It turns out that there are broken devices out there that incorrectly
report VID/PID as 0x000, see http://lkml.org/lkml/2007/4/27/496
Therefore we should not confuse users by dumping warnings and stacktraces
in such situation. It is not possible to add quirks for such horribly
broken devices, but currently that's not needed.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Add a 'quirks' module parameter for the usbhid module, so users can
add or modify quirks at module load time.
Signed-off-by: Paul Walmsley <paul@booyaka.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Add internal support for dynamically-allocated HID quirks, "dquirks"
(for "dynamic quirks"). Includes several functions to add/modify quirks
from the list. This code is used by the next patch to implement quirk
modification upon module load.
Signed-off-by: Paul Walmsley <paul@booyaka.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Rename existing quirks handling code that operates over a static array
to "squirks" (short for static quirks) to differentiate it from the
dynamically-allocated quirks that will be introduced in the
next patch. Add an accessor function specifically for static quirks,
usbhid_exists_squirk().
Signed-off-by: Paul Walmsley <paul@booyaka.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Move the USB_VENDOR* and USB_DEVICE* defines and the hid_blacklist[]
array there from hid-core.c. Add
hid-quirks.c:usbhid_lookup_any_quirks() to return quirk information to
hid-core.c. Convert __u32, __u16 types to u32, u16.
Signed-off-by: Paul Walmsley <paul@booyaka.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Add HID_QUIRK_MULTI_INPUT to the EMS USBII (0x0b43/0003) so the kernel detects both joystick
ports properly. Without it you end up with a single joystick node (js0) that combines the
two physical port signals.
Signed-off-by: Paul Zaremba <pez-gpg@treeofice.net>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Some HID devices are looking on the unused bits in the HID reports they
receive. This is violating the specification, but we want to make those
devices work. Well-behaving devices are unaffected, as they don't care
about the unused bits.
If bitsused % 8 is 0 all bits in data[] get used and we don't need to
clear anything. Otherwise (bitsused % 8) bits of the last byte get used.
By shifting 1 for (bitsused % 8) bits and subtracting 1 we create a mask
consisting of (bitsused % 8) ones and remaining zeroes. By ANDing we
clear the upper unused bits.
Signed-off-by: Simon Budig <simon@budig.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This adds support for WiseGroup Quad Joypad (0x0925/0x8800). The
same quirks as for Dual Joypad (0x0925/0x8866) are needed.
Signed-off-by: Sam Liddicott <sam@liddicott.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This patch adds support for Logitech Force 3D Pro Joystick (0x046d/0xc286)
to hid-lgff driver.
Device ID reported by Richard Bolkey <rbolkey@cs.utexas.edu>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
On Dell W7658 keyboard, when BIOS sets NumLock LED on, it survives the
takeover by kernel and thus confuses users.
Eating of an increasibly scarce quirk bit is unfortunate. We do it for safety,
given the history of nervous input devices which crash if anything unusual
happens.
Signed-off-by: Pete Zaitcev <zaitcev@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Logitech MX3000 contains report descriptor which doesn't cover usages
above 0x28c, but emits such usages. Report descriptor needs fixing
in the very same way as with receivers shipped with S510 keyboards.
This patch also adds a few mappings for multimedia keys that S510 didn't
emit.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Logitech S510 keyboard is shipped with USB receivers with various product
ids, all need their report descriptor to be fixed. This adds PID 0xc50c.
Reported by Christophe Colombier in kernel.org bugzilla #7352
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Add HID_QUIRK_HIDDEV for the Belkin Flip USB KVM, which provides for software
control of switching via a HID class interface. It overloads three HID LED
usages, two of which aren't mapped in the ev_dev input subsection, and which it
doesn't make sense to map. In order to force the creation of a hiddev device
for controlling the Flip, this quirk flag is needed.
Signed-off-by: Daniel P. Engel <dengel@sourceharvest.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Belkin Wireless keyboard, model number F8E849KYBD, USB ID 1020:0006,
FCCID: K7SF8E849KYBD emits usages 0x03a-0x03c from Consumer usage page.
As of HUT v1.12, these are marked as reserved. If any conflict arises
later, the mapping could be made conditional on VID/PID.
Signed-off-by: Chris Clayton <chris2553@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This patch adds support for version 1 of Thustmaster firestorm dual power
(0x44f/0xb300).
Signed-off-by: Ronny Peine <RonnyPeine@gmx.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Explicitly specify the size of the hid_blacklist quirks member, to guard
against surprises on architectures where unsigned ints aren't 32 bits long.
