- 26 Sep, 2011 1 commit
-
-
Dan Carpenter authored
Smatch has a new check for Rosenberg type information leaks where structs are copied to the user with uninitialized stack data in them. In this case, the hiddev_devinfo struct has a two byte hole. struct hiddev_devinfo { __u32 bustype; /* 0 4 */ __u32 busnum; /* 4 4 */ __u32 devnum; /* 8 4 */ __u32 ifnum; /* 12 4 */ __s16 vendor; /* 16 2 */ __s16 product; /* 18 2 */ __s16 version; /* 20 2 */ /* XXX 2 bytes hole, try to pack */ __u32 num_applications; /* 24 4 */ Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
- 20 Sep, 2011 1 commit
-
-
James Hogan authored
The function hidraw_disconnect() only acquires the hidraw minors_lock when clearing the entry in hidraw_table. However the device_destroy() call can cause a userland read/write to return with an error. It may cause the program to release the file descripter before the disconnect is finished. hidraw_disconnect() has already set hidraw->exist to 0, which makes hidraw_release() kfree the hidraw structure, which hidraw_disconnect() continues to access and even tries to kfree again. Similarly if a hidraw_release() occurs after setting hidraw->exist to 0, the same thing can happen. This is fixed by expanding the mutex critical section to cover the whole function from setting hidraw->exist to 0 to freeing the hidraw structure, preventing a hidraw_release() from interfering. Signed-off-by: James Hogan <james.hogan@imgtec.com> Tested-by: David Herrmann <dh.herrmann@googlemail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
- 08 Sep, 2011 7 commits
-
-
git://git.infradead.org/users/vkoul/slave-dmaLinus Torvalds authored
* 'fixes' of git://git.infradead.org/users/vkoul/slave-dma: dmaengine/ste_dma40: fix memory leak due to prepared descriptors dmaengine/ste_dma40: fix Oops due to double free of client descriptor dmaengine/ste_dma40: remove duplicate call to d40_pool_lli_free(). dmaengine/ste_dma40: add missing kernel doc for pending_queue
-
git://opensource.wolfsonmicro.com/regmapLinus Torvalds authored
* 'for-linus' of git://opensource.wolfsonmicro.com/regmap: regmap: Remove bitrotted module_put()s
-
git://twin.jikos.cz/jikos/hidLinus Torvalds authored
* 'for-linus' of git://twin.jikos.cz/jikos/hid: HID: wacom: Unregister sysfs attributes on remove HID: wacom: Fix error path of power-supply initialization HID: add support for HuiJia USB Gamepad connector HID: magicmouse: ignore 'ivalid report id' while switching modes, v2 HID: magicmouse: Set resolution of touch surfaces
-
git://git.fluff.org/bjdooks/linuxLinus Torvalds authored
* 'for-31-rc5/i2c-fixes' of git://git.fluff.org/bjdooks/linux: i2c-tegra: fix possible race condition after tx i2c-tegra: add I2C_FUNC_SMBUS_EMUL i2c-tegra: Add of_match_table i2c-pxa2xx: return proper error code in ce4100_i2c_probe error paths
-
git://git.8bytes.org/scm/iommuLinus Torvalds authored
* 'amd/fixes' of git://git.8bytes.org/scm/iommu: iommu/amd: Don't take domain->lock recursivly iommu/amd: Make sure iommu->need_sync contains correct value
-
Randy Dunlap authored
Fix kernel-doc warning about internal/private data by marking it as "private:" so that kernel-doc will ignore it. Warning(include/linux/regulator/consumer.h:128): No description found for parameter 'ret' Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Acked-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Randy Dunlap authored
Fix kernel-doc warning in net/cfg80211.h: Warning(include/net/cfg80211.h:1884): No description found for parameter 'registered' Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
- 07 Sep, 2011 11 commits
-
-
git://tesla.tglx.de/git/linux-2.6-tipLinus Torvalds authored
* 'timers-fixes-for-linus' of git://tesla.tglx.de/git/linux-2.6-tip: rtc: twl: Fix registration vs. init order rtc: Initialized rtc_time->tm_isdst rtc: Fix RTC PIE frequency limit rtc: rtc-twl: Remove lockdep related local_irq_enable() rtc: rtc-twl: Switch to using threaded irq rtc: ep93xx: Fix 'rtc' may be used uninitialized warning alarmtimers: Avoid possible denial of service with high freq periodic timers alarmtimers: Memset itimerspec passed into alarm_timer_get alarmtimers: Avoid possible null pointer traversal
-
git://tesla.tglx.de/git/linux-2.6-tipLinus Torvalds authored
* 'sched-fixes-for-linus' of git://tesla.tglx.de/git/linux-2.6-tip: sched: Fix a memory leak in __sdt_free() sched: Move blk_schedule_flush_plug() out of __schedule() sched: Separate the scheduler entry for preemption
-
git://tesla.tglx.de/git/linux-2.6-tipLinus Torvalds authored
* 'perf-fixes-for-linus' of git://tesla.tglx.de/git/linux-2.6-tip: x86, perf: Check that current->mm is alive before getting user callchain perf_event: Fix broken calc_timer_values() perf events: Fix slow and broken cgroup context switch code
-
git://git.infradead.org/ubifs-2.6git://git.infradead.org/ubi-2.6Linus Torvalds authored
* branch 'linux-next' of git://git.infradead.org/ubifs-2.6: UBIFS: not build debug messages with CONFIG_UBIFS_FS_DEBUG disabled * branch 'linux-next' of git://git.infradead.org/ubi-2.6: UBI: do not link debug messages when debugging is disabled
-
git://github.com/groeck/linuxLinus Torvalds authored
* 'hwmon-for-linus' of git://github.com/groeck/linux: hwmon: (ucd9000/ucd9200) Optimize array walk hwmon: (max16065) Add chip access warning to documentation hwmon: (max16065) Fix current calculation
-
git://github.com/ericvh/linuxLinus Torvalds authored
* 'for-linus' of git://github.com/ericvh/linux: fs/9p: Use protocol-defined value for lock/getlock 'type' field. fs/9p: Always ask new inode in lookup for cache mode disabled fs/9p: Add OS dependent open flags in 9p protocol net/9p: Fix kernel crash with msize 512K fs/9p: Don't update file type when updating file attributes fs/9p: Add fid before dentry instantiation
-
git://oss.oracle.com/git/kwilk/xenLinus Torvalds authored
* 'stable/bug.fixes' of git://oss.oracle.com/git/kwilk/xen: xen/smp: Warn user why they keel over - nosmp or noapic and what to use instead. xen: x86_32: do not enable iterrupts when returning from exception in interrupt context xen: use maximum reservation to limit amount of usable RAM
-
git://github.com/avikivity/kvmLinus Torvalds authored
* 'kvm-updates/3.1' of git://github.com/avikivity/kvm: KVM: Fix instruction size issue in pvclock scaling
-
Jiri Kosina authored
-
David Herrmann authored
HID devices can be hotplugged so we should unregister all sysfs attributes when removing a driver. Otherwise, manually unloading the wacom-driver will not remove the sysfs attributes. Only when the device is disconnected, they are removed, eventually. Signed-off-by: David Herrmann <dh.herrmann@googlemail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
David Herrmann authored
power_supply_unregister() must not be called if power_supply_register() failed. The wdata->psy.dev pointer may point to invalid memory after a failed power_supply_register() and hence wacom_remove() will fail while calling power_supply_unregister(). This changes the wacom_probe function to fail if it cannot register the power_supply devices. If we would want to keep the previous behaviour we had to keep some flag about the power_supply state and check it on wacom_remove, but this seems inappropriate here. Hence, we simply fail, too, if power_supply_register fails. Signed-off-by: David Herrmann <dh.herrmann@googlemail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-
- 06 Sep, 2011 13 commits
-
-
Doug Anderson authored
In tegra_i2c_fill_tx_fifo, once we have finished pushing all the bytes to the I2C hardware controller, the interrupt might happen before we have updated i2c_dev->msg_buf_remaining at the end of the function. Then, in tegra_i2c_isr, we will call again tegra_i2c_fill_tx_fifo triggering weird behaviour. This has been shown to happen under real conditions. Signed-off-by: Doug Anderson <dianders@chromium.org> Tested-by: Vincent Palatin <vpalatin@chromium.org> Acked-by: Rhyland Klein <rklein@nvidia.com> Acked-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Ben Dooks <ben-linux@fluff.org>
-
Mike Rapoport authored
Signed-off-by: Mike Rapoport <mike@compulab.co.il> Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Ben Dooks <ben-linux@fluff.org>
-
John Bonesio authored
This patch was intended to be part of 7ca2d1a105a239e300b937e9c41a10a4bd08f569 "i2c: Tegra: Add DeviceTree support". However, an early version of that patch, which was missing a chunk, was applied to next-i2c. This change is that missing chunk. Signed-off-by: John Bonesio <bones@secretlab.ca> Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Ben Dooks <ben-linux@fluff.org>
-
Axel Lin authored
Signed-off-by: Axel Lin <axel.lin@gmail.com> Acked-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: Ben Dooks <ben-linux@fluff.org>
-
