| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
When enable NFC sram write, it will failed the mtd_nandbiterrs.ko test.
As in driver's nfc_sram_write_page(), if ops->mode equal to MTD_OSP_RAW,
driver assumes the data buffer contains one page data and one oob data
followed. And driver will write the page data and oob data to nand.
But this is wrong implementation. Since the data buffer don't contains the
oob data to write. We should write the chip->oob_poi to nand's oob.
So this patch fix it by writing the oob data from chip->oob_poi.
Signed-off-by: Josh Wu <[email protected]>
Signed-off-by: Brian Norris <[email protected]>
|
|
Noticed by Coverity as a potential security issue.
Signed-off-by: Brian Norris <[email protected]>
|
|
chip->pagebuf is a 32-bit type (int), so the shift will only be applied
as 32-bit. Fix this for 64-bit safety.
Caught by Coverity.
Signed-off-by: Brian Norris <[email protected]>
|
|
Already depends on SOLUTION_ENGINE, so we don't need the SUPERH
dependency too.
Signed-off-by: Brian Norris <[email protected]>
|
|
This multiplication should be done in 64-bit, not 32-bit.
Caught by Coverity.
Signed-off-by: Brian Norris <[email protected]>
|
|
The condition "if (irq_status == 0)" already ensures that one half of
the ternary ?: is dead. I think this should probably actually be a FAIL,
not a PASS.
Caught by Coverity.
Signed-off-by: Brian Norris <[email protected]>
Cc: Jamie Iles <[email protected]>
|
|
Signed-off-by: Brian Norris <[email protected]>
|
|
These multiplications are done with 32-bit arithmetic, then converted to
64-bit. We should widen the integers first to prevent overflow. This
could be a problem for large (>4GB) MTD's.
Detected by Coverity.
Signed-off-by: Brian Norris <[email protected]>
Cc: Akinobu Mita <[email protected]>
|
|
Caught by Coverity.
Signed-off-by: Brian Norris <[email protected]>
|
|
MTD used to allow compiling out character device support. This was
dropped in the following commit, but some of the accompanying logic was
never dropped:
commit 660685d9d1b4730f0b5ca97fa95f272f99c63bce
Author: Artem Bityutskiy <[email protected]>
Date: Thu Mar 14 13:27:40 2013 +0200
mtd: merge mtdchar module with mtdcore
The weird logic was flagged by Coverity.
Signed-off-by: Brian Norris <[email protected]>
Cc: Artem Bityutskiy <[email protected]>
|
|
There is one theoretical case that could fall through to using an
uninitialized value as the return code. Let's give it a value of 0.
Untested.
Caught by Coverity.
Signed-off-by: Brian Norris <[email protected]>
|
|
When checking the upper boundary (i.e., whether an address is higher
than the maximum size of the MTD), we should be doing an inclusive check
(greater or equal). For instance, an address of 16MB (0x1000000) on a
16MB device is invalid.
The strengthening of this bounds check is redundant for those which
already have a address+length check and ensure that the length is
non-zero, but let's just fix them all, for completeness.
Signed-off-by: Brian Norris <[email protected]>
|
|
The variable 'retries' is never modified, so if the reset operation
never is going to complete, we'll get stuck in an infinite loop.
It looks like the intention was to decrement 'retries' on every loop.
Untested.
Caught by Coverity.
Signed-off-by: Brian Norris <[email protected]>
|
|
Do nand reset before write protect check.
If we want to check the WP# low or high through STATUS READ and check bit 7,
we must reset the device, other operation (eg.erase/program a locked block) can
also clear the bit 7 of status register.
As we know the status register can be refreshed, if we do some operation to trigger it,
for example if we do erase/program operation to one block that is locked, then READ STATUS,
the bit 7 of READ STATUS will be 0 indicate the device in write protect, then if we do
erase/program operation to another block that is unlocked, the bit 7 of READ STATUS will
be 1 indicate the device is not write protect.
Suppose we checked the bit 7 of READ STATUS is 0 then judge the WP# is low (write protect),
but in this case the WP# maybe high if we do erase/program operation to a locked block,
so we must reset the device if we want to check the WP# low or high through STATUS READ and
check bit 7.
