mfd-twl-core-fix-accessibility-of-some-twl4030-audio-registers.patch
w1-fix-w1_send_slave-dropping-a-slave-id.patch
staging-serqt_usb2-fix-sparse-warning-restricted-__le16-degrades-to-integer.patch
+staging-r8712u-fix-case-where-ethtype-was-never-obtained-and-always-be-checked-against-0.patch
+staging-comedi-usbdux-bug-fix-for-accessing-ao_chanlist-in-private-data.patch
+staging-r8188eu-calling-rtw_get_stainfo-with-a-null-sta_addr-will-return-null.patch
--- /dev/null
+From 2704f807f9498054b8153002bafa3e818079e9a5 Mon Sep 17 00:00:00 2001
+From: H Hartley Sweeten <hsweeten@visionengravers.com>
+Date: Fri, 28 Mar 2014 09:20:58 -0700
+Subject: staging: comedi: usbdux: bug fix for accessing 'ao_chanlist' in private data
+
+From: H Hartley Sweeten <hsweeten@visionengravers.com>
+
+commit 2704f807f9498054b8153002bafa3e818079e9a5 upstream.
+
+In usbdux_ao_cmd(), the channels for the command are transfered from the
+cmd->chanlist and stored in the private data 'ao_chanlist'. The channel
+numbers are bit-shifted when stored so that they become the "command"
+that is transfered to the device. The channel to command conversion
+results in the 'ao_chanlist' having these values for the channels:
+
+ channel 0 -> ao_chanlist = 0x00
+ channel 1 -> ao_chanlist = 0x40
+ channel 2 -> ao_chanlist = 0x80
+ channel 3 -> ao_chanlist = 0xc0
+
+The problem is, the usbduxsub_ao_isoc_irq() function uses the 'chan' value
+from 'ao_chanlist' to access the 'ao_readback' array in the private data.
+So instead of accessing the array as 0, 1, 2, 3, it accesses it as 0x00,
+0x40, 0x80, 0xc0.
+
+Fix this by storing the raw channel number in 'ao_chanlist' and doing the
+bit-shift when creating the command.
+
+Fixes: a998a3db530bff80 "staging: comedi: usbdux: cleanup the private data 'outBuffer'"
+Signed-off-by: H Hartley Sweeten <hsweeten@visionengravers.com>
+Reviewed-by: Ian Abbott <abbotti@mev.co.uk>
+Acked-by: Bernd Porr <mail@berndporr.me.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/comedi/drivers/usbdux.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+--- a/drivers/staging/comedi/drivers/usbdux.c
++++ b/drivers/staging/comedi/drivers/usbdux.c
+@@ -493,7 +493,7 @@ static void usbduxsub_ao_isoc_irq(struct
+ /* pointer to the DA */
+ *datap++ = val & 0xff;
+ *datap++ = (val >> 8) & 0xff;
+- *datap++ = chan;
++ *datap++ = chan << 6;
+ devpriv->ao_readback[chan] = val;
+
+ s->async->events |= COMEDI_CB_BLOCK;
+@@ -1040,11 +1040,8 @@ static int usbdux_ao_cmd(struct comedi_d
+ /* set current channel of the running acquisition to zero */
+ s->async->cur_chan = 0;
+
+- for (i = 0; i < cmd->chanlist_len; ++i) {
+- unsigned int chan = CR_CHAN(cmd->chanlist[i]);
+-
+- devpriv->ao_chanlist[i] = chan << 6;
+- }
++ for (i = 0; i < cmd->chanlist_len; ++i)
++ devpriv->ao_chanlist[i] = CR_CHAN(cmd->chanlist[i]);
+
+ /* we count in steps of 1ms (125us) */
+ /* 125us mode not used yet */
--- /dev/null
+From 9452bf560273e4de2395ffdd79024debfb0c1290 Mon Sep 17 00:00:00 2001
+From: Larry Finger <Larry.Finger@lwfinger.net>
+Date: Wed, 9 Apr 2014 11:12:58 -0500
+Subject: staging: r8188eu: Calling rtw_get_stainfo() with a NULL sta_addr will return NULL
+
+From: Larry Finger <Larry.Finger@lwfinger.net>
+
+commit 9452bf560273e4de2395ffdd79024debfb0c1290 upstream.
