| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This is another patch about copying data to the kernel before using it.
SNDRV_SST_STREAM_DECODE is sort of tricky because we need to do a
copy_from_user() that gives us another two pointers and we have copy
those. Those again give us some more pointers that we have to copy.
Besides those problems, the code had a stack overflow:
- struct snd_sst_buff_entry ibuf_temp[param->ibufs->entries],
- obuf_temp[param->obufs->entries];
param->ibufs->entries comes from the user.
Signed-off-by: Dan Carpenter <[email protected]>
Acked-by: Vinod Koul <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
This is another patch about making a copy of the data into kernel space
before using it. It is easy to trigger a kernel oops in the original
code. If you passed a NULL to SNDRV_SST_SET_TARGET_DEVICE then it
called BUG_ON(). And SNDRV_SST_DRIVER_INFO would let you write the
information to arbitrary memory locations which is a security violation.
Signed-off-by: Dan Carpenter <[email protected]>
Acked-by: Vinod Koul <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
This code dereferences user supplied pointers directly instead of doing
a copy_from_user(). Some kernel configs put user and kernel memory in
different address spaces so this code isn't portable. Also the user
memory could be swapped out or in this case the pointer could just be
NULL leading to an oops.
Another thing is that it makes permission tests like this sort of
meaningless.
if (minor == STREAM_MODULE && rec_mute->stream_id == 0) {
retval = -EPERM;
break;
}
The user could set stream_id to 1 for the test and then change it later.
Signed-off-by: Dan Carpenter <[email protected]>
Acked-by: Vinod Koul <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
configure_saa7146() didn't free irq on error.
saa_open() didn't decrease reference count of saa on error.
saa_ioctl() leaked information from the kernel stack to userland as it
didn't fill copied structs with zeros.
Signed-off-by: Vasiliy Kulikov <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Use effective UID instead of real UID for camera owner.
There is no need to check for pending signals just before successfull
return. Exit in case of pending signal also leaved camera in open state.
Signed-off-by: Vasiliy Kulikov <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Followup of commit ef885afbf8a37689 (net: use rcu_barrier() in
rollback_registered_many)
dst_dev_event() scans a garbage dst list that might be feeded by various
network notifiers at device dismantle time.
Its important to call dst_dev_event() after other notifiers, or we might
enter the infamous msleep(250) in netdev_wait_allrefs(), and wait one
second before calling again call_netdevice_notifiers(NETDEV_UNREGISTER,
dev) to properly remove last device references.
Use priority -10 to let dst_dev_notifier be called after other network
notifiers (they have the default 0 priority)
Reported-by: Ben Greear <[email protected]>
Reported-by: Nicolas Dichtel <[email protected]>
Reported-by: Octavian Purdila <[email protected]>
Reported-by: Benjamin LaHaise <[email protected]>
Tested-by: Ben Greear <[email protected]>
Signed-off-by: Eric Dumazet <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
In order to use build-in debugging macro, pci_dev in priv need to be
assigned first.
This fix iwl3945 driver oopsed at boot with 2.6.37-rc1
Signed-off-by: Wey-Yi Guy <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
cifs: fix a memleak in cifs_setattr_nounix()
cifs: make cifs_ioctl handle NULL filp->private_data correctly
|
|
As pointed out by Linus, commit dab5855 ("perf_counter: Add mmap event hooks to
mprotect()") is fundamentally wrong as mprotect_fixup() can free 'vma' due to
merging. Fix the problem by moving perf_event_mmap() hook to
mprotect_fixup().
Note: there's another successful return path from mprotect_fixup() if old
flags equal to new flags. We don't, however, need to call
perf_event_mmap() there because 'perf' already knows the VMA is
executable.
Reported-by: Dave Jones <[email protected]>
Analyzed-by: Linus Torvalds <[email protected]>
Cc: Ingo Molnar <[email protected]>
Reviewed-by: Peter Zijlstra <[email protected]>
Signed-off-by: Pekka Enberg <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
native_apic_msr_read() and x2apic_enabled() use rdmsr(msr, low, high),
but only use the low part.
gcc4.6 complains about this:
.../apic.h:144:11: warning: variable 'high' set but not used [-Wunused-but-set-variable]
rdmsr() is just a wrapper around rdmsrl() which splits the 64bit value
into low and high, so using rdmsrl() directly solves this.
[tglx: Changed the variables to u64 as suggested by Cyrill. It's less
confusing and has no code impact as this is 64bit only anyway.
