--- /dev/null
+From e2474541032db65d02bf88b6a8c2f954654b443f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Noralf=20Tr=C3=B8nnes?= <noralf@tronnes.org>
+Date: Mon, 3 Oct 2016 22:06:08 +0200
+Subject: i2c: bcm2835: Fix hang for writing messages larger than 16 bytes
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Noralf Trønnes <noralf@tronnes.org>
+
+commit e2474541032db65d02bf88b6a8c2f954654b443f upstream.
+
+Writing messages larger than the FIFO size results in a hang, rendering
+the machine unusable. This is because the RXD status flag is set on the
+first interrupt which results in bcm2835_drain_rxfifo() stealing bytes
+from the buffer. The controller continues to trigger interrupts waiting
+for the missing bytes, but bcm2835_fill_txfifo() has none to give.
+In this situation wait_for_completion_timeout() apparently is unable to
+stop the madness.
+
+The BCM2835 ARM Peripherals datasheet has this to say about the flags:
+ TXD: is set when the FIFO has space for at least one byte of data.
+ RXD: is set when the FIFO contains at least one byte of data.
+ TXW: is set during a write transfer and the FIFO is less than full.
+ RXR: is set during a read transfer and the FIFO is or more full.
+
+Implementing the logic from the downstream i2c-bcm2708 driver solved
+the hang problem.
+
+Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
+Reviewed-by: Eric Anholt <eric@anholt.net>
+Reviewed-by: Martin Sperl <kernel@martin.sperl.org>
+Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/i2c/busses/i2c-bcm2835.c | 22 ++++++++++++++--------
+ 1 file changed, 14 insertions(+), 8 deletions(-)
+
+--- a/drivers/i2c/busses/i2c-bcm2835.c
++++ b/drivers/i2c/busses/i2c-bcm2835.c
+@@ -64,6 +64,7 @@ struct bcm2835_i2c_dev {
+ int irq;
+ struct i2c_adapter adapter;
+ struct completion completion;
++ struct i2c_msg *curr_msg;
+ u32 msg_err;
+ u8 *msg_buf;
+ size_t msg_buf_remaining;
+@@ -126,14 +127,13 @@ static irqreturn_t bcm2835_i2c_isr(int t
+ return IRQ_HANDLED;
+ }
+
+- if (val & BCM2835_I2C_S_RXD) {
+- bcm2835_drain_rxfifo(i2c_dev);
+- if (!(val & BCM2835_I2C_S_DONE))
+- return IRQ_HANDLED;
+- }
+-
+ if (val & BCM2835_I2C_S_DONE) {
+- if (i2c_dev->msg_buf_remaining)
++ if (i2c_dev->curr_msg->flags & I2C_M_RD) {
++ bcm2835_drain_rxfifo(i2c_dev);
++ val = bcm2835_i2c_readl(i2c_dev, BCM2835_I2C_S);
++ }
++
++ if ((val & BCM2835_I2C_S_RXD) || i2c_dev->msg_buf_remaining)
+ i2c_dev->msg_err = BCM2835_I2C_S_LEN;
+ else
+ i2c_dev->msg_err = 0;
+@@ -141,11 +141,16 @@ static irqreturn_t bcm2835_i2c_isr(int t
+ return IRQ_HANDLED;
+ }
+
+- if (val & BCM2835_I2C_S_TXD) {
++ if (val & BCM2835_I2C_S_TXW) {
+ bcm2835_fill_txfifo(i2c_dev);
+ return IRQ_HANDLED;
+ }
+
++ if (val & BCM2835_I2C_S_RXR) {
++ bcm2835_drain_rxfifo(i2c_dev);
++ return IRQ_HANDLED;
++ }
++
+ return IRQ_NONE;
+ }
+
+@@ -155,6 +160,7 @@ static int bcm2835_i2c_xfer_msg(struct b
+ u32 c;
+ unsigned long time_left;
+
++ i2c_dev->curr_msg = msg;
+ i2c_dev->msg_buf = msg->buf;
+ i2c_dev->msg_buf_remaining = msg->len;
+ reinit_completion(&i2c_dev->completion);
--- /dev/null
+From fe8bd18ffea5327344d4ec2bf11f47951212abd0 Mon Sep 17 00:00:00 2001
+From: Matt Redfearn <matt.redfearn@imgtec.com>
+Date: Mon, 19 Dec 2016 14:20:56 +0000
+Subject: MIPS: Introduce irq_stack
+
+From: Matt Redfearn <matt.redfearn@imgtec.com>
+
+commit fe8bd18ffea5327344d4ec2bf11f47951212abd0 upstream.
