Tim Sell [Mon, 13 Jul 2015 18:51:24 +0000 (14:51 -0400)]
staging: unisys: fix random memory corruption in visorchannel_write()
visorchannel_write() and it's user visorbus_write_channel() are
exported, so all visorbus function drivers (i.e., drivers that call
visorbus_register_visor_driver()) are potentially affected by the bug.
Because of pointer-arithmetic rules, the address being written to in the
affected code was actually at byte offset:
sizeof(struct channel_header) * offset
instead of just <offset> bytes as intended.
The bug could cause some very difficult-to-diagnose symptoms. The
particular problem that led me on this chase was a kernel fault that
would occur during 'insmod visornic' after a previous 'rmmod visornic',
where we would fault during netdev_register_kobject() within
pm_runtime_set_memalloc_noio() while traversing a device list, which
occurred because dev->parent for the visorbus device had become
corrupted.
Fixes: 0abb60c1c ('staging: unisys: visorchannel_write(): Handle...') Signed-off-by: Tim Sell <Timothy.Sell@unisys.com> Acked-by: Don Zickus <dzickus@redhat.com> Signed-off-by: Benjamin Romer <benjamin.romer@unisys.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
But code in devdata_release() was treating devdata as a pointer that needed
to be kfree()d! This was causing all sorts of weird behavior after doing
an rmmod of visornic, both because free_netdev() was actually freeing the
memory used for devdata, and because devdata wasn't pointing to
dynamically-allocated memory in the first place.
The kfree(devdata) and the kref that tracked devdata's usage have been
appropriately deleted.
Signed-off-by: Tim Sell <Timothy.Sell@unisys.com> Signed-off-by: Benjamin Romer <benjamin.romer@unisys.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tim Sell [Thu, 9 Jul 2015 17:27:49 +0000 (13:27 -0400)]
staging: unisys: visornic: don't destroy global workqueues until devs destroyed
visornic_cleanup() was previously incorrectly destroying its global
workqueues prior to cleaning up the devices which used them. This patch
corrects the order of these operations.
Signed-off-by: Tim Sell <Timothy.Sell@unisys.com> Signed-off-by: Benjamin Romer <benjamin.romer@unisys.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tim Sell [Thu, 9 Jul 2015 17:27:48 +0000 (13:27 -0400)]
staging: unisys: visornic: correctly clean up device on removal
visornic_remove() is called to logically detach the visornic driver from a
visorbus-supplied device, which can happen either just prior to a
visorbus-supplied device disappearing, or as a result of an rmmod of
visornic. Prior to this patch, logic was missing to properly clean up for
this removal, which was fixed via the following changes:
* A going_away flag is now used to interlock between device destruction and
workqueue operations, protected by priv_lock. I.e., setting
going_away=true under lock guarantees that no new work items can get
queued to the work queues. going_away=true also short-circuits other
operations to enable device destruction to proceed.
* Missing clean-up operations for the workqueues, netdev, debugfs entries,
and the worker thread were added.
* Memory referenced from the visornic private devdata struct is now freed
as part of devdata destruction.
Signed-off-by: Tim Sell <Timothy.Sell@unisys.com> Signed-off-by: Benjamin Romer <benjamin.romer@unisys.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tim Sell [Thu, 9 Jul 2015 17:27:47 +0000 (13:27 -0400)]
staging: unisys: visornic: correct obvious double-allocation of workqueues
Looks like an errant patch fitting caused us to redundantly allocate the
workqueues at both the beginning and end of visornic_init(). This was
corrected by removing the allocations at the beginning.
Refer to Documentation/dynamic-debug-howto.txt for more details.
