When userspace uses SIGIO notification and forgets to disable it before
closing file descriptor, rtc->async_queue contains stale pointer to struct
file.  When user space enables again SIGIO notification in different
process, kernel dereferences this (poisoned) pointer and crashes.

So disable SIGIO notification on close.

Kernel panic:
(second run of qemu (requires echo 1024 > /sys/class/rtc/rtc0/max_user_freq))

general protection fault: 0000 [1] PREEMPT
CPU 0
Modules linked in: af_packet snd_pcm_oss snd_mixer_oss snd_seq_oss snd_seq_midi_event snd_seq usbhid tuner tea5767 tda8290 tuner_xc2028 xc5000 tda9887 tuner_simple tuner_types mt20xx tea5761 tda9875 uhci_hcd ehci_hcd usbcore bttv snd_via82xx snd_ac97_codec ac97_bus snd_pcm snd_timer ir_common compat_ioctl32 snd_page_alloc videodev v4l1_compat snd_mpu401_uart snd_rawmidi v4l2_common videobuf_dma_sg videobuf_core snd_seq_device snd btcx_risc soundcore tveeprom i2c_viapro
Pid: 5781, comm: qemu-system-x86 Not tainted 2.6.27-rc6 #363
RIP: 0010:[<ffffffff8024f891>]  [<ffffffff8024f891>] __lock_acquire+0x3db/0x73f
RSP: 0000:ffffffff80674cb8  EFLAGS: 00010002
RAX: ffff8800224c62f0 RBX: 0000000000000046 RCX: 0000000000000002
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8800224c62f0
RBP: ffffffff80674d08 R08: 0000000000000002 R09: 0000000000000001
R10: ffffffff80238941 R11: 0000000000000001 R12: 0000000000000000
R13: 6b6b6b6b6b6b6b6b R14: ffff88003a450080 R15: 0000000000000000
FS:  00007f98b69516f0(0000) GS:ffffffff80623200(0000) knlGS:00000000f7cc86d0
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000a87000 CR3: 0000000022598000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process qemu-system-x86 (pid: 5781, threadinfo ffff880028812000, task ffff88003a450080)
Stack:  ffffffff80674cf8 0000000180238440 0000000200000002 0000000000000000
 ffff8800224c62f0 0000000000000046 0000000000000000 0000000000000002
 0000000000000002 0000000000000000 ffffffff80674d68 ffffffff8024fc7a
Call Trace:
 <IRQ>  [<ffffffff8024fc7a>] lock_acquire+0x85/0xa9
 [<ffffffff8029cb62>] ? send_sigio+0x2a/0x184
 [<ffffffff80491d1f>] _read_lock+0x3e/0x4a
 [<ffffffff8029cb62>] ? send_sigio+0x2a/0x184
 [<ffffffff8029cb62>] send_sigio+0x2a/0x184
 [<ffffffff8024fb97>] ? __lock_acquire+0x6e1/0x73f
 [<ffffffff8029cd4d>] ? kill_fasync+0x2c/0x4e
 [<ffffffff8029cd10>] __kill_fasync+0x54/0x65
 [<ffffffff8029cd5b>] kill_fasync+0x3a/0x4e
 [<ffffffff80402896>] rtc_update_irq+0x9c/0xa5
 [<ffffffff80404640>] cmos_interrupt+0xae/0xc0
 [<ffffffff8025d1c1>] handle_IRQ_event+0x25/0x5a
 [<ffffffff8025e5e4>] handle_edge_irq+0xdd/0x123
 [<ffffffff8020da34>] do_IRQ+0xe4/0x144
 [<ffffffff8020bad6>] ret_from_intr+0x0/0xf
 <EOI>  [<ffffffff8026fdc2>] ? __alloc_pages_internal+0xe7/0x3ad
 [<ffffffff8033fe67>] ? clear_page_c+0x7/0x10
 [<ffffffff8026fc10>] ? get_page_from_freelist+0x385/0x450
 [<ffffffff8026fdc2>] ? __alloc_pages_internal+0xe7/0x3ad
 [<ffffffff80280aac>] ? anon_vma_prepare+0x2e/0xf6
 [<ffffffff80279400>] ? handle_mm_fault+0x227/0x6a5
 [<ffffffff80494716>] ? do_page_fault+0x494/0x83f
 [<ffffffff8049251d>] ? error_exit+0x0/0xa9