Jean Delvare authored
Rewrite the loop walking the id array during probe. The new code is better adapted to a null-terminated array, and is also clearer and more efficient than the original. Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Axel Lin <axel.lin@gmail.com> Cc: Guenter Roeck <guenter.roeck@ericsson.com> Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
-
Guenter Roeck authored
The chips supported by the max16065 driver should not be accessed using direct i2ctools commands. Add warning to driver documentation to alert users. Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com> Acked-by: Jean Delvare <khali@linux-fr.org>
-
Guenter Roeck authored
Current calculation is completely wrong. Add missing brackets to fix it. Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com> Acked-by: Jean Delvare <khali@linux-fr.org> Cc: stable@kernel.org # 3.0+
-
Jim Garlick authored
Signed-off-by: Jim Garlick <garlick@llnl.gov> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
-
Aneesh Kumar K.V authored
This make sure we don't end up reusing the unlinked inode object. The ideal way is to use inode i_generation. But i_generation is not available in userspace always. Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
-
Aneesh Kumar K.V authored
Some of the flags are OS/arch dependent we add a 9p protocol value which maps to asm-generic/fcntl.h values in Linux Based on the original patch from Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
-
Aneesh Kumar K.V authored
With msize equal to 512K (PAGE_SIZE * VIRTQUEUE_NUM), we hit multiple crashes. This patch fix those. Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
-
Aneesh Kumar K.V authored
We should only update attributes that we can change on stat2inode. Also do file type initialization in v9fs_init_inode. Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
-
Aneesh Kumar K.V authored
d_instantiate marks the dentry positive. So a parallel lookup and mkdir of the directory can find dentry that doesn't have fid attached. This can result in both the code path doing v9fs_fid_add which results in v9fs_dentry leak. Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
-
- 05 Sep, 2011 5 commits
-
-
Mark Brown authored
The conversion to per bus type registration functions means we don't need to do module_get()s to hold the bus types in memory (their users will link to them) so we removed all those calls. This left module_put() calls in the cleanup paths which aren't needed and which cause unbalanced puts if we ever try to unload anything. Reported-by: Jonathan Cameron <jic23@cam.ac.uk> Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
-
Per Forlin authored
Prepared descriptors that are not submitted will not be freed. Add prepared descriptor to a list to be able to release them upon dmaengine_terminate_all(). Signed-off-by: Per Forlin <per.forlin@linaro.org> Acked-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Vinod Koul <vinod.koul@intel.com>
-
Per Forlin authored
The client list may exist in two lists at the same time. This makes free fail since the same desc is freed multiple times. Remove desc from client list when adding it to the pending queue. Move free of client owned descriptors from free_dma() to terminate_all(). Unable to handle kernel paging request at virtual address 00100104 pgd = dea8c000 [00100104] *pgd=1ea62831, *pte=00000000, *ppte=00000000 Internal error: Oops: 817 [#1] PREEMPT SMP Modules linked in: CPU: 0 Not tainted (3.1.0-rc3+ #58) PC is at d40_free_chan_resources+0x64/0x330 Signed-off-by: Per Forlin <per.forlin@linaro.org> Acked-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Vinod Koul <vinod.koul@intel.com>
-
Per Forlin authored
d40_desc_free() already calls d40_pool_lli_free(). Signed-off-by: Per Forlin <per.forlin@linaro.org> Acked-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Vinod Koul <vinod.koul@intel.com>
-
Per Forlin authored
Signed-off-by: Per Forlin <per.forlin@linaro.org> Acked-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Vinod Koul <vinod.koul@intel.com>
-
- 04 Sep, 2011 1 commit
-
-
Linus Torvalds authored
-
- 02 Sep, 2011 1 commit
-
-
git://people.freedesktop.org/~airlied/linuxLinus Torvalds authored
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: drm/radeon/kms: make sure pci max read request size is valid on evergreen+ (v2) drm/radeon/kms: set a default max_pixel_clock
-