I was looking into random driver code and found a suspicious looking
memcpy() in drivers/char/ipmi/ipmi_bt_sm.c on 2.6.17-rc1:
if ((size < 2) || (size > IPMI_MAX_MSG_LENGTH))
return -1;
...
memcpy(bt->write_data + 3, data + 1, size - 1);
where sizeof bt->write_data is IPMI_MAX_MSG_LENGTH. It looks like the
memcpy would overflow by 2 bytes if size == IPMI_MAX_MSG_LENGTH. A patch
attached to limit size to (IPMI_MAX_LENGTH - 2).
Cc: Corey Minyard <minyard@acm.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
gcc complains about __devinit in the wrong location:
drivers/char/ipmi/ipmi_si_intf.c:2205: warning: '__section__' attribute does not apply to types
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Acked-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
There are places in the kernel where we look up files in fd tables and
access the file structure without holding refereces to the file. So, we
need special care to avoid the race between looking up files in the fd
table and tearing down of the file in another CPU. Otherwise, one might
see a NULL f_dentry or such torn down version of the file. This patch
fixes those special places where such a race may happen.
Signed-off-by: Dipankar Sarma <dipankar@in.ibm.com>
Acked-by: "Paul E. McKenney" <paulmck@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* 'drm-patches' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm: Fix further issues in drivers/char/drm/via_irq.c
drivers/char/drm/drm_memory.c: possible cleanups
drm: deline a few large inlines in DRM code
drm: remove master setting from add/remove context
drm: drm_pci needs dma-mapping.h
[PATCH] drm: Fix issue reported by Coverity in drivers/char/drm/via_irq.c
Fix de-reference of 'dev_priv' before NULL check.
Signed-off-by: Jayachandran C. <c.jayachandran@gmail.com>
Cc: Dave Airlie <airlied@linux.ie>
Signed-off-by: Andrew Morton <akpm@osdl.org>
- #if 0 the following unused global function:
- drm_ioremap_nocache()
- make the following needlessly global functions static:
- agp_remap()
- drm_lookup_map()
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Cc: Dave Airlie <airlied@linux.ie>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Original patch by Benjamin Herrenschmidt after debugging by Brian Hinz.
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Brian Hinz <bphinz@hotmail.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
By calling send_sig do_SAK is recursively taking the
tasklist_lock, which is silly.
In addition I just audited the kernel and this was the only
place where tasklist_lock is taken inside of task_lock.
So this one line change is a general worthwhile cleanup and
it increases our options on how to fix the ptrace_attach races.
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This patch updates VR4100 series RTC driver.
* This driver supports new RTC subsystem.
* Simple set time/read time test worked fine.
Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This fixes coverity bug id #469. The out of range check didnt work as
intended, as seen by the printk(), which states that boardno has to be 1 <=
boardno <= MAX_BOARD.
Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The event handler mechanism in the IPMI driver had a limit on the number of
received events, but the counts were not being updated. Update the counts
to impose a limit. This is not a critical fix, as this function (the
sending of the events) has to be turned on by the user, anyway. This
avoids problems if they forget to turn it back off.
Signed-off-by: Corey Minyard <minyard@acm.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The MPBL0010 Telco clock driver (drivers/char/tlclk.c) uses 0222 (anyone
can write) permissions on its writable sysfs entries. Alter the
permissions to 0220 (owner and group can write).
The use case for this driver is to configure the fail over behavior of the
clock hardware. That should be done by the more privileged users.
Signed-off-by: Mark Bellon <mbellon@mvista.com>
Acked-by: "Gross, Mark" <mark.gross@intel.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Remove duplicate call to idr_remove() in ptmx_open.
Error during open can result in call to release_dev() followed by call to
idr_remove(). release_dev already calls idr_remove so the second call can
cause a stack dump in idr_remove()->sub_remove() flagging an attempt to
release an already released entry.
I reproduces this on a machine with a misconfigured X server (attempting to
restart multiple times rapidly) getting the same error as the 1st link
below.
This also seems to be related to:
http://marc.theaimsgroup.com/?l=selinux&m=110536513426735&w=2http://marc.theaimsgroup.com/?l=selinux&m=110596994916785&w=2
The stack dump can occur on close (as well as open) as shown
in the 1st instance above, possible from something like:
process A - open (index=0), open fail to out1,
release_dev calls idr_remove (index 0), down(sem) sleeps
process B - open (index=0), open OK (idr allocated)
process A - wake and call idr_remove on index 0
...
process B - close, release_dev, stack dump on idr_remove (index=0)
because entry already removed
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Doubletalk printk's an extraneous \n
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
We changed the wrong symbol. It's tty_insert_flip_string_flags() which is
called from the previously-non-GPL'ed now-inlined tty_insert_flip_char().
Fix that up, and uninline tty_schedule_flip() while we're there.
Cc: Tobias Powalowski <t.powa@gmx.de>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This patch removes the unused EXPORT_SYMBOL(secure_ipv6_port_ephemeral).
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch tries to fix an issue reported in drivers/char/drm/via_irq.c by
Coverity, please review and apply if correct.
Error reported:
CID: 3444 Checker: REVERSE_INULL (help)
File: /export2/p4-coverity/mc2/linux26/drivers/char/drm/via_irq.c
Function: via_driver_irq_wait
Description: Pointer "dev_priv" dereferenced before NULL check
Patch Description:
Move de-referencing dev_priv to after the NULL check.
Signed-off-by: Jayachandran C. <c.jayachandran at gmail.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
Watchdog driver for the Atmel AT91RM9200 processor.