Massaged changelog as well. ]
Signed-off-by: Andi Kleen <[email protected]>
Cc: [email protected]
Cc: Cyrill Gorcunov <[email protected]>
LKML-Reference: <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
|
|
|
|
Structure sockaddr_tipc is copied to userland with padding bytes after
"id" field in union field "name" unitialized. It leads to leaking of
contents of kernel stack memory. We have to initialize them to zero.
Signed-off-by: Vasiliy Kulikov <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
So properly mark it as such in the MAINTAINERS file.
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
The tree has moved to "staging-2.6" not "staging-next-2.6" as all of the
staging development is now done in git, not just for the next tree.
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
So change the MAINTAINERS file to properly reflect this.
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
As device_set_wakeup_enable can now sleep, move the call to outside
the critical section.
Signed-off-by: Daniel J Blueman <[email protected]>
Acked-by: Rafael J. Wysocki <[email protected]>
Acked-by: Andrew Hendry <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The original patch helps under obscure conditions (no pun) but
some 8168 do not like it. The change needs to be tightened with
a specific 8168 version.
This reverts commit 801e147cde02f04b5c2f42764cd43a89fc7400a2
("r8169: Handle rxfifo errors on 8168 chips").
Regression at https://bugzilla.kernel.org/show_bug.cgi?id=20882
Signed-off-by: Francois Romieu <[email protected]>
Tested-by: Andreas Radke <[email protected]>
Cc: Matthew Garrett <[email protected]>
Cc: Daniel J Blueman <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
commit 8723e1b4ad9be4444 (inet: RCU changes in inetdev_by_index())
forgot one call site in ip_mc_drop_socket()
We should not decrease idev refcount after inetdev_by_index() call,
since refcount is not increased anymore.
Reported-by: Markus Trippelsdorf <[email protected]>
Reported-by: Miles Lane <[email protected]>
Signed-off-by: Eric Dumazet <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Andrew Hendry reported a kmemleak warning in 2.6.37-rc1 while editing a
text file with gedit over cifs.
unreferenced object 0xffff88022ee08b40 (size 32):
comm "gedit", pid 2524, jiffies 4300160388 (age 2633.655s)
hex dump (first 32 bytes):
5c 2e 67 6f 75 74 70 75 74 73 74 72 65 61 6d 2d \.goutputstream-
35 42 41 53 4c 56 00 de 09 00 00 00 2c 26 78 ee 5BASLV......,&x.
backtrace:
[<ffffffff81504a4d>] kmemleak_alloc+0x2d/0x60
[<ffffffff81136e13>] __kmalloc+0xe3/0x1d0
[<ffffffffa0313db0>] build_path_from_dentry+0xf0/0x230 [cifs]
[<ffffffffa031ae1e>] cifs_setattr+0x9e/0x770 [cifs]
[<ffffffff8115fe90>] notify_change+0x170/0x2e0
[<ffffffff81145ceb>] sys_fchmod+0x10b/0x140
[<ffffffff8100c172>] system_call_fastpath+0x16/0x1b
[<ffffffffffffffff>] 0xffffffffffffffff
The commit 1025774c that removed inode_setattr() seems to have introduced this
memleak by returning early without freeing 'full_path'.
Reported-by: Andrew Hendry <[email protected]>
Cc: Christoph Hellwig <[email protected]>
Reviewed-by: Jeff Layton <[email protected]>
Signed-off-by: Suresh Jayaraman <[email protected]>
Signed-off-by: Steve French <[email protected]>
|
|
The Inventra DMA engine in version 1.8 and later of the MUSB
controller cannot handle DMA addresses that are not aligned
to a 4 byte boundary. It ends up ignoring the last two bits
programmed in the DMA_ADDR register. This is a deliberate
design change in the controller and is documented in the
programming guide.
Earlier versions of the controller could handle these
accesses just fine.
Fail dma_channel_program if we see an unaligned address when
using the newer controllers, so that the caller can carry out
the transfer using PIO mode.
(Current callers already have this backup path in place).
Signed-off-by: Anand Gadiyar <[email protected]>
Tested-by: Ming Lei <[email protected]>
Cc: Ajay Kumar Gupta <[email protected]>
Cc: Mike Frysinger <[email protected]>
Signed-off-by: Felipe Balbi <[email protected]>
|
|
Temperature is not shifted as on newer asics.
