Skip to content
Commits on Apr 22, 2007
  1. @AdrianBunk

    Linux 2.6.16.49

    AdrianBunk committed Apr 23, 2007
Commits on Apr 20, 2007
  1. @AdrianBunk

    Linux 2.6.16.49-rc1

    AdrianBunk committed Apr 21, 2007
  2. @aristeu @AdrianBunk

    tty_io: fix race in master pty close/slave pty close path

    This patch fixes a possible race that leads to double freeing an idr index.
     When the master begin to close, release_dev() is called and then
    pty_close() is called:
    
            if (tty->driver->close)
                    tty->driver->close(tty, filp);
    
    This is done without helding any locks other than BKL.  Inside pty_close(),
    being a master close, the devpts entry will be removed:
    
    #ifdef CONFIG_UNIX98_PTYS
                    if (tty->driver == ptm_driver)
                            devpts_pty_kill(tty->index);
    #endif
    
    But devpts_pty_kill() will call get_node() that may sleep while waiting for
    &devpts_root->d_inode->i_sem.  When this happens and the slave is being
    opened, tty_open() just found the driver and index:
    
            driver = get_tty_driver(device, &index);
            if (!driver) {
                    mutex_unlock(&tty_mutex);
                    return -ENODEV;
            }
    
    This part of the code is already protected under tty_mute.  The problem is
    that the slave close already got an index.  Then init_dev() is called and
    blocks waiting for the same &devpts_root->d_inode->i_sem.
    
    When the master close resumes, it removes the devpts entry, and the
    relation between idr index and the tty is gone.  The master then sleeps
    waiting for the tty_mutex on release_dev().
    
    Slave open resumes and found no tty for that index.  As result, a NULL tty
    is returned and init_dev() doesn't flow to fast_track:
    
            /* check whether we're reopening an existing tty */
            if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
                    tty = devpts_get_tty(idx);
                    if (tty && driver->subtype == PTY_TYPE_MASTER)
                            tty = tty->link;
            } else {
                    tty = driver->ttys[idx];
            }
            if (tty) goto fast_track;
    
    The result of this, is that a new tty will be created and init_dev() returns
    sucessfull. After returning, tty_mutex is dropped and master close may resume.
    
    Master close finds it's the only use and both sides are closing, then releases
    the tty and the index. At this point, the idr index is free, but slave still
    has it.
    
    Slave open then calls pty_open() and finds that tty->link->count is 0,
    because there's no master and returns error.  Then tty_open() calls
    release_dev() which executes without any warning, as it was a case of last
    slave close when the master is already closed (master->count == 0,
    slave->count == 1).  The tty is then released with the already released idr
    index.
    
    This normally would only issue a warning on idr_remove() but in case of a
    customer's critical application, it's never too simple:
    
    thread1: opens master, gets index X
    thread1: begin closing master
    thread2: begin opening slave with index X
    thread1: finishes closing master, index X released
    thread3: opens master, gets index X, just released
    thread2: fails opening slave, releases index X         <----
    thread4: opens master, gets index X, init_dev() then find an already in use
             and healthy tty and fails
    
    If no more indexes are released, ptmx_open() will keep failing, as the
    first free index available is X, and it will make init_dev() fail because
    you're trying to "reopen a master" which isn't valid.
    
    The patch notices when this race happens and make init_dev() fail
    imediately.  The init_dev() function is called with tty_mutex held, so it's
    safe to continue with tty till the end of function because release_dev()
    won't make any further changes without grabbing the tty_mutex.
    
    Without the patch, on some machines it's possible get easily idr warnings
    like this one:
    
    idr_remove called for id=15 which is not allocated.
     [<c02555b9>] idr_remove+0x139/0x170
     [<c02a1b62>] release_mem+0x182/0x230
     [<c02a28e7>] release_dev+0x4b7/0x700
     [<c02a0ea7>] tty_ldisc_enable+0x27/0x30
     [<c02a1e64>] init_dev+0x254/0x580
     [<c02a0d64>] check_tty_count+0x14/0xb0
     [<c02a4f05>] tty_open+0x1c5/0x340
     [<c02a4d40>] tty_open+0x0/0x340
     [<c017388f>] chrdev_open+0xaf/0x180
     [<c017c2ac>] open_namei+0x8c/0x760
     [<c01737e0>] chrdev_open+0x0/0x180
     [<c0167bc9>] __dentry_open+0xc9/0x210
     [<c0167e2c>] do_filp_open+0x5c/0x70
     [<c0167a91>] get_unused_fd+0x61/0xd0
     [<c0167e93>] do_sys_open+0x53/0x100
     [<c0167f97>] sys_open+0x27/0x30
     [<c010303b>] syscall_call+0x7/0xb
    
    using this test application available on:
     http://www.ruivo.org/~aris/pty_sodomizer.c
    