Signed-off-by: White Ding <[email protected]>
Signed-off-by: Brian Norris <[email protected]>
|
|
Fixed checkpatch warnings: "WARNING: Prefer seq_puts to seq_printf"
This patch is created with reference to the ongoing lkml thread
https://lkml.org/lkml/2014/7/15/646
where Andrew Morton wrote:
"
- puts is presumably faster
- puts doesn't go rogue if you accidentally pass it a "%".
- this patch would actually make compiled object files few bytes smaller.
Perhaps because seq_printf() is a varargs function, forcing the
caller to pass args on the stack instead of in registers.
"
Signed-off-by: Samarth Parikh <[email protected]>
Signed-off-by: Brian Norris <[email protected]>
|
|
MAP10 command with '0x2000' data sets up a read-ahead/write access.
Signed-off-by: Masahiro Yamada <[email protected]>
Signed-off-by: Brian Norris <[email protected]>
|
|
There is a error message within devm_ioremap_resource
already, so remove the dev_err call to avoid redundant
error message.
Signed-off-by: Wei Yongjun <[email protected]>
Signed-off-by: Brian Norris <[email protected]>
|
|
This commit adds the support in the spi-nor driver of the Micron
M25PX80 flash, a 8 Mbit SPI flash from Micron.
Signed-off-by: Thomas Petazzoni <[email protected]>
Signed-off-by: Brian Norris <[email protected]>
|
|
Fix kernel-doc warning in <linux/mtd/nand.h>:
Warning(..//include/linux/mtd/nand.h:795): No description found for parameter 'ecc'
Signed-off-by: Randy Dunlap <[email protected]>
Cc: David Woodhouse <[email protected]>
Cc: Brian Norris <[email protected]>
Cc: [email protected]
Signed-off-by: Brian Norris <[email protected]>
|
|
PMECC can support 512, 1k, 2k, 4k, 8k page size.
The driver currently only support 2k page size nand flash. So this patch
add support to 512, 1k, 4k and 8k page size nand flash.
Signed-off-by: Josh Wu <[email protected]>
Signed-off-by: Brian Norris <[email protected]>
|
|
Some nand with 8k page size like Micron MT29F32G08ABAAAWP need more than 20us.
Signed-off-by: Raphaël Poggi <[email protected]>
Signed-off-by: Brian Norris <[email protected]>
|
|
Use NULL instead of 0 when returning an address. This fixes a
sparse warning.
Signed-off-by: Martin Kepplinger <[email protected]>
Signed-off-by: Brian Norris <[email protected]>
|
|
We check "cs" for array overflows but we don't check for underflows and
it upsets the static checkers.
Signed-off-by: Dan Carpenter <[email protected]>
Signed-off-by: Brian Norris <[email protected]>
|
|
Currently when run on an APM platform the ARMv8 defconfig has no viable
options for rootfs other than ramdisk which is rather limiting. Since
we already have both SATA and the bits needed for NFS root enabled we just
need to enable the relevant drivers so do that, helping enable direct
testing of upstream.
If the configuration ends up becoming too big we can consider modularising
some of the drivers and asking people to use an initramfs but for now this
is not an issue.
Signed-off-by: Mark Brown <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
|
|
When booting via UEFI, the kernel Image is loaded at a 4 kB boundary and
the embedded EFI stub is executed in place. The EFI stub relocates the
Image to reside TEXT_OFFSET bytes above a 2 MB boundary, and jumps into
the kernel proper.
In AArch64, PC relative symbol references are emitted using adrp/add or
adrp/ldr pairs, where the offset into a 4 kB page is resolved using a
separate :lo12: relocation. This implicitly assumes that the code will
always be executed at the same relative offset with respect to a 4 kB
boundary, or the references will point to the wrong address.
This means we should link the kernel at a 4 kB aligned base address in
order to remain compatible with the base address the UEFI loader uses
when doing the initial load of Image. So update the code that generates
TEXT_OFFSET to choose a multiple of 4 kB.
At the same time, update the code so it chooses from the interval [0..2MB)
as the author originally intended.
Reviewed-by: Mark Rutland <[email protected]>
Signed-off-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
|
|
Missing semicolon in range check fix.
Signed-off-by: David S. Miller <[email protected]>
|
|
Vasily Averin says:
====================
cbq: incorrectly low bandwidth blocks limited traffic
v2: patch description changes
Fixes: f0f6ee1f70c4 ("cbq: incorrect processing of high limits")
Mainstream commit f0f6ee1f70c4 ("cbq: incorrect processing of high limits")
have side effect: if cbq bandwidth setting is less than real interface
throughput non-limited traffic can delay limited traffic for a very long time.
