Merge tag 'usb-5.4-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

+3 -1

drivers/usb/cdns3/core.c

··· 166 166 goto err; 167 167 168 168 switch (cdns->dr_mode) { 169 - case USB_DR_MODE_UNKNOWN: 170 169 case USB_DR_MODE_OTG: 171 170 ret = cdns3_hw_role_switch(cdns); 172 171 if (ret) ··· 181 182 if (ret) 182 183 goto err; 183 184 break; 185 + default: 186 + ret = -EINVAL; 187 + goto err; 184 188 } 185 189 186 190 return ret;

+20 -15

drivers/usb/cdns3/gadget.c

··· 1145 1145 request = cdns3_next_request(&priv_ep->pending_req_list); 1146 1146 priv_req = to_cdns3_request(request); 1147 1147 1148 + trb = priv_ep->trb_pool + priv_ep->dequeue; 1149 + 1150 + /* Request was dequeued and TRB was changed to TRB_LINK. */ 1151 + if (TRB_FIELD_TO_TYPE(trb->control) == TRB_LINK) { 1152 + trace_cdns3_complete_trb(priv_ep, trb); 1153 + cdns3_move_deq_to_next_trb(priv_req); 1154 + } 1155 + 1148 1156 /* Re-select endpoint. It could be changed by other CPU during 1149 1157 * handling usb_gadget_giveback_request. 1150 1158 */ ··· 2075 2067 struct usb_request *req, *req_temp; 2076 2068 struct cdns3_request *priv_req; 2077 2069 struct cdns3_trb *link_trb; 2070 + u8 req_on_hw_ring = 0; 2078 2071 unsigned long flags; 2079 2072 int ret = 0; 2080 2073 ··· 2092 2083 2093 2084 list_for_each_entry_safe(req, req_temp, &priv_ep->pending_req_list, 2094 2085 list) { 2095 - if (request == req) 2086 + if (request == req) { 2087 + req_on_hw_ring = 1; 2096 2088 goto found; 2089 + } 2097 2090 } 2098 2091 2099 2092 list_for_each_entry_safe(req, req_temp, &priv_ep->deferred_req_list, ··· 2107 2096 goto not_found; 2108 2097 2109 2098 found: 2110 - 2111 - if (priv_ep->wa1_trb == priv_req->trb) 2112 - cdns3_wa1_restore_cycle_bit(priv_ep); 2113 - 2114 2099 link_trb = priv_req->trb; 2115 - cdns3_move_deq_to_next_trb(priv_req); 2116 - cdns3_gadget_giveback(priv_ep, priv_req, -ECONNRESET); 2117 2100 2118 - /* Update ring */ 2119 - request = cdns3_next_request(&priv_ep->deferred_req_list); 2120 - if (request) { 2121 - priv_req = to_cdns3_request(request); 2122 - 2101 + /* Update ring only if removed request is on pending_req_list list */ 2102 + if (req_on_hw_ring) { 2123 2103 link_trb->buffer = TRB_BUFFER(priv_ep->trb_pool_dma + 2124 2104 (priv_req->start_trb * TRB_SIZE)); 2125 2105 link_trb->control = (link_trb->control & TRB_CYCLE) | 2126 - TRB_TYPE(TRB_LINK) | TRB_CHAIN | TRB_TOGGLE; 2127 - } else { 2128 - priv_ep->flags |= EP_UPDATE_EP_TRBADDR; 2106 + TRB_TYPE(TRB_LINK) | TRB_CHAIN; 2107 + 2108 + if (priv_ep->wa1_trb == priv_req->trb) 2109 + cdns3_wa1_restore_cycle_bit(priv_ep); 2129 2110 } 2111 + 2112 + cdns3_gadget_giveback(priv_ep, priv_req, -ECONNRESET); 2130 2113 2131 2114 not_found: 2132 2115 spin_unlock_irqrestore(&priv_dev->lock, flags);

+3 -1

drivers/usb/class/usblp.c

··· 445 445 kfree(usblp->readbuf); 446 446 kfree(usblp->device_id_string); 447 447 kfree(usblp->statusbuf); 448 + usb_put_intf(usblp->intf); 448 449 kfree(usblp); 449 450 } 450 451 ··· 1114 1113 init_waitqueue_head(&usblp->wwait); 1115 1114 init_usb_anchor(&usblp->urbs); 1116 1115 usblp->ifnum = intf->cur_altsetting->desc.bInterfaceNumber; 1117 - usblp->intf = intf; 1116 + usblp->intf = usb_get_intf(intf); 1118 1117 1119 1118 /* Malloc device ID string buffer to the largest expected length, 1120 1119 * since we can re-query it on an ioctl and a dynamic string ··· 1199 1198 kfree(usblp->readbuf); 1200 1199 kfree(usblp->statusbuf); 1201 1200 kfree(usblp->device_id_string); 1201 + usb_put_intf(usblp->intf); 1202 1202 kfree(usblp); 1203 1203 abort_ret: 1204 1204 return retval;

