Kevin McKinney [Tue, 6 Dec 2011 03:17:03 +0000 (22:17 -0500)]
Staging: bcm: Alter return value for copy_to/from_user() to "return -EFAULT" when an error occurs.
In this clean up patch, I altered functions: copy_to/
from_user() to return -EFAULT when an error occurs.
I also replaced break statements when an error occurs
from copy_to/from_user() with direct returns of -EFAULT.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Kevin McKinney [Fri, 2 Dec 2011 03:02:16 +0000 (22:02 -0500)]
Staging: bcm: Alter code to move error handling closer to the calls; and remove white space, IOCTL_BCM_NVM_WRITE.
This is a clean up patch for IOCTL_BCM_NVM_WRITE
that replaces the assignment of the Status
variable with direct returns of the error code,
replaces the break statements with direct returns,
and removes a white space.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Kevin McKinney [Fri, 2 Dec 2011 03:02:15 +0000 (22:02 -0500)]
Staging: bcm: Fix double free of 'pReadData' in IOCTL_BCM_NVM_WRITE.
This patch fixes a memory error in ioctl,
IOCTL_BCM_NVM_WRITE. While copying data to
user space, if an error occurs, pReadData
is freed. Then, at the end of the ioctl,
pReadData was being freed again.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Dan Carpenter [Wed, 30 Nov 2011 08:42:21 +0000 (11:42 +0300)]
Staging: comedi: unlock on error in usbdux_ao_inttrig()
If we had an invalid trignum (anything other than zero is invalid) then
we returned without unlocking. I've modified this function to just have
one return point.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Aaro Koskinen [Mon, 5 Dec 2011 22:10:44 +0000 (00:10 +0200)]
staging: xgifb: disable LVDS on XG27
XG27 has the second display output already hardcoded to disabled. Just
in case, ensure that it has the LVDS code paths disabled. This will
simplify the future cleanups.
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
When updating the scan mask we have to check the actual scan mask for if the
channel is already enabled, not the matching scan mask from the available
scan masks. The bit will already be set there and as a result the actual
scan mask will not get updated and the channel stays disabled.
Also fix the return value of iio_scan_el_store which would return 1 instead of
the number of bytes written if the channel was already active in the scan mask.
The sw_ring does not properly handle the case where the write pointer already
has wrapped around, the read pointer has not and the remaining buffer space at
the end is enough to fill the read buffer:
In this case the current code will copy all available data to the buffer and
as a result will write beyond the bounds of the buffer and cause a memory
corruption.
To address this issue this patch adds code to calculate the available buffer
space and makes sure that the number of bytes to copy does not exceed this
number. This allows the code which copies the data around to be simplified as
it only has to consider two cases: Read wraps around and read does not wrap
around.
staging:iio: make iio_sw_buffer_preenable much more general.
Also introduces active_scan_mask storage to tell the core what is
really being currently captured from the device (different from
what is desired as often has bonus channels).
staging:iio: Remove redundant spi driver bus initialization
In ancient times it was necessary to manually initialize the bus field of an
spi_driver to spi_bus_type. These days this is done in spi_register_driver() so
we can drop the manual assignment.
The patch was generated using the following coccinelle semantic patch:
// <smpl>
@@
identifier _driver;
@@
struct spi_driver _driver = {
.driver = {
- .bus = &spi_bus_type,
},
};
// </smpl>
This patch adds support for the Analog Devices D5380, AD5381,
AD5382, AD5383, AD5384, AD5390, AD5391, AD5392 multi-channel
Digital to Analog Converters.
Bryan Freed [Fri, 2 Dec 2011 22:19:30 +0000 (14:19 -0800)]
iio: light sensor: Improve granularity of tsl2583 lux values.
When illuminance0_calibbias gets 4000 (for a 4x multiplier), we see lux
granularity of 4. Reversing the order of the right shift and multiplication
retains the precision of the unadjusted lux value.