+
+Allocate a per-cpu irq stack for use within interrupt handlers.
+
+Also add a utility function on_irq_stack to determine if a given stack
+pointer is within the irq stack for that cpu.
+
+Signed-off-by: Matt Redfearn <matt.redfearn@imgtec.com>
+Acked-by: Jason A. Donenfeld <jason@zx2c4.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Chris Metcalf <cmetcalf@mellanox.com>
+Cc: Petr Mladek <pmladek@suse.com>
+Cc: James Hogan <james.hogan@imgtec.com>
+Cc: Paul Burton <paul.burton@imgtec.com>
+Cc: Aaron Tomlin <atomlin@redhat.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: linux-kernel@vger.kernel.org
+Cc: linux-mips@linux-mips.org
+Patchwork: https://patchwork.linux-mips.org/patch/14740/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/include/asm/irq.h | 12 ++++++++++++
+ arch/mips/kernel/asm-offsets.c | 1 +
+ arch/mips/kernel/irq.c | 11 +++++++++++
+ 3 files changed, 24 insertions(+)
+
+--- a/arch/mips/include/asm/irq.h
++++ b/arch/mips/include/asm/irq.h
+@@ -17,6 +17,18 @@
+
+ #include <irq.h>
+
++#define IRQ_STACK_SIZE THREAD_SIZE
++
++extern void *irq_stack[NR_CPUS];
++
++static inline bool on_irq_stack(int cpu, unsigned long sp)
++{
++ unsigned long low = (unsigned long)irq_stack[cpu];
++ unsigned long high = low + IRQ_STACK_SIZE;
++
++ return (low <= sp && sp <= high);
++}
++
+ #ifdef CONFIG_I8259
+ static inline int irq_canonicalize(int irq)
+ {
+--- a/arch/mips/kernel/asm-offsets.c
++++ b/arch/mips/kernel/asm-offsets.c
+@@ -102,6 +102,7 @@ void output_thread_info_defines(void)
+ OFFSET(TI_REGS, thread_info, regs);
+ DEFINE(_THREAD_SIZE, THREAD_SIZE);
+ DEFINE(_THREAD_MASK, THREAD_MASK);
++ DEFINE(_IRQ_STACK_SIZE, IRQ_STACK_SIZE);
+ BLANK();
+ }
+
+--- a/arch/mips/kernel/irq.c
++++ b/arch/mips/kernel/irq.c
+@@ -25,6 +25,8 @@
+ #include <linux/atomic.h>
+ #include <asm/uaccess.h>
+
++void *irq_stack[NR_CPUS];
++
+ /*
+ * 'what should we do if we get a hw irq event on an illegal vector'.
+ * each architecture has to answer this themselves.
+@@ -58,6 +60,15 @@ void __init init_IRQ(void)
+ clear_c0_status(ST0_IM);
+
+ arch_init_irq();
++
++ for_each_possible_cpu(i) {
++ int irq_pages = IRQ_STACK_SIZE / PAGE_SIZE;
++ void *s = (void *)__get_free_pages(GFP_KERNEL, irq_pages);
++
++ irq_stack[i] = s;
++ pr_debug("CPU%d IRQ stack at 0x%p - 0x%p\n", i,
++ irq_stack[i], irq_stack[i] + IRQ_STACK_SIZE);
++ }
+ }
+
+ #ifdef CONFIG_DEBUG_STACKOVERFLOW
--- /dev/null
+From 510d86362a27577f5ee23f46cfb354ad49731e61 Mon Sep 17 00:00:00 2001
+From: Matt Redfearn <matt.redfearn@imgtec.com>
+Date: Mon, 19 Dec 2016 14:20:58 +0000
+Subject: MIPS: Only change $28 to thread_info if coming from user mode
+
+From: Matt Redfearn <matt.redfearn@imgtec.com>
+
+commit 510d86362a27577f5ee23f46cfb354ad49731e61 upstream.
