From: Greg Kroah-Hartman Date: Tue, 21 Feb 2017 10:20:28 +0000 (+0100) Subject: 3.18 "fun"... X-Git-Tag: v4.4.51~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=56e132727a51d3d66d076c236097244a8b8ac185;p=thirdparty%2Fkernel%2Fstable-queue.git 3.18 "fun"... --- diff --git a/queue-3.18/asoc-cs4270-fix-dapm-stream-name-mismatch.patch b/queue-3.18/asoc-cs4270-fix-dapm-stream-name-mismatch.patch new file mode 100644 index 00000000000..f72ff528070 --- /dev/null +++ b/queue-3.18/asoc-cs4270-fix-dapm-stream-name-mismatch.patch @@ -0,0 +1,42 @@ +From aa5f920993bda2095952177eea79bc8e58ae6065 Mon Sep 17 00:00:00 2001 +From: murray foster +Date: Sun, 9 Oct 2016 13:28:45 -0700 +Subject: ASoC: cs4270: fix DAPM stream name mismatch + +From: murray foster + +commit aa5f920993bda2095952177eea79bc8e58ae6065 upstream. + +Mismatching stream names in DAPM route and widget definitions are +causing compilation errors. Fixing these names allows the cs4270 +driver to compile and function. + +[Errors must be at probe time not compile time -- broonie] + +Signed-off-by: Murray Foster +Acked-by: Paul Handrigan +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + sound/soc/codecs/cs4270.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/sound/soc/codecs/cs4270.c ++++ b/sound/soc/codecs/cs4270.c +@@ -148,11 +148,11 @@ SND_SOC_DAPM_OUTPUT("AOUTR"), + }; + + static const struct snd_soc_dapm_route cs4270_dapm_routes[] = { +- { "Capture", NULL, "AINA" }, +- { "Capture", NULL, "AINB" }, ++ { "Capture", NULL, "AINL" }, ++ { "Capture", NULL, "AINR" }, + +- { "AOUTA", NULL, "Playback" }, +- { "AOUTB", NULL, "Playback" }, ++ { "AOUTL", NULL, "Playback" }, ++ { "AOUTR", NULL, "Playback" }, + }; + + /** diff --git a/queue-3.18/coredump-fix-unfreezable-coredumping-task.patch b/queue-3.18/coredump-fix-unfreezable-coredumping-task.patch new file mode 100644 index 00000000000..e88b270a853 --- /dev/null +++ b/queue-3.18/coredump-fix-unfreezable-coredumping-task.patch @@ -0,0 +1,57 @@ +From 70d78fe7c8b640b5acfad56ad341985b3810998a Mon Sep 17 00:00:00 2001 +From: Andrey Ryabinin +Date: Thu, 10 Nov 2016 10:46:38 -0800 +Subject: coredump: fix unfreezable coredumping task + +From: Andrey Ryabinin + +commit 70d78fe7c8b640b5acfad56ad341985b3810998a upstream. + +It could be not possible to freeze coredumping task when it waits for +'core_state->startup' completion, because threads are frozen in +get_signal() before they got a chance to complete 'core_state->startup'. + +Inability to freeze a task during suspend will cause suspend to fail. +Also CRIU uses cgroup freezer during dump operation. So with an +unfreezable task the CRIU dump will fail because it waits for a +transition from 'FREEZING' to 'FROZEN' state which will never happen. + +Use freezer_do_not_count() to tell freezer to ignore coredumping task +while it waits for core_state->startup completion. + +Link: http://lkml.kernel.org/r/1475225434-3753-1-git-send-email-aryabinin@virtuozzo.com +Signed-off-by: Andrey Ryabinin +Acked-by: Pavel Machek +Acked-by: Oleg Nesterov +Cc: Alexander Viro +Cc: Tejun Heo +Cc: "Rafael J. Wysocki" +Cc: Michal Hocko +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/coredump.