K. Y. Srinivasan [Wed, 30 Nov 2011 16:52:23 +0000 (08:52 -0800)]
Staging: hv: mousevsc: Properly add the hid device
We need to properly add the hid device to correctly initialize the
sysfs state. While this patch is against the staging tree; Jiri,
please pick up this patch as you merge the Hyper-V mouse driver.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com> Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com> Reported-by: Fuzhou Chen <fuzhouch@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* Dan Carpenter <dan.carpenter@oracle.com> wrote:
> Sparse complains that these signed bitfields look "dubious". The
> problem is that instead of being either 0 or 1 like people would expect,
> signed one bit variables like this are either 0 or -1. It doesn't cause
> a problem in this case but it's ugly so lets fix them.
* walter harms (wharms@bfs.de) wrote:
> hi,
> This patch looks ok to me but this design is ugly by itself.
> It should be replaced by an uchar uint whatever or use a
> real bool (obviously not preferred by this programmes).
bool :1, uchar :1 or uint :1 could make sense. uchar:1/bool:1 won't save
any space here, because the surrounding fields are either uint or
pointers, so alignment will just add padding.
I try to use int/uint whenever possible because x86 CPUs tend to get
less register false-dependencies when using instructions modifying the
whole register (generated by using int/uint types) rather than only part
of it (uchar/char/bool). I only use char/uchar/bool when there is a
clear wanted space gain.
The reason why I never use the bool type within a structure when I want
a compact representation is that bool takes a whole byte just to
represent one bit:
struct usebitfield {
int a;
unsigned int f:1, g:1, h:1, i:1, j:1;
int b;
};
struct usebool {
int a;
bool f, g, h, i, j;
int b;
};
struct useboolbf {
int a;
bool f:1, g:1, h:1, i:1, j:1;
int b;
};
This is because each bool takes one byte, while the bitfields are put in
units of "unsigned int" (or bool for the 3rd struct). So in this
example, we need 5 bytes + 3 bytes alignment for the bool, but only 4
bytes to hold the "unsigned int" unit for the bitfields.
The choice between bool and bitfields must also take into account the
frequency of access to the variable, because bitfields require mask
operations to access the selected bit(s). You will notice that none of
these bitfields are accessed on the tracing fast-path: only in
slow-paths. Therefore, space gain is more important than speed here.
One might argue that I have so few of these fields here that it does not
make an actual difference to go for bitfield or bool. I am just trying
to choose types best suited for their intended purpose, ensuring they
are future-proof and will allow simply adding more fields using the same
type, as needed.
So I guess I'll go for uint :1.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Acked-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
lttng lib: ring buffer move null pointer check to open
* Dan Carpenter <dan.carpenter@oracle.com> wrote:
> The patch c844b2f5cfea: "lttng lib: ring buffer" from Nov 28, 2011,
> leads to the following Smatch complaint:
>
> drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c +86
> +lib_ring_buffer_mmap_buf()
> warn: variable dereferenced before check 'buf' (see line 79)
>
> drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c
> 78 unsigned long length = vma->vm_end - vma->vm_start;
> 79 struct channel *chan = buf->backend.chan;
> ^^^^^^^^^^^^^^^^^
> Dereference.
>
> 80 const struct lib_ring_buffer_config *config = chan->backend.config;
> 81 unsigned long mmap_buf_len;
> 82
> 83 if (config->output != RING_BUFFER_MMAP)
> 84 return -EINVAL;
> 85
> 86 if (!buf)
> ^^^^
> Check.
>
> 87 return -EBADF;
> 88
Let's move the NULL buf check to the file "open", where it belongs. The
"open" file operation is the actual interface between lib ring buffer
and the modules using it.
* Dan Carpenter <dan.carpenter@oracle.com> wrote:
[...]
> The patch c844b2f5cfea: "lttng lib: ring buffer" from Nov 28, 2011,
> leads to the following Smatch complaint:
>
> drivers/staging/lttng/lib/ringbuffer/ring_buffer_frontend.c +1150
> +lib_ring_buffer_print_buffer_errors()
> warn: variable dereferenced before check 'chan' (see line 1143)
>
> drivers/staging/lttng/lib/ringbuffer/ring_buffer_frontend.c
> 1142 {
> 1143 const struct lib_ring_buffer_config *config =
> +chan->backend.config;
>
> +^^^^^^^^^^^^^^^^^^^^
> Dereference.