    Signed-off-by: Aristeu Sergio Rozanski Filho <aris@ruivo.org>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    aristeu committed with AdrianBunk Apr 21, 2007
  3. @AdrianBunk

    elevator: move clearing of unplug flag earlier

    A flag was recently added to the elevator code to avoid
    performing an unplug when reuests are being re-queued.
    The goal of this flag was to avoid a deep recursion that
    can occur when re-queueing requests after a SCSI device/host
    reset.  See http://lkml.org/lkml/2006/5/17/254
    
    However, that fix added the flag near the bottom of a case
    statement, where an earlier break (in an if statement) could
    transport one out of the case, without setting the flag.
    This patch sets the flag earlier in the case statement.
    
    I re-discovered the deep recursion recently during testing;
    I was told that it was a known problem, and the fix to it was
    in the kernel I was testing. Indeed it was ... but it didn't
    fix the bug. With the patch below, I no longer see the bug.
    
    Signed-off by: Linas Vepstas <linas@austin.ibm.com>
    Signed-off-by: Jens Axboe <axboe@suse.de>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Linas Vepstas committed with AdrianBunk Apr 21, 2007
  4. @ardje @AdrianBunk

    start_kernel: test if irq's got enabled early, barf, and disable them…

    … again
    
    The calls made by parse_parms to other initialization code might enable
    interrupts again way too early.
    
    Having interrupts on this early can make systems PANIC when they initialize
    the IRQ controllers (which happens later in the code).  This patch detects
    that irq's are enabled again, barfs about it and disables them again as a
    safety net.
    
    [akpm@osdl.org: cleanups]
    Signed-off-by: Ard van Breemen <ard@telegraafnet.nl>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    ardje committed with AdrianBunk Apr 21, 2007
Commits on Apr 19, 2007
  1. @AdrianBunk

    [IrDA]: Correctly handling socket error

    This patch fixes an oops first reported in mid 2006 - see
    http://lkml.org/lkml/2006/8/29/358 The cause of this bug report is that
    when an error is signalled on the socket, irda_recvmsg_stream returns
    without removing a local wait_queue variable from the socket's sk_sleep
    queue. This causes havoc further down the road.
    
    In response to this problem, a patch was made that invoked sock_orphan on
    the socket when receiving a disconnect indication. This is not a good fix,
    as this sets sk_sleep to NULL, causing applications sleeping in recvmsg
    (and other places) to oops.
    
    Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com>
    Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Olaf Kirch committed with AdrianBunk Apr 20, 2007
  2. @AdrianBunk

    hwmon/w83627ehf: Fix the fan5 clock divider write

    Users have been complaining about the w83627ehf driver flooding their logs
    with debug messages like:
    
    w83627ehf 9191-0a10: Increasing fan 4 clock divider from 64 to 128
    
    or:
    
    w83627ehf 9191-0290: Increasing fan 4 clock divider from 4 to 8
    
    The reason is that we failed to actually write the LSB of the encoded clock
    divider value for that fan, causing the next read to report the same old value
    again and again.
    
    Additionally, the fan number was improperly reported, making the bug harder to
    find.
    
    Signed-off-by: Jean Delvare <khali@linux-fr.org>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Jean Delvare committed with AdrianBunk Apr 20, 2007
  3. @aubreyli @AdrianBunk

    [NET]: Fix UDP checksum issue in net poll mode.

    In net poll mode, the current checksum function doesn't consider the
    kind of packet which is padded to reach a specific minimum length. I
    believe that's the problem causing my test case failed. The following
    patch fixed this issue.
    
    Signed-off-by: Aubrey Li <aubreylee@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    aubreyli committed with AdrianBunk Apr 20, 2007
  4. @spotrh @AdrianBunk

    [SPARC64]: Fix inline directive in pci_iommu.c

    While building a test kernel for the new esp driver (against
    git-current), I hit this bug. Trivial fix, put the inline declaration
    in the right place. :)
    
    Signed-off-by: Tom Callaway <tcallawa@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    spotrh committed with AdrianBunk Apr 20, 2007
  5. @davem330 @AdrianBunk

    [SPARC64]: Fix arg passing to compat_sys_ipc().