This happen because of q->now changes incorrectly in cbq_dequeue():
in described scenario L2T is much greater than real time delay,
and q->now gets an extra boost for each transmitted packet.
Accumulated boost prevents update q->now, and blocked class can wait
very long time until (q->now >= cl->undertime) will be true again.
More detailed problem description can be found here:
http://www.spinics.net/lists/netdev/msg292493.html
Following patches should fix the problem.
====================
Signed-off-by: David S. Miller <[email protected]>
|
|
Now q->now_rt is identical to q->now and is not required anymore.
Signed-off-by: Vasily Averin <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Mainstream commit f0f6ee1f70c4 ("cbq: incorrect processing of high limits")
have side effect: if cbq bandwidth setting is less than real interface
throughput non-limited traffic can delay limited traffic for a very long time.
This happen because of q->now changes incorrectly in cbq_dequeue():
in described scenario L2T is much greater than real time delay,
and q->now gets an extra boost for each transmitted packet.
Accumulated boost prevents update q->now, and blocked class can wait
very long time until (q->now >= cl->undertime) will be true again.
To fix the problem the patch updates q->now on each cbq_update() call.
L2T-related pre-modification q->now was moved to cbq_update().
My testing confirmed that it fixes the problem and did not discover
any side-effects
Fixes: f0f6ee1f70c4 ("cbq: incorrect processing of high limits")
Signed-off-by: Vasily Averin <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The latest kernel fails to boot qemu arm images when using scsi
for disk access. Boot gets stuck after the following messages.
brd: module loaded
sym53c8xx 0000:00:0c.0: enabling device (0100 -> 0103)
sym0: <895a> rev 0x0 at pci 0000:00:0c.0 irq 93
sym0: No NVRAM, ID 7, Fast-40, LVD, parity checking
sym0: SCSI BUS has been reset.
scsi host0: sym-2.2.3
Bisect points to commit 71e75c97f97a ("scsi: convert device_busy to
atomic_t"). Code inspection shows the following suspicious change
in scsi_request_fn.
out_delay:
- if (sdev->device_busy == 0 && !scsi_device_blocked(sdev))
+ if (atomic_read(&sdev->device_busy) && !scsi_device_blocked(sdev))
blk_delay_queue(q, SCSI_QUEUE_DELAY);
}
'sdev->device_busy == 0' was replaced with 'atomic_read(&sdev->device_busy)',
meaning the logic was reversed. Changing this expression to
'!atomic_read(&sdev->device_busy)' fixes the problem.
Signed-off-by: Guenter Roeck <[email protected]>
Reviewed-by: Hannes Reinecke <[email protected]>
Acked-by: Jens Axboe <[email protected]>
Reviewed-by: Venkatesh Srinivas <[email protected]>
Reviewed-by: Webb Scales <[email protected]>
Cc: Christoph Hellwig <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
This patch drops the userspace accessable sysfs entry for the maximum
datagram size of a 6LoWPAN fragment packet.
A fragment should not have a datagram size value greater than 1280 byte.
Instead of make this value configurable, we accept 1280 datagram size
fragment packets only.
Signed-off-by: Martin Townsend <[email protected]>
Signed-off-by: Alexander Aring <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
This patch changes the 1281 MTU to 1280. Others stack have only a 1280
byte array for uncompressed 6LoWPAN packets, this avoid that these
stacks have an overflow. Sending 1281 uncompressed 6LoWPAN packets isn't
also rfc complaint.
Signed-off-by: Alexander Aring <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
If received frame contains the reserved destination address mode. The
frame should be dropped and free the skb.
Signed-off-by: Martin Townsend <[email protected]>
Signed-off-by: Alexander Aring <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
This patch correct the return value of lowpan_alloc_frag if an error
occur. Errno numbers should always be negative.
Signed-off-by: Alexander Aring <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
This patch fix a memory leak if received frame was not able to parse.
Signed-off-by: Martin Townsend <[email protected]>
Signed-off-by: Alexander Aring <[email protected]>
Signed-off-by: Marcel Holtmann <[email protected]>
|
|
Current dmas explanation of SRC/DRS is confusable.
This patch clarifies it.
