--- /dev/null
+From 3c0390e1a6d8a5d0cdae57959f0be37a236b474d Mon Sep 17 00:00:00 2001
+From: John Heffner <jheffner@napa.(none)>
+Date: Fri, 25 Apr 2008 01:43:57 -0700
+Subject: [PATCH] [TCP]: Increase the max_burst threshold from 3 to tp->reordering.
+
+From: John Heffner <jheffner@napa.(none)>
+
+[ Upstream commit: dd9e0dda66ba38a2ddd1405ac279894260dc5c36 ]
+
+This change is necessary to allow cwnd to grow during persistent
+reordering. Cwnd moderation is applied when in the disorder state
+and an ack that fills the hole comes in. If the hole was greater
+than 3 packets, but less than tp->reordering, cwnd will shrink when
+it should not have.
+
+Signed-off-by: John Heffner <jheffner@napa.(none)>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/net/tcp.h | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/include/net/tcp.h
++++ b/include/net/tcp.h
+@@ -775,11 +775,14 @@ extern void tcp_enter_cwr(struct sock *s
+ extern __u32 tcp_init_cwnd(struct tcp_sock *tp, struct dst_entry *dst);
+
+ /* Slow start with delack produces 3 packets of burst, so that
+- * it is safe "de facto".
++ * it is safe "de facto". This will be the default - same as
++ * the default reordering threshold - but if reordering increases,
++ * we must be able to allow cwnd to burst at least this much in order
++ * to not pull it back when holes are filled.
+ */
+ static __inline__ __u32 tcp_max_burst(const struct tcp_sock *tp)
+ {
+- return 3;
++ return tp->reordering;
+ }
+
+ /* RFC2861 Check whether we are limited by application or congestion window
--- /dev/null
+From stable-bounces@linux.kernel.org Wed Apr 23 03:16:00 2008
+From: David Woodhouse <dwmw2@infradead.org>
+Date: Wed, 23 Apr 2008 11:15:35 +0100
+Subject: JFFS2: Fix free space leak with in-band cleanmarkers
+To: stable@kernel.org
+Cc: Martin Creutziger <martin.creutziger@barco.com>, Damir Shayhutdinov <lost404@gmail.com>, linux-mtd <linux-mtd@lists.infradead.org>
+Message-ID: <1208945735.9212.775.camel@pmac.infradead.org>
+
+From: David Woodhouse <dwmw2@infradead.org>
+
+We were accounting for the cleanmarker by calling jffs2_link_node_ref()
+(without locking!), which adjusted both superblock and per-eraseblock
+accounting, subtracting the size of the cleanmarker from {jeb,c}->free_size
+and adding it to {jeb,c}->used_size.
+
+But only _then_ were we adding the size of the newly-erased block back
+to the superblock counts, and we were adding each of jeb->{free,used}_size
+to the corresponding superblock counts. Thus, the size of the cleanmarker
+was effectively subtracted from the superblock's free_size _twice_.
+
+Fix this, by always adding a full eraseblock size to c->free_size when
+we've erased a block. And call jffs2_link_node_ref() under the proper
+lock, while we're at it.
+
+Thanks to Alexander Yurchenko and/or Damir Shayhutdinov for (almost)
+pinpointing the problem.
