Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Jan 21, 2013
  1. @gregkh

    Linux 3.0.60

    gregkh committed
  2. @gregkh

    staging: vt6656: Fix inconsistent structure packing

    Ben Hutchings committed with gregkh
    commit 1ee4c55 upstream.
    vt6656 has several headers that use the #pragma pack(1) directive to
    enable structure packing, but never disable it.  The layout of
    structures defined in other headers can then depend on which order the
    various headers are included in, breaking the One Definition Rule.
    In practice this resulted in crashes on x86_64 until the order of header
    inclusion was changed for some files in commit 11d404c ('staging:
    vt6656: fix headers and add cfg80211.').  But we need a proper fix that
    won't be affected by future changes to the order of inclusion.
    This removes the #pragma pack(1) directives and adds __packed to the
    structure definitions for which packing appears to have been intended.
    Reported-and-tested-by: Malcolm Priestley <>
    Signed-off-by: Ben Hutchings <>
    Signed-off-by: Greg Kroah-Hartman <>
  3. @gregkh

    serial:ifx6x60:Delete SPI timer when shut down port

    chao bi committed with gregkh
    commit 014b9b4 upstream.
    When shut down SPI port, it's possible that MRDY has been asserted and a SPI
    timer was activated waiting for SRDY assert, in the case, it needs to delete
    this timer.
    Signed-off-by: Chen Jun <>
    Signed-off-by: channing <>
    Signed-off-by: Greg Kroah-Hartman <>
  4. @bmork @gregkh

    USB: option: blacklist network interface on ONDA MT8205 4G LTE

    bmork committed with gregkh
    Signed-off-by: Bjørn Mork <>
    commit 2291dff upstream.
    The driver description files gives these names to the vendor specific
    functions on this modem:
     Diag   VID_19D2&PID_0265&MI_00
     NMEA   VID_19D2&PID_0265&MI_01
     AT cmd VID_19D2&PID_0265&MI_02
     Modem  VID_19D2&PID_0265&MI_03
     Net    VID_19D2&PID_0265&MI_04
    Signed-off-by: Bjørn Mork <>
    Signed-off-by: Greg Kroah-Hartman <>
  5. @bmork @gregkh

    USB: option: add TP-LINK HSUPA Modem MA180

    bmork committed with gregkh
    commit 99beb2e upstream.
    The driver description files gives these names to the vendor specific
    functions on this modem:
     Diagnostics VID_2357&PID_0201&MI_00
     NMEA        VID_2357&PID_0201&MI_01
     Modem       VID_2357&PID_0201&MI_03
     Networkcard VID_2357&PID_0201&MI_04
    Reported-by: Thomas Schäfer <>
    Signed-off-by: Bjørn Mork <>
    Signed-off-by: Greg Kroah-Hartman <>
  6. @freddy77 @gregkh

    xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS gu…

    freddy77 committed with gregkh
    commit 9174adb upstream.
    This fixes CVE-2013-0190 / XSA-40
    There has been an error on the xen_failsafe_callback path for failed
    iret, which causes the stack pointer to be wrong when entering the
    iret_exc error path.  This can result in the kernel crashing.
    In the classic kernel case, the relevant code looked a little like:
            popl %eax      # Error code from hypervisor
            jz 5f
            addl $16,%esp
            jmp iret_exc   # Hypervisor said iret fault
    5:      addl $16,%esp
                           # Hypervisor said segment selector fault
    Here, there are two identical addls on either option of a branch which
    appears to have been optimised by hoisting it above the jz, and
    converting it to an lea, which leaves the flags register unaffected.
    In the PVOPS case, the code looks like:
            popl_cfi %eax         # Error from the hypervisor
            lea 16(%esp),%esp     # Add $16 before choosing fault path
            CFI_ADJUST_CFA_OFFSET -16
            jz 5f
            addl $16,%esp         # Incorrectly adjust %esp again
            jmp iret_exc
    It is possible unprivileged userspace applications to cause this
    behaviour, for example by loading an LDT code selector, then changing
    the code selector to be not-present.  At this point, there is a race
    condition where it is possible for the hypervisor to return back to
    userspace from an interrupt, fault on its own iret, and inject a
    failsafe_callback into the kernel.
    This bug has been present since the introduction of Xen PVOPS support
    in commit 5ead97c (xen: Core Xen implementation), in 2.6.23.
    Signed-off-by: Frediano Ziglio <>
    Signed-off-by: Andrew Cooper <>
    Signed-off-by: Konrad Rzeszutek Wilk <>
    Signed-off-by: Greg Kroah-Hartman <>
  7. @jwerner-chromium @gregkh