    Do not sign extend args using the sys32_ipc stub, that is
    buggy and unnecessary.
    
    Based upon an excellent report by Mikael Pettersson.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    davem330 committed with AdrianBunk Apr 20, 2007
  6. @davem330 @AdrianBunk

    [SPARC64]: Fix SBUS IOMMU allocation code.

    There are several IOMMU allocator bugs.  Instead of trying to fix this
    overly complicated code, just mirror the PCI IOMMU arena allocator
    which is very stable and well stress tested.
    
    I tried to make the code as identical as possible so we can switch
    sun4u PCI and SBUS over to a common piece of IOMMU code.  All that
    will be need are two callbacks, one to do a full IOMMU flush and one
    to do a streaming buffer flush.
    
    This patch gets rid of a lot of hangs and mysterious crashes on SBUS
    sparc64 systems, at least for me.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    davem330 committed with AdrianBunk Apr 20, 2007
  7. @davem330 @AdrianBunk

    [SCSI] QLOGICPTI: Do not unmap DMA unless we actually mapped something.

    We only map DMA when cmd->request_bufflen is non-zero for non-sg
    buffers, we thus should make the same check when unmapping.
    
    Based upon a report from Pasi Pirhonen.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    davem330 committed with AdrianBunk Apr 20, 2007
Commits on Apr 15, 2007
  1. @AdrianBunk

    Linux 2.6.16.48

    AdrianBunk committed Apr 15, 2007
Commits on Apr 13, 2007
  1. @AdrianBunk

    Linux 2.6.16.48-rc1

    AdrianBunk committed Apr 13, 2007
  2. @kaber @AdrianBunk

    [NET_SCHED]: cls_tcindex: fix compatibility breakage

    Userspace uses an integer for TCA_TCINDEX_SHIFT, the kernel was changed
    to expect and use a u16 value in 2.6.11, which broke compatibility on
    big endian machines. Change back to use int.
    
    Reported by Ole Reinartz <ole.reinartz@gmx.de>
    
    Signed-off-by: Patrick McHardy <kaber@trash.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    kaber committed with AdrianBunk Apr 13, 2007
  3. @herbertx @AdrianBunk

    [IPSEC]: Reject packets within replay window but outside the bit mask

    Up until this point we've accepted replay window settings greater than
    32 but our bit mask can only accomodate 32 packets.  Thus any packet
    with a sequence number within the window but outside the bit mask would
    be accepted.
    
    This patch causes those packets to be rejected instead.
    
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    herbertx committed with AdrianBunk Apr 13, 2007
  4. @AdrianBunk

    [TCP]: Do receiver-side SWS avoidance for rcvbuf < MSS.

    Signed-off-by: John Heffner <jheffner@psc.edu>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    John Heffner committed with AdrianBunk Apr 13, 2007
  5. @AdrianBunk

    [IPv6]: Fix incorrect length check in rawv6_sendmsg()

    In article <20070329.142644.70222545.davem@davemloft.net> (at Thu, 29 Mar 2007 14:26:44 -0700 (PDT)), David Miller <davem@davemloft.net> says:
    
    > From: Sridhar Samudrala <sri@us.ibm.com>
    > Date: Thu, 29 Mar 2007 14:17:28 -0700
    >
    > > The check for length in rawv6_sendmsg() is incorrect.
    > > As len is an unsigned int, (len < 0) will never be TRUE.
    > > I think checking for IPV6_MAXPLEN(65535) is better.
    > >
    > > Is it possible to send ipv6 jumbo packets using raw
    > > sockets? If so, we can remove this check.
    >
    > I don't see why such a limitation against jumbo would exist,
    > does anyone else?
    >
    > Thanks for catching this Sridhar.  A good compiler should simply
    > fail to compile "if (x < 0)" when 'x' is an unsigned type, don't
    > you think :-)
    
    Dave, we use "int" for returning value,
    so we should fix this anyway, IMHO;
    we should not allow len > INT_MAX.
    
    Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    Acked-by: Sridhar Samudrala <sri@us.ibm.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    YOSHIFUJI Hideaki committed with AdrianBunk Apr 13, 2007
  6. @kaber @AdrianBunk

    [NET_SCHED]: cls_basic: fix memory leak in basic_destroy

    tp->root is not freed on destruction.
    
