Mark Asselstine [Thu, 13 Feb 2014 02:47:56 +0000 (21:47 -0500)]
staging: usbip: prevent possible buffer overflow reading port records
To avoid buffer overflow while reading a corrupted or possibly
modified port file we validate the length of each part of the port
record to ensure it doesn't exceed the length of the destination
buffer.
https://bugzilla.kernel.org/show_bug.cgi?id=69931
Signed-off-by: Mark Asselstine <asselsm@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
staging: comedi: das800: trigger sources are validated in (*do_cmdtest)
The trigger sources were already validataed in the (*do_cmdtest) before the
(*do_cmd) is called. Refactor the code in das800_ai_do_cmd() to use if/else
instead of the switch since the default cases can never be reached.
Signed-off-by: H Hartley Sweeten <hsweeten@visionengravers.com> Cc: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
staging: comedi: comedi_test: trigger sources are validated in (*do_cmdtest)
The trigger sources were already validataed in the (*do_cmdtest) before the
(*do_cmd) is called. Refactor the code in waveform_ai_cmd() to remove the
final else which can never be reached.
Signed-off-by: H Hartley Sweeten <hsweeten@visionengravers.com> Cc: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
staging: comedi: cb_pcidas: trigger sources are validated in (*do_cmdtest)
The trigger sources were already validataed in the (*do_cmdtest) before the
(*do_cmd) is called. Refactor the code in cb_pcidas_ai_cmd() to remove the
final else which can never be reached.
Signed-off-by: H Hartley Sweeten <hsweeten@visionengravers.com> Cc: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
staging: comedi: adl_pci9111: trigger sources are validated in (*do_cmdtest)
The trigger sources were already validataed in the (*do_cmdtest) before the
(*do_cmd) is called. Refactor the code in pci9111_ai_do_cmd() to use if/else
instead of the switch since the default cases can never be reached.
Signed-off-by: H Hartley Sweeten <hsweeten@visionengravers.com> Cc: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
staging: comedi: usbduxfast: remove TRIG_TIMER from scan_begin_src
Currently the (*do_cmdtest) indicates that TRIG_TIMER is a valid scan_begin_src
but later this source is tested as -EINVAL. To simplify the code a bit just
remove the TRIG_TIMER source.
Signed-off-by: H Hartley Sweeten <hsweeten@visionengravers.com> Cc: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Use comedi_timeout() to wait for the analog input settle and end-of-
conversion. These tests use different registers but the same bit so
the register is passed as the 'context'. The same test is used in
dmm32at_ai_cmd() but the 'insn' is not available. This is ok since
the test function, and comedi_timeout() don't use it.
Use comedi_timout() to wait for the analog output end-of-conversion.
Signed-off-by: H Hartley Sweeten <hsweeten@visionengravers.com> Cc: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
staging: comedi: daqboard2000: use comedi_timeout()
Use comedi_timeout() to wait for the analog input pipe full, scanning,
amd end-of-conversion status. The status to check it passed as the
'context' to comedi_timeout().
Use comedi_timeout() to wait for the analog output end-of-conversion.
This also fixes a possible bug where invalid data is returned for the
analog input read if the conversion did not complete, The analog
output has a similar possible bug where the cached readback value is
incorrect if the conversion times out.
Signed-off-by: H Hartley Sweeten <hsweeten@visionengravers.com> Cc: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The wait_for() macro in this driver is a bit nasty. It effects control flow
which according to the CodingStyle is a _very_ bad idea.
The mux_busy() and ad_done() macros are also bad since they rely on a local
variable having a specific name.
Remove these macros and use comedi_timeout() to wait for the analog input
mux busy completion and end-of-conversion. Both of these are detected by
reading the same register and testing different bits. Pass the bits to test
as the 'context' to the callback function.
The dt282x_ai_cmd() function also checks for the mux busy completion. The
'insn' is not available here but passing NULL is safe because nothing
uses it.
Signed-off-by: H Hartley Sweeten <hsweeten@visionengravers.com> Cc: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Introduce a comedi core helper function to handle the boilerplate
needed by the drivers to busy- wait for a condition to occur.
Typically this condition is the analog input/output end-of-conversion
used with the comedi (*insn_read) and (*insn_write) operations.
To use this function, the drivers just need to provide a callback
that checks for the desired condition. The callback should return
0 if the condition is met or -EBUSY if it is still waiting. Any
other errno will be returned to the caller. If the timeout occurs
before the condition is met -ETIMEDOUT will be returned.
The parameters to the callback function are the comedi_device,
comedi_subdevice, and comedi_insn pointers that were passed to the
(*insn_read) or (*insn_write) as well as an unsigned long, driver
specific, 'context' that can be used to pass any other information
that might be needed in the callback. This 'context' could be anything
such as the register offset to read the status or the bits needed
to check the status. The comedi_timeout() function itself does not
use any of these parameters.
This will help remove all the crazy "wait this many loops" used by
some of the drivers. It also creates a common errno for comedi to
detect when a timeout occurs.
ADC/DAC conversion times are typically pretty fast, usually around
100K samples/sec (10 usec). A conservative timeout of 1 second is used
in comedi_timeout().
Signed-off-by: H Hartley Sweeten <hsweeten@visionengravers.com> Cc: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This code has no effect. Normally, you would assign the result of
rcu_dereference() to some variable, but it is not clear from the
code what variable that would be. Therefore, this patch applies to
the TODO file instead of the code itself.