>
> 1144 unsigned long write_offset, cons_offset;
> 1145
> 1146 /*
> 1147 * Can be called in the error path of allocation when
> 1148 * trans_channel_data is not yet set.
> 1149 */
> 1150 if (!chan)
> ^^^^^^^^^
> Check. At first glance the comment seems out of date, I think check can
> be removed safely.
>
> 1151 return;
> 1152 /*
Sean MacLennan [Wed, 30 Nov 2011 20:18:52 +0000 (15:18 -0500)]
rtl8192e: Rename clashing symbols
The "rtl8192e: Export symbols" patch exported three functions already
exported by the rtl8192u driver. This patch renames the three functions:
Dot11d_Init => dot11d_init
HTUpdateSelfAndPeerSetting => HT_update_self_and_peer_setting
IsLegalChannel => rtllib_legal_channel
Signed-off-by: Sean MacLennan <seanm@seanm.ca> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Now that we're murder-synchronous, this code path will never be
called (and if it does, it doesn't tell us anything useful other
than we killed a task that was already being killed by somebody
else but hadn't gotten its' signal yet)
Signed-off-by: San Mehat <san@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
staging: binder: Fix memory corruption via page aliasing
binder_deferred_release was not unmapping the page from the buffer
before freeing it, causing memory corruption. This only happened
when page(s) had not been freed by binder_update_page_range, which
properly unmaps the pages.
This only happens on architectures with VIPT aliasing.
To reproduce, create a program which opens, mmaps, munmaps, then closes
the binder very quickly. This should leave a page allocated when the
binder is released. When binder_deferrred_release is called on the
close, the page will remain mapped to the address in the linear
proc->buffer. Later, we may map the same physical page to a different
virtual address that has different coloring, and this may cause
aliasing to occur.
PAGE_POISONING will greatly increase your chances of noticing any
problems.
Signed-off-by: Christopher Lais <chris+android@zenthought.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
San Mehat [Wed, 5 May 2010 18:38:42 +0000 (11:38 -0700)]
staging: android: lowmemkiller: Substantially reduce overhead during reclaim
This patch optimizes lowmemkiller to not do any work when it has an outstanding
kill-request. This greatly reduces the pressure on the task_list lock
(improving interactivity), as well as improving the vmscan performance
when under heavy memory pressure (by up to 20x in tests).
Note: For this enhancement to work, you need CONFIG_PROFILING
Signed-off-by: San Mehat <san@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
San Mehat [Mon, 26 Apr 2010 22:11:04 +0000 (15:11 -0700)]
staging: android: lowmemorykiller: Don't try to kill the same pid over and over
Under certain circumstances, a process can take awhile to
handle a sig-kill (especially if it's in a scheduler group with
a very low share ratio). When this occurs, lowmemkiller returns
to vmscan indicating the process memory has been freed - even
though the process is still waiting to die. Since the memory
hasn't actually freed, lowmemkiller is called again shortly after,
and picks the same process to die; regardless of the fact that
it has already been 'scheduled' to die and the memory has already
been reported to vmscan as having been freed.
Solution is to check fatal_signal_pending() on the selected
task, and if it's already pending destruction return; indicating
to vmscan that no resources were freed on this pass.
Signed-off-by: San Mehat <san@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The timed output device never previously checked the return value of sscanf,
resulting in an uninitialized int being passed to enable() if input value
was invalid.
Signed-off-by: Mike Lockwood <lockwood@android.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
San Mehat [Thu, 17 Sep 2009 21:27:41 +0000 (14:27 -0700)]
staging: android: ramconsole: Ensure ramconsole does not get cluttered by apanic threads
[Note, this is part of a patch from Sam, just the drivers/staging/
portion, that adds a function that the apanic code calls, but the apanic
code isn't here, so just include part of this to make merges and diffs
easier and this keeps things self-contained - gregkh]
Signed-off-by: San Mehat <san@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Note, I've disabled the drivers from the build at the moment, so other
patches can be applied to fix some build issues due to internal api
changes since the code was removed from the tree.