Signed-off-by: Andrew Victor <andrew@sanpeople.com>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Signed-off-by: Andrew Morton <akpm@osdl.org>
The Coverity checker noted that this resulted in a NULL pointer
reference if we were coming from
if (usb_pcwd == NULL) {
printk(KERN_ERR PFX "Out of memory\n");
goto error;
}
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Signed-off-by: Andrew Morton <akpm@osdl.org>
change sprintf(pcwd_private.fw_ver_str, "ERROR");
to strcpy... as pointed out by Andrew Morton.
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Signed-off-by: Andrew Morton <akpm@osdl.org>
removal of includes (since we don't use kmalloc and
TASK_INTERRUPTABLE anymore).
Addition of missing commands.
Printk that lets the user know when the module was
unloaded.
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Clean-up the control status code (insert tabs where relevant),
Add new Control Status defines, Make sure that the R2DS bit
stays the same.
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
- Add KEY_BRL_* input keys and K_BRL_* keycodes;
- Add emulation of how braille keyboards usually combine braille dots
to the console keyboard driver;
- Add handling of unicode U+28xy diacritics.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Also cleans up some nearby whitespace problems.
Signed-off-by: Segher Boessenkool <segher@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Add TIOCL_GETKMSGREDIRECT needed by the userland suspend tool to get the
current value of kmsg_redirect from the kernel so that it can save it and
restore it after resume.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Acked-by: Pavel Machek <pavel@suse.cz>
Cc: Michael Kerrisk <mtk-manpages@gmx.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Delete two useless kmalloc wrappers and use kmalloc/kzalloc. Some weird
NULL checks are also simplified.
Signed-off-by: Tobias Klauser <tklauser@nuerscht.ch>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Convert the remaining semaphores to mutexes in the IPMI driver. The
watchdog was using a semaphore as a real semaphore (for IPC), so the
conversion there required adding a completion.
Signed-off-by: Corey Minyard <minyard@acm.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Tidy up various coding standard things, mostly removing the space after !,
but also break some long lines and fix a few other spacing inconsistencies.
Also fixes some bad error reporting when deleting an IPMI user.
Signed-off-by: Corey Minyard <minyard@acm.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Matt Domsch noticed a startup race with the IPMI kernel thread, it was
possible (though extraordinarly unlikely) that a message could come in
before the upper layer was ready to handle it. This patch splits the
startup processing of an IPMI interface into two parts, one to get ready
and one to actually start the processes to receive messages from the
interface.
[akpm@osdl.org: cleanups]
Signed-off-by: Corey Minyard <minyard@acm.org>
Cc: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Alan sayeth "Based on Linus original comments about _GPL we should export
tty_insert_flip_char as EXPORT_SYMBOL because it used to be EXPORT_SYMBOL
equivalent (trivial inline). The other features are new extensions are were
not available to drivers before so need not be provided except as _GPL
functionality as far as I can see."
Addresses http://bugzilla.kernel.org/show_bug.cgi?id=6294
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Russell King <rmk@arm.linux.org.uk>
Cc: Paul Fulghum <paulkf@microgate.com>
Cc: Philippe Vouters <Philippe.Vouters@laposte.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Instead of the two status values struct pcmcia_device->p_state and state,
use descriptive bitfields. Most value-checking in drivers was invalid, as
the core now only calls the ->remove() (a.k.a. detach) function in case the
attachement _and_ configuration was successful.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Most of the driver initialization isn't done in the .probe function, but in
the internal _config() functions. Make them return a value, so that .probe
can properly report whether the probing of the device succeeded or not.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
dev_link_t * and client_handle_t both mean struct pcmcai_device * by now.
Therefore, remove all such indirections.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Embed dev_link_t into struct pcmcia_device(), as they basically address the
same entity. The actual contents of dev_link_t will be cleaned up step by step.
This patch includes a bugfix from and signed-off-by Andrew Morton.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
As we do not allow setting Vcc in the pcmcia core, and Vpp1 and
Vpp2 can only be set to the same value, a lot of code can be
streamlined.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
In all but one case, the suspend and resume functions of PCMCIA drivers
contain mostly of calls to pcmcia_release_configuration() and
pcmcia_request_configuration(). Therefore, move this code out of the
drivers and into the core.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
pcmcia_disable_device(struct pcmcia_device *p_dev) performs the necessary
cleanups upon device or driver removal: it calls the appropriate
pcmcia_release_* functions, and can replace (most) of the current drivers'
_release() functions.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
* git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc: (67 commits)
[PATCH] powerpc: Remove oprofile spinlock backtrace code
[PATCH] powerpc: Add oprofile calltrace support to all powerpc cpus
[PATCH] powerpc: Add oprofile calltrace support
[PATCH] for_each_possible_cpu: ppc
[PATCH] for_each_possible_cpu: powerpc
[PATCH] lock PTE before updating it in 440/BookE page fault handler
[PATCH] powerpc: Kill _machine and hard-coded platform numbers
ppc: Fix compile error in arch/ppc/lib/strcase.c
[PATCH] git-powerpc: WARN was a dumb idea
[PATCH] powerpc: a couple of trivial compile warning fixes
powerpc: remove OCP references
powerpc: Make uImage default build output for MPC8540 ADS
powerpc: move math-emu over to arch/powerpc
powerpc: use memparse() for mem= command line parsing
ppc: fix strncasecmp prototype
[PATCH] powerpc: make ISA floppies work again
[PATCH] powerpc: Fix some initcall return values
[PATCH] powerpc: Workaround for pSeries RTAS bug
[PATCH] spufs: fix __init/__exit annotations
[PATCH] powerpc: add hvc backend for rtas
...