| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The gcc complains about small auto-var strings being allocated from stack space.
Make them const to avoid this:
| CC util/ui/util.o
| cc1: warnings being treated as errors
| util/ui/util.c: In function ‘ui__dialog_yesno’:
| util/ui/util.c:108: error: not protecting function: no buffer at least 8 bytes long
| make: *** [util/ui/util.o] Error 1
The real bug is in the newtWinChoice() ABI - but that's an
externality we cannot fix here, so we use this workaround.
Signed-off-by: Cyrill Gorcunov <[email protected]>
Acked-by: Frédéric Weisbecker <[email protected]>
Cc: Arnaldo Carvalho de Melo <[email protected]>
LKML-Reference: <20101106084724.GA5956@lenovo>
Signed-off-by: Ingo Molnar <[email protected]>
|
|
Fix zero mode number, when using the default 720p mode.
Signed-off-by: Guennadi Liakhovetski <[email protected]>
Signed-off-by: Paul Mundt <[email protected]>
|
|
sh_mobile_lcdcfb.c has a hard-coded 720p video mode, used as default, if none
is explicitly specified by the platform. Adjust its timing to match the CEA
standard. Also add an explicit refresh rate value, which is needed, when used
with HDMI, to be able to recognise the default 720p mode as a pre-programmed
VIC #4.
Signed-off-by: Guennadi Liakhovetski <[email protected]>
Signed-off-by: Paul Mundt <[email protected]>
|
|
Even though this is not a problem currently, it is better to clear the freed
pointer and nullify the length of the freed memory.
Signed-off-by: Guennadi Liakhovetski <[email protected]>
Signed-off-by: Paul Mundt <[email protected]>
|
|
Call destroy() on _all_ ttm_bo_init() failures, and make sure that
behavior is documented in the function description.
Signed-off-by: Thomas Hellstrom <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
If ttm_bo_init() returns failure, it already destroyed the BO, so we need to
retry from scratch.
Signed-off-by: Michel Dänzer <[email protected]>
Tested-by: Markus Trippelsdorf <[email protected]>
Cc: [email protected]
Signed-off-by: Dave Airlie <[email protected]>
|
|
This patch fixes bug #13820 from bugzilla.kernel.org.
Quote: "If ETHTOOL_GLINK is not defined, the end for switch case is not
to be found."
Signed-off-by: Maximiliano David Bustos <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Commit e31b82136d1adc7a599b6e99d3321e5831841f5a ("cfg80211/mac80211:
allow per-station GTKs") changed the signatures of these operations
but did not update the staging drivers.
Signed-off-by: Ben Hutchings <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Remove unnecessary cast of firmware base address to integer before
adding an offset.
Fix direct use of sk_buff::network_header which is an offset rather
than a pointer on 64-bit architectures.
Signed-off-by: Ben Hutchings <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Whenever the mac address of an batman interface is changed
check_known_mac_addr() is called to print a warning if the newly added
mac address exists an another batman interface. While looping through
the batman interface list check_known_mac_addr() only compares mac
addresses and does not make sure they belong to different interfaces,
thus always printing a warning.
Signed-off-by: Marek Lindner <[email protected]>
Signed-off-by: Sven Eckelmann <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
55d1666b521cbed95924c8d4775fe272c103f08c incidentally disabled bonding
of packets first entering the mesh along with also disabling interface
alternating regardless of where the packet came from. This re-enables
these options.
Signed-off-by: Chris Lang <[email protected]>
Signed-off-by: Marek Lindner <[email protected]>
Signed-off-by: Sven Eckelmann <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
A kernel BUG when bluetooth rfcomm connection drop while the associated
serial port is open is sometime triggered.
It seems that the line discipline can disappear between the
tty_ldisc_put and tty_ldisc_get. This patch fall back to the N_TTY line
discipline if the previous discipline is not available anymore.
Signed-off-by: Philippe Retornaz <[email protected]>
Acked-by: Alan Cox <[email protected]>
Cc: stable <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
It was removed in 65b770468e98 (tty-ldisc: turn ldisc user count into
a proper refcount), but we need to wait for last user to quit the
ldisc before we close it in tty_set_ldisc.
Otherwise weird things start to happen. There might be processes
waiting in tty_read->n_tty_read on tty->read_wait for input to appear
and at that moment, a change of ldisc is fatal. n_tty_close is called,
it frees read_buf and the waiting process is still in the middle of
reading and goes nuts after it is woken.
Previously we prevented close to happen when others are in ldisc ops
by tty_ldisc_wait_idle in tty_set_ldisc. But the commit above removed
that. So revoke the change and test whether there is 1 user (=we), and
allow the close then.