Sean MacLennan [Tue, 29 Nov 2011 01:22:26 +0000 (20:22 -0500)]
rtl8192e: Split into two directories
Now that the rtl8192e driver is split up, it makes sense to keep the
rtllib code in one directory and the rtl8192e specific code in
another. This patch contains the split and the fixup of includes.
Since rtl_core.h already included rtllib.h and dot11d.h, rtl_core.h
was updated to point to the parent directory. All other references to
rtllib.h and dot11d.h in the rtl8192e specific code where deleted
rather than fixed. This leaves just one file that needs to know the
real location of the rtllib includes.
Signed-off-by: Sean MacLennan <seanm@seanm.ca> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Sean MacLennan [Tue, 29 Nov 2011 01:21:27 +0000 (20:21 -0500)]
rtl8192e: Split the driver up
This patch splits the current r8192e_pci driver up into six different
drivers: rtllib, rtllib_crypt, rtllib_crypt_ccmp, rtllib_crypt_tkip,
rtllib_crypt_wep, and r8192e_pci.
Now that they are proper modules, the init and exit functions do not
need to be called directly. Also, the rtllib_*_null functions are not
needed since they will be loaded on demand.
Signed-off-by: Sean MacLennan <seanm@seanm.ca> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Sean MacLennan [Tue, 29 Nov 2011 01:20:26 +0000 (20:20 -0500)]
rtl8192e: Export symbols
The rtl8192e driver had a natural split between the more generic
rtllib code and the more specific rtl8192e code. This patch exports
all the symbols needed by the r8192 specific code from the rtllib
generic code.
Signed-off-by: Sean MacLennan <seanm@seanm.ca> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Sean MacLennan [Tue, 29 Nov 2011 01:19:33 +0000 (20:19 -0500)]
rtl8192e: create generic rtllib_debug.h
Rename rtl_debug.h to rtllib_debug.h. Source files should include
rtllib.h if they are generic and rtl_core.h if they are r8192e
specific. Files should never include both.
Signed-off-by: Sean MacLennan <seanm@seanm.ca> Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Sean MacLennan [Tue, 29 Nov 2011 01:17:10 +0000 (20:17 -0500)]
rtl8192e: cleanup rtl_debug.h
This patch cleans up rtl_debug.h by removing all the unused defines and
stub functions.
The changes to rtl_core.c are just to remove the deleted stub function
calls.
The changes to rtl_debug.c are functions that are never called.
Signed-off-by: Sean MacLennan <seanm@seanm.ca> Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Andreas Ruprecht [Mon, 28 Nov 2011 15:59:13 +0000 (16:59 +0100)]
Staging: iio/accel: Changed return type of lis3l02dq_read_event_config() to int
The lis3l02dq_read_event_config() function returned an ssize_t up to
now, which lead to a compiler warning in line 660 (initialization from
incompatible pointer type). The iio_info struct is defined to accept an
int-returning function as the read_event_config parameter.
Also it seems odd to have the check for (ret < 0) and return ret in
this case, when the return type is signed.
Signed-off-by: Andreas Ruprecht <rupran@einserver.de> Acked-by: Jonathan Cameron <jic23@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Martyn Welch [Tue, 29 Nov 2011 13:28:05 +0000 (13:28 +0000)]
Staging: VME: PIO2: Correct irq reset
The loop used to reset the interrupt masks has faulty logic. There are 4
banks of 8 I/O, however each mask is comprised of 2 bits and thus there are
8 sets of registers to clear. Driver was wrongly equating this with 8 banks
leading to a us writing past the end of the "bank" array (used to store mask
configuration as these registers are write only) and thus causing memory
corruption. Clear both registers of masks for each bank and half iterations.
Andreas Ruprecht [Tue, 29 Nov 2011 10:43:28 +0000 (11:43 +0100)]
Staging: iio/adc: strict_strtoul was used with a long type variable
The function ad7280_store_balance_timer() parses data from a char*
buffer into a long variable, but uses the the function strict_strtoul
which expects a pointer to an unsigned long variable as its third
parameter.
As Dan Carpenter mentioned, the values are capped a few lines later,
but a check if val is negative is missing.
Now this function will return -ERANGE if there is a representation of
a negative number in buf.