+3 -3

drivers/usb/gadget/udc/lpc32xx_udc.c

··· 1177 1177 tmp = readl(USBD_RXDATA(udc->udp_baseaddr)); 1178 1178 1179 1179 bl = bytes - n; 1180 - if (bl > 3) 1181 - bl = 3; 1180 + if (bl > 4) 1181 + bl = 4; 1182 1182 1183 1183 for (i = 0; i < bl; i++) 1184 - data[n + i] = (u8) ((tmp >> (n * 8)) & 0xFF); 1184 + data[n + i] = (u8) ((tmp >> (i * 8)) & 0xFF); 1185 1185 } 1186 1186 break; 1187 1187

+12 -11

drivers/usb/misc/ldusb.c

··· 380 380 goto exit; 381 381 } 382 382 383 - if (mutex_lock_interruptible(&dev->mutex)) { 384 - retval = -ERESTARTSYS; 385 - goto exit; 386 - } 383 + mutex_lock(&dev->mutex); 387 384 388 385 if (dev->open_count != 1) { 389 386 retval = -ENODEV; ··· 464 467 465 468 /* wait for data */ 466 469 spin_lock_irq(&dev->rbsl); 467 - if (dev->ring_head == dev->ring_tail) { 470 + while (dev->ring_head == dev->ring_tail) { 468 471 dev->interrupt_in_done = 0; 469 472 spin_unlock_irq(&dev->rbsl); 470 473 if (file->f_flags & O_NONBLOCK) { ··· 474 477 retval = wait_event_interruptible(dev->read_wait, dev->interrupt_in_done); 475 478 if (retval < 0) 476 479 goto unlock_exit; 477 - } else { 478 - spin_unlock_irq(&dev->rbsl); 480 + 481 + spin_lock_irq(&dev->rbsl); 479 482 } 483 + spin_unlock_irq(&dev->rbsl); 480 484 481 485 /* actual_buffer contains actual_length + interrupt_in_buffer */ 482 486 actual_buffer = (size_t *)(dev->ring_buffer + dev->ring_tail * (sizeof(size_t)+dev->interrupt_in_endpoint_size)); 487 + if (*actual_buffer > dev->interrupt_in_endpoint_size) { 488 + retval = -EIO; 489 + goto unlock_exit; 490 + } 483 491 bytes_to_read = min(count, *actual_buffer); 484 492 if (bytes_to_read < *actual_buffer) 485 493 dev_warn(&dev->intf->dev, "Read buffer overflow, %zd bytes dropped\n", ··· 695 693 dev_warn(&intf->dev, "Interrupt out endpoint not found (using control endpoint instead)\n"); 696 694 697 695 dev->interrupt_in_endpoint_size = usb_endpoint_maxp(dev->interrupt_in_endpoint); 698 - dev->ring_buffer = 699 - kmalloc_array(ring_buffer_size, 700 - sizeof(size_t) + dev->interrupt_in_endpoint_size, 701 - GFP_KERNEL); 696 + dev->ring_buffer = kcalloc(ring_buffer_size, 697 + sizeof(size_t) + dev->interrupt_in_endpoint_size, 698 + GFP_KERNEL); 702 699 if (!dev->ring_buffer) 703 700 goto error; 704 701 dev->interrupt_in_buffer = kmalloc(dev->interrupt_in_endpoint_size, GFP_KERNEL);

+2 -5

drivers/usb/misc/legousbtower.c

··· 419 419 goto exit; 420 420 } 421 421 422 - if (mutex_lock_interruptible(&dev->lock)) { 423 - retval = -ERESTARTSYS; 424 - goto exit; 425 - } 422 + mutex_lock(&dev->lock); 426 423 427 424 if (dev->open_count != 1) { 428 425 dev_dbg(&dev->udev->dev, "%s: device not opened exactly once\n", ··· 878 881 get_version_reply, 879 882 sizeof(*get_version_reply), 880 883 1000); 881 - if (result < sizeof(*get_version_reply)) { 884 + if (result != sizeof(*get_version_reply)) { 882 885 if (result >= 0) 883 886 result = -EIO; 884 887 dev_err(idev, "get version request failed: %d\n", result);

+4 -8

drivers/usb/serial/ti_usb_3410_5052.c

··· 776 776 struct ti_port *tport; 777 777 int port_number; 778 778 int status; 779 - int do_unlock; 780 779 unsigned long flags; 781 780 782 781 tdev = usb_get_serial_data(port->serial); ··· 799 800 "%s - cannot send close port command, %d\n" 800 801 , __func__, status); 801 802 802 - /* if mutex_lock is interrupted, continue anyway */ 803 - do_unlock = !mutex_lock_interruptible(&tdev->td_open_close_lock); 804 - --tport->tp_tdev->td_open_port_count; 805 - if (tport->tp_tdev->td_open_port_count <= 0) { 803 + mutex_lock(&tdev->td_open_close_lock); 804 + --tdev->td_open_port_count; 805 + if (tdev->td_open_port_count == 0) { 806 806 /* last port is closed, shut down interrupt urb */ 807 807 usb_kill_urb(port->serial->port[0]->interrupt_in_urb); 808 - tport->tp_tdev->td_open_port_count = 0; 809 808 } 810 - if (do_unlock) 811 - mutex_unlock(&tdev->td_open_close_lock); 809 + mutex_unlock(&tdev->td_open_close_lock); 812 810 } 813 811 814 812

Configure Feed

Configure Feed