Code: cc 41 39 45 28 74 24 e8 5e 1d 0f 00 85 c0 0f 84 6a 03 00 00 83 3d 8f a9 aa 00 00 be 47 03 00 00 0f 84 6a 02 00 00 e9 53 03 00 00 <41> ff 85 38 01 00 00 45 8b be 90 06 00 00 41 83 ff 2f 76 24 e8
RIP  [<ffffffff8024f891>] __lock_acquire+0x3db/0x73f
 RSP <ffffffff80674cb8>
---[ end trace 431877d860448760 ]---
Kernel panic - not syncing: Aiee, killing interrupt handler!
Signed-off-by: NMarcin Slusarz <marcin.slusarz@gmail.com>
Acked-by: NAlessandro Zummo <alessandro.zummo@towertech.it>
Acked-by: NDavid Brownell <dbrownell@users.sourceforge.net>
Cc: <stable@kernel.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Don't print more information than fits into the string on the
stack. Combine the informational output of qdio to fit into
one line.
Signed-off-by: NJan Glauber <jang@linux.vnet.ibm.com>
Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>

Doing 'WARN_ON(preempt_count())' was horribly horribly wrong, and would
cause tons of warnings at bootup if PREEMPT was enabled because the
initcalls currently run with the kernel lock, which increments the
preempt count.

At the same time, the warning was also insufficient, since it didn't
check that interrupts were enabled.

The proper debug function to use for something that can sleep and wants
a warning if it's called in the wrong context is 'might_sleep()'.
Reported-by: NChristian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

This is loosely based on a patch by Jesse Barnes to check the user-space
PCI mappings though the sysfs interfaces.  Quoting Jesse's original
explanation:

  It's fairly common for applications to map PCI resources through sysfs.
  However, with the current implementation, it's possible for an application
  to map far more than the range corresponding to the resourceN file it
  opened.  This patch plugs that hole by checking the range at mmap time,
  similar to what is done on platforms like sparc64 in their lower level
  PCI remapping routines.

  It was initially put together to help debug the e1000e NVRAM corruption
  problem, since we initially thought an X driver might be walking past the
  end of one of its mappings and clobbering the NVRAM.  It now looks like
  that's not the case, but doing the check is still important for obvious
  reasons.

and this version of the patch differs in that it uses a helper function
to clarify the code, and does all the checks in pages (instead of bytes)
in order to avoid overflows when doing "<< PAGE_SHIFT" etc.
Acked-by: NJesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Signed-off-by: NJesse Brandeburg <jesse.brandeburg@intel.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

This patch adds a mutex to the e1000e driver that would help
catch any collisions of two e1000e threads accessing hardware
at the same time.

description and patch updated by Jesse
Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
Signed-off-by: NJesse Brandeburg <jesse.brandeburg@intel.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

the stats lock is left over from e1000, e1000e no longer
has the adjust tbi stats function that required the addition
of the stats lock to begin with.

adding a mutex to acquire_swflag helped catch this one too.
Signed-off-by: NJesse Brandeburg <jesse.brandeburg@intel.com>
Acked-by: NThomas Gleixner <tglx@linutronix.de>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

thanks to tglx, we're finding some interesting reentrancy issues.
this patch removes the phy read from inside a spinlock, paving
the way for removing the spinlock completely.  The phy read was
only feeding a statistic that wasn't used.
Signed-off-by: NJesse Brandeburg <jesse.brandeburg@intel.com>
Acked-by: NThomas Gleixner <tglx@linutronix.de>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

e1000e was apparently calling two functions that attempted to reserve
the SWFLAG bit for exclusive (to hardware and firmware) access to
the PHY and NVM (aka eeprom).  These accesses could possibly call
msleep to wait for the resource which is not allowed from interrupt
context.
Signed-off-by: NJesse Brandeburg <jesse.brandeburg@intel.com>
Acked-by: NThomas Gleixner <tglx@linutronix.de>
Tested-by: NThomas Gleixner <tglx@linutronix.de>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

in the process of debugging things, noticed that the swflag is not reset
by the driver after reset, and the swflag is probably not reset unless
management firmware clears it after 100ms.
Signed-off-by: NJesse Brandeburg <jesse.brandeburg@intel.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Only register the braille driver VT and keyboard notifiers when the
braille console is used.  Avoids eating insert or backspace keys.

Addresses http://bugzilla.kernel.org/show_bug.cgi?id=11242Signed-off-by: NPascal Terjan <pterjan@mandriva.com>
Signed-off-by: NSamuel Thibault <samuel.thibault@ens-lyon.org>
Cc: <stable@kernel.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Commit 22af89aa ("fbcon: replace mono_col
macro with static inline") changed the order of operations for computing
monochrome color values.  This generates 0xffff000f instead of 0x0000000f
for a 4 bit monochrome color, leading to image corruption if it is passed
to cfb_imageblit or other similar functions.  Fix it up.