+
+The SAVE_SOME macro is used to save the execution context on all
+exceptions.
+If an exception occurs while executing user code, the stack is switched
+to the kernel's stack for the current task, and register $28 is switched
+to point to the current_thread_info, which is at the bottom of the stack
+region.
+If the exception occurs while executing kernel code, the stack is left,
+and this change ensures that register $28 is not updated. This is the
+correct behaviour when the kernel can be executing on the separate irq
+stack, because the thread_info will not be at the base of it.
+
+With this change, register $28 is only switched to it's kernel
+conventional usage of the currrent thread info pointer at the point at
+which execution enters kernel space. Doing it on every exception was
+redundant, but OK without an IRQ stack, but will be erroneous once that
+is introduced.
+
+Signed-off-by: Matt Redfearn <matt.redfearn@imgtec.com>
+Acked-by: Jason A. Donenfeld <jason@zx2c4.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: James Hogan <james.hogan@imgtec.com>
+Cc: Paul Burton <paul.burton@imgtec.com>
+Cc: linux-mips@linux-mips.org
+Cc: linux-kernel@vger.kernel.org
+Patchwork: https://patchwork.linux-mips.org/patch/14742/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/include/asm/stackframe.h | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/arch/mips/include/asm/stackframe.h
++++ b/arch/mips/include/asm/stackframe.h
+@@ -216,12 +216,19 @@
+ LONG_S $25, PT_R25(sp)
+ LONG_S $28, PT_R28(sp)
+ LONG_S $31, PT_R31(sp)
++
++ /* Set thread_info if we're coming from user mode */
++ mfc0 k0, CP0_STATUS
++ sll k0, 3 /* extract cu0 bit */
++ bltz k0, 9f
++
+ ori $28, sp, _THREAD_MASK
+ xori $28, _THREAD_MASK
+ #ifdef CONFIG_CPU_CAVIUM_OCTEON
+ .set mips64
+ pref 0, 0($28) /* Prefetch the current pointer */
+ #endif
++9:
+ .set pop
+ .endm
+
--- /dev/null
+From d42d8d106b0275b027c1e8992c42aecf933436ea Mon Sep 17 00:00:00 2001
+From: Matt Redfearn <matt.redfearn@imgtec.com>
+Date: Mon, 19 Dec 2016 14:20:57 +0000
+Subject: MIPS: Stack unwinding while on IRQ stack
+
+From: Matt Redfearn <matt.redfearn@imgtec.com>
+
+commit d42d8d106b0275b027c1e8992c42aecf933436ea upstream.
+
+Within unwind stack, check if the stack pointer being unwound is within
+the CPU's irq_stack and if so use that page rather than the task's stack
+page.
