Coverity spotted a "use after free" bug in
drivers/char/agp/amd-k7-agp.c::amd_create_gatt_pages().
The problem is this:
If "entry = kzalloc(sizeof(struct amd_page_map), GFP_KERNEL);"
fails, then there's a loop in the function to free all entries
allocated so far and break out of the allocation loop. That in itself
is pretty sane, but then the (now freed) 'tables' is assigned to
amd_irongate_private.gatt_pages and 'retval' is set to -ENOMEM which
causes amd_free_gatt_pages(); to be called at the end of the function.
The problem with this is that amd_free_gatt_pages() will then loop
'amd_irongate_private.num_tables' times and try to free each entry in
tables[] - this is bad since tables has already been freed and
furthermore it will call kfree(tables) at the end - a double free.
This patch removes the freeing loop in amd_create_gatt_pages() and
instead relies entirely on the call to amd_free_gatt_pages() to free
everything we allocated in case of an error. It also sets
amd_irongate_private.num_tables to the actual number of entries
allocated instead of just using the value passed in from the caller -
this ensures that amd_free_gatt_pages() will only attempt to free
stuff that was actually allocated.
Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>
With Andi's clflush fixup, we were getting hangs on server exit, flushing the
mappings after freeing each page helped.
This showed up a race condition where the pages after being freed could be
reused before the agp mappings had been flushed. Flushing after each single
page is a bad thing for future drm work, so make the page destroy a two pass
unmapping all the pages, flushing the mappings, and then destroying the pages.
Signed-off-by: Dave Airlie <airlied@linux.ie>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Make sure the mmc_spi driver can build without CONFIG_BLOCK.
Issue noted by "Avuton Olrich" <avuton@gmail.com> and randconfig.
While that won't be a common configuration, sometimes embedded
boards use SDIO to interface WLAN or Bluetooth chips (vs some
parallel interface), and don't provide an MMC/SD socket for use
with flash memory cards.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* git://git.kernel.org/pub/scm/linux/kernel/git/tglx/linux-2.6-x86:
x86: force timer broadcast on late AMD C1E detection
x86: move local APIC timer init to the end of start_secondary()
clockevents: introduce force broadcast notifier
x86: fix missing include for vsyscall
The call to napi_disable() in the PCI shutdown handler is problematic,
and is aggravated by the new NAPI.
Also, make sure watchdog timer doesn't go off.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The 64bit SMP bootup is slightly different to the 32bit one. It enables
the boot CPU local APIC timer before all CPUs are brought up. Some AMD C1E
systems have the C1E feature flag only set in the secondary CPU. Due to
the early enable of the boot CPU local APIC timer the APIC timer is
registered as a fully functional device. When we detect the wreckage during
the bringup of the secondary CPU, we need to force the boot CPU into
broadcast mode.
Check the C1E caused APIC timer disable, when the secondary APIC timer is
initialized. If the boot CPU APIC timer was registered as a functional
clock event device, then fix this up and utilize the
CLOCK_EVT_NOTIFY_BROADCAST_FORCE mechanism to force the already
registered boot CPU APIC timer into broadcast mode.
Tested by force injecting the failure mode.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
The 64bit SMP bootup is slightly different to the 32bit one. It enables
the boot CPU local APIC timer before all CPUs are brought up. Some AMD C1E
systems have the C1E feature flag only set in the secondary CPU. Due to
the early enable of the boot CPU local APIC timer the APIC timer is
registered as a fully functional device. When we detect the wreckage during
the bringup of the secondary CPU, we need to force the boot CPU into
broadcast mode.
Add a new notifier reason and implement the force broadcast in the clock
events layer.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
> Maybe I just picked a bad time to try, but...
>
> arch/x86/kernel/alternative.c: In function 'apply_alternatives':
> arch/x86/kernel/alternative.c:191: error: 'VSYSCALL_START' undeclared (first use in this function)
> arch/x86/kernel/alternative.c:191: error: (Each undeclared identifier is reported only once
> arch/x86/kernel/alternative.c:191: error: for each function it appears in.)
> arch/x86/kernel/alternative.c:191: error: 'VSYSCALL_END' undeclared (first use in this function)
> make[1]: *** [arch/x86/kernel/alternative.o] Error 1
> make: *** [arch/x86/kernel] Error 2
Try this.
Include missing header for vsyscall.
