this driver has a possible use after free due to a race when disconnect
and open handle intfdata without a lock.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
again, possible use after free due to touching intfdata without lock.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
the driver sets intfdata to NULL without lock. Data structures can be
freed and accessed.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Remove various newly-introduced compiler warnings for OHCI.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Get rid of pointless pci_set_mwi() compiler warning.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
USB: usbserial - fix potential deadlock between write() and IRQ
usb_serial_generic_write() doesn't disable interrupts when taking port->lock,
and could therefore deadlock with usb_serial_generic_read_bulk_callback()
being called from interrupt, taking the same lock. Fix it.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Acked-by: Larry Finger <larry.finger@lwfinger.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch adds support for the IO Data Device USB-RSAQ5, PL2303 based
USB-serial converter, to pl2303 driver
Signed-off-by: Masakazu Mokuno <mokuno@sm.sony.co.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
the disconnect method of this driver set intfdata to NULL before
removing attribute files. The attributes' read methods will happily
follow the NULL pointer. Here's the correct ordering.
Signed-off-by : Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Pete caused me to lock at buggy drivers in this respect. The idmouse has
a race between open and disconnect. This patch
- solves the open/disconnect race
- switches locking to mutexes
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as1005) fixes a rather subtle problem. When
usb_set_configuration() registers the interfaces and their files in
sysfs, it doesn't expect those files to exist already. But when an
interface is registered, its driver may call usb_set_interface() and
thereby cause the sysfs files to be created. The result is an error
when usb_set_configuration() goes on to create those same files again.
The (not-so-great) solution is to have usb_set_configuration() remove
any existing files before creating them.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
fix ssb_ohci_probe() build bug:
drivers/built-in.o: In function `ssb_ohci_probe':
ohci-hcd.c:(.text+0xbff39): undefined reference to `ssb_device_enable'
ohci-hcd.c:(.text+0xbff6f): undefined reference to `ssb_admatch_base'
ohci-hcd.c:(.text+0xbff8b): undefined reference to `ssb_admatch_size'
ohci-hcd.c:(.text+0xbffe5): undefined reference to `ssb_device_disable'
[...]
the reason was that this Kconfig combination was allowed:
CONFIG_SSB=m
CONFIG_USB_OHCI_HCD=y
CONFIG_USB_OHCI_HCD_SSB=y
the fix is to require a modular USB_OHCI_HCD build when SSB is modular.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Acked-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The Coverity checker spotted that we have already oops'ed if "dev"
was NULL in these places.
Since "dev" being NULL isn't possible at these places this patch removes
the NULL checks.
Additionally, I've fixed the formatting of the if's.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Acked-by: Oliver Neukum <oliver@neukum.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The Coverity checker spotted that we have already oops'ed if "dev"
was NULL.
Since "dev" being NULL doesn't seem to be possible here this patch
removes the NULL check.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Acked-by: Oliver Neukum <oliver@neukum.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
URB_FREE_BUFFER needs to be allowed in the sanity checks to use drivers that
use that flag.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The ISD200 driver imports a single trivial routine from the IDE layer and
in doing so creates a mess of dependancies that drag in the entire old
IDE layer. Even more sad - it does this for a routine which is usually
(little endian) a null function!
- Copy the function into ISD200
- Rename it so it doesn't clash with the ide header prototype
- Remove all the depend constraints
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
FTDI Elan driver: Convert the semaphore ftdi->u132_lock to the mutex
API
Signed-off-by: Matthias Kaehlcke <matthias.kaehlcke@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as1003) changes uhci-hcd to treat the URB_ISO_ASAP flag
the same as other host controller drivers, namely, to schedule an Iso
URB for the first available time slot that hasn't already expired.
URBs in which the flag isn't set will be scheduled for the first slot
following the last URB, even if it has expired.
This fixes a problem reported by Martin Bachem.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
WARNING: line over 80 characters
#23: FILE: drivers/usb/serial/ftdi_sio.c:297:
+ speed_t force_baud; /* if non-zero, force the baud rate to this value */
ERROR: use tabs not spaces
#31: FILE: drivers/usb/serial/ftdi_sio.c:881:
+^I$
ERROR: use tabs not spaces
#39: FILE: drivers/usb/serial/ftdi_sio.c:890:
+^I$
WARNING: line over 80 characters
#111: FILE: drivers/usb/serial/ftdi_sio.c:1956:
+ tty_encode_baud_rate(port->tty, priv->force_baud, priv->force_baud);
Your patch has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
No hardware termios setting in this case so keep the old settings
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
For the devices that have no hardware settings set up the termios return
properly.