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/fs/coredump.c ++++ b/fs/coredump.c +@@ -1,6 +1,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -393,7 +394,9 @@ static int coredump_wait(int exit_code, + if (core_waiters > 0) { + struct core_thread *ptr; + ++ freezer_do_not_count(); + wait_for_completion(&core_state->startup); ++ freezer_count(); + /* + * Wait for all the threads to become inactive, so that + * all the thread context (extended register state, like diff --git a/queue-3.18/dib0700-fix-nec-repeat-handling.patch b/queue-3.18/dib0700-fix-nec-repeat-handling.patch new file mode 100644 index 00000000000..3dc7dd99221 --- /dev/null +++ b/queue-3.18/dib0700-fix-nec-repeat-handling.patch @@ -0,0 +1,54 @@ +From ba13e98f2cebd55a3744c5ffaa08f9dca73bf521 Mon Sep 17 00:00:00 2001 +From: Sean Young +Date: Thu, 10 Nov 2016 17:44:49 +0100 +Subject: dib0700: fix nec repeat handling +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Sean Young + +commit ba13e98f2cebd55a3744c5ffaa08f9dca73bf521 upstream. + +When receiving a nec repeat, ensure the correct scancode is repeated +rather than a random value from the stack. This removes the need for +the bogus uninitialized_var() and also fixes the warnings: + + drivers/media/usb/dvb-usb/dib0700_core.c: In function ‘dib0700_rc_urb_completion’: + drivers/media/usb/dvb-usb/dib0700_core.c:679: warning: ‘protocol’ may be used uninitialized in this function + +[sean addon: So after writing the patch and submitting it, I've bought the + hardware on ebay. Without this patch you get random scancodes + on nec repeats, which the patch indeed fixes.] + +Signed-off-by: Sean Young +Tested-by: Sean Young +Signed-off-by: Arnd Bergmann +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/media/usb/dvb-usb/dib0700_core.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/media/usb/dvb-usb/dib0700_core.c ++++ b/drivers/media/usb/dvb-usb/dib0700_core.c +@@ -680,7 +680,7 @@ static void dib0700_rc_urb_completion(st + struct dvb_usb_device *d = purb->context; + struct dib0700_rc_response *poll_reply; + enum rc_type protocol; +- u32 uninitialized_var(keycode); ++ u32 keycode; + u8 toggle; + + deb_info("%s()\n", __func__); +@@ -722,7 +722,8 @@ static void dib0700_rc_urb_completion(st + poll_reply->nec.data == 0x00 && + poll_reply->nec.not_data == 0xff) { + poll_reply->data_state = 2; +- break; ++ rc_repeat(d->rc_dev); ++ goto resubmit; + } + + if ((poll_reply->nec.data ^ poll_reply->nec.not_data) != 0xff) { diff --git a/queue-3.18/drbd-fix-kernel_sendmsg-usage-potential-null-deref.patch b/queue-3.18/drbd-fix-kernel_sendmsg-usage-potential-null-deref.patch new file mode 100644 index 00000000000..89dc5259566 --- /dev/null +++ b/queue-3.18/drbd-fix-kernel_sendmsg-usage-potential-null-deref.patch @@ -0,0 +1,77 @@ +From d8e9e5e80e882b4f90cba7edf1e6cb7376e52e54 Mon Sep 17 00:00:00 2001 +From: Richard Weinberger +Date: Wed, 9 Nov 2016 22:52:58 +0100 +Subject: drbd: Fix kernel_sendmsg() usage - potential NULL deref + +From: Richard Weinberger + +commit d8e9e5e80e882b4f90cba7edf1e6cb7376e52e54 upstream. + +Don't pass a size larger than iov_len to kernel_sendmsg(). +Otherwise it will cause a NULL pointer deref when kernel_sendmsg() +returns with rv < size. + +DRBD as external module has been around in the kernel 2.4 days already. +We used to be compatible to 2.4 and very early 2.6 kernels, +we used to use + rv = sock_sendmsg(sock, &msg, iov.iov_len); +then later changed to + rv = kernel_sendmsg(sock, &msg, &iov, 1, size); +when we should have used + rv = kernel_sendmsg(sock, &msg, &iov, 1, iov.iov_len); + +tcp_sendmsg() used to totally ignore the size parameter. + 57be5bd ip: convert tcp_sendmsg() to iov_iter primitives +changes that, and exposes our long standing error. + +Even with this error exposed, to trigger the bug, we would need to have +an environment (config or otherwise) causing us to not use sendpage() +for larger transfers, a failing connection, and have it fail "just at the +right time". Apparently that was unlikely enough for most, so this went +unnoticed for years. + +Still, it is known to trigger at least some of