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
* 'release' of git://lm-sensors.org/kernel/mhoffman/hwmon-2.6: (53 commits)
hwmon: (vt8231) fix sparse warning
hwmon: (sis5595) fix sparse warning
hwmon: (w83627hf) don't assume bank 0
hwmon: (w83627hf) Fix setting fan min right after driver load
hwmon: (w83627hf) De-macro sysfs callback functions
hwmon: Add new combined driver for FSC chips
hwmon: (ibmpex) Release IPMI user if hwmon registration fails
hwmon: (dme1737) Add sch311x support
hwmon: (dme1737) group functions logically
hwmon: (dme1737) cleanups
hwmon: IBM power meter driver
hwmon: (coretemp) Add support for Celeron 4xx
hwmon: (lm87) Disable VID when it should be
hwmon: (w83781d) Add individual alarm and beep files
hwmon: VRM is not read from registers
MAINTAINERS: update hwmon subsystem git trees
hwmon: Fix the code examples in documentation
hwmon: update sysfs interface document - error handling
hwmon: (thmc50) Fix a debug message
hwmon: (thmc50) Don't create temp3 if not enabled
...
- killed paranoid NULL Pointer check
- human readable LED states
- support for "Eicon DIVA USB 4.0" (0x071d/0x1005)
Signed-off-by: Martin Bachem <info@colognechip.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
if your mask is host-endian, you should apply it after le64_to_cpu();
if it's little-endian - before. Doing both (for the same mask and
little-endian value) is broken.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
all uses of and almost all assignments to lro_desc->tcp_ack assume that it's
net-endian; one converts net-endian to host-endian and sticks it in
lro_desc->tcp_ack.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
deal with signedness of the stuff passed to set_bit() et.al.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
... since that sucker is not 32bit-only and on 64bit skb->tail is an
offset, not a pointer.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: (21 commits)
HID: hidraw_connect() memleak fix
HID: add hidraw interface
USB HID: provide hook for hidraw write()
HID: hiddev: Add 32bit ioctl compatibilty
HID: Add GeneralTouch touchscreen to the blacklist
HID: add support for Microsoft Wireless Laser Keyboard 6000
Input: add KEY_LOGOFF
USBHID: report descriptor fix for MacBook JIS keyboard
HID: trivial fixes in hid-debug
HID: fix input mapping for Microsoft Ergonomic Keyboard
HID: use hid-plff driver for GreenAsia 0e8f:0003 devices
USBHID: Add HID_QUIRK_NOGET for ELO Touch Screen 2700 display
HID: enable hiddev for the SantaRosa MacBookPro IR receiver
USBHID: add CM109 device to blacklist
HID: Report usage codes of keys as EV_MSC scancode events
HID: ignore all non-LED usages in output fields in hid-input
HID: fix whitespace damage
HID: add support for Thrustmaster FGT Force Feedback wheel
HID: minimal autosuspend support for USB HID devices
HID: add support for Microsoft Natural Ergonomic Keyboard 4000
...
* git://git.infradead.org/mtd-2.6:
[MTD] fix mtdconcat for subpage-write NAND
[MTD] [OneNAND] Avoid deadlock in erase callback; release chip lock first.
[MTD] [OneNAND] Return only negative error codes
[MTD] [OneNAND] Synchronize block locking operations
UBI: return correct error code
UBI: remove useless inlines
UBI: fix atomic LEB change problems
UBI: use byte hexdump
UBI: do not use vmalloc on I/O path
UBI: allocate memory with GFP_NOFS
UBI: use linux print_hex_dump(), not home-grown one
UBI: don't use array index before testing if it is negative
UBI: add more prints
UBI: fix sparse warnings
UBI: fix leak in ubi_scan_erase_peb
There is no good reason for board platform code to mess with the ROOT_DEV.
Remove it from all in-tree platforms except powermac
This is a follow on to commit 745e102775.
The original patch had this change to lite5200.c, but it got dropped in
the psycho madness that is the 2.6.24 merge window.
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Using readw() and friends => needs to pull io.h and not all targets are
doing that via indirect chains.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
It looks like hidraw_connect() is leaking memory in case of failure.
Also it should return -ENOMEM when kzalloc fails.
Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
hidraw is an interface that is going to obsolete hiddev one
day.
Many userland applications are using libusb instead of using
kernel-provided hiddev interface. This is caused by various
reasons - the HID parser in kernel doesn't handle all the
HID hardware on the planet properly, some devices might require
its own specific quirks/drivers, etc.
hiddev interface tries to do its best to parse all the received
reports properly, and presents only parsed usages into userspace.
This is however often not enough, and that's the reason why
many userland applications just don't use hiddev at all, and
rather use libusb to read raw USB events and process them on
their own.
Another drawback of hiddev is that it is USB-specific.
hidraw interface provides userspace readers with really raw HID
reports, no matter what the low-level transport layer is (USB/BT),
and gives the userland applications all the freedom to process
the HID reports in a way they wish to.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>