+
+Signed-off-by: Matt Redfearn <matt.redfearn@imgtec.com>
+Acked-by: Jason A. Donenfeld <jason@zx2c4.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Adam Buchbinder <adam.buchbinder@gmail.com>
+Cc: Maciej W. Rozycki <macro@imgtec.com>
+Cc: Marcin Nowakowski <marcin.nowakowski@imgtec.com>
+Cc: Chris Metcalf <cmetcalf@mellanox.com>
+Cc: James Hogan <james.hogan@imgtec.com>
+Cc: Paul Burton <paul.burton@imgtec.com>
+Cc: Jiri Slaby <jslaby@suse.cz>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: linux-mips@linux-mips.org
+Cc: linux-kernel@vger.kernel.org
+Patchwork: https://patchwork.linux-mips.org/patch/14741/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/kernel/process.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+--- a/arch/mips/kernel/process.c
++++ b/arch/mips/kernel/process.c
+@@ -33,6 +33,7 @@
+ #include <asm/dsemul.h>
+ #include <asm/dsp.h>
+ #include <asm/fpu.h>
++#include <asm/irq.h>
+ #include <asm/msa.h>
+ #include <asm/pgtable.h>
+ #include <asm/mipsregs.h>
+@@ -556,7 +557,19 @@ EXPORT_SYMBOL(unwind_stack_by_address);
+ unsigned long unwind_stack(struct task_struct *task, unsigned long *sp,
+ unsigned long pc, unsigned long *ra)
+ {
+- unsigned long stack_page = (unsigned long)task_stack_page(task);
++ unsigned long stack_page = 0;
++ int cpu;
++
++ for_each_possible_cpu(cpu) {
++ if (on_irq_stack(cpu, *sp)) {
++ stack_page = (unsigned long)irq_stack[cpu];
++ break;
++ }
++ }
++
++ if (!stack_page)
++ stack_page = (unsigned long)task_stack_page(task);
++
+ return unwind_stack_by_address(stack_page, sp, pc, ra);
+ }
+ #endif
--- /dev/null
+From bd5d21310133921021d78995ad6346f908483124 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
+Date: Sun, 20 Nov 2016 16:09:30 +0100
+Subject: mtd: bcm47xxpart: fix parsing first block after aligned TRX
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Rafał Miłecki <rafal@milecki.pl>
+
+commit bd5d21310133921021d78995ad6346f908483124 upstream.
+
+After parsing TRX we should skip to the first block placed behind it.
+Our code was working only with TRX with length not aligned to the
+blocksize. In other cases (length aligned) it was missing the block
+places right after TRX.
+
+This fixes calculation and simplifies the comment.
+
+Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
+Signed-off-by: Brian Norris <computersforpeace@gmail.com>
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mtd/bcm47xxpart.c | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+--- a/drivers/mtd/bcm47xxpart.c
++++ b/drivers/mtd/bcm47xxpart.c
+@@ -229,12 +229,10 @@ static int bcm47xxpart_parse(struct mtd_
+
+ last_trx_part = curr_part - 1;
+
+- /*
+- * We have whole TRX scanned, skip to the next part. Use
+- * roundown (not roundup), as the loop will increase
+- * offset in next step.
+- */
+- offset = rounddown(offset + trx->length, blocksize);
++ /* Jump to the end of TRX */
++ offset = roundup(offset + trx->length, blocksize);
++ /* Next loop iteration will increase the offset */
++ offset -= blocksize;
+ continue;
+ }
+
--- /dev/null
+From a083c8fd277b4122c804f18ec8c84165f345c71c Mon Sep 17 00:00:00 2001
+From: Vishal Thanki <vishalthanki@gmail.com>
+Date: Wed, 16 Nov 2016 17:01:54 +0100
+Subject: rt2x00: Fix incorrect usage of CONFIG_RT2X00_LIB_USB
+
+From: Vishal Thanki <vishalthanki@gmail.com>
+
+commit a083c8fd277b4122c804f18ec8c84165f345c71c upstream.
+
+In device removal routine, usage of "#ifdef CONFIG_RT2X00_LIB_USB"
+will not cover the case when it is configured as module. This will
+omit the entire if-block which does cleanup of URBs and cancellation
+of pending work. Changing the #ifdef to #if IS_ENABLED() to fix it.