Signed-off-by: Paul Walmsley <paul@booyaka.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
The USB HID driver fails to reset its error-retry timeout when there
has been a long time interval between I/O errors with no successful URB
completions in the meantime. As a result, the very next error would
trigger an immediate reset, even if it was a chance event occurring
long after the previous error.
More USB keyboards and mice than one might expect end up getting I/O
errors. Almost always this results from hardware problems of one sort of
another. For example, people attach the device to a USB extension cable,
which degrades the signal. Or they simply have poor quality cables to
begin with. Or they use a KVM switch which doesn't handle USB messages
correctly. Etc...
There have been reports from several users in which these I/O
errors would occur more or less randomly, at intervals ranging from
seconds to minutes. The error-handling code in hid-core.c was originally
meant for situations where a single outage would persist for a few hundred
ms (electromagnetic interference, for example). It didn't work right when
these more sporadic errors occurred, because of a flaw in the logic
which this patch fixes.
This patch (as873) fixes that oversight.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
The vendor/product IDs for the purposes of hid_blacklist got
scathered around the hid-core.c in a rather random way over the
time.
Move all the related definitions at the beginning of the file,
and make them sorted again. Sort also hid_blacklist properly.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Separate usbhid code into dedicated drivers/hid/usbhid directory as
discussed previously with Greg, so that it eases maintaineance process.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Up until this point we've accepted replay window settings greater than
32 but our bit mask can only accomodate 32 packets. Thus any packet
with a sequence number within the window but outside the bit mask would
be accepted.
This patch causes those packets to be rejected instead.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Incoming trancated packets are counted as not only InTruncatedPkts but
also InHdrErrors. They should be counted as InTruncatedPkts only.
Signed-off-by: Mitsuru Chinen <mitch@linux.vnet.ibm.com>
Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
When we receive an AppleTalk frame shorter than what its header says,
we still attempt to verify its checksum, and trip on the BUG_ON() at
the end of function atalk_sum_skb() because of the length mismatch.
This has security implications because this can be triggered by simply
sending a specially crafted ethernet frame to a target victim,
effectively crashing that host. Thus this qualifies, I think, as a
remote DoS. Here is the frame I used to trigger the crash, in npg
format:
<Appletalk Killer>
{
# Ethernet header -----
XX XX XX XX XX XX # Destination MAC
00 00 00 00 00 00 # Source MAC
00 1D # Length
# LLC header -----
AA AA 03
08 00 07 80 9B # Appletalk
# Appletalk header -----
00 1B # Packet length (invalid)
00 01 # Fake checksum
00 00 00 00 # Destination and source networks
00 00 00 00 # Destination and source nodes and ports
# Payload -----
0C 0D 0E 0F 10 11 12 13
14
}
The destination MAC address must be set to those of the victim.
The severity is mitigated by two requirements:
* The target host must have the appletalk kernel module loaded. I
suspect this isn't so frequent.
* AppleTalk frames are non-IP, thus I guess they can only travel on
local networks. I am no network expert though, maybe it is possible
to somehow encapsulate AppleTalk packets over IP.
The bug has been reported back in June 2004:
http://bugzilla.kernel.org/show_bug.cgi?id=2979
But it wasn't investigated, and was closed in July 2006 as both
reporters had vanished meanwhile.
This code was new in kernel 2.6.0-test5:
http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=7ab442d7e0a76402c12553ee256f756097cae2d2
And not modified since then, so we can assume that vanilla kernels
2.6.0-test5 and later, and distribution kernels based thereon, are
affected.
Note that I still do not know for sure what triggered the bug in the
real-world cases. The frame could have been corrupted by the kernel if
we have a bug hiding somewhere. But more likely, we are receiving the
faulty frame from the network.
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Just a one-byter for an ia64 thinko/typo - already fixed for i386 and x86_64.
Acked-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/tc/zs.c:73:24: error: asm/dec/tc.h: No such file or directory
Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Acked-by: Maciej W. Rozycki <macro@linux-mips.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
In debugging a problem w/ the -rt tree, I noticed that on systems that mark
the tsc as unstable before it is registered, the TSC would still be
selected and used for a short period of time. Digging in it looks to be a
result of the mix of the clocksource list changes and my clocksource
initialization changes.
With the -rt tree, using a bad TSC, even for a short period of time can
results in a hang at boot. I was not able to reproduce this hang w/
mainline, but I'm not completely certain that someone won't trip on it.