    xhci: fix null-pointer dereference when destroying half-built segment…

    jwerner-chromium committed with gregkh
    … rings
    commit 68e5254 upstream.
    xhci_alloc_segments_for_ring() builds a list of xhci_segments and links
    the tail to head at the end (forming a ring). When it bails out for OOM
    reasons half-way through, it tries to destroy its half-built list with
    xhci_free_segments_for_ring(), even though it is not a ring yet. This
    causes a null-pointer dereference upon hitting the last element.
    Furthermore, one of its callers (xhci_ring_alloc()) mistakenly believes
    the output parameters to be valid upon this kind of OOM failure, and
    calls xhci_ring_free() on them. Since the (incomplete) list/ring should
    already be destroyed in that case, this would lead to a use after free.
    This patch fixes those issues by having xhci_alloc_segments_for_ring()
    destroy its half-built, non-circular list manually and destroying the
    invalid struct xhci_ring in xhci_ring_alloc() with a plain kfree().
    This patch should be backported to kernels as old as 2.6.31, that
    contains the commit 0ebbab3 "USB: xhci:
    Ring allocation and initialization."
    A separate patch will need to be developed for kernels older than 3.4,
    since the ring allocation code was refactored in that kernel.
    Signed-off-by: Julius Werner <>
    Signed-off-by: Sarah Sharp <>
    Signed-off-by: Julius Werner <>
    Signed-off-by: Sarah Sharp <>
    [bwh: Backported to 3.2:
     - Adjust context
     - Since segment allocation is done directly in xhci_ring_alloc(), walk
       the list starting from ring->first_seg when freeing]
    Signed-off-by: Ben Hutchings <>
    Signed-off-by: CAI Qian <>
    Signed-off-by: Greg Kroah-Hartman <>
  8. @gregkh

    drbd: add missing part_round_stats to _drbd_start_io_acct

    Philipp Reisner committed with gregkh
    commit 72585d2 upstream.
    Without this, iostat frequently sees bogus svctime and >= 100% "utilization".
    Signed-off-by: Philipp Reisner <>
    Signed-off-by: Lars Ellenberg <>
    Cc: Raoul Bhatia <>
    Signed-off-by: Greg Kroah-Hartman <>
  9. @gregkh

    intel-iommu: Prevent devices with RMRRs from being placed into SI Domain

    Tom Mingarelli committed with gregkh
    commit ea2447f upstream.
    This patch is to prevent non-USB devices that have RMRRs associated with them from
    being placed into the SI Domain during init. This fixes the issue where the RMRR info
    for devices being placed in and out of the SI Domain gets lost.
    Signed-off-by: Thomas Mingarelli <>
    Tested-by: Shuah Khan <>
    Reviewed-by: Donald Dutile <>
    Reviewed-by: Alex Williamson <>
    Signed-off-by: Joerg Roedel <>
    Signed-off-by: CAI Qian <>
    Signed-off-by: Greg Kroah-Hartman <>
  10. @gregkh

    USB: fix endpoint-disabling for failed config changes

    Alan Stern committed with gregkh
    commit 36caff5 upstream.
    This patch (as1631) fixes a bug that shows up when a config change
    fails for a device under an xHCI controller.  The controller needs to
    be told to disable the endpoints that have been enabled for the new
    config.  The existing code does this, but before storing the
    information about which endpoints were enabled!  As a result, any
    second attempt to install the new config is doomed to fail because
    xhci-hcd will refuse to enable an endpoint that is already enabled.
    The patch optimistically initializes the new endpoints' device
    structures before asking the device to switch to the new config.  If
    the request fails then the endpoint information is already stored, so
    we can use usb_hcd_alloc_bandwidth() to disable the endpoints with no
    trouble.  The rest of the error path is slightly more complex now; we
    have to disable the new interfaces and call put_device() rather than
    simply deallocating them.
    Signed-off-by: Alan Stern <>
    Reported-and-tested-by: Matthias Schniedermeyer <>
    CC: Sarah Sharp <>
    Signed-off-by: Greg Kroah-Hartman <>
    Signed-off-by: CAI Qian <>
  11. @gregkh