In addition to the new debug and error messages, a message like the
following will be logged every time a visornic device is probed, which
will enable you to map back-and-forth between visorbus device names
(e.g., "vbus2:dev0") and netdev names (e.g., "eth0"):
Tim Sell [Thu, 9 Jul 2015 17:27:45 +0000 (13:27 -0400)]
staging: unisys: neglect to NULL rcvbuf pointer
Neglect to NULL rcvbuf pointer array could result in faults later
This problem would exhibit itself as a fault when when attempting to stop
any visornic device (i.e., in visornic_disable_with_timeout() or
visornic_serverdown_complete()) that had never been started (i.e., for
which init_rcv_bufs() had never been called). Because the array of rcvbuf
was never cleared to NULLs, we would mistakenly attempt to call kfree_skb()
on garbage memory.
Signed-off-by: Tim Sell <Timothy.Sell@unisys.com> Signed-off-by: Benjamin Romer <benjamin.romer@unisys.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tim Sell [Thu, 9 Jul 2015 17:27:44 +0000 (13:27 -0400)]
staging: unisys: prevent faults in visornic_pause
Prevent faults in visornic_pause, visornic_resume(), and visornic_remove()
Prior to this patch, any call to visornic_pause(), visornic_resume(), or
visornic_remove() would fault, due to dev_set_drvdata() never having been
called to stash our struct visornic_devdata * into the device's drvdata.
I.e., all calls to dev_get_drvdata() were returning NULL, meaning a fault
was soon to follow.
Signed-off-by: Tim Sell <Timothy.Sell@unisys.com> Signed-off-by: Benjamin Romer <benjamin.romer@unisys.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tim Sell [Thu, 9 Jul 2015 17:27:43 +0000 (13:27 -0400)]
staging: unisys: visornic: correct visornic_pause
Correct visornic_pause() to indicate completion asynchronously rather
than in-line
Previously, visornic_pause() (called to stop the device due to IOVM service
partition recovery) was calling the passed complete_func() in-line, rather
than delaying the calling until after the device had actually been stopped.
The behavior has been corrected so that the calling of the complete_func()
is now delayed until after the stopping of the device has been completed in
visornic_serverdown_complete(), which runs asynchronously via the workqueue
visornic_serverdown_workqueue.
Signed-off-by: Tim Sell <Timothy.Sell@unisys.com> Signed-off-by: Benjamin Romer <benjamin.romer@unisys.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Prevent faults processing messages for devices that no driver has yet
registered to handle.
Previously, code of the form:
drv = to_visor_driver(dev->device.driver);
if (!drv)
goto away;
was not having the desired intent, because to_visor_driver() was
essentially returning garbage if its argument was NULL. The only existing
case of this is in initiate_chipset_device_pause_resume(), which is called
during IOVM service partition recovery. We were thus faulting when IOVM
service partition recovery was initiated on a bus that had at least one
device for which no function driver had registered
(visorbus_register_visor_driver).
Signed-off-by: Tim Sell <Timothy.Sell@unisys.com> Signed-off-by: Benjamin Romer <benjamin.romer@unisys.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tim Sell [Thu, 9 Jul 2015 17:27:41 +0000 (13:27 -0400)]
staging: unisys: respond to msgs post device_create
Fix problem that prevents us from responding to any device message after
device_create.
By neglecting to NULL out pending_msg_hdr after the device_create response,
we were effectively preventing any subsequent messages to the device from
working, because device_epilog() will correctly bail out early if it sees
that pending_msg_hdr is still set non-NULL, as that is an indicator to mean
that an unanswered message is still outstanding.
This problem was discovered as part of testing IOVM service partition
recovery, because device_epilog() was in fact bailing out when it was
called from my_device_changestate(), which of course prevented us from
transitioning the device to the paused state. However, the incorrect
behavior would occur for ANY subsequent command directed at the device,
not just for changestate.