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
- Clear unsupported CMSPAR bit
- Clean up long chains of a->b-> a bit
- Encode baud rate back into tty structure properly
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
- Clean up paranoia checks
- Propogate back a correct fixed termios
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The empeg is pretty fixed. Tidy up the long foo->bar->baz stuff and
encode the fixed speed properly.
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
- Expand some x&y to x & y so I could read it when checking
- Clear CMSPAR bit in the termios (as the driver does not support it)
- Encode the speed using the new tty_encode_baud_rate facility
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The ch341 currently doesn't support most of the hardware setting. So to keep
the termios data right we propogate the old termios hardware values back then
encode the speed.
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
- Set the i/ospeed in the initial termios properly
- Use the tty_encode_baud_rate functions to report resulting rates properly
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Earlier patches have removed the checking for old v new differences from the
USB drivers so we can now pass in a valid blank old termios so that we don't
to fill the drivers with magic hacks for console support
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
x86_32 CONFIG_HIGHMEM64G with 5GB RAM hung when booting, after issuing
some "request_module: runaway loop modprobe binfmt-0000" messages in
trying to exec /sbin/init.
The binprm buf doesn't see the right ".ELF" header because sg_phys()
is providing the wrong physical addresses for high pages: a 32-bit
unsigned long is too small in this case, we need to use dma_addr_t.
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
This patch makes the host RNDIS driver talk to RNDIS devices with an MTU
less than 1.5k, instead of refusing to talk to such a device.
Signed-Off-by: Thomas Sailer <t.sailer@alumni.ethz.ch>
Acked-by: David Brownell <dbrownell@users.sourceforge.net>
--
Hi Jeff,
are you the right person to send this to?
Nobody else seems to be wanting to forward this to Linus...
Thanks,
Tom
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Use fixed_mdio_get_phydev for obtaining fixed phy instances and adopt to
changed fixed phy device naming.
Signed-off-by: Eugene Konev <ejka@imfi.kspu.ru>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Convert cpmac to new napi_struct API introduced by
bea3348eef [NET]: Make NAPI polling independent
of struct net_device objects.
Only disable rx interrupts if napi actually has been scheduled.
Signed-off-by: Eugene Konev <ejka@imfi.kspu.ru>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Switch to using DECLARE_MAC_BUF/print_mac() added by commit
0795af5729 [NET]: Introduce and use print_mac()
and DECLARE_MAC_BUF().
Signed-off-by: Eugene Konev <ejka@imfi.kspu.ru>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
* Andrew Nelless <andrew@nelless.net> wrote:
> Hi,
>
> I booted up 2.6.24-rc1 this morning [Real early over a brew ;-)] and
> was having a problems with multiple ~5 second hangs on SATA/drive init
> (Something to do with "EH" something-or-other and resets but I'll
> email in separately about it later unless its fixed by the time I get
> the chance).
>
> Anyway, I went to fire up netconsole to get a decent log dump and hit
> across the following nasty. Netconsole works fine in 2.6.23.1 with a
> similar config and the same kernel parameters.
>
> A shot of the screen is the only method I could come up with to
> capture the log, I hope that is OK, it is pretty readable.
>
>
> The nasty:
> http://andotnet.nfshost.com/linux/2.6.24-rc1-netconsole-nullderef.jpg
the NULL dereference is here:
(gdb) list *0xffffffff804a9504
0xffffffff804a9504 is in natsemi_poll (drivers/net/natsemi.c:717).
712 return count;
713 }
714
715 static inline void __iomem *ns_ioaddr(struct net_device *dev)
716 {
717 return (void __iomem *) dev->base_addr;
718 }
719
which is this code from natsemi.c:
2227 struct net_device *dev = np->dev;
2228 void __iomem * ioaddr = ns_ioaddr(dev);
2229 int work_done = 0;
seems like the NAPI changes in -rc1 added an np->dev field but forgot to
initialize it ...
does the patch below fix the oops for you?
Ingo
-------------------->
Subject: natsemi: fix oops, link back netdevice from private-struct
From: Ingo Molnar <mingo@elte.hu>
this commit:
commit bea3348eef
Author: Stephen Hemminger <shemminger@linux-foundation.org>
Date: Wed Oct 3 16:41:36 2007 -0700
[NET]: Make NAPI polling independent of struct net_device objects.
added np->dev to drivers/net/natsemi.c's struct netdev_private, but
forgot to initialize that new field upon driver init. The result was
a predictable NULL dereference oops the first time the hardware
generated an interrupt.
Reported-by: Andrew Nelless <andrew@nelless.net>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
napi_disable / napi_enable must be applied on all ehea queues.
Signed-off-by: Jan-Bernd Themann <themann@de.ibm.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>