these, +and suspected for the others: +[0] http://lists.linbit.com/pipermail/drbd-user/2016-July/023112.html +[1] http://lists.linbit.com/pipermail/drbd-dev/2016-March/003362.html +[2] https://forums.grsecurity.net/viewtopic.php?f=3&t=4546 +[3] https://ubuntuforums.org/showthread.php?t=2336150 +[4] http://e2.howsolveproblem.com/i/1175162/ + +This should go into 4.9, +and into all stable branches since and including v4.0, +which is the first to contain the exposing change. + +It is correct for all stable branches older than that as well +(which contain the DRBD driver; which is 2.6.33 and up). + +It requires a small "conflict" resolution for v4.4 and earlier, with v4.5 +we dropped the comment block immediately preceding the kernel_sendmsg(). + +Fixes: b411b3637fa7 ("The DRBD driver") +Cc: viro@zeniv.linux.org.uk +Cc: christoph.lechleitner@iteg.at +Cc: wolfgang.glas@iteg.at +Reported-by: Christoph Lechleitner +Tested-by: Christoph Lechleitner +Signed-off-by: Richard Weinberger +[changed oneliner to be "obvious" without context; more verbose message] +Signed-off-by: Lars Ellenberg +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/block/drbd/drbd_main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/block/drbd/drbd_main.c ++++ b/drivers/block/drbd/drbd_main.c +@@ -1802,7 +1802,7 @@ int drbd_send(struct drbd_connection *co + * do we need to block DRBD_SIG if sock == &meta.socket ?? + * otherwise wake_asender() might interrupt some send_*Ack ! + */ +- rv = kernel_sendmsg(sock, &msg, &iov, 1, size); ++ rv = kernel_sendmsg(sock, &msg, &iov, 1, iov.iov_len); + if (rv == -EAGAIN) { + if (we_should_drop_the_connection(connection, sock)) + break; diff --git a/queue-3.18/drivers-staging-nvec-remove-bogus-reset-command-for-ps-2-interface.patch b/queue-3.18/drivers-staging-nvec-remove-bogus-reset-command-for-ps-2-interface.patch new file mode 100644 index 00000000000..d986bce4e43 --- /dev/null +++ b/queue-3.18/drivers-staging-nvec-remove-bogus-reset-command-for-ps-2-interface.patch @@ -0,0 +1,44 @@ +From d8f8a74d5fece355d2234e1731231d1aebc66b38 Mon Sep 17 00:00:00 2001 +From: Paul Fertser +Date: Thu, 27 Oct 2016 17:22:08 +0300 +Subject: drivers: staging: nvec: remove bogus reset command for PS/2 interface + +From: Paul Fertser + +commit d8f8a74d5fece355d2234e1731231d1aebc66b38 upstream. + +This command was sent behind serio's back and the answer to it was +confusing atkbd probe function which lead to the elantech touchpad +getting detected as a keyboard. + +To prevent this from happening just let every party do its part of the +job. + +Signed-off-by: Paul Fertser +Acked-by: Marc Dietrich +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/staging/nvec/nvec_ps2.c | 4 ---- + 1 file changed, 4 deletions(-) + +--- a/drivers/staging/nvec/nvec_ps2.c ++++ b/drivers/staging/nvec/nvec_ps2.c +@@ -106,7 +106,6 @@ static int nvec_mouse_probe(struct platf + { + struct nvec_chip *nvec = dev_get_drvdata(pdev->dev.parent); + struct serio *ser_dev; +- char mouse_reset[] = { NVEC_PS2, SEND_COMMAND, PSMOUSE_RST, 3 }; + + ser_dev = devm_kzalloc(&pdev->dev, sizeof(struct serio), GFP_KERNEL); + if (ser_dev == NULL) +@@ -127,9 +126,6 @@ static int nvec_mouse_probe(struct platf + + serio_register_port(ser_dev); + +- /* mouse reset */ +- nvec_write_async(nvec, mouse_reset, sizeof(mouse_reset)); +- + return 0; + } + diff --git a/queue-3.18/revert-staging-nvec-ps2-change-serio-type-to-passthrough.patch b/queue-3.18/revert-staging-nvec-ps2-change-serio-type-to-passthrough.patch new file mode 100644 index 00000000000..8a1d55b4605 --- /dev/null +++ b/queue-3.18/revert-staging-nvec-ps2-change-serio-type-to-passthrough.patch @@ -0,0 +1,49 @@ +From 17c1c9ba15b238ef79b51cf40d855c05b58d5934 Mon Sep 17 00:00:00 2001 +From: Paul Fertser +Date: Thu, 27 Oct 2016 17:22:09 +0300 +Subject: Revert "staging: nvec: ps2: change serio type to passthrough" + +From: Paul Fertser + +commit 17c1c9ba15b238ef79b51cf40d855c05b58d5934 upstream. + +This reverts commit 36b30d6138f4677514aca35ab76c20c1604baaad. + +This is necessary to detect paz00 (ac100) touchpad properly as one +speaking ETPS/2 protocol. Without it X.org's synaptics driver doesn't +work as the touchpad is detected as an ImPS/2 mouse instead. + +Commit ec6184b1c717b8768122e25fe6d312f609cc1bb4 changed the way +auto-detection is performed on ports marked as pass through and made the +issue apparent. + +A pass through port is an additional PS/2 port used to connect a slave +device to a master device that is using PS/2 to communicate with the +host (so slave's PS/2 communication is tunneled over master's PS/2 +link). "Synaptics PS/2 TouchPad Interfacing Guide" describes such a +setup (PS/2 PASS-THROUGH OPTION section). + +Since paz00's embedded controller is not connected to a PS/2 port +itself, the PS/2 interface it exposes is not a pass-through one. + +Signed-off-by: Paul Fertser +Acked-by: Marc Dietrich +Fixes: 36b30d6138f4 ("staging: nvec: ps2: change serio type to passthrough") +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/staging/nvec/nvec_ps2.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/staging/nvec/nvec_ps2.c ++++ b/drivers/staging/nvec/nvec_ps2.c +@@ -111,7 +111,7 @@ static int nvec_mouse_probe(struct platf + if (ser_dev == NULL) + return -ENOMEM; + +- ser_dev->id.type = SERIO_PS_PSTHRU; ++ ser_dev->id.type = SERIO_8042; + ser_dev->write = ps2_sendcommand; + ser_dev->start = ps2_startstreaming; + ser_dev->stop = ps2_stopstreaming; diff --git a/queue-3.18/series b/queue-3.18/series index a4459f9f94f..267e8b4a306 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -43,3 +43,13 @@ net-sctp-forbid-negative-length.patch sctp-validate-chunk-len-before-actually-using-it.patch packet-on-direct_xmit-limit-tso-and-csum-to-supported-devices.patch netlink-do-not-enter-direct-reclaim-from-netlink_dump.patch +asoc-cs4270-fix-dapm-stream-name-mismatch.patch +dib0700-fix-nec-repeat-handling.patch +swapfile-fix-memory-corruption-via-malformed-swapfile.patch +coredump-fix-unfreezable-coredumping-task.patch +staging-iio-ad5933-avoid-uninitialized-variable-in-error-case.patch +drivers-staging-nvec-remove-bogus-reset-command-for-ps-2-interface.patch +revert-staging-nvec-ps2-change-serio-type-to-passthrough.patch +usb-cdc-acm-fix-tiocmiwait.patch +usb-gadget-u_ether-remove-interrupt-throttling.patch +drbd-fix-kernel_sendmsg-usage-potential-null-deref.patch diff --git a/queue-3.18/staging-iio-ad5933-avoid-uninitialized-variable-in-error-case.patch b/queue-3.18/staging-iio-ad5933-avoid-uninitialized-variable-in-error-case.patch new file mode 100644 index 00000000000..495ab22b42c --- /dev/null +++ b/queue-3.18/staging-iio-ad5933-avoid-uninitialized-variable-in-error-case.patch @@ -0,0 +1,86 @@ +From 34eee70a7b82b09dbda4cb453e0e21d460dae226 Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Mon, 24 Oct 2016 17:22:01 +0200 +Subject: staging: iio: ad5933: avoid uninitialized variable in error case + +From: Arnd Bergmann + +commit 34eee70a7b82b09dbda4cb453e0e21d460dae226 upstream. + +The ad5933_i2c_read function returns an error code to indicate +whether it could read data or not. However ad5933_work() ignores +this return code and just accesses the data unconditionally, +which gets detected by gcc as a possible bug: + +drivers/staging/iio/impedance-analyzer/ad5933.c: In function 'ad5933_work': +drivers/staging/iio/impedance-analyzer/ad5933.c:649:16: warning: 'status' may be used uninitialized in this function [-Wmaybe-uninitialized] + +This adds minimal error handling so we only evaluate the +data if it was correctly read. + +Link: https://patchwork.kernel.org/patch/8110281/ +Signed-off-by: Arnd Bergmann +Acked-by: Lars-Peter Clausen +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/staging/iio/impedance-analyzer/ad5933.c | 17 ++++++++++------- + 1 file changed, 10 insertions(+), 7 deletions(-) + +--- a/drivers/staging/iio/impedance-analyzer/ad5933.c ++++ b/drivers/staging/iio/impedance-analyzer/ad5933.c +@@ -647,6 +647,7 @@ static void ad5933_work(struct work_stru + struct iio_dev *indio_dev = i2c_get_clientdata(st->client); + signed short buf[2]; + unsigned char status; ++ int ret; + + mutex_lock(&indio_dev->mlock); + if (st->state == AD5933_CTRL_INIT_START_FREQ) { +@@ -654,19 +655,22 @@ static void ad5933_work(struct work_stru + ad5933_cmd(st, AD5933_CTRL_START_SWEEP); + st->state = AD5933_CTRL_START_SWEEP; + schedule_delayed_work(&st->work, st->poll_time_jiffies); +- mutex_unlock(&indio_dev->mlock); +- return; ++ goto out; + } + +- ad5933_i2c_read(st->client, AD5933_REG_STATUS, 1, &status); ++ ret = ad5933_i2c_read(st->client, AD5933_REG_STATUS, 1, &status); ++ if (ret) ++ goto out; + + if (status & AD5933_STAT_DATA_VALID) { + int scan_count = bitmap_weight(indio_dev->active_scan_mask, + indio_dev->masklength); +- ad5933_i2c_read(st->client, ++ ret = ad5933_i2c_read(st->client, + test_bit(1, indio_dev->active_scan_mask) ? + AD5933_REG_REAL_DATA : AD5933_REG_IMAG_DATA, + scan_count * 2, (u8 *)buf); ++ if (ret) ++ goto out; + + if (scan_count == 2) { + buf[0] = be16_to_cpu(buf[0]); +@@ -678,8 +682,7 @@ static void ad5933_work(struct work_stru + } else { + /* no data available - try again later */ + schedule_delayed_work(&st->work, st->poll_time_jiffies); +- mutex_unlock(&indio_dev->mlock); +- return; ++ goto out; + } + + if (status & AD5933_STAT_SWEEP_DONE) { +@@ -691,7 +694,7 @@ static void ad5933_work(struct work_stru + ad5933_cmd(st, AD5933_CTRL_INC_FREQ); + schedule_delayed_work(&st->work, st->poll_time_jiffies); + } +- ++out: + mutex_unlock(&indio_dev->mlock); + } + diff --git a/queue-3.18/swapfile-fix-memory-corruption-via-malformed-swapfile.patch b/queue-3.18/swapfile-fix-memory-corruption-via-malformed-swapfile.patch new file mode 100644 index 00000000000..4bff3b7753e --- /dev/null +++ b/queue-3.18/swapfile-fix-memory-corruption-via-malformed-swapfile.patch @@ -0,0 +1,45 @@ +From dd111be69114cc867f8e826284559bfbc1c40e37 Mon Sep 17 00:00:00 2001 +From: Jann Horn +Date: Thu, 10 Nov 2016 10:46:19 -0800 +Subject: swapfile: fix memory corruption via malformed swapfile + +From: Jann Horn + +commit dd111be69114cc867f8e826284559bfbc1c40e37 upstream. + +When root activates a swap partition whose header has the wrong +endianness, nr_badpages elements of badpages are swabbed before +nr_badpages has been checked, leading to a buffer overrun of up to 8GB. + +This normally is not a security issue because it can only be exploited +by root (more specifically, a process with CAP_SYS_ADMIN or the ability +to modify a swap file/partition), and such a process can already e.g. +modify swapped-out memory of any other userspace process on the system. + +Link: http://lkml.kernel.org/r/1477949533-2509-1-git-send-email-jann@thejh.net +Signed-off-by: Jann Horn +Acked-by: Kees Cook +Acked-by: Jerome Marchand +Acked-by: Johannes Weiner +Cc: "Kirill A. Shutemov" +Cc: Vlastimil Babka +Cc: Hugh Dickins +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/swapfile.