+
+[Backport of commit 014b164e1392a166fe96e003d2f0e7ad2e2a0bb7]
+
+Signed-off-by: David Woodhouse <dwmw2@infradead.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/jffs2/erase.c | 18 ++++++++----------
+ 1 file changed, 8 insertions(+), 10 deletions(-)
+
+--- a/fs/jffs2/erase.c
++++ b/fs/jffs2/erase.c
+@@ -419,9 +419,6 @@ static void jffs2_mark_erased_block(stru
+ if (jffs2_write_nand_cleanmarker(c, jeb))
+ goto filebad;
+ }
+-
+- /* Everything else got zeroed before the erase */
+- jeb->free_size = c->sector_size;
+ } else {
+
+ struct kvec vecs[1];
+@@ -449,18 +446,19 @@ static void jffs2_mark_erased_block(stru
+
+ goto filebad;
+ }
+-
+- /* Everything else got zeroed before the erase */
+- jeb->free_size = c->sector_size;
+- /* FIXME Special case for cleanmarker in empty block */
+- jffs2_link_node_ref(c, jeb, jeb->offset | REF_NORMAL, c->cleanmarker_size, NULL);
+ }
++ /* Everything else got zeroed before the erase */
++ jeb->free_size = c->sector_size;
+
+ down(&c->erase_free_sem);
+ spin_lock(&c->erase_completion_lock);
++
+ c->erasing_size -= c->sector_size;
+- c->free_size += jeb->free_size;
+- c->used_size += jeb->used_size;
++ c->free_size += c->sector_size;
++
++ /* Account for cleanmarker now, if it's in-band */
++ if (c->cleanmarker_size && !jffs2_cleanmarker_oob(c))
++ jffs2_link_node_ref(c, jeb, jeb->offset | REF_NORMAL, c->cleanmarker_size, NULL);
+
+ jffs2_dbg_acct_sanity_check_nolock(c,jeb);
+ jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
--- /dev/null
+usb-gadget-queue-usb-usb_cdc_get_encapsulated_response-message.patch
+jffs2-fix-free-space-leak-with-in-band-cleanmarkers.patch
+increase-the-max_burst-threshold-from-3-to-tp-reordering.patch
+usb-remove-broken-usb-serial-num_endpoints-check.patch
+v4l-fix-vidiocgap-corruption-in-ivtv.patch
+v4l-cx88-enable-radio-gpio-correctly.patch
--- /dev/null
+From 41566bcf35a8b23ce4715dadb5acfd1098c1d3e4 Mon Sep 17 00:00:00 2001
+From: Jan Altenberg <jan.altenberg@linutronix.de>
+Date: Tue, 19 Feb 2008 01:44:50 +0100
+Subject: USB: gadget: queue usb USB_CDC_GET_ENCAPSULATED_RESPONSE message
+Message-ID: <48114132.3040307@gmail.com>
+
+From: Jan Altenberg <jan.altenberg@linutronix.de>
+
+backport of 41566bcf35a8b23ce4715dadb5acfd1098c1d3e4
+
+commit 0cf4f2de0a0f4100795f38ef894d4910678c74f8 introduced a bug, which
+prevents sending an USB_CDC_GET_ENCAPSULATED_RESPONSE message. This
+breaks the RNDIS initialization (especially / only Windoze machines
+dislike this behavior...).
+
+Signed-off-by: Benedikt Spranger <b.spranger@linutronix.de>
+Signed-off-by: Jan Altenberg <jan.altenberg@linutronix.de>
+Acked-by: David Brownell <dbrownell@users.sourceforge.net>
+Cc: Vernon Sauder <vernoninhand@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/gadget/ether.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/usb/gadget/ether.c
++++ b/drivers/usb/gadget/ether.c
+@@ -1561,6 +1561,7 @@ done_set_intf:
+ memcpy(req->buf, buf, n);
+ req->complete = rndis_response_complete;
+ rndis_free_response(dev->rndis_config, buf);
++ value = n;
+ }
+ /* else stalls ... spec says to avoid that */
+ }
--- /dev/null
+From stable-bounces@linux.kernel.org Wed Apr 16 20:05:44 2008
+From: Greg Kroah-Hartman <gregkh@suse.de>
+Date: Thu, 17 Apr 2008 03:05:15 GMT
+Subject: USB: remove broken usb-serial num_endpoints check
+To: jejb@kernel.org, stable@kernel.org
+Message-ID: <200804170305.m3H35F2h025133@hera.kernel.org>
+
+From: Greg Kroah-Hartman <gregkh@suse.de>
+
+commit: 07c3b1a1001614442c665570942a3107a722c314
+
+The num_interrupt_in, num_bulk_in, and other checks in the usb-serial
+code are just wrong, there are too many different devices out there with
+different numbers of endpoints. We need to just be sticking with the
+device ids instead of trying to catch this kind of thing. It broke too
+many different devices.
+
+This fixes a large number of usb-serial devices to get them working
+properly again.
