- 01 Dec, 2011 2 commits
-
-
Mathieu Desnoyers authored
* Dan Carpenter <dan.carpenter@oracle.com> wrote: > The patch c844b2f5: "lttng lib: ring buffer" from Nov 28, 2011, > leads to the following Smatch complaint: > > drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c +33 > +lib_ring_buffer_fault() > warn: variable dereferenced before check 'buf' (see line 26) > > drivers/staging/lttng/lib/ringbuffer/ring_buffer_mmap.c > 25 struct lib_ring_buffer *buf = vma->vm_private_data; > 26 struct channel *chan = buf->backend.chan; > ^^^^^^^^^^^^^^^^^ > Dereference. > > 27 const struct lib_ring_buffer_config *config = chan->backend.config; > 28 pgoff_t pgoff = vmf->pgoff; > 29 struct page **page; > 30 void **virt; > 31 unsigned long offset, sb_bindex; > 32 > 33 if (!buf) > ^^^^ > Check. > > 34 return VM_FAULT_OOM; > 35 This check is performed at mapping setup time in lib_ring_buffer_mmap_buf() already, so we can safely remove this duplicata. Reported-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@suse.de>
-
Mathieu Desnoyers authored
* Dan Carpenter <dan.carpenter@oracle.com> wrote: [...] > The patch c844b2f5: "lttng lib: ring buffer" from Nov 28, 2011, > leads to the following Smatch complaint: > > drivers/staging/lttng/lib/ringbuffer/ring_buffer_frontend.c +1150 > +lib_ring_buffer_print_buffer_errors() > warn: variable dereferenced before check 'chan' (see line 1143) > > drivers/staging/lttng/lib/ringbuffer/ring_buffer_frontend.c > 1142 { > 1143 const struct lib_ring_buffer_config *config = > +chan->backend.config; > > +^^^^^^^^^^^^^^^^^^^^ > Dereference. > > 1144 unsigned long write_offset, cons_offset; > 1145 > 1146 /* > 1147 * Can be called in the error path of allocation when > 1148 * trans_channel_data is not yet set. > 1149 */ > 1150 if (!chan) > ^^^^^^^^^ > Check. At first glance the comment seems out of date, I think check can > be removed safely. > > 1151 return; > 1152 /* Reported-by:
-
- 30 Nov, 2011 38 commits
-
-
Sean MacLennan authored
The "rtl8192e: Export symbols" patch exported three functions already exported by the rtl8192u driver. This patch renames the three functions: Dot11d_Init => dot11d_init HTUpdateSelfAndPeerSetting => HT_update_self_and_peer_setting IsLegalChannel => rtllib_legal_channel Signed-off-by:
Sean MacLennan <seanm@seanm.ca> Signed-off-by:
-
Colin Cross authored
Allow the board file to pass a boot info string through the platform data that is appended to the /proc/last_kmsg file. [moved the .h file to drivers/staging/android/ to be self-contained - gregkh] Signed-off-by:
Colin Cross <ccross@android.com> Signed-off-by:
-
JP Abgrall authored
(port from common android-2.6.39 commit: 11430f16545205c614dd5bd58e4a7ee630fc0f9f) events: (no change, 256) main: 64 -> 256 radio: 64 -> 256 system: 64 -> 256 Signed-off-by:
JP Abgrall <jpa@google.com> Signed-off-by:
-
Colin Cross authored
The arguments to shrink functions have changed, update lowmem_shrink to match. Signed-off-by:
-
Arve Hjønnevåg authored
Signed-off-by:
Arve Hjønnevåg <arve@android.com> Signed-off-by:
-
Colin Cross authored
Signed-off-by:
Colin Cross <ccross@google.com> Signed-off-by:
-
San Mehat authored
Now that we're murder-synchronous, this code path will never be called (and if it does, it doesn't tell us anything useful other than we killed a task that was already being killed by somebody else but hadn't gotten its' signal yet) Signed-off-by:
San Mehat <san@google.com> Signed-off-by:
-
Christopher Lais authored
binder_deferred_release was not unmapping the page from the buffer before freeing it, causing memory corruption. This only happened when page(s) had not been freed by binder_update_page_range, which properly unmaps the pages. This only happens on architectures with VIPT aliasing. To reproduce, create a program which opens, mmaps, munmaps, then closes the binder very quickly. This should leave a page allocated when the binder is released. When binder_deferrred_release is called on the close, the page will remain mapped to the address in the linear proc->buffer. Later, we may map the same physical page to a different virtual address that has different coloring, and this may cause aliasing to occur. PAGE_POISONING will greatly increase your chances of noticing any problems. Signed-off-by:
Christopher Lais <chris+android@zenthought.org> Signed-off-by:
-
San Mehat authored
This patch optimizes lowmemkiller to not do any work when it has an outstanding kill-request. This greatly reduces the pressure on the task_list lock (improving interactivity), as well as improving the vmscan performance when under heavy memory pressure (by up to 20x in tests). Note: For this enhancement to work, you need CONFIG_PROFILING Signed-off-by:
-
San Mehat authored
Under certain circumstances, a process can take awhile to handle a sig-kill (especially if it's in a scheduler group with a very low share ratio). When this occurs, lowmemkiller returns to vmscan indicating the process memory has been freed - even though the process is still waiting to die. Since the memory hasn't actually freed, lowmemkiller is called again shortly after, and picks the same process to die; regardless of the fact that it has already been 'scheduled' to die and the memory has already been reported to vmscan as having been freed. Solution is to check fatal_signal_pending() on the selected task, and if it's already pending destruction return; indicating to vmscan that no resources were freed on this pass. Signed-off-by:
-
Arve Hjønnevåg authored
Some drivers flush the global workqueue when closed. This would deadlock if the last reference to the file was released from the binder. Signed-off-by:
-
Mike Lockwood authored
The timed output device never previously checked the return value of sscanf, resulting in an uninitialized int being passed to enable() if input value was invalid. Signed-off-by:
Mike Lockwood <lockwood@android.com> Signed-off-by:
-
Arve Hjønnevåg authored
Signed-off-by:
-
Arve Hjønnevåg authored
Signed-off-by:
-
San Mehat authored
Signed-off-by:
-
Arve Hjønnevåg authored
Signed-off-by:
-
Arve Hjønnevåg authored
Signed-off-by:
-
San Mehat authored
[Note, this is part of a patch from Sam, just the drivers/staging/ portion, that adds a function that the apanic code calls, but the apanic code isn't here, so just include part of this to make merges and diffs easier and this keeps things self-contained - gregkh] Signed-off-by:
-
Greg Kroah-Hartman authored
It builds, so ship it! Cc: Arve Hjønnevåg <arve@android.com> Cc: Brian Swetland <swetland@google.com> Signed-off-by: -
Greg Kroah-Hartman authored
This reverts commit 2cdf99ce. It now builds, so this can be reverted. Cc: Arve Hjønnevåg <arve@android.com> Cc: Brian Swetland <swetland@google.com> Signed-off-by:
-
Colin Cross authored
Signed-off-by: -
Arve Hjønnevåg authored
Signed-off-by: -
Corentin Chary authored
Signed-off-by:
Corentin Chary <corentincj@iksaif.net> Signed-off-by:
-
Greg Kroah-Hartman authored
This reverts commit b0a0ccfa. Turns out I was wrong, we want these in the tree. Note, I've disabled the drivers from the build at the moment, so other patches can be applied to fix some build issues due to internal api changes since the code was removed from the tree. Cc: Arve Hjønnevåg <arve@android.com> Cc: Brian Swetland <swetland@google.com> Signed-off-by:
-
Sean MacLennan authored
Now that the rtl8192e driver is split up, it makes sense to keep the rtllib code in one directory and the rtl8192e specific code in another. This patch contains the split and the fixup of includes. Since rtl_core.h already included rtllib.h and dot11d.h, rtl_core.h was updated to point to the parent directory. All other references to rtllib.h and dot11d.h in the rtl8192e specific code where deleted rather than fixed. This leaves just one file that needs to know the real location of the rtllib includes. Signed-off-by:
-
Sean MacLennan authored
This patch splits the current r8192e_pci driver up into six different drivers: rtllib, rtllib_crypt, rtllib_crypt_ccmp, rtllib_crypt_tkip, rtllib_crypt_wep, and r8192e_pci. Now that they are proper modules, the init and exit functions do not need to be called directly. Also, the rtllib_*_null functions are not needed since they will be loaded on demand. Signed-off-by:
-
Sean MacLennan authored
The rtl8192e driver had a natural split between the more generic rtllib code and the more specific rtl8192e code. This patch exports all the symbols needed by the r8192 specific code from the rtllib generic code. Signed-off-by:
-
Sean MacLennan authored
Rename rtl_debug.h to rtllib_debug.h. Source files should include rtllib.h if they are generic and rtl_core.h if they are r8192e specific. Files should never include both. Signed-off-by:
-
Sean MacLennan authored
The RTL_DEBUG enum is used for rt_global_debug_component global variable and RT_TRACE. It should be in rtl_debug.h and not rtl_core.h. The rtl8192_proc_* functions are r8192 specific and should not be in rtl_debug.h. Move them to rtl_core.h. Signed-off-by:
-
Sean MacLennan authored
This patch cleans up rtl_debug.h by removing all the unused defines and stub functions. The changes to rtl_core.c are just to remove the deleted stub function calls. The changes to rtl_debug.c are functions that are never called. Signed-off-by:
-
Andreas Ruprecht authored
The lis3l02dq_read_event_config() function returned an ssize_t up to now, which lead to a compiler warning in line 660 (initialization from incompatible pointer type). The iio_info struct is defined to accept an int-returning function as the read_event_config parameter. Also it seems odd to have the check for (ret < 0) and return ret in this case, when the return type is signed. Signed-off-by:
Andreas Ruprecht <rupran@einserver.de> Acked-by:
Jonathan Cameron <jic23@kernel.org> Signed-off-by:
-
Martyn Welch authored
The loop used to reset the interrupt masks has faulty logic. There are 4 banks of 8 I/O, however each mask is comprised of 2 bits and thus there are 8 sets of registers to clear. Driver was wrongly equating this with 8 banks leading to a us writing past the end of the "bank" array (used to store mask configuration as these registers are write only) and thus causing memory corruption. Clear both registers of masks for each bank and half iterations. Reported-by:
Martyn Welch <martyn.welch@ge.com> Signed-off-by:
-
Andreas Ruprecht authored
The function ad7280_store_balance_timer() parses data from a char* buffer into a long variable, but uses the the function strict_strtoul which expects a pointer to an unsigned long variable as its third parameter. As Dan Carpenter mentioned, the values are capped a few lines later, but a check if val is negative is missing. Now this function will return -ERANGE if there is a representation of a negative number in buf. Additionally the checkpatch.pl considers strict_strtoul as obsolete. I replaced its call with the suggested kstrtoul. Signed-off-by:
-
Thomas Meyer authored
The advantage of kcalloc is, that will prevent integer overflows which could result from the multiplication of number of elements and size and it is also a bit nicer to read. The semantic patch that makes this change is available in https://lkml.org/lkml/2011/11/25/107Signed-off-by:
Thomas Meyer <thomas@m3y3r.de> Signed-off-by:
-
Xi Wang authored
There are two potential integer overflows in private_ioctl() if userspace passes in a large sList.uItem / sNodeList.uItem. The subsequent call to kmalloc() would allocate a small buffer, leading to a memory corruption. Reported-by:
Dan Rosenberg <drosenberg@vsecurity.com> Signed-off-by:
Xi Wang <xi.wang@gmail.com> Signed-off-by:
-
Xi Wang authored
There are two potential integer overflows in private_ioctl() if userspace passes in a large sList.uItem / sNodeList.uItem. The subsequent call to kmalloc() would allocate a small buffer, leading to a memory corruption. Reported-by:
-
Marcos Paulo de Souza authored
In all locations that call this function ignore your returna, so remove it. Signed-off-by:
Marcos Paulo de Souza <marcos.mage@gmail.com> Cc: Forest Bond <forest@alittletooquiet.net> Signed-off-by:
-
Marcos Paulo de Souza authored
This patch removes a lot of commented code, and some return calls of void functions. Signed-off-by:
-
