card
reader.  Apparently these devices provide reasonable residue values
for READ and WRITE operations, but not for others like INQUIRY or READ
CAPACITY.

This fixes the iRiver T10 problem reported in Bugzilla #11125.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

This makes "USB Monitor" appear under "Miscellaneous USB options"
section instead of in the middle of device specific drivers in the
"USB Imaging devices" section.

Signed-off-by: Simon Arlott <simon@fire.lp0.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>