Signed-off-by: Tim Sell <Timothy.Sell@unisys.com> Signed-off-by: Benjamin Romer <benjamin.romer@unisys.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Anatoly Stepanov [Sun, 28 Jun 2015 23:44:04 +0000 (02:44 +0300)]
staging: sm750fb: add required spaces around C operators
Add spaces according to checkpatch.pl messages:
"ERROR: spaces required around that '=' (ctx:VxV)"
"ERROR: need consistent spacing around '-' (ctx:WxV)"
"ERROR: spaces required around that '?' (ctx:VxE)"
"ERROR: need consistent spacing around '&' (ctx:VxW)"
staging: sm750fb: remove redundant __func__ in debug statement
This patch removes the redundant __func__ from dynamic debug prints as
the pr_xxx set of functions can be dynamically controlled to include
function name.Also fix a typo in debug statement.
Signed-off-by: Hari Prasath Gujulan Elango <hgujulan@visteon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Santhosh Pai [Mon, 29 Jun 2015 09:44:03 +0000 (10:44 +0100)]
staging: Comedi: comedi_fops: Fixed the return error code
This patch fixes the checkpatch.pl warning:
WARNING: ENOSYS means 'invalid syscall nr' and nothing else
try_module_get fails when the reference count of the module is not
allowed to be incremented ,and hence -ENXIO is returned indicating
no device or address.
[IA - combined two of santhosh's changes to the error return value!]
Signed-off-by: santhosh pai <santhosh.pai88@yahoo.com> Reviewed-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ian Abbott [Tue, 7 Jul 2015 16:06:52 +0000 (17:06 +0100)]
staging: comedi: use CAP_SYS_ADMIN instead of CAP_NET_ADMIN
If the "comedi" module has been loaded with the
"comedi_num_legacy_minors" module parameter set to a non-zero value,
some reserved comedi devices get created. These can be attached to a
low-level comedi driver using the `COMEDI_DEVCONFIG` ioctl command,
which checks for the `CAP_SYS_ADMIN` capability. Of course, the comedi
device needs to be opened before the ioctl command can be sent. If the
comedi device is unattached, `comedi_open()` currently requires the
`CAP_NET_ADMIN` capability. It makes more sense to just require the
`CAP_SYS_ADMIN` capability here, so change it.
For the curious, commit a8f80e8ff94e ("Networking: use CAP_NET_ADMIN
when deciding to call request_module") changed this capability from
`CAP_SYS_MODULE` to `CAP_NET_ADMIN`, even though it doesn't seem
relevant here. The original `CAP_SYS_MODULE` capability was due to the
function having some code to request a module using a "char-major-%i-%i"
alias, but that was never compiled in and was removed by commit f30f2c2d417b ("staging: comedi: remove check for CONFIG_KMOD").
Signed-off-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ian Abbott [Tue, 7 Jul 2015 17:06:07 +0000 (18:06 +0100)]
staging: comedi: cb_pcimdas: add external analog output ranges
The analog output range is not programmable, but the ranges for each of
the two analog output channels are settable via jumpers. These jumper
settings are not readable by the driver. The driver
provides a range table containing all the possible internal ranges
(+/-10V, +/-5V, 0-10V, 0-5V) to provide information to the user
application (although any range selected by the application that differs
from the jumper settings will not produce the expected voltage output).
The range table does not cover all possible ranges of the analog output
channels. The jumpers also allow an external reference voltage between
0 and 10V to be used as bipolar or unipolar output range. Add a couple
more ranges to the end of the range table to define these two external
ranges.
Signed-off-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
staging: comedi: das16m1: fix lines over 80 characters
Warnings found by checkpatch.pl
WARNING: line over 80 characters
/drivers/staging/comedi/drivers/das16m1.c:414
+ if (devpriv->adc_count == 0 && hw_counter == devpriv->initial_hw_count) {
Signed-off-by: Luis de Bethencourt <luis@debethencourt.com> Reviewed-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Warning found by checkpatch.pl
WARNING: please, no space before tabs
/drivers/staging/comedi/drivers/das16m1.c:83
+ 404-407 ^I8254$
Signed-off-by: Luis de Bethencourt <luis@debethencourt.com> Reviewed-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fixes checkpatch.pl WARNING: quoted string split across lines
+MODULE_AUTHOR("David A. Schleef <ds@schleef.org>, "
+ "Frank Mori Hess <fmhess@users.sourceforge.net>");
Modules with multiple authors have a MODULE_AUTHOR line for each one.