+
+This makes the follow-on check for psta != NULL pointless and makes
+the whole exercise rather pointless. This is another case of why
+blindly zero-initializing variables when they are declared is bad.
+
+Reported-by: Jes Sorensen <Jes.Sorensen@redhat.com>
+Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/rtl8188eu/core/rtw_recv.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/staging/rtl8188eu/core/rtw_recv.c
++++ b/drivers/staging/rtl8188eu/core/rtw_recv.c
+@@ -542,7 +542,7 @@ _func_exit_;
+ /* set the security information in the recv_frame */
+ static union recv_frame *portctrl(struct adapter *adapter, union recv_frame *precv_frame)
+ {
+- u8 *psta_addr = NULL, *ptr;
++ u8 *psta_addr, *ptr;
+ uint auth_alg;
+ struct recv_frame_hdr *pfhdr;
+ struct sta_info *psta;
+@@ -556,7 +556,6 @@ static union recv_frame *portctrl(struct
+ _func_enter_;
+
+ pstapriv = &adapter->stapriv;
+- psta = rtw_get_stainfo(pstapriv, psta_addr);
+
+ auth_alg = adapter->securitypriv.dot11AuthAlgrthm;
+
+@@ -564,6 +563,7 @@ _func_enter_;
+ pfhdr = &precv_frame->u.hdr;
+ pattrib = &pfhdr->attrib;
+ psta_addr = pattrib->ta;
++ psta = rtw_get_stainfo(pstapriv, psta_addr);
+
+ prtnframe = NULL;
+
--- /dev/null
+From f764cd68d9036498f08fe8834deb6a367b5c2542 Mon Sep 17 00:00:00 2001
+From: Larry Finger <Larry.Finger@lwfinger.net>
+Date: Wed, 16 Apr 2014 14:49:33 -0500
+Subject: staging: r8712u: Fix case where ethtype was never obtained and always be checked against 0
+
+From: Larry Finger <Larry.Finger@lwfinger.net>
+
+commit f764cd68d9036498f08fe8834deb6a367b5c2542 upstream.
+
+Zero-initializing ether_type masked that the ether type would never be
+obtained for 8021x packets and the comparison against eapol_type
+would always fail.
+
+Reported-by: Jes Sorensen <Jes.Sorensen@redhat.com>
+Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/rtl8712/rtl871x_recv.c | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
+
+--- a/drivers/staging/rtl8712/rtl871x_recv.c
++++ b/drivers/staging/rtl8712/rtl871x_recv.c
+@@ -254,7 +254,7 @@ union recv_frame *r8712_portctrl(struct
+ struct sta_info *psta;
+ struct sta_priv *pstapriv;
+ union recv_frame *prtnframe;
+- u16 ether_type = 0;
++ u16 ether_type;
+
+ pstapriv = &adapter->stapriv;
+ ptr = get_recvframe_data(precv_frame);
+@@ -263,15 +263,14 @@ union recv_frame *r8712_portctrl(struct
+ psta = r8712_get_stainfo(pstapriv, psta_addr);
+ auth_alg = adapter->securitypriv.AuthAlgrthm;
+ if (auth_alg == 2) {
++ /* get ether_type */
++ ptr = ptr + pfhdr->attrib.hdrlen + LLC_HEADER_SIZE;
++ memcpy(ðer_type, ptr, 2);
++ ether_type = ntohs((unsigned short)ether_type);
++
+ if ((psta != NULL) && (psta->ieee8021x_blocked)) {
+ /* blocked
+ * only accept EAPOL frame */
+- prtnframe = precv_frame;
+- /*get ether_type */
+- ptr = ptr + pfhdr->attrib.hdrlen +
+- pfhdr->attrib.iv_len + LLC_HEADER_SIZE;
+- memcpy(ðer_type, ptr, 2);
+- ether_type = ntohs((unsigned short)ether_type);
+ if (ether_type == 0x888e)
+ prtnframe = precv_frame;
+ else {
projects / thirdparty / kernel / stable-queue.git / commitdiff