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/mm/swapfile.c ++++ b/mm/swapfile.c +@@ -2184,6 +2184,8 @@ static unsigned long read_swap_header(st + swab32s(&swap_header->info.version); + swab32s(&swap_header->info.last_page); + swab32s(&swap_header->info.nr_badpages); ++ if (swap_header->info.nr_badpages > MAX_SWAP_BADPAGES) ++ return 0; + for (i = 0; i < swap_header->info.nr_badpages; i++) + swab32s(&swap_header->info.badpages[i]); + } diff --git a/queue-3.18/usb-cdc-acm-fix-tiocmiwait.patch b/queue-3.18/usb-cdc-acm-fix-tiocmiwait.patch new file mode 100644 index 00000000000..1a32d7feaf1 --- /dev/null +++ b/queue-3.18/usb-cdc-acm-fix-tiocmiwait.patch @@ -0,0 +1,36 @@ +From 18266403f3fe507f0246faa1d5432333a2f139ca Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Tue, 8 Nov 2016 13:10:57 +0100 +Subject: USB: cdc-acm: fix TIOCMIWAIT + +From: Johan Hovold + +commit 18266403f3fe507f0246faa1d5432333a2f139ca upstream. + +The TIOCMIWAIT implementation would return -EINVAL if any of the three +supported signals were included in the mask. + +Instead of returning an error in case TIOCM_CTS is included, simply +drop the mask check completely, which is in accordance with how other +drivers implement this ioctl. + +Fixes: 5a6a62bdb925 ("cdc-acm: add TIOCMIWAIT") +Signed-off-by: Johan Hovold +Acked-by: Oliver Neukum +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/class/cdc-acm.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/drivers/usb/class/cdc-acm.c ++++ b/drivers/usb/class/cdc-acm.c +@@ -872,8 +872,6 @@ static int wait_serial_change(struct acm + DECLARE_WAITQUEUE(wait, current); + struct async_icount old, new; + +- if (arg & (TIOCM_DSR | TIOCM_RI | TIOCM_CD )) +- return -EINVAL; + do { + spin_lock_irq(&acm->read_lock); + old = acm->oldcount; diff --git a/queue-3.18/usb-gadget-u_ether-remove-interrupt-throttling.patch b/queue-3.18/usb-gadget-u_ether-remove-interrupt-throttling.patch new file mode 100644 index 00000000000..f7d1b8e8e46 --- /dev/null +++ b/queue-3.18/usb-gadget-u_ether-remove-interrupt-throttling.patch @@ -0,0 +1,50 @@ +From fd9afd3cbe404998d732be6cc798f749597c5114 Mon Sep 17 00:00:00 2001 +From: Felipe Balbi +Date: Tue, 1 Nov 2016 13:20:22 +0200 +Subject: usb: gadget: u_ether: remove interrupt throttling +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Felipe Balbi + +commit fd9afd3cbe404998d732be6cc798f749597c5114 upstream. + +According to Dave Miller "the networking stack has a +hard requirement that all SKBs which are transmitted +must have their completion signalled in a fininte +amount of time. This is because, until the SKB is +freed by the driver, it holds onto socket, +netfilter, and other subsystem resources." + +In summary, this means that using TX IRQ throttling +for the networking gadgets is, at least, complex and +we should avoid it for the time being. + +Reported-by: Ville Syrjälä +Tested-by: Ville Syrjälä +Suggested-by: David Miller +Signed-off-by: Felipe Balbi +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/gadget/function/u_ether.c | 8 -------- + 1 file changed, 8 deletions(-) + +--- a/drivers/usb/gadget/function/u_ether.c ++++ b/drivers/usb/gadget/function/u_ether.c +@@ -589,14 +589,6 @@ static netdev_tx_t eth_start_xmit(struct + + req->length = length; + +- /* throttle high/super speed IRQ rate back slightly */ +- if (gadget_is_dualspeed(dev->gadget)) +- req->no_interrupt = (((dev->gadget->speed == USB_SPEED_HIGH || +- dev->gadget->speed == USB_SPEED_SUPER)) && +- !list_empty(&dev->tx_reqs)) +- ? ((atomic_read(&dev->tx_qlen) % dev->qmult) != 0) +- : 0; +- + retval = usb_ep_queue(in, req, GFP_ATOMIC); + switch (retval) { + default: