<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/net/wireless, branch v4.5.5</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>ath9k: ar5008_hw_cmn_spur_mitigate: add missing mask_m &amp; mask_p initialisation</title>
<updated>2016-05-11T09:21:30+00:00</updated>
<author>
<name>Oleksij Rempel</name>
<email>linux@rempel-privat.de</email>
</author>
<published>2016-04-12T17:37:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=8010bbdf5d0aa35b9dfa598f41d837c2f987e05c'/>
<id>8010bbdf5d0aa35b9dfa598f41d837c2f987e05c</id>
<content type='text'>
commit de478a61389cacafe94dc8b035081b681b878f9d upstream.

by moving common code to ar5008_hw_cmn_spur_mitigate i forgot to move
mask_m &amp; mask_p initialisation. This coused a performance regression
on ar9281.

Fixes: f911085ffa88 ("ath9k: split ar5008_hw_spur_mitigate and reuse common code in ar9002_hw_spur_mitigate.")
Reported-by: Gustav Frederiksen &lt;lkml2017@openmailbox.org&gt;
Tested-by: Gustav Frederiksen &lt;lkml2017@openmailbox.org&gt;
Signed-off-by: Oleksij Rempel &lt;linux@rempel-privat.de&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit de478a61389cacafe94dc8b035081b681b878f9d upstream.

by moving common code to ar5008_hw_cmn_spur_mitigate i forgot to move
mask_m &amp; mask_p initialisation. This coused a performance regression
on ar9281.

Fixes: f911085ffa88 ("ath9k: split ar5008_hw_spur_mitigate and reuse common code in ar9002_hw_spur_mitigate.")
Reported-by: Gustav Frederiksen &lt;lkml2017@openmailbox.org&gt;
Tested-by: Gustav Frederiksen &lt;lkml2017@openmailbox.org&gt;
Signed-off-by: Oleksij Rempel &lt;linux@rempel-privat.de&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>mwifiex: fix corner case association failure</title>
<updated>2016-05-11T09:21:28+00:00</updated>
<author>
<name>Amitkumar Karwar</name>
<email>akarwar@marvell.com</email>
</author>
<published>2016-02-23T13:16:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3fb17a4d3e0d8760d268815f27589662fb702f4f'/>
<id>3fb17a4d3e0d8760d268815f27589662fb702f4f</id>
<content type='text'>
commit a6139b6271f9f95377fe3486aed6120c9142779b upstream.

This patch corrects the error case in association path by returning
-1. Earlier "media_connected" used to remain on in this error case
causing failure for further association attempts.

Signed-off-by: Amitkumar Karwar &lt;akarwar@marvell.com&gt;
Fixes: b887664d882ee4 ('mwifiex: channel switch handling for station')
Signed-off-by: Cathy Luo &lt;cluo@marvell.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit a6139b6271f9f95377fe3486aed6120c9142779b upstream.

This patch corrects the error case in association path by returning
-1. Earlier "media_connected" used to remain on in this error case
causing failure for further association attempts.

Signed-off-by: Amitkumar Karwar &lt;akarwar@marvell.com&gt;
Fixes: b887664d882ee4 ('mwifiex: channel switch handling for station')
Signed-off-by: Cathy Luo &lt;cluo@marvell.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>ath10k: fix pktlog in QCA99X0</title>
<updated>2016-05-11T09:21:27+00:00</updated>
<author>
<name>Ashok Raj Nagarajan</name>
<email>arnagara@qti.qualcomm.com</email>
</author>
<published>2016-02-05T15:42:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4b758fd539dd8a40c9fafc4fae5c84932d4b1bf5'/>
<id>4b758fd539dd8a40c9fafc4fae5c84932d4b1bf5</id>
<content type='text'>
commit 53a5c9bc53ce51f65699a43c67ab167436d28083 upstream.

Currently, we are providing wrong payload data of pktlog to trace points.
Data we receive from FW through copy engine 8 contains pktlog data alone.
We don't need to parse anything in driver before handing it to trace
points.

Fixes: afb0bf7f530b ("ath10k: add support for pktlog in QCA99X0")
Signed-off-by: Ashok Raj Nagarajan &lt;arnagara@qti.qualcomm.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@qca.qualcomm.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 53a5c9bc53ce51f65699a43c67ab167436d28083 upstream.

Currently, we are providing wrong payload data of pktlog to trace points.
Data we receive from FW through copy engine 8 contains pktlog data alone.
We don't need to parse anything in driver before handing it to trace
points.

Fixes: afb0bf7f530b ("ath10k: add support for pktlog in QCA99X0")
Signed-off-by: Ashok Raj Nagarajan &lt;arnagara@qti.qualcomm.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@qca.qualcomm.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>wlcore: fix error handling in wlcore_event_fw_logger</title>
<updated>2016-05-11T09:21:27+00:00</updated>
<author>
<name>Andrzej Hajda</name>
<email>a.hajda@samsung.com</email>
</author>
<published>2016-01-07T13:28:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=1364fd09f7f2c400df57c938761bc6fbd05e1544'/>
<id>1364fd09f7f2c400df57c938761bc6fbd05e1544</id>
<content type='text'>
commit 68f37e5d7a2e00306adab033fba6c3042b33e8e1 upstream.

wlcore_read/wlcore_write can return negative values so it should
be assigned to signed variable.

The problem has been detected using proposed semantic patch
scripts/coccinelle/tests/unsigned_lesser_than_zero.cocci [1].

[1]: http://permalink.gmane.org/gmane.linux.kernel/2120705

Fixes: 3719c17e1816 ("wlcore/wl18xx: fw logger over sdio")
Signed-off-by: Andrzej Hajda &lt;a.hajda@samsung.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 68f37e5d7a2e00306adab033fba6c3042b33e8e1 upstream.

wlcore_read/wlcore_write can return negative values so it should
be assigned to signed variable.

The problem has been detected using proposed semantic patch
scripts/coccinelle/tests/unsigned_lesser_than_zero.cocci [1].

[1]: http://permalink.gmane.org/gmane.linux.kernel/2120705

Fixes: 3719c17e1816 ("wlcore/wl18xx: fw logger over sdio")
Signed-off-by: Andrzej Hajda &lt;a.hajda@samsung.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>rtlwifi: Fix size of wireless mode variable</title>
<updated>2016-05-11T09:21:25+00:00</updated>
<author>
<name>Larry Finger</name>
<email>Larry.Finger@lwfinger.net</email>
</author>
<published>2016-02-25T17:03:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=7bbda3d4ec7a9f989fa0f43669698928adc3cc39'/>
<id>7bbda3d4ec7a9f989fa0f43669698928adc3cc39</id>
<content type='text'>
commit 73fb270592164b1917442f8bff4c791d095ee2ef upstream.

Smatch reports the following warning:

  CHECK   drivers/net/wireless/realtek/rtlwifi/rc.c
drivers/net/wireless/realtek/rtlwifi/rc.c:144 _rtl_rc_rate_set_series() warn: impossible condition '(wireless_mode == 256) =&gt; (0-255 == 256)'

This warning arises because commit acc6907b87a9 ("rtlwifi: Fix warning
from ieee80211_get_tx_rates() when using 5G") now checks the wireless
mode for WIRELESS_MODE_AC_ONLY (BIT(8)) in _rtl_rc_rate_set_series().
As a result, all quantities used to store the wireless mode must be u16.

This patch also reorders struct rtl_sta_info to save a little space.

Fixes: d76d65fd2695 ("rtlwifi: fix broken VHT support")
Reported-by: Dan Williams &lt;dcbw@redhat.com&gt;
Signed-off-by: Larry Finger &lt;Larry.Finger@lwfinger.net&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 73fb270592164b1917442f8bff4c791d095ee2ef upstream.