    Signed-off-by: Patrick McHardy <kaber@trash.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    kaber committed with AdrianBunk Apr 13, 2007
  7. @mtdcr @AdrianBunk

    V4L/DVB: Pluto2: fix incorrect TSCR register setting

    The ADEF bits in the TSCR register have different meanings in read and
    write mode. For this reason ADEF has to be reset on every
    read-modify-write operation.
    This patch introduces a special write function for this register, which
    takes care of it.
    
    Thanks to Holger Magnussen for pointing my nose at this problem.
    
    Signed-off-by: Andreas Oberritter <obi@linuxtv.org>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    mtdcr committed with AdrianBunk Apr 13, 2007
  8. @AdrianBunk

    V4L: saa7146: Fix allocation of clipping memory

    Olaf Hering pointed out that SAA7146_CLIPPING_MEM would become
    very large for PAGE_SIZE > 4K.
    
    In fact, the number of clipping windows is limited to 16,
    and calculate_clipping_registers_rect() does not use more
    than 256 bytes. SAA7146_CLIPPING_MEM adjusted accordingly.
    
    (cherry picked from commit 7a7cd19)
    
    Thanks-to: Olaf Hering <olaf@aepfle.de>
    Signed-off-by: Oliver Endriss <o.endriss@gmx.de>
    Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Oliver Endriss committed with AdrianBunk Apr 13, 2007
  9. @AdrianBunk

    V4L: radio: Fix error in Kbuild file

    All the radio drivers need video_dev, but they were depending on
    VIDEO_DEV!=n.  That meant that one could try to compile the driver into
    the kernel when VIDEO_DEV=m, which will not work.  If video_dev is a
    module, then the radio drivers must be modules too.
    
    (cherry picked from commit b10fece)
    
    Signed-off-by: Trent Piepho <xyzzy@speakeasy.org>
    Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Trent Piepho committed with AdrianBunk Apr 13, 2007
  10. @mkrufky @AdrianBunk

    V4L: tveeprom: autodetect LG TAPC G701D as tuner type 37

    Autodetect LG TAPC G701D as tuner type 37, fixing
    mis-detected tuners in some Hauppauge tv tuner cards.
    
    Thanks to Adonis Papas, for pointing this out.
    
    (cherry picked from commit 1323fbd)
    
    Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    mkrufky committed with AdrianBunk Apr 13, 2007
  11. @AdrianBunk

    sky2: turn on clocks when doing resume

    Some of these chips are disabled until clock is enabled.
    This fixes:
         http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404107
    
    Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Stephen Hemminger committed with AdrianBunk Apr 13, 2007
  12. @AdrianBunk

    sky2: turn carrier off when down

    Driver needs to turn off carrier when down.
    
    Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Stephen Hemminger committed with AdrianBunk Apr 13, 2007
  13. @AdrianBunk

    skge: turn carrier off when down

    Driver needs to turn off carrier when down, otherwise it can
    confuse bonding and bridging and looks like carrier is on immediately
    when it is brought back up.
    
    Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Stephen Hemminger committed with AdrianBunk Apr 13, 2007
  14. @AdrianBunk

    i386: fix file_read_actor() and pipe_read() for original i386 systems

    The __copy_to_user_inatomic() calls in file_read_actor() and pipe_read()
    are broken on original i386 machines, where WP-works-ok == false, as
    __copy_to_user_inatomic() on such systems calls functions which might
    sleep and/or contain cond_resched() calls inside of a kmap_atomic()
    region.
    
    The original check for WP-works-ok was in access_ok(), but got moved
    during the 2.5 series to fix a race vs. swap.
    
    Return the number of bytes to copy in the case where we are in an atomic
    region, so the non atomic code pathes in file_read_actor() and
    pipe_read() are taken.
    
    This could be optimized to avoid the kmap_atomicby moving the check for
    WP-works-ok into fault_in_pages_writeable(), but this is more intrusive
    and can be done later.
    
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Acked-by: Ingo Molnar <mingo@elte.hu>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Thomas Gleixner committed with AdrianBunk Apr 13, 2007
  15. @AdrianBunk

    r8169: issue request_irq after the private data are completely initia…

    …lized
    
    The irq handler schedules a NAPI poll request unconditionally as soon as
    the status register is not clean. It has been there - and wrong - for
    ages but a recent timing change made it apparently easier to trigger.
    