Additionally the checkpatch.pl considers strict_strtoul as obsolete.
I replaced its call with the suggested kstrtoul.
Signed-off-by: Andreas Ruprecht <rupran@einserver.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Thomas Meyer [Tue, 29 Nov 2011 21:08:00 +0000 (22:08 +0100)]
staging: iio: Use kcalloc instead of kzalloc to allocate array
The advantage of kcalloc is, that will prevent integer overflows which could
result from the multiplication of number of elements and size and it is also
a bit nicer to read.
The semantic patch that makes this change is available
in https://lkml.org/lkml/2011/11/25/107
Signed-off-by: Thomas Meyer <thomas@m3y3r.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Xi Wang [Wed, 30 Nov 2011 02:53:46 +0000 (21:53 -0500)]
staging: vt6656: integer overflows in private_ioctl()
There are two potential integer overflows in private_ioctl() if
userspace passes in a large sList.uItem / sNodeList.uItem. The
subsequent call to kmalloc() would allocate a small buffer, leading
to a memory corruption.
Reported-by: Dan Rosenberg <drosenberg@vsecurity.com> Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Xi Wang [Wed, 30 Nov 2011 02:52:46 +0000 (21:52 -0500)]
staging: vt6655: integer overflows in private_ioctl()
There are two potential integer overflows in private_ioctl() if
userspace passes in a large sList.uItem / sNodeList.uItem. The
subsequent call to kmalloc() would allocate a small buffer, leading
to a memory corruption.
Reported-by: Dan Rosenberg <drosenberg@vsecurity.com> Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
staging: vt6656: card.c: Change return of CARDbAddBasicRate to void
In all locations that call this function ignore your returna, so remove
it.
Signed-off-by: Marcos Paulo de Souza <marcos.mage@gmail.com> Cc: Forest Bond <forest@alittletooquiet.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch removes a lot of commented code, and some return calls of
void functions.
Signed-off-by: Marcos Paulo de Souza <marcos.mage@gmail.com> Cc: Forest Bond <forest@alittletooquiet.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
staging: vt6656: baseband.c: Removed dead code, and fix coding standards
Remved some commented code, and fixed some style issues. was removed too
a redundant if statement.
Signed-off-by: Marcos Paulo de Souza <marcos.mage@gmail.com> Cc: Forest Bond <forest@alittletooquiet.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
staging: vt6656: 80211mgr.c: Code cleanup, removed return of void funcs.
Removed return call of void functions. Removed some code style issues.
Signed-off-by: Marcos Paulo de Souza <marcos.mage@gmail.com> Cc: Forest Bond <forest@alittletooquiet.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
staging: vt6656: main_usb.c: Use kzalloc instead kmalloc
Signed-off-by: Marcos Paulo de Souza <marcos.mage@gmail.com> Cc: Forest Bond <forest@alittletooquiet.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Haiyang Zhang [Mon, 28 Nov 2011 21:35:35 +0000 (13:35 -0800)]
staging: hv: move hv_netvsc out of staging area
hv_netvsc has been reviewed on netdev mailing list on 6/09/2011.
All recommended changes have been made. We are requesting to move
it out of staging area.
Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com> Signed-off-by: KY Srinivasan <kys@microsoft.com> Signed-off-by: Mike Sterling <Mike.Sterling@microsoft.com> Acked-by: Stephen Hemminger <shemminger@vyatta.com> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Andreas Ruprecht [Sun, 27 Nov 2011 22:17:42 +0000 (23:17 +0100)]
Staging: iio/accel: Changed data type of val in store_measurement_mode to u8
The code in sca3000_store_measurement_mode() uses the variable val to
do bitwise operations with an int mask and or-s it into st->rx[0] which
is an entry in a u8 array (see sca3000.h).
This means up to now values larger than a u8 were silently ignored and
just the lower 8 bits counted into the value that was written into
st->rx[0]. This code will return -ERANGE if the value in buf was too
large to fit into a u8.
Signed-off-by: Andreas Ruprecht <rupran@einserver.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Andreas Ruprecht [Sun, 27 Nov 2011 22:17:41 +0000 (23:17 +0100)]
Staging: iio/accel: Changed data type for val to unsigned long in write_frequency
In lis3102dq_write_frequency() we used a long variable to store the
value parsed from the char* buffer buf, as there only was a
strict_strtol() function to parse values.