Smatch reports the following warning:

  CHECK   drivers/net/wireless/realtek/rtlwifi/rc.c
drivers/net/wireless/realtek/rtlwifi/rc.c:144 _rtl_rc_rate_set_series() warn: impossible condition '(wireless_mode == 256) =&gt; (0-255 == 256)'

This warning arises because commit acc6907b87a9 ("rtlwifi: Fix warning
from ieee80211_get_tx_rates() when using 5G") now checks the wireless
mode for WIRELESS_MODE_AC_ONLY (BIT(8)) in _rtl_rc_rate_set_series().
As a result, all quantities used to store the wireless mode must be u16.

This patch also reorders struct rtl_sta_info to save a little space.

Fixes: d76d65fd2695 ("rtlwifi: fix broken VHT support")
Reported-by: Dan Williams &lt;dcbw@redhat.com&gt;
Signed-off-by: Larry Finger &lt;Larry.Finger@lwfinger.net&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>mwifiex: fix IBSS data path issue.</title>
<updated>2016-05-04T21:49:09+00:00</updated>
<author>
<name>chunfan chen</name>
<email>jeffc@marvell.com</email>
</author>
<published>2016-01-07T07:40:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=0af7d2fc9dd15f67c8fec0a817c033b0ee66e70f'/>
<id>0af7d2fc9dd15f67c8fec0a817c033b0ee66e70f</id>
<content type='text'>
commit dc386ce76dedaeeaaf006fceb6ed8cf2e20ff026 upstream.

The port_open flag is not applicable for IBSS mode. IBSS data
path was broken when port_open flag was introduced.
This patch fixes the problem by correcting the checks.

Fixes: 5c8946330abfa4c ("mwifiex: enable traffic only when port is open")
Signed-off-by: chunfan chen &lt;jeffc@marvell.com&gt;
Signed-off-by: Amitkumar Karwar &lt;akarwar@marvell.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit dc386ce76dedaeeaaf006fceb6ed8cf2e20ff026 upstream.

The port_open flag is not applicable for IBSS mode. IBSS data
path was broken when port_open flag was introduced.
This patch fixes the problem by correcting the checks.

Fixes: 5c8946330abfa4c ("mwifiex: enable traffic only when port is open")
Signed-off-by: chunfan chen &lt;jeffc@marvell.com&gt;
Signed-off-by: Amitkumar Karwar &lt;akarwar@marvell.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>iwlwifi: mvm: fix memory leak in paging</title>
<updated>2016-05-04T21:49:03+00:00</updated>
<author>
<name>Matti Gottlieb</name>
<email>matti.gottlieb@intel.com</email>
</author>
<published>2016-03-15T11:46:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3a698a36c9d9d2f807a5a5739b552253b2cee49f'/>
<id>3a698a36c9d9d2f807a5a5739b552253b2cee49f</id>
<content type='text'>
commit 7fdf9663261cc77a516396fec82cee8a8ea07e76 upstream.

Currently paging download buffer is freed during the
the unloading of the opmode which happens when the driver
is unloaded.

This causes a memory leak since the paging download
buffer is allocated every time we enable the
interface, so the download buffer can be allocated many
times, but only be freed once.

Free paging download buffer during disabling of the
interface.

Signed-off-by: Matti Gottlieb &lt;matti.gottlieb@intel.com&gt;
Signed-off-by: Emmanuel Grumbach &lt;emmanuel.grumbach@intel.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 7fdf9663261cc77a516396fec82cee8a8ea07e76 upstream.

Currently paging download buffer is freed during the
the unloading of the opmode which happens when the driver
is unloaded.

This causes a memory leak since the paging download
buffer is allocated every time we enable the
interface, so the download buffer can be allocated many
times, but only be freed once.

Free paging download buffer during disabling of the
interface.