Cc: Harvey Harrison <harvey.harrison@gmail.com>
Cc: "Antonino A. Daplas" <adaplas@pol.net>
Cc: Krzysztof Helt <krzysztof.h1@poczta.fm>
Cc: <stable@kernel.org>		[2.6.26.x]
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Set the hardware to ignore all write/erase cycles to the GbE region in
the ICHx NVM.  This feature can be disabled by the WriteProtectNVM module
parameter (enabled by default) only after a hardware reset, but
the machine must be power cycled before trying to enable writes.
Signed-off-by: NBruce Allan <bruce.w.allan@intel.com>
Signed-off-by: NJesse Brandeburg <jesse.brandeburg@intel.com>
CC: arjan@linux.intel.com
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

This patch fixes a build error in the pxa2xx-spi driver,
introduced by commit 7e964455
("pxa2xx_spi: dma bugfixes")

  CC      drivers/spi/pxa2xx_spi.o
drivers/spi/pxa2xx_spi.c: In function 'map_dma_buffers':
drivers/spi/pxa2xx_spi.c:331: error: invalid operands to binary &
drivers/spi/pxa2xx_spi.c:331: error: invalid operands to binary &
drivers/spi/pxa2xx_spi.c: In function 'pump_transfers':
drivers/spi/pxa2xx_spi.c:897: warning: format '%lu' expects type 'long unsigned int', but argument 4 has type 'unsigned int'

[dbrownell@users.sourceforge.net: fix warning too ]
Signed-off-by: NMike Rapoport <mike@compulab.co.il>
Acked-by: NEric Miao <eric.miao@marvell.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NDavid Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Moving the path activation to workqueue along with scsi_dh patches introduced
a race. It is due to the fact that the current_pgpath (in the multipath data
structure) can be modified if changes happen in any of the paths leading to
the lun. If the changes lead to current_pgpath being set to NULL, then it
leads to the invalid access which results in the panic below.

This patch fixes that by storing the pgpath to activate in the multipath data
structure and properly protecting it.

Note that if activate_path is called twice in succession with different pgpath,
with the second one being called before the first one is done, then activate
path will be called twice for the second pgpath, which is fine.

Unable to handle kernel paging request for data at address 0x00000020
Faulting instruction address: 0xd000000000aa1844
cpu 0x1: Vector: 300 (Data Access) at [c00000006b987a80]
    pc: d000000000aa1844: .activate_path+0x30/0x218 [dm_multipath]
    lr: c000000000087a2c: .run_workqueue+0x114/0x204
    sp: c00000006b987d00
   msr: 8000000000009032
   dar: 20
 dsisr: 40000000
  current = 0xc0000000676bb3f0
  paca    = 0xc0000000006f3680
    pid   = 2528, comm = kmpath_handlerd
enter ? for help
[c00000006b987da0] c000000000087a2c .run_workqueue+0x114/0x204
[c00000006b987e40] c000000000088b58 .worker_thread+0x120/0x144
[c00000006b987f00] c00000000008ca70 .kthread+0x78/0xc4
[c00000006b987f90] c000000000027cc8 .kernel_thread+0x4c/0x68
Signed-off-by: NChandra Seetharaman <sekharan@us.ibm.com>
Signed-off-by: NAlasdair G Kergon <agk@redhat.com>

If for any reason dm_merge_bvec() is given an offset beyond the end of the
device, avoid an oops and always allow one page to be added to an empty bio.
We'll reject the I/O later after the bio is submitted.
Signed-off-by: NMikulas Patocka <mpatocka@redhat.com>
Signed-off-by: NAlasdair G Kergon <agk@redhat.com>

Some callers assume they can always add at least one page to an empty bio,
so dm_merge_bvec should not return 0 in this case: we'll reject the I/O
later after the bio is submitted.
Signed-off-by: NMikulas Patocka <mpatocka@redhat.com>
Signed-off-by: NAlasdair G Kergon <agk@redhat.com>

map_size was declared from the wrong place.
Signed-off-by: NSamuel Ortiz <sameo@openedhand.com>

HAVE_GPIO_LIB has basically been replaced by GPIOLIB
Signed-off-by: NSamuel Ortiz <sameo@openedhand.com>

Boaz writes:

"I've reviewed all patches since Matthew's, and I find one small
problem.

In the load_cmd() there is a compound loop where the first 4 sg's are
set then the rest are set into a memory structure in group of 7 sg's.

Well the second 7-group and on is a bug because sg pointer does not advance.
This is a fall out from Jens's patch."