    powerpc: fix wii_memory_fixups() compile error on 3.0.y tree

    Shuah Khan committed with gregkh
    [not upstream as the code involved was removed in the 3.3.0 release]
    Fix wii_memory_fixups() the following compile error on 3.0.y tree with
    wii_defconfig on 3.0.y tree.
      CC      arch/powerpc/platforms/embedded6xx/wii.o
    arch/powerpc/platforms/embedded6xx/wii.c: In function ‘wii_memory_fixups’:
    arch/powerpc/platforms/embedded6xx/wii.c:88:2: error: format ‘%llx’ expects argument of type ‘long long unsigned int’, but argument 2 has type ‘phys_addr_t’ [-Werror=format]
    arch/powerpc/platforms/embedded6xx/wii.c:88:2: error: format ‘%llx’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘phys_addr_t’ [-Werror=format]
    arch/powerpc/platforms/embedded6xx/wii.c:90:2: error: format ‘%llx’ expects argument of type ‘long long unsigned int’, but argument 2 has type ‘phys_addr_t’ [-Werror=format]
    arch/powerpc/platforms/embedded6xx/wii.c:90:2: error: format ‘%llx’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘phys_addr_t’ [-Werror=format]
    cc1: all warnings being treated as errors
    make[2]: *** [arch/powerpc/platforms/embedded6xx/wii.o] Error 1
    make[1]: *** [arch/powerpc/platforms/embedded6xx] Error 2
    make: *** [arch/powerpc/platforms] Error 2
    Signed-off-by: Shuah Khan <>
    Signed-off-by: Greg Kroah-Hartman <>
  12. @gregkh

    ext4: init pagevec in ext4_da_block_invalidatepages

    Eric Sandeen committed with gregkh
    commit 66bea92 upstream.
    ext4_da_block_invalidatepages is missing a pagevec_init(),
    which means that pvec->cold contains random garbage.
    This affects whether the page goes to the front or
    back of the LRU when ->cold makes it to
    Reviewed-by: Lukas Czerner <>
    Reviewed-by: Carlos Maiolino <>
    Signed-off-by: Eric Sandeen <>
    Signed-off-by: "Theodore Ts'o" <>
    Signed-off-by: CAI Qian <>
    Signed-off-by: Greg Kroah-Hartman <>
  13. @gregkh

    x86/Sandy Bridge: reserve pages when integrated graphics is present

    Jesse Barnes committed with gregkh
    commit a9acc53 upstream.
    SNB graphics devices have a bug that prevent them from accessing certain
    memory ranges, namely anything below 1M and in the pages listed in the
    table.  So reserve those at boot if set detect a SNB gfx device on the
    CPU to avoid GPU hangs.
    Stephane Marchesin had a similar patch to the page allocator awhile
    back, but rather than reserving pages up front, it leaked them at
    allocation time.
    [ hpa: made a number of stylistic changes, marked arrays as static
      const, and made less verbose; use "memblock=debug" for full
      verbosity. ]
    Signed-off-by: Jesse Barnes <>
    Signed-off-by: H. Peter Anvin <>
    Cc: CAI Qian <>
    Signed-off-by: Greg Kroah-Hartman <>
  14. @gregkh

    s390/time: fix sched_clock() overflow

    Heiko Carstens committed with gregkh
    commit ed4f209 upstream.
    Converting a 64 Bit TOD format value to nanoseconds means that the value
    must be divided by 4.096. In order to achieve that we multiply with 125
    and divide by 512.
    When used within sched_clock() this triggers an overflow after appr.
    417 days. Resulting in a sched_clock() return value that is much smaller
    than previously and therefore may cause all sort of weird things in
    subsystems that rely on a monotonic sched_clock() behaviour.
    To fix this implement a tod_to_ns() helper function which converts TOD
    values without overflow and call this function from both places that
    open coded the conversion: sched_clock() and kvm_s390_handle_wait().
    Reviewed-by: Martin Schwidefsky <>
    Signed-off-by: Heiko Carstens <>
    Signed-off-by: Martin Schwidefsky <>
    Signed-off-by: Greg Kroah-Hartman <>
  15. @gregkh

    tcm_fc: Do not report target role when target is not defined

    Mark Rustad committed with gregkh
    commit edec8df upstream.
    Clear the target role when no target is provided for
    the node performing a PRLI.
    Signed-off-by: Mark Rustad <>
    Reviewed-by: Bhanu Prakash Gollapudi <>
    Acked by Robert Love <>
    Signed-off-by: Nicholas Bellinger <>
    Signed-off-by: Greg Kroah-Hartman <>
  16. @gregkh