+
+
+Cc: Oliver Neukum <oliver@neukum.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/serial/usb-serial.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/usb/serial/usb-serial.c
++++ b/drivers/usb/serial/usb-serial.c
+@@ -844,6 +844,7 @@ int usb_serial_probe(struct usb_interfac
+ serial->num_interrupt_in = num_interrupt_in;
+ serial->num_interrupt_out = num_interrupt_out;
+
++#if 0
+ /* check that the device meets the driver's requirements */
+ if ((type->num_interrupt_in != NUM_DONT_CARE &&
+ type->num_interrupt_in != num_interrupt_in)
+@@ -857,6 +858,7 @@ int usb_serial_probe(struct usb_interfac
+ kfree(serial);
+ return -EIO;
+ }
++#endif
+
+ /* found all that we need */
+ dev_info(&interface->dev, "%s converter detected\n",
--- /dev/null
+From stable-bounces@linux.kernel.org Thu Apr 24 17:53:24 2008
+From: Steven Toth <stoth@hauppauge.com>
+Date: Thu, 24 Apr 2008 20:52:42 -0400
+Subject: V4L: cx88: enable radio GPIO correctly
+To: stable@kernel.org
+Cc: Steven Toth <stoth@hauppauge.com>, v4l-dvb maintainer list <v4l-dvb-maintainer@linuxtv.org>, Mauro Carvalho Chehab <mchehab@infradead.org>
+Message-ID: <48112B5A.9070106@linuxtv.org>
+
+
+From: Steven Toth <stoth@hauppauge.com>
+
+This patch fixes an issue on the HVR1300, where GPIO is blown away due to
+the radio input being undefined, breaking the functionality of the DVB
+demodulator and MPEG2 encoder used on the cx8802 mpeg TS port.
+
+This is a minimal patch for 2.6.26 and the -stable series. This must be
+fixed a better way for 2.6.27.
+
+Signed-off-by: Steven Toth <stoth@hauppauge.com>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
+Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
+(cherry picked from commit 6b92b3bd7ac91b7e255541f4be9bfd55b12dae41)
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/media/video/cx88/cx88-cards.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/media/video/cx88/cx88-cards.c
++++ b/drivers/media/video/cx88/cx88-cards.c
+@@ -1349,6 +1349,10 @@ static const struct cx88_board cx88_boar
+ }},
+ /* fixme: Add radio support */
+ .mpeg = CX88_MPEG_DVB | CX88_MPEG_BLACKBIRD,
++ .radio = {
++ .type = CX88_RADIO,
++ .gpio0 = 0xe780,
++ },
+ },
+ [CX88_BOARD_ADSTECH_PTV_390] = {
+ .name = "ADS Tech Instant Video PCI",
--- /dev/null
+From stable-bounces@linux.kernel.org Thu Apr 24 17:53:04 2008
+From: Alan Cox <alan@lxorguk.ukuu.org.uk>
+Date: Thu, 24 Apr 2008 20:52:26 -0400
+Subject: V4L: Fix VIDIOCGAP corruption in ivtv
+To: stable@kernel.org
+Cc: Alan Cox <alan@redhat.com>, Hans Verkuil <hverkuil@xs4all.nl>, v4l-dvb maintainer list <v4l-dvb-maintainer@linuxtv.org>, Mauro Carvalho Chehab <mchehab@infradead.org>
+Message-ID: <48112B4A.6080801@linuxtv.org>
+
+
+From: Alan Cox <alan@lxorguk.ukuu.org.uk>
+
+Frank Bennett reported that ivtv was causing skype to crash. With help
+from one of their developers he showed it was a kernel problem.
+VIDIOCGCAP copies a name into a fixed length buffer - ivtv uses names
+that are too long and does not truncate them so corrupts a few bytes of
+the app data area.
+
+Possibly the names also want trimming but for now this should fix the
+corruption case.
+
+Signed-off-by: Alan Cox <alan@redhat.com>
+Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
+Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
+(cherry picked from commit d2b213f7b76f187c4391079c7581d3a08b940133)
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/media/video/ivtv/ivtv-ioctl.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/media/video/ivtv/ivtv-ioctl.c
++++ b/drivers/media/video/ivtv/ivtv-ioctl.c
+@@ -727,7 +727,8 @@ int ivtv_v4l2_ioctls(struct ivtv *itv, s
+
+ memset(vcap, 0, sizeof(*vcap));
+ strcpy(vcap->driver, IVTV_DRIVER_NAME); /* driver name */
+- strcpy(vcap->card, itv->card_name); /* card type */
++ strncpy(vcap->card, itv->card_name,
++ sizeof(vcap->card)-1); /* card type */
+ strcpy(vcap->bus_info, pci_name(itv->dev)); /* bus info... */
+ vcap->version = IVTV_DRIVER_VERSION; /* version */
+ vcap->capabilities = itv->v4l2_cap; /* capabilities */
projects / thirdparty / kernel / stable-queue.git / commitdiff