This patch resolves the issue by initializing the jiffies clocksource
earlier so a bad TSC won't get selected just because nothing else is yet
registered.
Signed-off-by: John Stultz <johnstul@us.ibm.com>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This patch adds initialization of drv->cylinders back into the failing case in
cciss_geometry_inquiry. I inadvertently removed it in one my 2TB updates.
Signed-off-by: Mike Miller <mike.miller@hp.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Revert all this. It can cause device-mapper to receive a different major from
earlier kernels and it turns out that the Amanda backup program (via GNU tar,
apparently) checks major numbers on files when performing incremental backups.
Which is a bit broken of Amanda (or tar), but this feature isn't important
enough to justify the churn.
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fix a bug in the swsusp's memory shrinker that causes some systems using
highmem to refuse to suspend to disk if image_size is set above 1/2 of
available RAM.
Special thanks to Jiri Slaby for reporting the problem and assistance in
debugging it.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Jiri Slaby <jirislaby@gmail.com>
Cc: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The return value of kernel_recvmsg() should be assigned to "err", not
compared with the random value of a never initialized "err" (and the "< 0"
check wrongly always returned false since == comparisons never have a
result < 0).
Spotted by the Coverity checker.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Acked-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
A device can be removed from an md array via e.g.
echo remove > /sys/block/md3/md/dev-sde/state
This will try to remove the 'dev-sde' subtree which will deadlock
since
commit e7b0d26a86
With this patch we run the kobject_del via schedule_work so as to
avoid the deadlock.
Cc: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This patch adds 2 missing symbol exports: jiffies_to_timeval() and
timeval_to_jiffies(). The (not yet merged) dm-raid4-5 module will need
them, and they used to be indirectly exported by virtue of being inline
functions.
Commit 8b9365d753 ("[PATCH] Uninline
jiffies.h functions") uninlined them, and thus modules now need them
explicitly exported to use them.
Signed-off-by: Thomas Bittermann <t.bittermann@online.de>
Acked-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Ingo Molnar <mingo@elte.hu>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: john stultz <johnstul@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6:
[S390] cio: Fix handling of interrupt for csch().
[S390] page_mkclean data corruption.
The generic networking code ensures that no two networking devices
have the same name, so there is no time except when sysfs has
implementation bugs that device_rename when called from
dev_change_name will fail.
The current error handling for errors from device_rename in
dev_change_name is wrong and results in an unusable and unrecoverable
network device if device_rename is happens to return an error.
This patch removes the buggy error handling. Which confines the mess
when device_rename hits a problem to sysfs, instead of propagating it
the rest of the network stack. Making linux a little more robust.
Without this patch you can observe what happens when sysfs has a bug
when CONFIG_SYSFS_DEPRECATED is not set and you attempt to rename
a real network device to a name like (broken_parity_status, device,
modalias, power, resource2, subsystem_vendor, class, driver, irq,
msi_bus, resource, subsystem, uevent, config, enable, local_cpus,
numa_node, resource0, subsystem_device, vendor)
Greg has a patch that fixes the sysfs bugs but he doesn't trust it
for a 2.6.21 timeframe. This patch which just ignores errors should
be safe and it keeps the system from going completely wacky.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mention the slab name when listing corrupt objects. Although the function
that released the memory is mentioned, that is frequently ambiguous as such
functions often release several pieces of memory.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
libata: Limit ATAPI DMA to R/W commands only for TORiSAN DVD drives (take 3)
libata: Limit max sector to 128 for TORiSAN DVD drives (take 3)
libata: Clear tf before doing request sense (take 3)
libata: reorder HSM_ST_FIRST for easier decoding (take 3)
libata bugfix: preserve LBA bit for HDIO_DRIVE_TASK
2.6.21 fix lba48 bug in libata fill_result_tf()
This adds some NCQ blacklist entries taken from the Silicon Image 3124/3132
Windows driver .inf files. There are some confirming reports of problems
with these drives under Linux (for example http://lkml.org/lkml/2007/3/4/178)
so let's disable NCQ on these drives.