    tcm_fc: Do not indicate retry capability to initiators

    Mark Rustad committed with gregkh
    commit f2eeba2 upstream.
    When generating a PRLI response to an initiator, clear the
    FCP_SPPF_RETRY bit in the response.
    Signed-off-by: Mark Rustad <>
    Reviewed-by: Bhanu Prakash Gollapudi <>
    Acked by Robert Love <>
    Signed-off-by: Nicholas Bellinger <>
    Signed-off-by: Greg Kroah-Hartman <>
  17. @tschwinge @gregkh

    sh: Fix FDPIC binary loader

    tschwinge committed with gregkh
    commit 4a71997 upstream.
    Ensure that the aux table is properly initialized, even when optional features
    are missing.  Without this, the FDPIC loader did not work.  This was meant to
    be included in commit d5ab780.
    Signed-off-by: Thomas Schwinge <>
    Signed-off-by: Paul Mundt <>
    Signed-off-by: Greg Kroah-Hartman <>
Commits on Jan 17, 2013
  1. @gregkh

    Linux 3.0.59

    gregkh committed
  2. @ian-abbott @gregkh

    staging: comedi: Kconfig: COMEDI_NI_AT_A2150 should select COMEDI_FC

    ian-abbott committed with gregkh
    commit 34ffb33 upstream.
    The 'ni_at_a2150' module links to `cfc_write_to_buffer` in the
    'comedi_fc' module, so selecting 'COMEDI_NI_AT_A2150' in the kernel config
    needs to also select 'COMEDI_FC'.
    Signed-off-by: Ian Abbott <>
    Signed-off-by: Greg Kroah-Hartman <>
  3. @ian-abbott @gregkh

    staging: comedi: don't hijack hardware device private data

    ian-abbott committed with gregkh
    commit c43435d upstream.
    comedi_auto_config() associates a Comedi minor device number with an
    auto-configured hardware device and comedi_auto_unconfig() disassociates
    it.  Currently, these use the hardware device's private data pointer to
    point to some allocated storage holding the minor device number.  This
    is a bit of a waste of the hardware device's private data pointer,
    preventing it from being used for something more useful by the low-level
    comedi device drivers.  For example, it would make more sense if
    comedi_usb_auto_config() was passed a pointer to the struct
    usb_interface instead of the struct usb_device, but this cannot be done
    currently because the low-level comedi drivers already use the private
    data pointer in the struct usb_interface for something more useful.
    This patch stops the comedi core hijacking the hardware device's private
    data pointer.  Instead, comedi_auto_config() stores a pointer to the
    hardware device's struct device in the struct comedi_device_file_info
    associated with the minor device number, and comedi_auto_unconfig()
    calls new function comedi_find_board_minor() to recover the minor device
    number associated with the hardware device.
    Signed-off-by: Ian Abbott <>
    Signed-off-by: Greg Kroah-Hartman <>
  4. @danvet @gregkh

    Revert "drm/i915: no lvds quirk for Zotac ZDBOX SD ID12/ID13"

    danvet committed with gregkh
    commit 48e8583 upstream.
    This reverts commit 9756fe3.
    The bogus lvds output is actually a lvds->hdmi bridge, which we don't
    really support. But unconditionally disabling it breaks some existing
    Reported-by: John Tapsell <>
    Signed-off-by: Daniel Vetter <>
    Cc: Luis Henriques <>
    Signed-off-by: Greg Kroah-Hartman <>
  5. @agraf @gregkh

    KVM: PPC: 44x: fix DCR read/write

    agraf committed with gregkh
    commit e43a028 upstream.
    When remembering the direction of a DCR transaction, we should write
    to the same variable that we interpret on later when doing vcpu_run
    Signed-off-by: Alexander Graf <>
    Signed-off-by: CAI Qian <>
    Signed-off-by: Greg Kroah-Hartman <>
  6. @dwmw2 @gregkh

    intel-iommu: Free old page tables before creating superpage

    dwmw2 committed with gregkh
    commit 6491d4d upstream.
    The dma_pte_free_pagetable() function will only free a page table page
    if it is asked to free the *entire* 2MiB range that it covers. So if a
    page table page was used for one or more small mappings, it's likely to
    end up still present in the page tables... but with no valid PTEs.
    This was fine when we'd only be repopulating it with 4KiB PTEs anyway
    but the same virtual address range can end up being reused for a
    *large-page* mapping. And in that case were were trying to insert the
    large page into the second-level page table, and getting a complaint
    from the sanity check in __domain_mapping() because there was already a
    corresponding entry. This was *relatively* harmless; it led to a memory
    leak of the old page table page, but no other ill-effects.
    Fix it by calling dma_pte_clear_range (hopefully redundant) and
    dma_pte_free_pagetable() before setting up the new large page.
    Signed-off-by: David Woodhouse <>
    Tested-by: Ravi Murty <>
    Tested-by: Sudeep Dutt <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: CAI Qian <>
    Signed-off-by: Greg Kroah-Hartman <>
  7. @gregkh