The reporter, Meelis Roos <mroos@ut.ee>, verified that this patch
does indeed fix his problem with qlogicpti.
Signed-off-by: NJens Axboe <jens.axboe@oracle.com>

Commit 2fd673ec which tried to remove
hardreset for generic accidentally removed it for all flavors as all
others were inheriting from nv_generic_ops.  This patch reinstates
nv_hardreset() and puts it into nv_common_ops which all flavors
inherit from.  nv_generic_ops now inherits from nv_common_ops and
overrides .hardreset to ATA_OP_NULL.

While at it, explain why nv_hardreset and ATA_OP_NULL override are
necessary.
Signed-off-by: NTejun Heo <tj@kernel.org>
Signed-off-by: NJeff Garzik <jgarzik@redhat.com>

The current sg list traversal logic for the continuation entries
doesn't advance the list pointer once all seven slots are used, so the
next continuation entry (if there is one) wrongly begins again at the
start of the sg list.

Fix by advancing the sg pointer after the for_each_sg().
Reported-by: NMeelis Roos <mroos@ut.ee>
Cc: David Miller <davem@davemloft.net>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

Enabling IDE generic may prevent ATA controllers located on legacy
ports from being attached to more proper driver or can prevent other
controllers which share the IRQ from working.  Note it in the help
message.
Signed-off-by: NTejun Heo <tj@kernel.org>
Cc: xerces8 <xerces8@butn.net>
Cc: Jeff Garzik <jgarzik@pobox.com>
Cc: stein@hermes.si
[bart: s/will grab/may grab/ since Borislav has fixed PCI-case for .28]
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>

Remove superfluous two bytes from each string buffer and add proper length
format specifiers.
Signed-off-by: NBorislav Petkov <petkovbb@gmail.com>
Tested-by: NMark de Wever <koraq@xs4all.nl>
Acked-by: NSergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>

If things are just right this will result in the hws[0]->parent being
passed to ide_host_add() being non-zero and an ooops a little later.
Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>

For SSB_BUSTYPE_SSB type devices, we need to initialize dma_mask using
coherent_dma_mask so that calls to dma_set_mask() succeed.

It fixes the regression on the b44 driver introduced by commit
f225763aSigned-off-by: NAurelien Jarno <aurelien@aurel32.net>
Signed-off-by: NRalf Baechle <ralf@linux-mips.org>

The tty_find_polling_driver() routine did not correctly check the base
part of the tty name.  This can lead to kgdboc selecting an incorrect
driver, as well as accepting a completely invalid tty such as "echo
ffff0 > /sys/module/kgdboc/parameters/kgdboc".
Signed-off-by: NJason Wessel <jason.wessel@windriver.com>

Commit ee1e2c82 ("IPoIB: Refresh paths instead of flushing them on SM
change events") changed how paths are flushed on an SM event.  This
change introduces a problem if the path record query triggered by
fails, causing path->ah to become NULL.  A later successful path query
will then trigger WARN_ON() in path_rec_completion(), and crash
because path->ah has already been freed, so the ipoib_put_ah() inside
the lock in path_rec_completion() may actually drop the last reference
(contrary to the comment that claims this is safe).

Fix this by updating path->ah and freeing old_ah only when the path
record query is successful.  This prevents the neighbour AH and that
path AH from getting out of sync.

This fixes <https://bugs.openfabrics.org/show_bug.cgi?id=1194>
Reported-by: NRabah Salem <ravah@mellanox.com>
Debugged-by: NEli Cohen <eli@mellanox.co.il>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Enabling the MIB interrupts has proven to cause an
interrupt storm after 7 hours of run. We will make use of the
MIB interrupt once we have ANI supported added so for now
to cure this we disable the interrupt.

The interrupt storm can be seen as follows after 7 hours of run
as reported by  Steven Noonan <steven@uplinklabs.net>:

18:28:38          sum   1106.00
18:28:39          sum   1037.62
18:28:40          sum   1069.00
18:28:41          sum   1167.00
18:28:42          sum   1155.00
18:28:43          sum   1339.00
18:28:44          sum  18355.00
18:28:45          sum  17845.45
18:28:46          sum  15285.00
18:28:47          sum  17511.00
18:28:48          sum  17568.69
18:28:49          sum  17704.04
18:28:50          sum  18566.67
18:28:51          sum  18913.13

at 18:28:44 the MIB interrupt kicked off and caused huge
latency which can be seen even on a video he submitted:

http://www.youtube.com/watch?v=4GeCx1gZMpASigned-off-by: NLuis R. Rodriguez <lrodriguez@atheros.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>

We need to convert the error pointer from class_create(), else we'll return the
successful return code from register_chrdev() on failure.
Signed-off-by: NSven Wegener <sven.wegener@stealer.net>
Signed-off-by: NJean Delvare <khali@linux-fr.org>

__devexit for i2c_powermac_probe is obviously wrong.  In the definition
of struct platform_driver i2c_powermac_driver the remove function
i2c_powermac_remove is wrapped in __devexit_p, so it should be defined
using __devexit.
Signed-off-by: NUwe Kleine-Koenig <ukleinek@informatik.uni-freiburg.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: NJean Delvare <khali@linux-fr.org>

This patch (as1135) essentially reverts the major parts of two earlier
patches to usbcore, because they ended up causing a regression.