Signed-off-by: Alex Deucher <[email protected]>
Cc: [email protected]
Signed-off-by: Dave Airlie <[email protected]>
|
|
This is a follow on to:
2b5b1d7da9583484b3a9e7e375a90ca0e8ca07c2
(drm/radeon/kms: add support for clock/data path routers)
That patch completed mux support for ddc and cd line routing
between connectors. This patch fixes an indexing typo that was
resulting in the atom bios router objects not always being walked,
ensures the validity entries for the reused router structure are
reset for every connector object walked, and corrects the masking
operations used to update the mux control bits.
Fixes:
https://bugs.freedesktop.org/show_bug.cgi?id=31339
Signed-off-by: Tyson Whitehead <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
This is a follow on to:
26b5bc986423cf3887e09188cb662ed651c5374d
(drm/radeon/kms: add support for router objects)
That patch added support for systems that use a mux to control
the ddc line routing between the connectors. This patch adds
support for systems that use a mux to control the encoder
clock and data path routing to the connectors.
Should fix:
https://bugs.freedesktop.org/show_bug.cgi?id=31339
Signed-off-by: Alex Deucher <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
Structure drm_vmw_fence_rep is copied to userland with field "pad64"
uninitialized. It leads to leaking of contents of kernel stack memory.
Signed-off-by: Vasiliy Kulikov <[email protected]>
Reviewed-by: Thomas Hellstrom <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
Signed-off-by: Joe Perches <[email protected]>
Reviewed-by: Thomas Hellstrom <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
When bo pin failed during modesetting,
vmwgfx would try to unref a non-existing buffer object.
Signed-off-by: Thomas Hellstrom <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
This breaks vmwgfx non-root EGL clients and is a remnant from the
TTM user-space interface. This test should be done in the driver.
Replace the remaining placement test with a BUG_ON, since triggering
it is a driver bug.
Signed-off-by: Thomas Hellstrom <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
The sync object may disappear as soon as we release the bo::lock, so
take a reference on it while we use it.
One option would be to call sync_object_flush() before releasing the bo::lock,
but that would put an atomic requirement on that function.
Signed-off-by: Thomas Hellstrom <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
The A/B links aren't independantly useable on these blocks so when
we disable the encoders, make sure to only disable the encoder when
there is no connector using it.
Should fix:
https://bugs.freedesktop.org/show_bug.cgi?id=18564
Signed-off-by: Alex Deucher <[email protected]>
Cc: [email protected]
Signed-off-by: Dave Airlie <[email protected]>
|
|
Coalesce long formats.
Align arguments.
Add missing newlines.
Signed-off-by: Joe Perches <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
Signed-off-by: Joe Perches <[email protected]>
Reviewed-by: Matt Turner <[email protected]>
Reviewed-by: Thomas Hellstrom <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
Currently an invalid EDID extension will cause the whole EDID to be considered invalid. Instead just drop the invalid extensions, and return the valid ones. The base block is modified to claim to have the number valid extensions, and the check sum is updated.
For my EIZO S2242W the base block is fine, but the extension block is all zeros. Without this patch I get no X and no VTs.
Signed-off-by: Sam Tygier <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
Make more of the connector code debug only to avoid
spamming the kernel logs with detect and add modes
messages.
Signed-off-by: Alex Deucher <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
The driver (for example vmwgfx) may want to silently deal with the
error itself.
Signed-off-by: Thomas Hellstrom <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
Since we're doing this outside of a spinlock to provide the necessary
barriers, add an explicit barrier.
Signed-off-by: Thomas Hellstrom <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
Replace with BUG_ON(). These error messages remained from the time
when TTM was initialized from user-space. Nowadays hitting one of those
is really a kernel bug.
Signed-off-by: Thomas Hellstrom <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
Signed-off-by: Thomas Hellstrom <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
Searching for a free block in the range manager may in some situations be a
lenghty operation, and we want to avoid holding the global lru lock
during that time. Instead use a per-manager spinlock.
This leaves the global lru lock for quick lru list and swap list manipulation
only, including list manipulation associated with reserving buffer objects.
Signed-off-by: Thomas Hellstrom <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
Remove an obsolete comment about mm nodes.
Document the new bo range manager interface.