    GFS2: Test bufdata with buffer locked and gfs2_log_lock held

    Benjamin Marzinski committed with gregkh
    commit 96e5d1d upstream.
    In gfs2_trans_add_bh(), gfs2 was testing if a there was a bd attached to the
    buffer without having the gfs2_log_lock held. It was then assuming it would
    stay attached for the rest of the function. However, without either the log
    lock being held of the buffer locked, __gfs2_ail_flush() could detach bd at any
    time.  This patch moves the locking before the test.  If there isn't a bd
    already attached, gfs2 can safely allocate one and attach it before locking.
    There is no way that the newly allocated bd could be on the ail list,
    and thus no way for __gfs2_ail_flush() to detach it.
    Signed-off-by: Benjamin Marzinski <>
    Signed-off-by: Steven Whitehouse <>
    [bwh: Backported to 3.2: adjust context]
    Signed-off-by: Ben Hutchings <>
  8. @gregkh

    xhci: Handle HS bulk/ctrl endpoints that don't NAK.

    Sarah Sharp committed with gregkh
    commit 55c1945 upstream.
    A high speed control or bulk endpoint may have bInterval set to zero,
    which means it does not NAK.  If bInterval is non-zero, it means the
    endpoint NAKs at a rate of 2^(bInterval - 1).
    The xHCI code to compute the NAK interval does not handle the special
    case of zero properly.  The current code unconditionally subtracts one
    from bInterval and uses it as an exponent.  This causes a very large
    bInterval to be used, and warning messages like these will be printed:
    usb 1-1: ep 0x1 - rounding interval to 32768 microframes, ep desc says 0 microframes
    This may cause the xHCI host hardware to reject the Configure Endpoint
    command, which means the HS device will be unusable under xHCI ports.
    This patch should be backported to kernels as old as 2.6.31, that contain
    commit dfa49c4 "USB: xhci - fix math in
    Reported-by: Vincent Pelletier <>
    Suggested-by: Alan Stern <>
    Signed-off-by: Sarah Sharp <>
    Signed-off-by: Greg Kroah-Hartman <>
  9. @gregkh

    USB: hub: handle claim of enabled remote wakeup after reset

    Oliver Neukum committed with gregkh
    commit 07e72b9 upstream.
    Some touchscreens have buggy firmware which claims
    remote wakeup to be enabled after a reset. They nevertheless
    crash if the feature is cleared by the host.
    Add a check for reset resume before checking for
    an enabled remote wakeup feature. On compliant
    devices the feature must be cleared after a reset anyway.
    Signed-off-by: Oliver Neukum <>
    Acked-by: Alan Stern <>
    Signed-off-by: Greg Kroah-Hartman <>
  10. @gregkh

    USB: Increase reset timeout.

    Sarah Sharp committed with gregkh
    commit 77c7f07 upstream.
    John's NEC 0.96 xHCI host controller needs a longer timeout for a warm
    reset to complete.  The logs show it takes 650ms to complete the warm
    reset, so extend the hub reset timeout to 800ms to be on the safe side.
    This commit should be backported to kernels as old as 3.2, that contain
    the commit 75d7cf7 "usbcore: refine
    warm reset logic".
    Signed-off-by: Sarah Sharp <>
    Acked-by: Alan Stern <>
    Reported-by: John Covici <>
    Signed-off-by: Greg Kroah-Hartman <>
  11. @gregkh

    usb: gadget: dummy: fix enumeration with g_multi

    Sebastian Andrzej Siewior committed with gregkh
    commit 1d16638 upstream.
    If we do have endpoints named like "ep-a" then bEndpointAddress is
    counted internally by the gadget framework.
    If we do have endpoints named like "ep-1" then bEndpointAddress is
    assigned from the digit after "ep-".
    If we do have both, then it is likely that after we used up the
    "generic" endpoints we will use the digits and thus assign one
    bEndpointAddress to multiple endpoints.
    This theory can be proofed by using the completely enabled g_multi.
    Without this patch, the mass storage won't enumerate and times out
    because it shares endpoints with RNDIS.
    This patch also adds fills up the endpoints list so we have in total
    endpoints 1 to 15 in + out available while some of them are restricted
    to certain types like BULK or ISO. Without this change the nokia gadget
    won't load because the system does not provide enough (BULK) endpoints
    but it did before ep-a - ep-f were removed.
    Signed-off-by: Sebastian Andrzej Siewior <>
    Acked-by: Alan Stern <>
    Signed-off-by: Felipe Balbi <>
    Signed-off-by: Greg Kroah-Hartman <>
  12. @gregkh