Staging: iio/accel: Added a range check for val in store_measurement_mode()
In sca3000_store_measurement_mode() we use val to and it with a mask.
This mask is only two bits long (as we are only interested in the
lowest two bits), so a value bigger than 3 was silently ignored so
far.
Now this function will return -EINVAL, if val is bigger than 3.
Signed-off-by: Andreas Ruprecht <rupran@einserver.de> Acked-by: Jonathan Cameron <jic23@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Staging: iio/accel: Changed data type of mask in store_measurement_mode() to u8
In sca3000_store_measurement_mode() we parse a value from a string
buffer via kstrtou8, and store the parsed value into a u8 after
and-ing it with mask.
As we are only interested in the lowest two bits here and mask is
initialized with a fixed value 0x03, mask may as well be a u8.
Signed-off-by: Andreas Ruprecht <rupran@einserver.de> Acked-by: Jonathan Cameron <jic23@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Staging: hv: storvsc: Implement per device memory pools
The current code implemented a per-HBA memory pool mechanism. For IDE disks
managed by this driver, there is a one to one correspondance between the
block device and the associated virtual HBA and since currently only IDE devices
can be the boot device, this addressed the deadlock issues that were raised during
the review process. This patch implements a per-lun memory pool mechanism.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com> Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The code in storvsc_device_alloc() is not needed as this would be
done by default. Get rid of it. We still keep the function as we use
this hook to allocate per-LUN memory pools in a later patch.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com> Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Disable clustering, since the host side on Hyper-V requires that
each I/O element not exceed the page size. As part of this
cleanup, get rid of the function to merge bvecs, as the primary
reason for this function was to avoid having an element exceed
the page size.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com> Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
K. Y. Srinivasan [Wed, 30 Nov 2011 16:52:23 +0000 (08:52 -0800)]
Staging: hv: mousevsc: Properly add the hid device
We need to properly add the hid device to correctly initialize the
sysfs state. While this patch is against the staging tree; Jiri,
please pick up this patch as you merge the Hyper-V mouse driver.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com> Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com> Reported-by: Fuzhou Chen <fuzhouch@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* Dan Carpenter <dan.carpenter@oracle.com> wrote:
> Sparse complains that these signed bitfields look "dubious". The
> problem is that instead of being either 0 or 1 like people would expect,
> signed one bit variables like this are either 0 or -1. It doesn't cause
> a problem in this case but it's ugly so lets fix them.
* walter harms (wharms@bfs.de) wrote:
> hi,
> This patch looks ok to me but this design is ugly by itself.
> It should be replaced by an uchar uint whatever or use a
> real bool (obviously not preferred by this programmes).
bool :1, uchar :1 or uint :1 could make sense. uchar:1/bool:1 won't save
any space here, because the surrounding fields are either uint or
pointers, so alignment will just add padding.
I try to use int/uint whenever possible because x86 CPUs tend to get
less register false-dependencies when using instructions modifying the
whole register (generated by using int/uint types) rather than only part
of it (uchar/char/bool). I only use char/uchar/bool when there is a
clear wanted space gain.
The reason why I never use the bool type within a structure when I want
a compact representation is that bool takes a whole byte just to
represent one bit:
struct usebitfield {
int a;
unsigned int f:1, g:1, h:1, i:1, j:1;
int b;
};
struct usebool {
int a;
bool f, g, h, i, j;
int b;
};
struct useboolbf {
int a;
bool f:1, g:1, h:1, i:1, j:1;
int b;
};
This is because each bool takes one byte, while the bitfields are put in
units of "unsigned int" (or bool for the 3rd struct). So in this
example, we need 5 bytes + 3 bytes alignment for the bool, but only 4
bytes to hold the "unsigned int" unit for the bitfields.
The choice between bool and bitfields must also take into account the
frequency of access to the variable, because bitfields require mask
operations to access the selected bit(s). You will notice that none of
these bitfields are accessed on the tracing fast-path: only in
slow-paths. Therefore, space gain is more important than speed here.
