- Jul 19, 2013
-
-
P33M authored
The dwc_otg_urb_enqueue function is thread-unsafe. In particular the access of urb->hcpriv, usb_hcd_link_urb_to_ep, dwc_otg_urb->qtd and friends does not occur within a critical section and so if a device was unplugged during activity there was a high chance that the usbcore hub_thread would try to disable the endpoint with partially- formed entries in the URB queue. This would result in BUG() or null pointer dereferences. Fix so that access of urb->hcpriv, enqueuing to the hardware and adding to usbcore endpoint URB lists is contained within a single critical section.
-
- Jul 18, 2013
-
-
P33M authored
-
- Jul 14, 2013
-
-
P33M authored
In the case of a transaction to a device that had previously aborted due to an error, several interrupts are enabled to reset the error count when a device responds. This has the side-effect of making the FIQ thrash because the hardware will generate multiple instances of a NAK on an IN bulk/interrupt endpoint and multiple instances of ACK on an OUT bulk/interrupt endpoint. Make the FIQ mask and clear the associated interrupts. Additionally, on non-split transactions make sure that only unmasked interrupts are cleared. This caused a hard-to-trigger but serious race condition when you had the combination of an endpoint awaiting error recovery and a transaction completed on an endpoint - due to the sequencing and timing of interrupts generated by the dwc_otg core, it was possible to confuse the IRQ handler.
-
P33M authored
The dwc_otg driver will unmask certain interrupts on a transaction that previously halted in the error state in order to reset the QTD error count. The various fine-grained interrupt handlers do not consider that other interrupts besides themselves were unmasked. By disabling the two other interrupts only ever enabled in DMA mode for this purpose, we can avoid unnecessary function calls in the IRQ handler. This will also prevent an unneccesary FIQ interrupt from being generated if the FIQ is enabled.
-
- Jul 11, 2013
-
-
popcornmix authored
The current timeout is being hit with some cards that complete successfully with a longer timeout. The timeout is not handled well, and is believed to be a code path that causes corruption. 872a8ff7 suggests that crappy cards can take up to 3 seconds to respond
-
- Jul 04, 2013
-
-
popcornmix authored
Fix kernel oops in l2cap_chan_destroy.
-
- Jul 02, 2013
-
-
Gordon Hollingworth authored
This commit adds a FIQ implementaion that schedules the split transactions using a FIQ so we don't get held off by the interrupt latency of Linux
-
- Jun 28, 2013
-
-
Nicolas Pitre authored
Commit 455bd4c4 ("ARM: 7668/1: fix memset-related crashes caused by recent GCC (4.7.2) optimizations") attempted to fix a compliance issue with the memset return value. However the memset itself became broken by that patch for misaligned pointers. This fixes the above by branching over the entry code from the misaligned fixup code to avoid reloading the original pointer. Also, because the function entry alignment is wrong in the Thumb mode compilation, that fixup code is moved to the end. While at it, the entry instructions are slightly reworked to help dual issue pipelines. Signed-off-by: Nicolas Pitre <nico@linaro.org> Tested-by: Alexander Holler <holler@ahsoftware.de> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
-
Ivan Djelic authored
Recent GCC versions (e.g. GCC-4.7.2) perform optimizations based on assumptions about the implementation of memset and similar functions. The current ARM optimized memset code does not return the value of its first argument, as is usually expected from standard implementations. For instance in the following function: void debug_mutex_lock_common(struct mutex *lock, struct mutex_waiter *waiter) { memset(waiter, MUTEX_DEBUG_INIT, sizeof(*waiter)); waiter->magic = waiter; INIT_LIST_HEAD(&waiter->list); } compiled as: 800554d0 <debug_mutex_lock_common>: 800554d0: e92d4008 push {r3, lr} 800554d4: e1a00001 mov r0, r1 800554d8: e3a02010 mov r2, #16 ; 0x10 800554dc: e3a01011 mov r1, #17 ; 0x11 800554e0: eb04426e bl 80165ea0 <memset> 800554e4: e1a03000 mov r3, r0 800554e8: e583000c str r0, [r3, #12] 800554ec: e5830000 str r0, [r3] 800554f0: e5830004 str r0, [r3, #4] 800554f4: e8bd8008 pop {r3, pc} GCC assumes memset returns the value of pointer 'waiter' in register r0; causing register/memory corruptions. This patch fixes the return value of the assembly version of memset. It adds a 'mov' instruction and merges an additional load+store into existing load/store