- 08 Feb, 2014 8 commits
-
-
Peter Meerwald authored
This driver was not complying with the ABI and the purpose of this patch is to bring it inline so that userspace will correctly identify the channels. Should use channel modifiers (X/Y/Z), not channel indices timestamp channel has scan index 3, not 4 Signed-off-by:
Peter Meerwald <pmeerw@pmeerw.net> Cc: Kravchenko Oleksandr <x0199363@ti.com> Cc: Stable@vger.kernel.org Signed-off-by:
Jonathan Cameron <jic23@kernel.org>
-
Marcus Folkesson authored
This is necessary since timestamp is calculated as the last element in iio_compute_scan_bytes(). Without this fix any userspace code reading the layout of the buffer via sysfs will incorrectly interpret the data leading some nasty corruption. Signed-off-by:
Marcus Folkesson <marcus.folkesson@gmail.com> Acked-by:
Lars-Peter Clausen <lars@metafoo.de> Cc: stable@vger.kernel.org Signed-off-by:
-
Beomho Seo authored
This effects the reported scale of the raw values, and thus userspace applications that use this value. One micro tesla equal 0.01 gauss. So I have fixed calculation formula And add RAW_TO_GAUSS macro. ASA is in the range of 0 to 255. If multiply 0.003, calculation result(in_magn_[*]_scale) is always 0. So multiply 3000 and return and IIO_VAL_INT_PLUS_MICRO. As a result, read_raw call back function return accurate scale value. Signed-off-by:
Beomho Seo <beomho.seo@samsung.com> Cc: stable@vger.kernel.org Signed-off-by:
-
Hartmut Knaack authored
This patch fixes a typo in ad799x_events[], which caused the error "Failed to register event set". Signed-off-by:
Hartmut Knaack <knaack.h@gmx.de> Cc: stable@vger.kernel.org Signed-off-by:
-
Alexandre Belloni authored
in_voltage8_scale_available and in_voltage9_scale_available are exposed to userspace but useless as in_voltage8_raw and in_voltage9_raw are not available. Signed-off-by:
Alexandre Belloni <alexandre.belloni@free-electrons.com> Signed-off-by:
-
Alexandre Belloni authored
Fixes: drivers/staging/iio/adc/mxs-lradc.c:1556 mxs_lradc_probe() error: buffer overflow 'iio->channels' 15 <= 15 The reported available scales for in_voltage15 were also wrong. The realbits lookup is not necessary as all the channels of the LRADC have the same resolution, use LRADC_RESOLUTION instead. Reported-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
-
Peter Meerwald authored
need to print leading zeros, hence "%d.%06d" Signed-off-by:
-
Peter Meerwald authored
individual reads are not permitted concurrently with buffered reads Signed-off-by:
-
- 07 Feb, 2014 32 commits
-
-
Maurizio Lombardi authored
This patch prevents the wireless_set_essid() function from overwriting the last byte of the NetworkName buffer which must be NULL. Signed-off-by:
Maurizio Lombardi <mlombard@redhat.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Alan Cox authored
Signed-off-by:
Alan Cox <alan@linux.intel.com> Signed-off-by:
-
Dan Carpenter authored
The go_devadd_str[] array is two characters too small to hold the address so we corrupt memory. I've changed the user space API slightly and I don't have a way to test if this breaks anything. In the original code we truncated away the last digit of the address and the NUL terminator so it was already a bit broken. Signed-off-by:
Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by:
-
Dan Carpenter authored
MAX_MP_IOCTL_SUBCODE (35) and mp_ioctl_hdl (32 elements) are no longer in sync. It leads to a bogus pointer dereference. Signed-off-by:
-
Larry Finger authored
There is a typo in the device list that interchanges the vendor and product codes for one of the entries. This exchange was determined by noticing that the vendor code is 0x07b8 for Abocom at http://www.linux-usb.org/usb.ids. Signed-off-by:
-
Heinrich Schuchardt authored
revised patch p is freed if NULL. p is leaked if second calloc fails. Signed-off-by:
Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by:
-
Dan Carpenter authored
We dereference "heap->task" before checking if it's an ERR_PTR. Fixes: ea313b5f ('gpu: ion: Also shrink memory cached in the deferred free list') Signed-off-by:
-
Ian Abbott authored
There are a couple of dereferences such as `*(uint32_t *)(devpriv->insn_buf + 1)` that are unaligned as `devpriv->insn_buf` is of type `uint8_t *`. This works on x86 architecture but may not be supported on other architectures. Call `get_unalign()` to perform the unaligned dereferences. Signed-off-by:
Ian Abbott <abbotti@mev.co.uk> Cc: Bernd Porr <mail@berndporr.me.uk> Signed-off-by:
-
Ian Abbott authored
`comedi_auto_config()` is usually called from the probe routine of a low-level comedi driver to allocate and auto-configure a comedi device. Part of this involves calling the low-level driver's `auto_attach()` handler, and if that is successful, `comedi_device_postconfig()` tries to complete the configuration of the comedi device. If either of those fail, `comedi_device_detach()` is called to clean up, and `comedi_release_hardware_device()` is called to remove the dynamically allocated comedi device. Unfortunately, `comedi_device_detach()` clears the `hw_dev` member of the `struct comedi_device` (indirectly via `comedi_clear_hw_dev()`), and that stops `comedi_release_hardware_device()` finding the comedi device associated with the hardware device, so the comedi device won't be removed properly. Since `comedi_release_hardware_device()` also calls `comedi_device_detach()` (assuming it finds the comedi device associated with the hardware device), the fix is to remove the direct call to `comedi_device_detach()` from `comedi_auto_config()` and let the call to `comedi_release_hardware_device()` take care of it. Signed-off-by:
-
Dan Carpenter authored
We should be returning -ENOMEM here instead of zero. Signed-off-by:
-
The changes introduced in commit 4b1a25f0 ("fix build when CONFIG_UIDGID_STRICT_TYPE_CHECKS is on") got the UID check the wrong way around, leading to "Permission denied" when a regular user attempts to retrieve his quota (lfs quota -u ...) but allowing him to retrieve other users quota. Full details at: https://jira.hpdd.intel.com/browse/LU-4530 Cc: Peng Tao <tao.peng@emc.com> Cc: <stable@vger.kernel.org> # 3.12.x Cc: <stable@vger.kernel.org> # 3.13.x Signed-off-by:
Cédric Dufour <cedric.dufour@idiap.ch> Signed-off-by:
-
Prakash Kamliya authored
There is a race condition Assume we have *one* sync_fence object, with *one* sync_pt which belongs to *one* sync_timeline, given this condition, sync_timeline->kref will have two counts, one for sync_timeline (implicit) and another for sync_pt. Assume following is the situation on CPU Theead-1 : (Thread which calls sync_timeline_destroy()) -> (some function calls) -> sync_timeline_destory() -> sync_timeline_signal() (CPU is inside this function after putting reference to sync_timeline) At this time Thread-2 comes and does following Thread-2 : (fclose on fence fd) > sync_fence_release() -> because of fclose() on fence object -> sync_fence_free() -> sync_pt_free() -> kref_put(&pt->parent->kref, sync_timeline_free); -> sync_timeline_free() (CPU is inside this because this time kref will be zero after _put) Thread-2 will free sync_timeline object before Thread-1 has finished its work inside sync_timeline_signal. With this change we signals all sync_pt before putting reference to sync_timeline object. Cc: Colin Cross <ccross@android.com> Cc: Android Kernel Team <kernel-team@android.com> Signed-off-by:Prakash Kamliya <pkamliya@codeaurora.org> [jstultz: minor commit subject tweak] Signed-off-by:
John Stultz <john.stultz@linaro.org> Signed-off-by:
-
H Hartley Sweeten authored
The last value written to a analog output channel is cached in the private data of this driver for readback. Currently, the wrong value is cached in the (*insn_write) functions. The current code stores the data[n] value for readback afer the loop has written all the values. At this time 'n' points past the end of the data array. Fix the functions by using a local variable to hold the data being written to the analog output channel. This variable is then used after the loop is complete to store the readback value. The current value is retrieved before the loop in case no values are actually written.. Signed-off-by:
H Hartley Sweeten <hsweeten@visionengravers.com> Reviewed-by:
-
Dan Carpenter authored
We should cap the SSID length at NDIS_802_11_LENGTH_SSID (32) characters to avoid memory corruption. If the SSID is too long then I have opted to ignore it instead of truncating it. We don't need to clear bssid->Ssid.Ssid[0] because this struct is allocated with rtw_zmalloc() Signed-off-by:
-
Alexey Khoroshilov authored
Error handling code in gdm_usb_probe() misses to deallocate tx_ and rx_structs and to do usb_put_dev(). Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by:
Alexey Khoroshilov <khoroshilov@ispras.ru> Signed-off-by:
-
Greg Kroah-Hartman authored
This reverts commit b73db547. Reported-by:
Geert Uytterhoeven <geert@linux-m68k.org> Reported-by:
Chen Gang <gang.chen.5i5j@gmail.com> Cc: Rashika Kheria <rashika.kheria@gmail.com> Cc: James Hogan <james.hogan@imgtec.com> Signed-off-by:
-
Salym Senyonga authored
If net_dev is NULL memcpy() will Oops. Signed-off-by:
Salym Senyonga <salymsash@gmail.com> Signed-off-by:
-
Shuah Khan authored
When attach fails due to unsupported and/or invalid bus speed, the message vhci_hcd prints out doesn't include any useful information as to what caused the failure. Change the message to be informative and use usb_speed_string() to get the right speed string from usb common. Signed-off-by:
Shuah Khan <shuah.kh@samsung.com> Signed-off-by:
-
Surendra Patil authored
Linus Torvalds writes: It causes an interesting warning for me: drivers/staging/rtl8821ae/rtl8821ae/dm.c: In function ‘rtl8821ae_dm_clear_txpower_tracking_state’: drivers/staging/rtl8821ae/rtl8821ae/dm.c:487:31: warning: iteration 2u invokes undefined behavior [-Waggressive-loop-optimizations] rtldm->bb_swing_idx_ofdm[p] = rtldm->default_ofdm_index; ^ drivers/staging/rtl8821ae/rtl8821ae/dm.c:485:2: note: containing loop for (p = RF90_PATH_A; p < MAX_RF_PATH; ++p) { ^ and gcc is entirely correct: that loop iterates from 0 to 3, and does this: rtldm->bb_swing_idx_ofdm[p] = rtldm->default_ofdm_index; but the bb_swing_idx_ofdm[] array only has two members. So the last two iterations will overwrite bb_swing_idx_ofdm_current and the first entry in bb_swing_idx_ofdm_base[]. Now, the bug does seem to be benign: bb_swing_idx_ofdm_current isn't actually ever *used* as far as I can tell, and the first entry of bb_swing_idx_ofdm_base[] will have been written with that same "rtldm->default_ofdm_index" value. But gcc is absolutely correct, and that driver needs fixing. I've pulled it and will let it be because it doesn't seem to be an issue in practice, but please fix it. The obvious fix would seem to change the size of "2" to be "MAX_RF_PATH", but I'll abstain from doing those kinds of changes in the merge when it doesn't seem to affect the build or functionality). Reported-By:Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by:
Surendra Patil <surendra.tux@gmail.com> Signed-off-by:
-
David Daney authored
Extract clocking parameters from the device tree, and remove now dead code and types. Signed-off-by:
David Daney <david.daney@cavium.com> Tested-by:
Aaro Koskinen <aaro.koskinen@iki.fi> Signed-off-by:
-
Oleg Drokin authored
Signed-off-by:
Oleg Drokin <oleg.drokin@intel.com> Signed-off-by:
-
Oleg Drokin authored
The kernel to userspace communication routines (KUC) allocate and limit the maximum cs_buf size to CR_MAXSIZE. However this fails to account for the fact that the buffer is assumed to begin with a struct kuc_hdr. To allocate and account for that space, we introduce a new define, KUC_CHANGELOG_MSG_MAXSIZE. Signed-off-by:
Christopher J. Morrone <morrone2@llnl.gov> Reviewed-on: http://review.whamcloud.com/7406 Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-3587Reviewed-by:
Andreas Dilger <andreas.dilger@intel.com> Reviewed-by:
jacques-Charles Lafoucriere <jacques-charles.lafoucriere@cea.fr> Reviewed-by:
-
Oleg Drokin authored
CR_MAXSIZE needs to account for an llog_changelog_rec that actually contains a changelog_ext_rec structure rather than a changelog_rec. With out doing so, a file size approaching the Linux kernel NAME_MAX length that is renamed to a size also close to, or at, NAME_MAX will exceed CR_MAXSIZE and trip an assertion. Signed-off-by:
Niu Yawei <yawei.niu@intel.com> Reviewed-by:
Lai Siyao <lai.siyao@intel.com> Reviewed-by:
-
Oleg Drokin authored
Call to ksocknal_launch_packet might schedule a callback that might free the just sent message, and so subsequent access to it via lntmsg->msg_vmflush goes to freed memory. Instead we'll just remember if we are in the vmflush thread and only restore if we happened to set mempressure flag. Signed-off-by:
Liang Zhen <liang.zhen@intel.com> Reviewed-by:
Amir Shehata <amir.shehata@intel.com> Signed-off-by:
-
Oleg Drokin authored