    Adrian Bunk:
    backported to 2.6.16
    
    Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Francois Romieu committed with AdrianBunk Apr 13, 2007
  16. @AdrianBunk

    r8169: fix suspend/resume for down interface

    The PM hooks are no-op if the r8169 interface is down (i.e. !IFF_UP).
    However, as the chipset is enabled, the device will not work after a
    suspend/resume cycle. The patch always issue the required PCI suspend
    sequence and removes the module unload/reload workaround.
    
    Signed-off-by: Arnaud Patard <apatard@mandriva.com>
    Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Francois Romieu committed with AdrianBunk Apr 13, 2007
  17. @AdrianBunk

    r8169: fix a race between PCI probe and dev_open

    Initialize the timer with the rest of the private-struct.
    
    Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Francois Romieu committed with AdrianBunk Apr 13, 2007
  18. @AdrianBunk

    USB: usbnet driver bugfix

    The attached fixes an oops in the usbnet driver. The same patch is
    in 2.6.21-rc1, but that one has many whitespace changes. This is much
    smaller.
    
    Signed-off-by: David Brownell <david-b@pacbell.net>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    David Brownell committed with AdrianBunk Apr 13, 2007
  19. @AdrianBunk

    Linux 2.6.16.47

    AdrianBunk committed Apr 13, 2007
Commits on Apr 10, 2007
  1. @AdrianBunk

    Linux 2.6.16.47-rc1

    AdrianBunk committed Apr 10, 2007
  2. @jdelvare @AdrianBunk

    APPLETALK: Fix a remotely triggerable crash (CVE-2007-1357)

    When we receive an AppleTalk frame shorter than what its header says,
    we still attempt to verify its checksum, and trip on the BUG_ON() at
    the end of function atalk_sum_skb() because of the length mismatch.
    
    This has security implications because this can be triggered by simply
    sending a specially crafted ethernet frame to a target victim,
    effectively crashing that host. Thus this qualifies, I think, as a
    remote DoS. Here is the frame I used to trigger the crash, in npg
    format:
    
    <Appletalk Killer>
    {
    # Ethernet header -----
    
      XX XX XX XX XX XX  # Destination MAC
      00 00 00 00 00 00  # Source MAC
      00 1D              # Length
    
    # LLC header -----
    
      AA AA 03
      08 00 07 80 9B  # Appletalk
    
    # Appletalk header -----
    
      00 1B        # Packet length (invalid)
      00 01        # Fake checksum
      00 00 00 00  # Destination and source networks
      00 00 00 00  # Destination and source nodes and ports
    
    # Payload -----
    
      0C 0D 0E 0F 10 11 12 13
      14
    }
    
    The destination MAC address must be set to those of the victim.
    
    The severity is mitigated by two requirements:
    * The target host must have the appletalk kernel module loaded. I
      suspect this isn't so frequent.
    * AppleTalk frames are non-IP, thus I guess they can only travel on
      local networks. I am no network expert though, maybe it is possible
      to somehow encapsulate AppleTalk packets over IP.
    
    The bug has been reported back in June 2004:
      http://bugzilla.kernel.org/show_bug.cgi?id=2979
    But it wasn't investigated, and was closed in July 2006 as both
    reporters had vanished meanwhile.
    
    This code was new in kernel 2.6.0-test5:
      http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=7ab442d7e0a76402c12553ee256f756097cae2d2
    And not modified since then, so we can assume that vanilla kernels
    2.6.0-test5 and later, and distribution kernels based thereon, are
    affected.
    
    Note that I still do not know for sure what triggered the bug in the
    real-world cases. The frame could have been corrupted by the kernel if
    we have a bug hiding somewhere. But more likely, we are receiving the
    faulty frame from the network.
    
    Signed-off-by: Jean Delvare <jdelvare@suse.de>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    jdelvare committed with AdrianBunk Apr 10, 2007
Commits on Apr 8, 2007
  1. @AdrianBunk

    siimage: PIO1/2 taskfile transfer overclocking fix

    Fix two typos found by SiI680A documentation check.  They caused the taskfile
    transfer overclocking:
    
    - in PIO mode 1 as 0x2283 must be used for both data and taskfile transfers;
    
    - in PIO mode 2 as data and taskfile timings are swapped when writing to the
      MMIO regs.
    
    Fix coding style and trailing whitespace in enclosing statements while at it...
    
    Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
    Signed-off-by: Adrian Bunk <bunk@stusta.de>
    Sergei Shtylyov committed with AdrianBunk Apr 9, 2007
Something went wrong with that request. Please try again.