Signed-off-by: Matti Gottlieb &lt;matti.gottlieb@intel.com&gt;
Signed-off-by: Emmanuel Grumbach &lt;emmanuel.grumbach@intel.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>iwlwifi: pcie: lower the debug level for RSA semaphore access</title>
<updated>2016-05-04T21:49:03+00:00</updated>
<author>
<name>Emmanuel Grumbach</name>
<email>emmanuel.grumbach@intel.com</email>
</author>
<published>2016-03-10T11:07:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=eefe1567b6cf0a336213c7302b6b407c65a55ece'/>
<id>eefe1567b6cf0a336213c7302b6b407c65a55ece</id>
<content type='text'>
commit 9fc515bc9e735c10cd327f05c20f5ef69474188d upstream.

IWL_INFO is not an error but still printed by default.
"can't access the RSA semaphore it is write protected" seems
worrisome but it is not really a problem.

Signed-off-by: Emmanuel Grumbach &lt;emmanuel.grumbach@intel.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 9fc515bc9e735c10cd327f05c20f5ef69474188d upstream.

IWL_INFO is not an error but still printed by default.
"can't access the RSA semaphore it is write protected" seems
worrisome but it is not really a problem.

Signed-off-by: Emmanuel Grumbach &lt;emmanuel.grumbach@intel.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>ath9k: fix buffer overrun for ar9287</title>
<updated>2016-04-20T06:45:13+00:00</updated>
<author>
<name>Arnd Bergmann</name>
<email>arnd@arndb.de</email>
</author>
<published>2016-03-14T14:18:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=03cbd08593beff8d7d3e51c68079e4414e50fcca'/>
<id>03cbd08593beff8d7d3e51c68079e4414e50fcca</id>
<content type='text'>
[ Upstream commit 83d6f1f15f8cce844b0a131cbc63e444620e48b5 ]

Code that was added back in 2.6.38 has an obvious overflow
when accessing a static array, and at the time it was added
only a code comment was put in front of it as a reminder
to have it reviewed properly.

This has not happened, but gcc-6 now points to the specific
overflow:

drivers/net/wireless/ath/ath9k/eeprom.c: In function 'ath9k_hw_get_gain_boundaries_pdadcs':
drivers/net/wireless/ath/ath9k/eeprom.c:483:44: error: array subscript is above array bounds [-Werror=array-bounds]
     maxPwrT4[i] = data_9287[idxL].pwrPdg[i][4];
                   ~~~~~~~~~~~~~~~~~~~~~~~~~^~~

It turns out that the correct array length exists in the local
'intercepts' variable of this function, so we can just use that
instead of hardcoding '4', so this patch changes all three
instances to use that variable. The other two instances were
already correct, but it's more consistent this way.

Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Fixes: 940cd2c12ebf ("ath9k_hw: merge the ar9287 version of ath9k_hw_get_gain_boundaries_pdadcs")
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 83d6f1f15f8cce844b0a131cbc63e444620e48b5 ]

Code that was added back in 2.6.38 has an obvious overflow
when accessing a static array, and at the time it was added
only a code comment was put in front of it as a reminder
to have it reviewed properly.

This has not happened, but gcc-6 now points to the specific
overflow:

drivers/net/wireless/ath/ath9k/eeprom.c: In function 'ath9k_hw_get_gain_boundaries_pdadcs':
drivers/net/wireless/ath/ath9k/eeprom.c:483:44: error: array subscript is above array bounds [-Werror=array-bounds]
     maxPwrT4[i] = data_9287[idxL].pwrPdg[i][4];
                   ~~~~~~~~~~~~~~~~~~~~~~~~~^~~

It turns out that the correct array length exists in the local
'intercepts' variable of this function, so we can just use that
instead of hardcoding '4', so this patch changes all three
instances to use that variable. The other two instances were
already correct, but it's more consistent this way.

Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Fixes: 940cd2c12ebf ("ath9k_hw: merge the ar9287 version of ath9k_hw_get_gain_boundaries_pdadcs")
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>brcmfmac: Increase nr of supported flowrings.</title>
<updated>2016-04-12T14:33:37+00:00</updated>
<author>
<name>Hante Meuleman</name>
<email>meuleman@broadcom.com</email>
</author>
<published>2016-02-07T23:00:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=32f90caa7debdf12a4b582aafef8767254fbe372'/>
<id>32f90caa7debdf12a4b582aafef8767254fbe372</id>
<content type='text'>
commit 19c8f421a61947116898c9f8a28823b9d988df74 upstream.

New generation devices have firmware which has more than 256 flowrings.
E.g. following debugging message comes from 14e4:4365 BCM4366:
[  194.606245] brcmfmac: brcmf_pcie_init_ringbuffers Nr of flowrings is 264

At various code places (related to flowrings) we were using u8 which
could lead to storing wrong number or infinite loops when indexing with
this type. This issue was quite easy to spot in brcmf_flowring_detach
where it led to infinite loop e.g. on failed initialization.

This patch switches code to proper types and increases the maximum
number of supported flowrings to 512.

Originally this change was sent in September 2015, but back it was
causing a regression on BCM43602 resulting in:
Unable to handle kernel NULL pointer dereference at virtual address ...

The reason for this regression was missing update (s/u8/u16) of struct
brcmf_flowring_ring. This problem was handled in 9f64df9 ("brcmfmac: Fix
bug in flowring management."). Starting with that it's safe to apply
this original patch as it doesn't cause a regression anymore.

This patch fixes an infinite loop on BCM4366 which is supported since
4.4 so it makes sense to apply it to stable 4.4+.

Reviewed-by: Arend Van Spriel &lt;arend@broadcom.com&gt;
Reviewed-by: Franky (Zhenhui) Lin &lt;frankyl@broadcom.com&gt;
Reviewed-by: Pieter-Paul Giesberts &lt;pieterpg@broadcom.com&gt;
Signed-off-by: Hante Meuleman &lt;meuleman@broadcom.com&gt;
Signed-off-by: Arend van Spriel &lt;arend@broadcom.com&gt;
Signed-off-by: Rafał Miłecki &lt;zajec5@gmail.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 19c8f421a61947116898c9f8a28823b9d988df74 upstream.

New generation devices have firmware which has more than 256 flowrings.
E.g. following debugging message comes from 14e4:4365 BCM4366:
[  194.606245] brcmfmac: brcmf_pcie_init_ringbuffers Nr of flowrings is 264

At various code places (related to flowrings) we were using u8 which
could lead to storing wrong number or infinite loops when indexing with
this type. This issue was quite easy to spot in brcmf_flowring_detach
where it led to infinite loop e.g. on failed initialization.

This patch switches code to proper types and increases the maximum
number of supported flowrings to 512.

Originally this change was sent in September 2015, but back it was
causing a regression on BCM43602 resulting in:
Unable to handle kernel NULL pointer dereference at virtual address ...

The reason for this regression was missing update (s/u8/u16) of struct
brcmf_flowring_ring. This problem was handled in 9f64df9 ("brcmfmac: Fix
bug in flowring management."). Starting with that it's safe to apply
this original patch as it doesn't cause a regression anymore.

This patch fixes an infinite loop on BCM4366 which is supported since
4.4 so it makes sense to apply it to stable 4.4+.

Reviewed-by: Arend Van Spriel &lt;arend@broadcom.com&gt;
Reviewed-by: Franky (Zhenhui) Lin &lt;frankyl@broadcom.com&gt;
Reviewed-by: Pieter-Paul Giesberts &lt;pieterpg@broadcom.com&gt;
Signed-off-by: Hante Meuleman &lt;meuleman@broadcom.com&gt;
Signed-off-by: Arend van Spriel &lt;arend@broadcom.com&gt;
Signed-off-by: Rafał Miłecki &lt;zajec5@gmail.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
</feed>