+
+Signed-off-by: Vishal Thanki <vishalthanki@gmail.com>
+Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/ralink/rt2x00/rt2x00dev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
+@@ -1422,7 +1422,7 @@ void rt2x00lib_remove_dev(struct rt2x00_
+ cancel_work_sync(&rt2x00dev->intf_work);
+ cancel_delayed_work_sync(&rt2x00dev->autowakeup_work);
+ cancel_work_sync(&rt2x00dev->sleep_work);
+-#ifdef CONFIG_RT2X00_LIB_USB
++#if IS_ENABLED(CONFIG_RT2X00_LIB_USB)
+ if (rt2x00_is_usb(rt2x00dev)) {
+ usb_kill_anchored_urbs(rt2x00dev->anchor);
+ hrtimer_cancel(&rt2x00dev->txstatus_timer);
--- /dev/null
+From 93c7018ec16bb83399dd4db61c361a6d6aba0d5a Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 8 Feb 2017 12:18:09 +0100
+Subject: rt2x00usb: do not anchor rx and tx urb's
+
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+
+commit 93c7018ec16bb83399dd4db61c361a6d6aba0d5a upstream.
+
+We might kill TX or RX urb during rt2x00usb_flush_entry(), what can
+cause anchor list corruption like shown below:
+
+[ 2074.035633] WARNING: CPU: 2 PID: 14480 at lib/list_debug.c:33 __list_add+0xac/0xc0
+[ 2074.035634] list_add corruption. prev->next should be next (ffff88020f362c28), but was dead000000000100. (prev=ffff8801d161bb70).
+<snip>
+[ 2074.035670] Call Trace:
+[ 2074.035672] [<ffffffff813bde47>] dump_stack+0x63/0x8c
+[ 2074.035674] [<ffffffff810a2231>] __warn+0xd1/0xf0
+[ 2074.035676] [<ffffffff810a22af>] warn_slowpath_fmt+0x5f/0x80
+[ 2074.035678] [<ffffffffa073855d>] ? rt2x00usb_register_write_lock+0x3d/0x60 [rt2800usb]
+[ 2074.035679] [<ffffffff813dbe4c>] __list_add+0xac/0xc0
+[ 2074.035681] [<ffffffff81591c6c>] usb_anchor_urb+0x4c/0xa0
+[ 2074.035683] [<ffffffffa07322af>] rt2x00usb_kick_rx_entry+0xaf/0x100 [rt2x00usb]
+[ 2074.035684] [<ffffffffa0732322>] rt2x00usb_clear_entry+0x22/0x30 [rt2x00usb]
+
+To fix do not anchor TX and RX urb's, it is not needed as during
+shutdown we kill those urbs in rt2x00usb_free_entries().
+
+Cc: Vishal Thanki <vishalthanki@gmail.com>
+Fixes: 8b4c0009313f ("rt2x00usb: Use usb anchor to manage URB")
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
+@@ -319,10 +319,8 @@ static bool rt2x00usb_kick_tx_entry(stru
+ entry->skb->data, length,
+ rt2x00usb_interrupt_txdone, entry);
+
+- usb_anchor_urb(entry_priv->urb, rt2x00dev->anchor);
+ status = usb_submit_urb(entry_priv->urb, GFP_ATOMIC);
+ if (status) {
+- usb_unanchor_urb(entry_priv->urb);
+ if (status == -ENODEV)
+ clear_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags);
+ set_bit(ENTRY_DATA_IO_FAILED, &entry->flags);
+@@ -410,10 +408,8 @@ static bool rt2x00usb_kick_rx_entry(stru
+ entry->skb->data, entry->skb->len,
+ rt2x00usb_interrupt_rxdone, entry);
+
+- usb_anchor_urb(entry_priv->urb, rt2x00dev->anchor);
+ status = usb_submit_urb(entry_priv->urb, GFP_ATOMIC);
+ if (status) {
+- usb_unanchor_urb(entry_priv->urb);
+ if (status == -ENODEV)
+ clear_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags);
+ set_bit(ENTRY_DATA_IO_FAILED, &entry->flags);
--- /dev/null
+From 0488a6121dfe6cbd44de15ea3627913b7549a1e9 Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 8 Feb 2017 12:18:10 +0100
+Subject: rt2x00usb: fix anchor initialization
+
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+
+commit 0488a6121dfe6cbd44de15ea3627913b7549a1e9 upstream.