instructions. For ease of review, here is a breakdown of the patch into 4 simple steps: Step 1 ====== Perform the following substitutions: ip -> r8, then r0 -> ip, and insert 'mov ip, r0' as the first statement of the function. At this point, we have a memset() implementation returning the proper result, but corrupting r8 on some paths (the ones that were using ip). Step 2 ====== Make sure r8 is saved and restored when (! CALGN(1)+0) == 1: save r8: - str lr, [sp, #-4]! + stmfd sp!, {r8, lr} and restore r8 on both exit paths: - ldmeqfd sp!, {pc} @ Now <64 bytes to go. + ldmeqfd sp!, {r8, pc} @ Now <64 bytes to go. (...) tst r2, #16 stmneia ip!, {r1, r3, r8, lr} - ldr lr, [sp], #4 + ldmfd sp!, {r8, lr} Step 3 ====== Make sure r8 is saved and restored when (! CALGN(1)+0) == 0: save r8: - stmfd sp!, {r4-r7, lr} + stmfd sp!, {r4-r8, lr} and restore r8 on both exit paths: bgt 3b - ldmeqfd sp!, {r4-r7, pc} + ldmeqfd sp!, {r4-r8, pc} (...) tst r2, #16 stmneia ip!, {r4-r7} - ldmfd sp!, {r4-r7, lr} + ldmfd sp!, {r4-r8, lr} Step 4 ====== Rewrite register list "r4-r7, r8" as "r4-r8". Signed-off-by: Ivan Djelic <ivan.djelic@parrot.com> Reviewed-by: Nicolas Pitre <nico@linaro.org> Signed-off-by: Dirk Behme <dirk.behme@gmail.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
-
- Jun 23, 2013
-
-
popcornmix authored
dwc_otg: Call usb_hcd_unlink_urb_from_ep with lock held in completion ta...
-
- Jun 22, 2013
-
-
popcornmix authored
Speed up framebuffer console text rendering
-
Harm Hanemaaijer authored
Especially on platforms with a slower CPU but a relatively high framebuffer fill bandwidth, like current ARM devices, the existing console monochrome imageblit function used to draw console text is suboptimal for common pixel depths such as 16bpp and 32bpp. The existing code is quite general and can deal with several pixel depths. By creating special case functions for 16bpp and 32bpp, by far the most common pixel formats used on modern systems, a significant speed-up is attained which can be readily felt on ARM-based devices like the Raspberry Pi and the Allwinner platform, but should help any platform using the fb layer. The special case functions allow constant folding, eliminating a number of instructions including divide operations, and allow the use of an unrolled loop, eliminating instructions with a variable shift size, reducing source memory access instructions, and eliminating excessive branching. These unrolled loops also allow much better code optimization by the C compiler. The code that selects which optimized variant is used is also simplified, eliminating integer divide instructions. The speed-up, measured by timing 'cat file.txt' in the console, varies between 40% and 70%, when testing on the Raspberry Pi and Allwinner ARM-based platforms, depending on font size and the pixel depth, with the greater benefit for 32bpp. Signed-off-by: Harm Hanemaaijer <fgenfb@yahoo.com>
-
- Jun 21, 2013
-
-
Mike Bradley authored
usb_hcd_unlink_urb_from_ep must be called with the HCD lock held. Calling it asynchronously in the tasklet was not safe (regression in c4564d4a). This change unlinks it from the endpoint prior to queueing it for handling in the tasklet, and also adds a check to ensure the urb is OK to be unlinked before doing so. NULL pointer dereference kernel oopses had been observed in usb_hcd_giveback_urb when a USB device was unplugged/replugged during data transfer. This effect was reproduced using automated USB port power control, hundreds of replug events were performed during active transfers to confirm that the problem was eliminated.
-
- Jun 20, 2013
-
-
popcornmix authored
-
- Jun 13, 2013
-
-
popcornmix authored
-
popcornmix authored
-
- Jun 04, 2013
-
-
popcornmix authored
-
- May 31, 2013
-
-
popcornmix authored
rtl8192cu: select required config options to allow builds without other wifi modules. Thanks UrsusArctos
-
- May 29, 2013
-
-
popcornmix authored
Update bcm2708.c to use CONFIG_BCM2708_SPIDEV rather than CONFIG_SPI
-
- May 17, 2013
-
-
popcornmix authored
-
- May 14, 2013
-
-
popcornmix authored
Allow reboot=q on command line to set a flag that bootcode.bin can use to boot from alternate partition
-
- May 13, 2013
-
-
hutorny authored
-
- May 11, 2013
-
-
popcornmix authored
-
popcornmix authored
The VCHIQ interface used signed integers for values which are inherently unsigned. Worse, the parameter validation code treated them as if they were unsigned, checking for overflow but not underflow. This patch converts those integers to unsigned integers. Thanks to Jann Horn.