Trying to recover from transient communication errors can lead to
other problems, because operations that failed during the error period
are not always retried.  The simplest example is the initial
Set-Config request sent after device enumeration; if it gets lost then
it will not be retried and the device will remain unconfigured.

This patch restores the old behavior in which any port disconnect or
port disable causes the entire device structure to be removed, fixing a
reported regression.
Signed-off-by: NAlan Stern <stern@rowland.harvard.edu>
Tested-by: NFrans Pop <elendil@planet.nl>
Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>

The Nokia 5310 Music Xpress phone reports one too many sectors in
usb-storage mode.  This patch resolves that.
Signed-off-by: NDavid Almaroad <dalmaroad@gmail.com>
Cc: Matthew Dharm <mdharm-usb@one-eyed-alien.net>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>

Support for Domintell devices (FTDI FT232BM based) : DGQG and DUSB01
module.  PIDs were missing.
Signed-off-by: NGaetan Carlier <gcpatch@gmail.com>
Cc: Greg Kroah-Hartman <gregkh@suse.de>
Cc: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>

In file included from drivers/usb/musb/musb_core.h:59,
                 from drivers/usb/musb/musb_core.c:108:
drivers/usb/musb/musb_io.h:42: error: conflicting types for '__raw_readsl'
/usr/src/devel/arch/sh/include/asm/io.h:112: error: previous declaration of '__raw_readsl' was here
drivers/usb/musb/musb_io.h:42: error: conflicting types for '__raw_readsl'
/usr/src/devel/arch/sh/include/asm/io.h:112: error: previous declaration of '__raw_readsl' was here
drivers/usb/musb/musb_io.h:44: error: conflicting types for 'readsw'
/usr/src/devel/arch/sh/include/asm/io.h:164: error: previous definition of 'readsw' was here
drivers/usb/musb/musb_io.h:46: error: conflicting types for 'readsb'
/usr/src/devel/arch/sh/include/asm/io.h:163: error: previous definition of 'readsb' was here
drivers/usb/musb/musb_io.h:49: error: conflicting types for '__raw_writesl'
/usr/src/devel/arch/sh/include/asm/io.h:111: error: previous declaration of '__raw_writesl' was here
drivers/usb/musb/musb_io.h:49: error: conflicting types for '__raw_writesl'
/usr/src/devel/arch/sh/include/asm/io.h:111: error: previous declaration of '__raw_writesl' was here
drivers/usb/musb/musb_io.h:51: error: conflicting types for 'writesw'
/usr/src/devel/arch/sh/include/asm/io.h:164: error: previous definition of 'writesw' was here
drivers/usb/musb/musb_io.h:53: error: conflicting types for 'writesb'
/usr/src/devel/arch/sh/include/asm/io.h:163: error: previous definition of 'writesb' was here

Cc: Karsten Keil <kkeil@suse.de>
Cc: Paul Mundt <lethal@linux-sh.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>

Add another MC8785 VID/PID
Signed-off-by: NKevin Lloyd <klloyd@sierrawireless.com>
Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>

Signed-off-by: NOtavio Salvador <otavio@ossystems.com.br>
Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>

USB: ftdi_sio: Add 0x5050/0x0900 USB IDs (Papouch Quido USB 4/4)
Signed-off-by: NJaroslav Kysela <perex@perex.cz>
Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>

While making some other changes to ti_usb_3410_5052, I noticed that the
changes made to move the firmware loading to a separate function are
broken (in ti_download_firmware(), status is set to -ENOMEM and never
changed).  This means the driver will never initialize the device
properly.  It looks like status was supposed to get the result of
ti_do_download().
Signed-off-by: NChris Adams <cmadams@hiwaay.net>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>

Fixes:
drivers/usb/gadget/fsl_usb2_udc.c: In function 'dr_controller_setup':
drivers/usb/gadget/fsl_usb2_udc.c:229: warning: format '%p' expects type
'void *', but argument 3 has type 'int'
Signed-off-by: NPeter Korsgaard <jacmet@sunsite.dk>
Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>