[ I'm personally starting to wonder whether we shouldn't disable NCQ by
default, and perhaps have a white-list. There seems to be a *lot* of
drives that do this wrong.. - Linus ]
Signed-off-by: Robert Hancock <hancockr@shaw.ca>
Acked-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6:
r8169: fix suspend/resume for down interface
r8169: issue request_irq after the private data are completely initialized
b44: fix IFF_ALLMULTI handling of CAM slots
cxgb3 - Firwmare update
cxgb3 - Tighten xgmac workaround
cxgb3 - detect NIC only adapters
cxgb3 - Safeguard TCAM size usage
Wipe internal irb if the clear function bit is set before accumulating
bits from the irb in order to follow hardware behaviour.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
The git commit c2fda5fed8 which
added the page_test_and_clear_dirty call to page_mkclean and the
git commit 7658cc2892 which fixes
the "nasty and subtle race in shared mmap'ed page writeback"
problem in clear_page_dirty_for_io cause data corruption on s390.
The effect of the two changes is that for every call to
clear_page_dirty_for_io a page_test_and_clear_dirty is done. If
the per page dirty bit is set set_page_dirty is called. Strangly
clear_page_dirty_for_io is called for not-uptodate pages, e.g.
over this call-chain:
[<000000000007c0f2>] clear_page_dirty_for_io+0x12a/0x130
[<000000000007c494>] generic_writepages+0x258/0x3e0
[<000000000007c692>] do_writepages+0x76/0x7c
[<00000000000c7a26>] __writeback_single_inode+0xba/0x3e4
[<00000000000c831a>] sync_sb_inodes+0x23e/0x398
[<00000000000c8802>] writeback_inodes+0x12e/0x140
[<000000000007b9ee>] wb_kupdate+0xd2/0x178
[<000000000007cca2>] pdflush+0x162/0x23c
The bad news now is that page_test_and_clear_dirty might claim
that a not-uptodate page is dirty since SetPageUptodate which
resets the per page dirty bit has not yet been called. The page
writeback that follows clobbers the data on disk.
The simplest solution to this problem is to move the call to
page_test_and_clear_dirty under the "if (page_mapped(page))".
If a file backed page is mapped it is uptodate.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
patch 4/4:
Limit ATAPI DMA to R/W commands only for TORiSAN DRD-N216 DVD-ROM drives
(http://bugzilla.kernel.org/show_bug.cgi?id=6710)
Signed-off-by: Albert Lee <albertcc@tw.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
patch 3/4:
The TORiSAN drive locks up when max sector == 256.
Limit max sector to 128 for the TORiSAN DRD-N216 drives.
(http://bugzilla.kernel.org/show_bug.cgi?id=6710)
Signed-off-by: Albert Lee <albertcc@tw.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
patch 2/4:
Clear tf before doing request sense.
This fixes the AOpen 56X/AKH timeout problem.
(http://bugzilla.kernel.org/show_bug.cgi?id=8244)
Signed-off-by: Albert Lee <albertcc@tw.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
patch 1/4:
Reorder HSM_ST_FIRST, such that the task state transition is easier decoded with human eyes.
Signed-off-by: Albert Lee <albertcc@tw.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Preserve the LBA bit in the DevSel/Head register for HDIO_DRIVE_TASK.
Signed-off-by: Mark Lord <mlord@pobox.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Current 2.6.21 libata does the following:
void ata_tf_read(struct ata_port *ap, struct ata_taskfile *tf)
{
struct ata_ioports *ioaddr = &ap->ioaddr;
tf->command = ata_check_status(ap);
...
if (tf->flags & ATA_TFLAG_LBA48) {
iowrite8(tf->ctl | ATA_HOB, ioaddr->ctl_addr);
tf->hob_feature = ioread8(ioaddr->error_addr);
...
}
}
...
static void fill_result_tf(struct ata_queued_cmd *qc)
{
struct ata_port *ap = qc->ap;
ap->ops->tf_read(ap, &qc->result_tf);
qc->result_tf.flags = qc->tf.flags;
}
Based on this, those last two statements fill_result_tf()
appear to me to be in the wrong order, in that the tf->flags
are uninitialized at the point where tf_read() is invoked.
So for lba48 commands, tf_read() won't be reading back the
full lba48 register contents..
Correct?
This patch corrects fill_result_tf() so that the flags
get copied to result_tf before they are used by tf_read().
Signed-off-by: Mark Lord <mlord@pobox.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
The PM hooks are no-op if the r8169 interface is down (i.e. !IFF_UP).
However, as the chipset is enabled, the device will not work after a
suspend/resume cycle. The patch always issue the required PCI suspend
sequence and removes the module unload/reload workaround.
Signed-off-by: Arnaud Patard <apatard@mandriva.com>
Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