Signed-off-by: Kuninori Morimoto <[email protected]>
Acked-by: Geert Uytterhoeven <[email protected]>
Signed-off-by: Simon Horman <[email protected]>
Signed-off-by: Vinod Koul <[email protected]>
|
|
This is the errorneous scenario.
1. write data
2. do checkpoint
3. produce some dirty node pages by the gc thread
4. write back dirty node pages
5. f2fs_put_super will skip the checkpoint, since dirty count for node pages is
zero.
This patch removes such the wrong condition check.
Signed-off-by: Jaegeuk Kim <[email protected]>
|
|
During the recovery, if an error like EIO or ENOMEM, f2fs_bug_on should skip.
Signed-off-by: Jaegeuk Kim <[email protected]>
|
|
This patch fixes not to skip xattr recovery and inline xattr/data recovery
order.
Reviewed-by: Chao Yu <[email protected]>
Signed-off-by: Jaegeuk Kim <[email protected]>
|
|
During the recovery, we should clear the inline_xattr flag if its xattr node
block is recovered.
Reviewed-by: Chao Yu <[email protected]>
Signed-off-by: Jaegeuk Kim <[email protected]>
|
|
If an inode are fsynced multiple times with fsync & dent marks, this inode will
set FI_INC_LINK at find_fsync_dnodes during the recovery.
But, in recover_inode, recover_dentry doesn't clear that flag when multiple hits
were occurred.
So this patch removes the flag for the further consistency.
Reviewed-by: Chao Yu <[email protected]>
Signed-off-by: Jaegeuk Kim <[email protected]>
|
|
If a new inode page is needed for recover_dentry, we should assing i_inline
as zero.
Reviewed-by: Chao Yu <[email protected]>
Signed-off-by: Jaegeuk Kim <[email protected]>
|
|
This patch adds a parentheses to make clear for condition check.
And also it changes the return type for better meanings.
Signed-off-by: Jaegeuk Kim <[email protected]>
|
|
If mkwrite is called to an inode having inline_data, it can overwrite the data
index space as NEW_ADDR. (e.g., the first 4 bytes are coincidently zero)
Signed-off-by: Jaegeuk Kim <[email protected]>
|
|
Fix typo and some grammatical errors.
The words "filesystem" and "readahead" are being used without the space treewide.
Signed-off-by: Park Ju Hyung <[email protected]>
Signed-off-by: Jaegeuk Kim <[email protected]>
|
|
We did not check relocated directory in any way when processing Rock
Ridge 'CL' tag. Thus a corrupted isofs image can possibly have a CL
entry pointing to another CL entry leading to possibly unbounded
recursion in kernel code and thus stack overflow or deadlocks (if there
is a loop created from CL entries).
Fix the problem by not allowing CL entry to point to a directory entry
with CL entry (such use makes no good sense anyway) and by checking
whether CL entry doesn't point to itself.
CC: [email protected]
Reported-by: Chris Evans <[email protected]>
Signed-off-by: Jan Kara <[email protected]>
|
|
We have released the ->i_data_sem before invoking udf_add_entry(),
so in following error path, we should not release this lock again.
Signed-off-by: Chao Yu <[email protected]>
Signed-off-by: Jan Kara <[email protected]>
|
|
linux-2.6/drivers/usb/wusbcore/wa-xfer.c: In function 'wa_buf_in_cb':
linux-2.6/drivers/usb/wusbcore/wa-xfer.c:2590: warning: 'rpipe' may be used uninitialized in this function
Signed-off-by: Peter Chen <[email protected]>
Suggested-by: Thomas Pugliese <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
linux-2.6/drivers/usb/core/hub.c: In function 'usb_disconnect':
linux-2.6/drivers/usb/core/hub.c:2110: warning: 'hub' may be used uninitialized in this function
linux-2.6/drivers/usb/core/hub.c:2111: warning: 'port1' may be used uninitialized in this function
Signed-off-by: Peter Chen <[email protected]>
Acked-by: Alan Stern <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
linux-2.6/drivers/usb/dwc2/gadget.c: In function 's3c_hsotg_irq_enumdone':
linux-2.6/drivers/usb/dwc2/gadget.c:1904: warning: 'ep_mps' may be used uninitialized in this function
Acked-by: Paul Zimmerman <[email protected]>
Signed-off-by: Peter Chen <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|