Setting BGXX_SPUX_MISC_CONTROL::RX_PACKET_DIS is not needed as
packet reception is anyway disabled by BGXX_CMRX_CONFIG::DATA_PKT_RX_EN.
Also setting RX_PACKET_DIS causes a bogus remote fault condition
which delays link detection.
Signed-off-by: Sunil Goutham <email address hidden>
Signed-off-by: David S. Miller <email address hidden>
(backported from commit 93db2cf8caa1fa69cb833175cc5d30a7d178d53b)
Signed-off-by: dann frazier <email address hidden>
162e766...
by
Greg Kroah-Hartman <email address hidden>
One of the laptops has the codec ALC256 on it, applying the
ALC255_FIXUP_DELL1_MIC_NO_PRESENCE can fix the problem, the rest
of laptops have the codec ALC295 on them, they are similar to machines
with ALC225, applying the ALC269_FIXUP_DELL1_MIC_NO_PRESENCE can fix
the problem.
We have two new Dell laptop models, they have the same ALC255 pin
definition, but not in the pin quirk table yet, as a result, the
headset microphone can't work. After adding the definition in the
table, the headset microphone works well.
This reverts commit e6c7efdcb76f11b04e3d3f71c8d764ab75c9423b.
Turns out it was totally wrong. The memory is supposed to be bound to
the kref, as the original code was doing correctly, not the
device/driver binding as the devm_kzalloc() would cause.
This fixes an oops when read would be called after the device was
unbound from the driver.
Reported-by: Ladislav Michl <email address hidden>
Cc: Andy Shevchenko <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
Commit 367e8560e8d7a62d96e9b1d644028a3816e04206 introduced a bug
in fbtft-core where fps is always 0, this is because variable
update_time is not assigned correctly.
This patch fixes a NULL pointer dereference caused by a race codition in
the probe function of the legousbtower driver. It re-structures the
probe function to only register the interface after successfully reading
the board's firmware ID.
The probe function does not deregister the usb interface after an error
receiving the devices firmware ID. The device file registered
(/dev/usb/legousbtower%d) may be read/written globally before the probe
function returns. When tower_delete is called in the probe function
(after an r/w has been initiated), core dev structures are deleted while
the file operation functions are still running. If the 0 address is
mappable on the machine, this vulnerability can be used to create a
Local Priviege Escalation exploit via a write-what-where condition by
remapping dev->interrupt_out_buffer in tower_write. A forged USB device
and local program execution would be required for LPE. The USB device
would have to delay the control message in tower_probe and accept
the control urb in tower_open whilst guest code initiated a write to the
device file as tower_delete is called from the error in tower_probe.
This bug has existed since 2003. Patch tested by emulated device.
Reported-by: James Patrick-Evans <email address hidden>
Tested-by: James Patrick-Evans <email address hidden>
Signed-off-by: James Patrick-Evans <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