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Larry Finger [Wed, 12 Feb 2014 22:14:35 +0000 (16:14 -0600)]
staging: r8188eu: Fix more Smatch warnings and errors
After updating Smatch, the following new errors and warnings are reported:
drivers/staging/rtl8188eu/core/rtw_recv.c:368 recvframe_chkmic() warn: variable dereferenced before check 'psecuritypriv' (see line 364)
drivers/staging/rtl8188eu/os_dep/ioctl_linux.c:2642 rtw_wps_start() warn: variable dereferenced before check 'pdata' (see line 2636)
drivers/staging/rtl8188eu/os_dep/ioctl_linux.c:4461 rtw_dbg_port() error: we previously assumed 'pregpriv' could be null (see line 4453)
drivers/staging/rtl8188eu/os_dep/ioctl_linux.c:4473 rtw_dbg_port() error: we previously assumed 'pregpriv' could be null (see line 4469)
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Paul Bolle [Thu, 13 Feb 2014 12:00:18 +0000 (13:00 +0100)]
staging: r8188eu: Remove dead code
There are a few lines in this driver that depend on a macro
CONFIG_BT_COEXIST. But there's no Kconfig symbol of that name nor is
there a preprocessor define for that string. So remove these lines.
Signed-off-by: Paul Bolle <pebolle@tiscali.nl> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Chase Southwood [Fri, 14 Feb 2014 01:02:26 +0000 (19:02 -0600)]
Staging: comedi: clean up conditional statement in addi_apci_3xxx.c
In this conditional statement, if (chan < 16), but the instruction passed
in data[0] is INSN_CONFIG_DIO_QUERY, the function does not return early,
but the else-branch does not get executed either. As a result, mask
would be used uninitialized in the next line. We want
comedi_dio_insn_config() to use a chan_mask based on the chanspec for the
INSN_CONFIG_DIO_QUERY instruction, so mask should be initialized to 0.
Then, if instead the instruction is INSN_CONFIG_DIO_{INPUT,OUTPUT}, we
return an error if (chan < 16) as these are invalid instructions for
ports 0 and 1, or update the mask otherwise, so all the io_bits are
modified for port 2. This ensures that mask is always initialized by the
time it is used.
Dave Jones [Thu, 13 Feb 2014 19:48:14 +0000 (14:48 -0500)]
staging/bcm: move IOCTL_BCM_TIME_SINCE_NET_ENTRY case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:48:09 +0000 (14:48 -0500)]
staging/bcm: move IOCTL_BCM_GET_DEVICE_DRIVER_INFO case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:48:04 +0000 (14:48 -0500)]
staging/bcm: move IOCTL_BCM_CNTRLMSG_MASK case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:47:59 +0000 (14:47 -0500)]
staging/bcm: move IOCTL_BCM_NVM_RAW_READ case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:47:53 +0000 (14:47 -0500)]
staging/bcm: move IOCTL_BCM_SELECT_DSD case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:47:48 +0000 (14:47 -0500)]
staging/bcm: move IOCTL_BCM_GET_FLASH_CS_INFO case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:47:43 +0000 (14:47 -0500)]
staging/bcm: move IOCTL_BCM_COPY_SECTION case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:47:33 +0000 (14:47 -0500)]
staging/bcm: move IOCTL_BCM_SET_ACTIVE_SECTION case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:47:28 +0000 (14:47 -0500)]
staging/bcm: move IOCTL_BCM_GET_FLASH2X_SECTION_BITMAP case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:47:23 +0000 (14:47 -0500)]
staging/bcm: move IOCTL_BCM_FLASH2X_SECTION_WRITE case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:47:18 +0000 (14:47 -0500)]
staging/bcm: move IOCTL_BCM_FLASH2X_SECTION_READ case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:47:13 +0000 (14:47 -0500)]
staging/bcm: move IOCTL_BCM_NVM_[READ|WRITE] cases out to their own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:47:08 +0000 (14:47 -0500)]
staging/bcm: move IOCTL_BCM_SET_DEBUG case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:47:02 +0000 (14:47 -0500)]
staging/bcm: move IOCTL_BCM_CAL_INIT case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:46:57 +0000 (14:46 -0500)]
staging/bcm: move IOCTL_BCM_GET_NVM_SIZE case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:46:52 +0000 (14:46 -0500)]
staging/bcm: move IOCTL_BCM_BULK_WRM case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:46:47 +0000 (14:46 -0500)]
staging/bcm: move IOCTL_BCM_GET_HOST_MIBS case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:46:42 +0000 (14:46 -0500)]
staging/bcm: move IOCTL_BCM_GET_DSX_INDICATION case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:46:37 +0000 (14:46 -0500)]
staging/bcm: move IOCTL_BCM_SET_MAC_TRACING case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:46:32 +0000 (14:46 -0500)]
staging/bcm: move IOCTL_BCM_GET_CURRENT_STATUS case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:46:27 +0000 (14:46 -0500)]
staging/bcm: move IOCTL_BCM_GET_DRIVER_VERSION case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:46:22 +0000 (14:46 -0500)]
staging/bcm: move IOCTL_BCM_SWITCH_TRANSFER_MODE case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dave Jones [Thu, 13 Feb 2014 19:46:17 +0000 (14:46 -0500)]
staging/bcm: move IOCTL_QOS_THRESHOLD case out to its own function.
bcm_char_ioctl is one of the longest non-generated functions in the kernel,
at 1906 lines. Splitting it up into multiple functions should simplify
this a lot.
Signed-off-by: Dave Jones <davej@fedoraproject.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>