+
+If device fail to initialize we can OOPS in rt2x00lib_remove_dev(), due
+to using uninitialized usb_anchor structure:
+
+[ 855.435820] ieee80211 phy3: rt2x00usb_vendor_request: Error - Vendor Request 0x07 failed for offset 0x1000 with error -19
+[ 855.435826] ieee80211 phy3: rt2800_probe_rt: Error - Invalid RT chipset 0x0000, rev 0000 detected
+[ 855.435829] ieee80211 phy3: rt2x00lib_probe_dev: Error - Failed to allocate device
+[ 855.435845] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
+[ 855.435900] IP: _raw_spin_lock_irq+0xd/0x30
+[ 855.435926] PGD 0
+[ 855.435953] Oops: 0002 [#1] SMP
+<snip>
+[ 855.437011] Call Trace:
+[ 855.437029] ? usb_kill_anchored_urbs+0x27/0xc0
+[ 855.437061] rt2x00lib_remove_dev+0x190/0x1c0 [rt2x00lib]
+[ 855.437097] rt2x00lib_probe_dev+0x246/0x7a0 [rt2x00lib]
+[ 855.437149] ? ieee80211_roc_setup+0x9e/0xd0 [mac80211]
+[ 855.437183] ? __kmalloc+0x1af/0x1f0
+[ 855.437207] ? rt2x00usb_probe+0x13d/0xc50 [rt2x00usb]
+[ 855.437240] rt2x00usb_probe+0x155/0xc50 [rt2x00usb]
+[ 855.437273] rt2800usb_probe+0x15/0x20 [rt2800usb]
+[ 855.437304] usb_probe_interface+0x159/0x2d0
+[ 855.437333] driver_probe_device+0x2bb/0x460
+
+Patch changes initialization sequence to fix the problem.
+
+Cc: Vishal Thanki <vishalthanki@gmail.com>
+Fixes: 8b4c0009313f ("rt2x00usb: Use usb anchor to manage URB")
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Cc: Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
+@@ -824,10 +824,6 @@ int rt2x00usb_probe(struct usb_interface
+ if (retval)
+ goto exit_free_device;
+
+- retval = rt2x00lib_probe_dev(rt2x00dev);
+- if (retval)
+- goto exit_free_reg;
+-
+ rt2x00dev->anchor = devm_kmalloc(&usb_dev->dev,
+ sizeof(struct usb_anchor),
+ GFP_KERNEL);
+@@ -835,10 +831,17 @@ int rt2x00usb_probe(struct usb_interface
+ retval = -ENOMEM;
+ goto exit_free_reg;
+ }
+-
+ init_usb_anchor(rt2x00dev->anchor);
++
++ retval = rt2x00lib_probe_dev(rt2x00dev);
++ if (retval)
++ goto exit_free_anchor;
++
+ return 0;
+
++exit_free_anchor:
++ usb_kill_anchored_urbs(rt2x00dev->anchor);
++
+ exit_free_reg:
+ rt2x00usb_free_reg(rt2x00dev);
+
orangefs-fix-memory-leak-of-string-new-on-exit-path.patch
orangefs-dan-carpenter-influenced-cleanups.patch
orangefs-fix-buffer-size-mis-match-between-kernel-space-and-user-space.patch
+i2c-bcm2835-fix-hang-for-writing-messages-larger-than-16-bytes.patch
+rt2x00usb-fix-anchor-initialization.patch
+rt2x00usb-do-not-anchor-rx-and-tx-urb-s.patch
+rt2x00-fix-incorrect-usage-of-config_rt2x00_lib_usb.patch
+mtd-bcm47xxpart-fix-parsing-first-block-after-aligned-trx.patch
+mips-introduce-irq_stack.patch
+mips-stack-unwinding-while-on-irq-stack.patch
+mips-only-change-28-to-thread_info-if-coming-from-user-mode.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