Signed-off-by: Thomas Hellstrom <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
Should fix dynpm problems on evergreen boards
Signed-off-by: Alex Deucher <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
* Dave Airlie <[email protected]> wrote:
> > Lee, Chun-Yi (1):
> > gpu: Add Intel GMA500(Poulsbo) Stub Driver
Today's -tip fails to build due to upstream commit e26fd11 ("gpu: Add Intel
GMA500(Poulsbo) Stub Driver"), committed two days ago and merged yesterday, on
x86 allmodconfig with BACKLIGHT_CLASS_DEVICE disabled:
drivers/built-in.o: In function `acpi_video_bus_put_one_device':
video.c:(.text+0x7d26f): undefined reference to `backlight_device_unregister'
drivers/built-in.o: In function `acpi_video_switch_brightness':
video.c:(.text+0x7d6f5): undefined reference to `backlight_force_update'
drivers/built-in.o: In function `acpi_video_device_find_cap':
video.c:(.text+0x7dfdb): undefined reference to `backlight_device_register'
drivers/gpu/stub/Kconfig selects ACPI_VIDEO, but ACPI_VIDEO is a complex interactive
Kconfig option with a lot of dependencies:
config ACPI_VIDEO
tristate "Video"
depends on X86 && BACKLIGHT_CLASS_DEVICE && VIDEO_OUTPUT_CONTROL
depends on INPUT
select THERMAL
help
This driver implements the ACPI Extensions For Display Adapters
and if any of its dependencies are not met, we get a build failure. This problem was
apparently realized in the driver at a certain stage:
config STUB_POULSBO
tristate "Intel GMA500 Stub Driver"
depends on PCI
# Poulsbo stub depends on ACPI_VIDEO when ACPI is enabled
# but for select to work, need to select ACPI_VIDEO's dependencies, ick
select ACPI_VIDEO if ACPI
but not fully understood and not fully fixed.
As a quick fix select these secondary dependencies, like drivers/gpu/drm/Kconfig
does:
config DRM_I915
tristate "i915 driver"
depends on AGP_INTEL
select SHMEM
select DRM_KMS_HELPER
select FB_CFB_FILLRECT
select FB_CFB_COPYAREA
select FB_CFB_IMAGEBLIT
# i915 depends on ACPI_VIDEO when ACPI is enabled
# but for select to work, need to select ACPI_VIDEO's dependencies, ick
select VIDEO_OUTPUT_CONTROL if ACPI
select BACKLIGHT_CLASS_DEVICE if ACPI
select INPUT if ACPI
select ACPI_VIDEO if ACPI
select ACPI_BUTTON if ACPI
help
Choose this option if you have a system that has Intel 830M, 845G,
852GM, 855GM 865G or 915G integrated graphics. If M is selected, the
But it's arguably not particularly nice looking, so maybe this area of code is ripe
for a Kconfig restructuring/cleanup.
Signed-off-by: Ingo Molnar <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/ickle/drm-intel
* 'drm-intel-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ickle/drm-intel:
drm/i915: Fix LVDS fixed-mode regression from 219adae1
drm/i915/ringbuffer: Use the HEAD auto-reporting mechanism
drm/i915: Avoid might_fault during pwrite whilst holding our mutex
agp/intel: fix cache control for sandybridge
agp/intel: restore cache behavior on sandybridge
drm/i915; Don't apply Ironlake FDI clock workaround to Sandybridge
drm/i915: Fix KMS regression on Sandybridge/CPT
i915: reprogram power monitoring registers on resume
drm/i915: SNB BLT workaround
drm/i915: Fix the graphics frequency clamping at init and when IPS is active.
drm/i915: Allow powersave modparam to be adjusted at runtime.
drm/i915: Apply big hammer to serialise buffer access between rings
drm/i915: opregion_setup: iounmap correct address
drm/i915: Flush read-only buffers from the active list upon idle as well
i915: signedness bug in check_overlay_src()
drm/i915: Fix typo from "Enable DisplayPort Audio"
|
|
Adding the new MacBookAir3,1(2) to btusb.
Output without the patch and btusb loaded :
T: Bus=03 Lev=02 Prnt=03 Port=02 Cnt=01 Dev#= 6 Spd=12 MxCh= 0
D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=05ac ProdID=821b Rev= 0.34
S: Manufacturer=Apple Inc.