We can do that without ldisc/tty locks, because nobody else can open
the device due to TTY_LDISC_CHANGING bit set, so we in fact wait for
everybody to leave.
I don't understand why tty_ldisc_lock would be needed either when the
counter is an atomic variable, so this is a lockless
tty_ldisc_wait_idle.
On the other hand, if we fail to wait (timeout or signal), we have to
reenable the halted ldiscs, so we take ldisc lock and reuse the setup
path at the end of tty_set_ldisc.
Signed-off-by: Jiri Slaby <[email protected]>
Acked-by: Linus Torvalds <[email protected]>
Tested-by: Sebastian Andrzej Siewior <[email protected]>
LKML-Reference: <[email protected]>
LKML-Reference: <[email protected]>
Cc: Alan Cox <[email protected]>
Cc: [email protected] [32, 33, 36]
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
[SERIAL]blacklist si3052 chip
Si3052-based softmodems aren't serial ports so don't bind serial driver to them.
Allows proper driver to bind to them.
Signed-off-by: Maciej Szmigiero <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Signed-off-by: Joe Perches <[email protected]>
Acked-by: Sonic Zhang <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
There's a small window inside the flush_to_ldisc function,
where the tty is unlocked and calling ldisc's receive_buf
function. If in this window new buffer is added to the tty,
the processing might never leave the flush_to_ldisc function.
This scenario will hog the cpu, causing other tty processing
starving, and making it impossible to interface the computer
via tty.
I was able to exploit this via pty interface by sending only
control characters to the master input, causing the flush_to_ldisc
to be scheduled, but never actually generate any output.
To reproduce, please run multiple instances of following code.
- SNIP
#define _XOPEN_SOURCE
#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
int main(int argc, char **argv)
{
int i, slave, master = getpt();
char buf[8192];
sprintf(buf, "%s", ptsname(master));
grantpt(master);
unlockpt(master);
slave = open(buf, O_RDWR);
if (slave < 0) {
perror("open slave failed");
return 1;
}
for(i = 0; i < sizeof(buf); i++)
buf[i] = rand() % 32;
while(1) {
write(master, buf, sizeof(buf));
}
return 0;
}
- SNIP
The attached patch (based on -next tree) fixes this by checking on the
tty buffer tail. Once it's reached, the current work is rescheduled
and another could run.
Signed-off-by: Jiri Olsa <[email protected]>
Cc: stable <[email protected]>
Acked-by: Alan Cox <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Add support for Kouwell KW-L221N-2 card.
Signed-off-by: Mikulas Patocka <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Just remove a now unused variable
Signed-off-by: Alan Cox <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
During builds I see the following warning -
CC [M] drivers/char/pcmcia/synclink_cs.o
drivers/char/pcmcia/synclink_cs.c:2194: warning: ‘mgslpc_get_icount’ defined but not used
The function is a callback meant to be assigned to get_icount (added during 0587102cf).
Fix accordingly.
Signed-off-by: Andres Salomon <[email protected]>
Acked-by: Alan Cox <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Someone added a new ldisc number and messed up the tabbing. Fix it before
anyone else copies it.
Signed-off-by: Alan Cox <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Signed-off-by: Joe Perches <[email protected]>
Cc: Bernie Thompson <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Unmap the rx buffer before mapping the new one in rtl8192_rx.
Failing to do so quickly exhausts the IOMMU memory during downloads:
[...] DMA: Out of SW-IOMMU space for 9100 bytes at device ...
Using "iommu=off mem=4g" also fixes the problem because
then pci_map_single does not allocate memory.
Tested on my personal laptop with a RTL8192E device. Without this
patch the kernel quickly runs out of IOMMU memory (downloading 5 MB
of data is sufficient to trigger it), with this patch applied
I haven't experienced any issues so far.
Signed-off-by: Daniel Lichtenberger <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Identation says that copy_to_user() should be called only iff
wrq->u.essid.pointer is not zero. Also it is useless to call copy_to_user(0, ...).
Signed-off-by: Vasiliy Kulikov <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Add new USB ID for FT2870 for Belkin F6D4050 v1
Signed-off-by: Larry Finger <[email protected]>
Reported- and Tested-by: James Long <[email protected]>
Cc: Stable <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Nohee => Dowan
Signed-off-by: Brett Rudley <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Delete successive assignments to the same location. dhd_ops_virt contains
a subset of the definitions of dhd_ops_pri.