One might argue that I have so few of these fields here that it does not
make an actual difference to go for bitfield or bool. I am just trying
to choose types best suited for their intended purpose, ensuring they
are future-proof and will allow simply adding more fields using the same
type, as needed.
So I guess I'll go for uint :1.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Acked-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
lttng lib: ring buffer move null pointer check to open
* Dan Carpenter <dan.carpenter@oracle.com> wrote:
> The patch c844b2f5cfea: "lttng lib: ring buffer" from Nov 28, 2011,
> leads to the following Smatch complaint:
>
> drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c +86
> +lib_ring_buffer_mmap_buf()
> warn: variable dereferenced before check 'buf' (see line 79)
>
> drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c
> 78 unsigned long length = vma->vm_end - vma->vm_start;
> 79 struct channel *chan = buf->backend.chan;
> ^^^^^^^^^^^^^^^^^
> Dereference.
>
> 80 const struct lib_ring_buffer_config *config = chan->backend.config;
> 81 unsigned long mmap_buf_len;
> 82
> 83 if (config->output != RING_BUFFER_MMAP)
> 84 return -EINVAL;
> 85
> 86 if (!buf)
> ^^^^
> Check.
>
> 87 return -EBADF;
> 88
Let's move the NULL buf check to the file "open", where it belongs. The
"open" file operation is the actual interface between lib ring buffer
and the modules using it.
* Dan Carpenter <dan.carpenter@oracle.com> wrote:
[...]
> The patch c844b2f5cfea: "lttng lib: ring buffer" from Nov 28, 2011,
> leads to the following Smatch complaint:
>
> drivers/staging/lttng/lib/ringbuffer/ring_buffer_frontend.c +1150
> +lib_ring_buffer_print_buffer_errors()
> warn: variable dereferenced before check 'chan' (see line 1143)
>
> drivers/staging/lttng/lib/ringbuffer/ring_buffer_frontend.c
> 1142 {
> 1143 const struct lib_ring_buffer_config *config =
> +chan->backend.config;
>
> +^^^^^^^^^^^^^^^^^^^^
> Dereference.
>
> 1144 unsigned long write_offset, cons_offset;
> 1145
> 1146 /*
> 1147 * Can be called in the error path of allocation when
> 1148 * trans_channel_data is not yet set.
> 1149 */
> 1150 if (!chan)
> ^^^^^^^^^
> Check. At first glance the comment seems out of date, I think check can
> be removed safely.
>
> 1151 return;
> 1152 /*
Sean MacLennan [Wed, 30 Nov 2011 20:18:52 +0000 (15:18 -0500)]
rtl8192e: Rename clashing symbols
The "rtl8192e: Export symbols" patch exported three functions already
exported by the rtl8192u driver. This patch renames the three functions:
Dot11d_Init => dot11d_init
HTUpdateSelfAndPeerSetting => HT_update_self_and_peer_setting
IsLegalChannel => rtllib_legal_channel
Signed-off-by: Sean MacLennan <seanm@seanm.ca> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Now that we're murder-synchronous, this code path will never be
called (and if it does, it doesn't tell us anything useful other
than we killed a task that was already being killed by somebody
else but hadn't gotten its' signal yet)
Signed-off-by: San Mehat <san@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
staging: binder: Fix memory corruption via page aliasing
binder_deferred_release was not unmapping the page from the buffer
before freeing it, causing memory corruption. This only happened
when page(s) had not been freed by binder_update_page_range, which
properly unmaps the pages.
This only happens on architectures with VIPT aliasing.
To reproduce, create a program which opens, mmaps, munmaps, then closes
the binder very quickly. This should leave a page allocated when the
binder is released. When binder_deferrred_release is called on the
close, the page will remain mapped to the address in the linear
proc->buffer. Later, we may map the same physical page to a different
virtual address that has different coloring, and this may cause
aliasing to occur.
PAGE_POISONING will greatly increase your chances of noticing any
problems.
Signed-off-by: Christopher Lais <chris+android@zenthought.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>