S: Product=Bluetooth USB Host Controller
C:* #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr= 0mA
I:* If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=(none)
E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms
I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms
I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms
I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
E: Ad=83(I) Atr=01(Isoc) MxPS= 32 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 32 Ivl=1ms
I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
E: Ad=83(I) Atr=01(Isoc) MxPS= 64 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 64 Ivl=1ms
I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=(none)
E: Ad=83(I) Atr=01(Isoc) MxPS= 64 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 64 Ivl=1ms
I:* If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
E: Ad=84(I) Atr=02(Bulk) MxPS= 32 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 32 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none)
Output with the patch and btusb loaded :
T: Bus=03 Lev=02 Prnt=03 Port=02 Cnt=01 Dev#= 6 Spd=12 MxCh= 0
D: Ver= 2.00 Cls=ff(vend.) Sub=01 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=05ac ProdID=821b Rev= 0.34
S: Manufacturer=Apple Inc.
S: Product=Bluetooth USB Host Controller
C:* #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr= 0mA
I:* If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=01 Driver=btusb
E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms
I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms
I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms
I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 32 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 32 Ivl=1ms
I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 64 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 64 Ivl=1ms
I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb
E: Ad=83(I) Atr=01(Isoc) MxPS= 64 Ivl=1ms
E: Ad=03(O) Atr=01(Isoc) MxPS= 64 Ivl=1ms
I:* If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
E: Ad=84(I) Atr=02(Bulk) MxPS= 32 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 32 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 0 Cls=fe(app. ) Sub=01 Prot=01 Driver=(none)
Signed-off-by: Edgar (gimli) Hucek <[email protected]>
Acked-by: Marcel Holtmann <[email protected]>
Signed-off-by: Gustavo F. Padovan <[email protected]>
|
|
This cause 'No Bonding' to be used if userspace has not yet been paired
with remote device since the l2cap socket used to create the rfcomm
session does not have any security level set.
Signed-off-by: Luiz Augusto von Dentz <[email protected]>
Acked-by: Ville Tervo <[email protected]>
Acked-by: Marcel Holtmann <[email protected]>
Signed-off-by: Gustavo F. Padovan <[email protected]>
|
|
Last commit added a wrong endianness conversion. Fixing that.
Reported-by: Harvey Harrison <[email protected]>
Signed-off-by: Gustavo F. Padovan <[email protected]>
|
|
In function l2cap_get_conf_opt() and l2cap_add_conf_opt() the address of
opt->val sometimes is not at the edge of 2-bytes/4-bytes, so 2-bytes/4 bytes
access will cause data misalignment exeception. Use get_unaligned_le16/32
and put_unaligned_le16/32 function to avoid data misalignment execption.
Signed-off-by: steven miao <[email protected]>
Signed-off-by: Mike Frysinger <[email protected]>
Acked-by: Marcel Holtmann <[email protected]>
Signed-off-by: Gustavo F. Padovan <[email protected]>
|
|
We've done this for a while in Fedora without any obvious problems other
than some interaction with input devices. Those should be fixed now, so
let's try this in mainline.
Signed-off-by: Matthew Garrett <[email protected]>
Acked-by: Marcel Holtmann <[email protected]>
Signed-off-by: Gustavo F. Padovan <[email protected]>
|
|
When initiating dedicated bonding a L2CAP raw socket with HIGH security
level is used. The kernel is supposed to trigger the authentication
request in this case but this doesn't happen currently for non-SSP
(pre-2.1) devices. The reason is that the authentication request happens
in the remote extended features callback which never gets called for
non-SSP devices. This patch fixes the issue by requesting also
authentiation in the (normal) remote features callback in the case of
non-SSP devices.
This rule is applied only for HIGH security level which might at first
seem unintuitive since on the server socket side MEDIUM is already
enough for authentication. However, for the clients we really want to
prefer the server side to decide the authentication requrement in most
cases, and since most client sockets use MEDIUM it's better to be
avoided on the kernel side for these sockets. The important socket to
request it for is the dedicated bonding one and that socket uses HIGH
security level.
The patch is based on the initial investigation and patch proposal from
Andrei Emeltchenko <[email protected]>.
Signed-off-by: Johan Hedberg <[email protected]>
Acked-by: Marcel Holtmann <[email protected]>
Signed-off-by: Gustavo F. Padovan <[email protected]>
|
|
Fix kconfig dependency warning to satisfy dependencies:
warning: (BT_HIDP && NET && BT && BT_L2CAP && INPUT || USB_HID && HID_SUPPORT && USB && INPUT) selects HID which has unmet direct dependencies (HID_SUPPORT && INPUT)
Signed-off-by: Randy Dunlap <[email protected]>
Acked-by: Marcel Holtmann <[email protected]>
Signed-off-by: Gustavo F. Padovan <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
kernel: Constify temporary variable in roundup()
|