A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
@@
expression i;
@@
*i = ...;
i = ...;
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Delete successive assignments to the same location. In three of the cases,
the two assignments are identical. In the case of the file
rt2860/common/cmm_aes.c, the assigned variable i is never used, so both
assignments are dropped.
A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
@@
expression i;
@@
*i = ...;
i = ...;
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
The cfg80211 API changed in commit e31b82136d1adc7a599b6e99d3321e5831841f5a
Signed-off-by: Hauke Mehrtens <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
ATH6KL_CFG80211 should depend on CFG80211 to fix build errors:
ERROR: "wiphy_free" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "cfg80211_inform_bss_frame" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "__ieee80211_get_channel" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "cfg80211_get_bss" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "wiphy_unregister" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "cfg80211_connect_result" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "cfg80211_michael_mic_failure" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "cfg80211_ibss_joined" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "cfg80211_roamed" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "cfg80211_put_bss" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "wiphy_new" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "wiphy_register" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "cfg80211_disconnected" [drivers/staging/ath6kl/ath6kl.ko] undefined!
ERROR: "cfg80211_scan_done" [drivers/staging/ath6kl/ath6kl.ko] undefined!
Signed-off-by: Randy Dunlap <[email protected]>
Cc: Vipin Mehta <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
This fixes some places that dereference user pointers directly instead
of using get_user().
Please especially check my changes to IOCTL_BCM_GET_CURRENT_STATUS. The
original code modified the struct which "arg" was pointing to. I think
this was a bug in the original code and that we only wanted to write to
the OutputBuffer. Also with the original code you could read as much
memory as you wanted so I had to put a cap on OutputLength. The only
value of OutputLength that makes sense is sizeof(LINK_STATE) so now if
OutputLength is not sizeof(LINK_STATE) it returns -EINVAL.
Signed-off-by: Dan Carpenter <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
This silences all the sparse warnings in intel_sst_app_interface.c.
It was just a matter of adding __user annotations, I didn't find any
real bugs here. Quite a few of these were needed for stuff I added
earlier, sorry about that.
I removed a couple casts to (void *) that caused a warning like:
drivers/staging/intel_sst/intel_sst_app_interface.c:606:27:
warning: cast removes address space of expression
For example sst_drv_ctx->mailbox is already declared as
"void __iomem *mailbox" so casting it to void pointer isn't necessary
and it makes sparse complain because it removes the __user attribute.
Signed-off-by: Dan Carpenter <[email protected]>
Cc: Vinod Koul <[email protected]>
Cc: Alan Cox <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
There were some places in intel_sst_mmap_play_capture() that
dereferenced user pointers instead of copying the data to the kernel.
I removed the BUG_ON(!mmap_buf) and BUG_ON(!buf_entry) since those are
never possible in the current code.
Signed-off-by: Dan Carpenter <[email protected]>
Cc: Vinod Koul <[email protected]>
Cc: Alan Cox <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
This is another patch about copying data to the kernel before using it.
SNDRV_SST_STREAM_DECODE is sort of tricky because we need to do a
copy_from_user() that gives us another two pointers and we have copy
those. Those again give us some more pointers that we have to copy.
Besides those problems, the code had a stack overflow:
- struct snd_sst_buff_entry ibuf_temp[param->ibufs->entries],
- obuf_temp[param->obufs->entries];
param->ibufs->entries comes from the user.
Signed-off-by: Dan Carpenter <[email protected]>
Acked-by: Vinod Koul <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
This is another patch about making a copy of the data into kernel space
before using it. It is easy to trigger a kernel oops in the original
code. If you passed a NULL to SNDRV_SST_SET_TARGET_DEVICE then it
called BUG_ON(). And SNDRV_SST_DRIVER_INFO would let you write the
information to arbitrary memory locations which is a security violation.
Signed-off-by: Dan Carpenter <[email protected]>
Acked-by: Vinod Koul <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
This code dereferences user supplied pointers directly instead of doing
a copy_from_user(). Some kernel configs put user and kernel memory in
different address spaces so this code isn't portable. Also the user
memory could be swapped out or in this case the pointer could just be
NULL leading to an oops.
Another thing is that it makes permission tests like this sort of
meaningless.
if (minor == STREAM_MODULE && rec_mute->stream_id == 0) {
retval = -EPERM;
break;
}
The user could set stream_id to 1 for the test and then change it later.
Signed-off-by: Dan Carpenter <[email protected]>
Acked-by: Vinod Koul <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
configure_saa7146() didn't free irq on error.
saa_open() didn't decrease reference count of saa on error.
saa_ioctl() leaked information from the kernel stack to userland as it
didn't fill copied structs with zeros.