    USB: cdc-acm: Add support for "PSC Scanning, Magellan 800i"

    Denis N Ladin committed with gregkh
    commit 036915a upstream.
    Adding support "PSC Scanning, Magellan 800i" in cdc-acm
    Very simple, but very necessary.
    Suitable for all versions of the kernel > 2.6
    Signed-off-by: Denis N Ladin <>
    Acked-by: Oliver Neukum <>
    Signed-off-by: Greg Kroah-Hartman <>
  13. @qdotme @gregkh

    usb: ftdi_sio: Crucible Technologies COMET Caller ID - pid added

    qdotme committed with gregkh
    commit 8cf65dc upstream.
    Simple fix to add support for Crucible Technologies COMET Caller ID
    USB decoder - a device containing FTDI USB/Serial converter chip,
    handling 1200bps CallerID messages decoded from the phone line -
    adding correct USB PID is sufficient.
    Tested to apply cleanly and work flawlessly against 3.6.9, 3.7.0-rc8
    and 3.8.0-rc3 on both amd64 and x86 arches.
    Signed-off-by: Tomasz Mloduchowski <>
    Signed-off-by: Greg Kroah-Hartman <>
  14. @bmork @gregkh

    USB: option: add Telekom Speedstick LTE II

    bmork committed with gregkh
    commit 5ec0085 upstream.
    also known as Alcatel One Touch L100V LTE
    The driver description files gives these names to the vendor specific
    functions on this modem:
     Application1: VID_1BBB&PID_011E&MI_00
     Application2: VID_1BBB&PID_011E&MI_01
     Modem:        VID_1BBB&PID_011E&MI_03
     Ethernet:     VID_1BBB&PID_011E&MI_04
    Reported-by: Thomas Schäfer <>
    Signed-off-by: Bjørn Mork <>
    Signed-off-by: Greg Kroah-Hartman <>
  15. @gregkh

    USB: option: Add new MEDIATEK PID support

    Quentin.Li committed with gregkh
    commit 94a85b6 upstream.
    In option.c, add some new MEDIATEK PIDs support for MEDIATEK new products. This
    is a MEDIATEK inc. release patch.
    Signed-off-by: Quentin.Li <>
    Signed-off-by: Greg Kroah-Hartman <>
  16. @bmork @gregkh

    USB: option: blacklist network interface on ZTE MF880

    bmork committed with gregkh
    commit fab3824 upstream.
    The driver description files gives these names to the vendor specific
    functions on this modem:
     diag: VID_19D2&PID_0284&MI_00
     nmea: VID_19D2&PID_0284&MI_01
     at:   VID_19D2&PID_0284&MI_02
     mdm:  VID_19D2&PID_0284&MI_03
     net:  VID_19D2&PID_0284&MI_04
    Signed-off-by: Bjørn Mork <>
    Signed-off-by: Greg Kroah-Hartman <>
  17. @gregkh

    USB: option: add Nexpring NP10T terminal id

    Dzianis Kahanovich committed with gregkh
    commit ad86e58 upstream.
    Hyundai Petatel Inc. Nexpring NP10T terminal (EV-DO rev.A USB modem) ID
    Signed-off-by: Denis Kaganovich <>
    Signed-off-by: Greg Kroah-Hartman <>
  18. @jmberg @gregkh

    mac80211: use del_timer_sync for final sta cleanup timer deletion

    jmberg committed with gregkh
    commit a56f992 upstream.
    This is a very old bug, but there's nothing that prevents the
    timer from running while the module is being removed when we
    only do del_timer() instead of del_timer_sync().
    The timer should normally not be running at this point, but
    it's not clearly impossible (or we could just remove this.)
    Tested-by: Ben Greear <>
    Signed-off-by: Johannes Berg <>
    Signed-off-by: Greg Kroah-Hartman <>
Something went wrong with that request. Please try again.