Signed-off-by: Luis de Bethencourt <luis@debethencourt.com> Reviewed-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Markus Elfring [Tue, 14 Jul 2015 07:35:42 +0000 (09:35 +0200)]
staging: lustre: Deletion of unnecessary checks before three function calls
The following functions test whether their argument is NULL and then
return immediately.
* kfree
* ll_file_data_put
* ptlrpc_connection_put
Thus the test around such calls is not needed.
This issue was detected by using the Coccinelle software.
See also a previous update suggestion:
"remove unneeded null test before free" by Julia Lawall
https://lkml.org/lkml/2015/5/1/498
https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg878600.html
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
staging/lustre/libcfs: get rid of debugfs/lnet/console_{min, max}_delay_centisecs
They are just fancy module parameters wrappers,
so just the same functionality now would be accessible via
/sys/module/libcfs/parameters/libcfs_console_{min,max}_delay
staging/lustre/libcfs: get rid of debugfs/lnet/debug_mb
It's just a fancy libcfs_debug_mb module parameter wrapper,
so just add debug buffer size check and resizing and the same
functionality now would be accessible via
/sys/module/libcfs/parameters/libcfs_debug_mb
staging/lustre/libcfs: get rid of debugfs/lnet/console_backoff
module parameter libcfs_console_backoff accessible through
/sys/module/libcfs/parameters/libcfs_console_backoff would
do the same thing, just add a special "uintpos" parameter
type to disallow 0 values too.
Also add a symlink to the module parameter variable for
backwards compatibility
/proc/sys/lnet/console_ratelimit, debug_path and panic_on_lbug
are module parameters with no special magic accessible via
/sys/module/libcfs/parameters/libcfs_console_ratelimit,
/sys/module/libcfs/parameters/libcfs_debug_file_path and
/sys/module/libcfs/parameters/libcfs_panic_on_lbug respectively.
As such just replace them with corresponding symlinks
staging/lustre: Remove unneeded ldlm_timeout control
ldlm_timeout is used server-side to determine AST timeouts,
so it makes no sense on the client, esp. since it's not really used
anywhere.
Remove all traces of it except from the config where make
it a noop.
staging/lustre: Remove now obsolete memory tracking sysctls
In the past when Lustre did its own allocation amounts tracking
the results were shown in sysctl as current and overall max
number of bytes and pages allocated. Now that we don't
track these, remove the sysctls.
staging/lustre/obdclass: fix class_procfs_init error return value
Dan Carpenter noticed that procfs conversion patches introduced
a bug where should kobject_create_and_add, an error is not returned
from class_procfs_init.
staging/lustre/ldlm: In ldlm_pools_fini make sure there was init first.
It turns out if you call ldlm_pools_fini without completing the
ldlm_pools_init, then attempt to unregister not yet registered
shrinkers makes the kernel very unhappy.
So make sure we have them registered first.
ldebugfs_remove is usually called on directories with files passed in
as attributes, so simple debugfs_remove failes on them as not empty
Switch to debugfs_remove_recursive.
This fixes a number of problems where a new filesystem is mounted after
being unmounted first.
Oleg Drokin [Wed, 24 Jun 2015 14:07:45 +0000 (10:07 -0400)]
staging/lustre/lnet: Move asm/irq.h include after linux includes
Apparently m86k cannot build if you include asm/irq.h before
linux/* includes and fixing it there is hard.
So just move asm/irq.h include to where it does not cause any problems.
Thanks to Geert Uytterhoeven for getting to the root of it.
staging: wilc1000: switch printks to vsprintf IPv4 extension
Switch printks with IP addresses to use vsprintf extension %pI4.
Suggested-by: Joe Perches <joe@perches.com> Signed-off-by: Luis de Bethencourt <luis@debethencourt.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>