Signed-off-by: Vasiliy Kulikov <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Use effective UID instead of real UID for camera owner.
There is no need to check for pending signals just before successfull
return. Exit in case of pending signal also leaved camera in open state.
Signed-off-by: Vasiliy Kulikov <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Followup of commit ef885afbf8a37689 (net: use rcu_barrier() in
rollback_registered_many)
dst_dev_event() scans a garbage dst list that might be feeded by various
network notifiers at device dismantle time.
Its important to call dst_dev_event() after other notifiers, or we might
enter the infamous msleep(250) in netdev_wait_allrefs(), and wait one
second before calling again call_netdevice_notifiers(NETDEV_UNREGISTER,
dev) to properly remove last device references.
Use priority -10 to let dst_dev_notifier be called after other network
notifiers (they have the default 0 priority)
Reported-by: Ben Greear <[email protected]>
Reported-by: Nicolas Dichtel <[email protected]>
Reported-by: Octavian Purdila <[email protected]>
Reported-by: Benjamin LaHaise <[email protected]>
Tested-by: Ben Greear <[email protected]>
Signed-off-by: Eric Dumazet <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
In order to use build-in debugging macro, pci_dev in priv need to be
assigned first.
This fix iwl3945 driver oopsed at boot with 2.6.37-rc1
Signed-off-by: Wey-Yi Guy <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
cifs: fix a memleak in cifs_setattr_nounix()
cifs: make cifs_ioctl handle NULL filp->private_data correctly
|
|
As pointed out by Linus, commit dab5855 ("perf_counter: Add mmap event hooks to
mprotect()") is fundamentally wrong as mprotect_fixup() can free 'vma' due to
merging. Fix the problem by moving perf_event_mmap() hook to
mprotect_fixup().
Note: there's another successful return path from mprotect_fixup() if old
flags equal to new flags. We don't, however, need to call
perf_event_mmap() there because 'perf' already knows the VMA is
executable.
Reported-by: Dave Jones <[email protected]>
Analyzed-by: Linus Torvalds <[email protected]>
Cc: Ingo Molnar <[email protected]>
Reviewed-by: Peter Zijlstra <[email protected]>
Signed-off-by: Pekka Enberg <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
native_apic_msr_read() and x2apic_enabled() use rdmsr(msr, low, high),
but only use the low part.
gcc4.6 complains about this:
.../apic.h:144:11: warning: variable 'high' set but not used [-Wunused-but-set-variable]
rdmsr() is just a wrapper around rdmsrl() which splits the 64bit value
into low and high, so using rdmsrl() directly solves this.
[tglx: Changed the variables to u64 as suggested by Cyrill. It's less
confusing and has no code impact as this is 64bit only anyway.
Massaged changelog as well. ]
Signed-off-by: Andi Kleen <[email protected]>
Cc: [email protected]
Cc: Cyrill Gorcunov <[email protected]>
LKML-Reference: <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
|
|
|
|
Structure sockaddr_tipc is copied to userland with padding bytes after
"id" field in union field "name" unitialized. It leads to leaking of
contents of kernel stack memory. We have to initialize them to zero.
Signed-off-by: Vasiliy Kulikov <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
mx2-camera got broken during the last merge window. This patch
fixes this and removes some unused variables.
Signed-off-by: Sascha Hauer <[email protected]>
Signed-off-by: Guennadi Liakhovetski <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
|
|
This is a followup patch that addresses two minor issues left in the recently
added ov6650 sensor driver, as I've promised to the subsystem maintainer:
- remove a pair of extra brackets,
- drop useless case for not possible v4l2_mbus_pixelcode enum value of 0.
Created against linux-2.6.37-rc1.
Signed-off-by: Janusz Krzysztofik <[email protected]>
Signed-off-by: Guennadi Liakhovetski <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
|
|
Fix an outstanding typo in the recently added driver, as requested by
the subsystem maintainer.
Created against linux-2.6.37-rc1.
Signed-off-by: Janusz Krzysztofik <[email protected]>
Signed-off-by: Guennadi Liakhovetski <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
|
|
So properly mark it as such in the MAINTAINERS file.
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Recent locking related videobuf changes has not been incorporated into the new
OMAP1 camera driver. Fix it.
Created and tested against linux-2.6.37-rc1.
Signed-off-by: Janusz Krzysztofik <[email protected]>
Signed-off-by: Guennadi Liakhovetski <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
|
|
The tree has moved to "staging-2.6" not "staging-next-2.6" as all of the
staging development is now done in git, not just for the next tree.
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|