-
popcornmix authored
This is designed for quick compiling when developing. No modules are needed and it includes all Pi specific drivers
-
- Apr 27, 2013
-
-
popcornmix authored
add mmap support and some cleanups to bcm2835 ALSA driver
-
- Apr 26, 2013
-
-
rwg0 authored
Fix kernel oops in l2cap_chan_destroy. Based on https://github.com/torvalds/linux/commit/4af66c691f4e5c2db9bb00793669a548e9db1974
-
Javier Martinez Canillas authored
ALSA supports two transfers methods for PCM playback: Read/Write transfer where samples are writtern to the device using standard read and write functions and Direct Read/Write transfers where samples can be written directly to a mapped memory area and the driver is signaled once this has been done. The bcm2835 driver only supported Read/Write transfer method so this patch adds mmap support to the driver. The ARM CPU is not able to directly address the audio device hardware buffer so audio samples are sent to the device using a message passing interface (vchiq). Since hardware buffers can't be directly mapped to user-space memory, an intermediate buffer (using the PCM indirect API) is needed to store the audio samples and push them to the device through videocore. Signed-off-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
-
Javier Martinez Canillas authored
Only PCM playback and stop are deferred using a workqueue on the ALSA bcm2835 driver. The actual writing of PCM samples is synchronous. This works well for the read/write transfer method since the snd_pcm_ops .copy function pointer runs on process context. But the snd_pcm_ops .ack function pointer used to implement direct read/write transfer using a memory-mapped I/O, runs with interrupts disabled. Since the Kernel to VideoCore interface driver has to be able to sleep, PCM write has to be deferred to in preparation to add mmap support to the driver. Signed-off-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
-
Javier Martinez Canillas authored
The bcm2835 driver uses a workqueue to defer PCM playback start and stop. Commands are passed to the function as magic numbers so is more readable to use macro constants. Also, while being there change the generic name "x" to "cmd" for the var used to pass the start/stop commands. Signed-off-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
-
Javier Martinez Canillas authored
The kernel completion interface is a simple synchronization mechanism that is preferable over semaphores to signal the occurence of an event. Semaphores are optimized for the non-contention case since in most situations they will be available. But the wait for completion is the opposite case since the code calling down will wait on most cases. So, is better to use the completion mechanism that has been developed for this exact use case instead of semaphores. Signed-off-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
-
Javier Martinez Canillas authored
On driver probe a message showing that a card and its subdevices have been created is shown. Probably this message is not needed unless we have debug enabled on the driver. So, use the driver audio_info() debug macro instead of just printk(). Also is better to use dev_err() and pr_err() instead KERN_ERR. Signed-off-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
-
- Apr 22, 2013
-
-
popcornmix authored
dwc_otg: fix NAK holdoff and allow on split transactions only
-
P33M authored
This corrects a bug where if a single active non-periodic endpoint had at least one transaction in its qh, on frnum == MAX_FRNUM the qh would get skipped and never get queued again. This would result in a silent device until error detection (automatic or otherwise) would either reset the device or flush and requeue the URBs. Additionally the NAK holdoff was enabled for all transactions - this would potentially stall a HS endpoint for 1ms if a previous error state enabled this interrupt and the next response was a NAK. Fix so that only split transactions get held off.
-
- Apr 18, 2013
-
-
popcornmix authored
-
- Apr 11, 2013
-
-
popcornmix authored
-
popcornmix authored
-
- Apr 04, 2013
-
-
Marcin Jurkowski authored
On Sat, Mar 02, 2013 at 10:45:10AM +0100, Sven Geggus wrote: > This is the bad commit I found doing git bisect: > 04f482fa is the first bad commit > commit 04f482fa > Author: Patrick McHardy <kaber@trash.net> > Date: Mon Mar 28 08:39:36 2011 +0000 Good job. I was too lazy to bisect for bad commit;) Reading the code I found problematic kthread_should_stop call from netlink connector which causes the oops. After applying a patch, I've been testing owfs+w1 setup for nearly two days and it seems to work very reliable (no hangs, no memleaks etc). More detailed description and possible fix is given below: Function w1_search can be called from either kthread or netlink callback. While the former works fine, the latter causes oops due to kthread_should_stop invocation. This patch adds a check if w1_search is serving netlink command, skipping kthread_should_stop invocation if so. Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com> Acked-by: Evgeniy Polyakov <zbr@ioremap.net> Cc: Josh Boyer <jwboyer@gmail.com> Tested-by: Sven Geggus <lists@fuchsschwanzdomain.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: stable <stable@vger.kernel.org> # 3.0+
-
- Apr 03, 2013
-
-
popcornmix authored
-
- Apr 02, 2013
-
-
popcornmix authored
-