Now we have got kstrto* which allows us to convert to the right data
type in most cases.
In this particular function we want to write a frequency value, and it
doesn't make sense to allow negative values here (as Dan Carpenter
pointed out in a previous email).
This means we can now parse the value into an unsigned long and get an
error for invalid (e.g. negative) values.
Signed-off-by: Andreas Ruprecht <rupran@einserver.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Andreas Ruprecht [Sun, 27 Nov 2011 22:17:40 +0000 (23:17 +0100)]
Staging: iio/accel: Changed data type in adis16220_write_16bit to u16
In the adis16220_write_16bit() function we used a long value to store
parsed data from the char* buffer buf.
The called function to actually write the data,
adis16220_spi_write_reg_16(), takes a u16 value as a parameter, so up
to now a value larger than u16 was silently ignored as it was only
truncated when passing the parameter.
Now this function will only accept values fitting into a u16.
Additionally the parsing function was changed to overcome the now
obsolete strict_strtol() function.
Signed-off-by: Andreas Ruprecht <rupran@einserver.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Kevin McKinney [Mon, 28 Nov 2011 01:51:47 +0000 (20:51 -0500)]
Staging: bcm: Reverse semaphore locking in IOCTL_BCM_BUFFER_DOWNLOAD_STOP.
This patch reorders the semaphore locking.
It makes better sense to first evaluate
fw_download_sema semaphore then
NVMRdmWrmLocl semaphore. The
fw_download_sema is suppose to be
acquired in the START ioctl. If this is
not true, then it does not make sense
to continue.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Kevin McKinney [Mon, 28 Nov 2011 01:51:46 +0000 (20:51 -0500)]
Staging: bcm: Alter code to move error handling closer to the calls.
This is a cleanup patch. I've shuffled the code around to
move the error handling closer to the calls. I've removed
some indent levels. I've replaced break statements with
direct returns.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Kevin McKinney [Mon, 28 Nov 2011 01:51:45 +0000 (20:51 -0500)]
Staging: bcm: Clean up patch that calls semaphore down_trylock directly.
This patch evaluates/calls the down_trylock locking
function directly, instead of storing the results
in a variable and evaluating the variable. These
changes were made in:
IOCTL_BCM_BUFFER_DOWNLOAD_STOP and
IOCTL_BCM_BUFFER_DOWNLOAD_START.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Implement the LTTng probe callbacks. One notable file here is
lttng-events.h, which is the core implementation of the LTTng
TRACE_EVENT macros for generation of probes and tracepoint decription
from the TRACE_EVENT declarations.
Add the "lttng" virtual file to debugfs and procfs. All operations are
performed through ioctls (LTTng ioctl range is already reserved
upstream) on this virtual file and on anonymous file descriptors
returned by these ioctls. Each file descriptor is associated with a
tracer "object" (session, channel, stream, event, context).
Each lttng buffer configuration (discard mode, overwrite mode, mmap
support, splice support, per-cpu buffers, global buffer for metadata) is
a lib ring buffer client.
x86-32 and x86-64 system call instrumentation, along with the
lttng-syscalls-generate-headers.sh script that generates the headers
from the system call list. See README for details.
Modifications to the in-kernel TRACE_EVENT are needed to generate the
compact event descriptions and the probe code LTTng generates. These
changes could apply to upstream TRACE_EVENT, but requires changing the
in-kernel API.
Peter Huewe [Sun, 27 Nov 2011 14:13:51 +0000 (15:13 +0100)]
staging/wlags49_h2: Convert pci_table entries to PCI_DEVICE (if PCI_ANY_ID is used)
This patch converts pci_table entries to use the PCI_DEVICE macro,
if .subvendor and .subdevice are set to PCI_ANY_ID,
and thus improves readablity.
Since CH_Agere_Systems_Mini_PCI_V1 is defined as 0 in hermes_pci_versions
and neither the enum nor the value is used anywhere else, we can drop
the assignment of .driver_data as it is initialized as 0 by default.
Signed-off-by: Peter Huewe <peterhuewe@gmx.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>