Recent commit 175f5475 introduced this compile warning (because vaddr is unsigned long), so add a cast: drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd_cb.c: In function ‘kiblnd_kvaddr_to_page’: drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd_cb.c:532:2: warning: passing argument 1 of ‘is_vmalloc_addr’ makes pointer from integer without a cast [enabled by default] if (is_vmalloc_addr(vaddr)) { ^ In file included from drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd.h:43:0, from drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd_cb.c:41: include/linux/mm.h:336:59: note: expected ‘const void *’ but argument is of type ‘long unsigned int’ static inline int is_vmalloc_addr(const void *x) Signed-off-by:
Oleg Drokin <green@linuxhacker.ru> CC: Laura Abbott <lauraa@codeaurora.org> Signed-off-by:
-
Marek Szyprowski authored
GFP_ATOMIC is not a single gfp flag, but a macro which expands to the other flags and LACK of __GFP_WAIT flag. To check if caller wanted to perform an atomic allocation, the code must test __GFP_WAIT flag presence. Signed-off-by:
Marek Szyprowski <m.szyprowski@samsung.com> Signed-off-by:
-
John Stultz authored
Add #include <linux/device.h> to fix the following warning seen with gcc 4.7.3: In file included from drivers/staging/android/ion/ion_heap.c:26:0: drivers/staging/android/ion/ion_priv.h:358:21: warning: ‘struct device’ declared inside parameter list [enabled by default] drivers/staging/android/ion/ion_priv.h:358:21: warning: its scope is only this definition or declaration, which is probably not what you want [enabled by default] Cc: Colin Cross <ccross@android.com> Cc: Android Kernel Team <kernel-team@android.com> Signed-off-by:
-
Laura Abbott authored
The compat ioctl for ION_IOC_FREE currently passes allocation data instead of the free data. Correct this. Cc: Colin Cross <ccross@android.com> Cc: Android Kernel Team <kernel-team@android.com> Signed-off-by:
Laura Abbott <lauraa@codeaurora.org> [jstultz: Folded in a small build fix] Signed-off-by:
-
Colin Cross authored
Fix a few bugs in ion_system_heap: Initialize the list node in the info block. Don't store size_remaining in a signed long, allocating >2GB could overflow, resulting in a call to sg_alloc_table with nents=0 which panics. alloc_largest_available will never return a block larger than size_remanining, so it can never go negative. Limit a single allocation to half of all memory. Prevents a large allocation from taking down the whole system. Cc: Colin Cross <ccross@android.com> Cc: Android Kernel Team <kernel-team@android.com> Signed-off-by:
Colin Cross <ccross@android.com> [jstultz: Minor commit subject tweak] Signed-off-by:
-
Todd Poynor authored
Avoid holding ashmem_mutex across code that can page fault. Page faults grab the mmap_sem for the process, which are also held by mmap calls prior to calling ashmem_mmap, which locks ashmem_mutex. The reversed order of locking between the two can deadlock. The calls that can page fault are read() and the ASHMEM_SET_NAME and ASHMEM_GET_NAME ioctls. Move the code that accesses userspace pages outside the ashmem_mutex. Cc: Colin Cross <ccross@android.com> Cc: Android Kernel Team <kernel-team@android.com> Signed-off-by:
Todd Poynor <toddpoynor@google.com> [jstultz: minor commit message tweaks] Signed-off-by:
-
Alistair Strachan authored
Before this change, a timeline would only be removed from the timeline list *after* the sync driver had its release_obj() called. However, the driver's release_obj() may free resources needed by print_obj(). Although the timeline list is locked when print_obj() is called, it is not locked when release_obj() is called. If one CPU was in print_obj() when another was in release_obj(), the print_obj() may make unsafe accesses. It is not actually necessary to hold the timeline list lock when calling release_obj() if the call is made after the timeline is unlinked from the list, since there is no possibility another thread could be in -- or enter -- print_obj() for that timeline. This change moves the release_obj() call to after the timeline is unlinked, preventing the above race from occurring. Cc: Colin Cross <ccross@android.com> Cc: Android Kernel Team <kernel-team@android.com> Signed-off-by:
Alistair Strachan <alistair.strachan@imgtec.com> [jstultz: minor commit subject tweak] Signed-off-by:
-
Greg Hackmann authored
Add stubs for kernels without CONFIG_SW_SYNC Cc: Colin Cross <ccross@android.com> Cc: Android Kernel Team <kernel-team@android.com> Signed-off-by:
Greg Hackmann <ghackmann@google.com> [jstultz: resolved minor conflict, tweaked commit message] Signed-off-by:
-
