The disconnect function can dereference the net_device structure when it
is never allocated. This is the case when ejecting the device installer.
Signed-off-by: Marc Pignat <marc.pignat@hevs.ch>
Acked-by: Daniel Drake <dsd@gentoo.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Using the Coverity checker, Adrian Bunk found that routine b43legacy_start
could return an unitialized variable. This patch fixes the problem.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch fixes two off-by-one errors resulting in array overflows
spotted by the Coverity checker.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
p54_set_filter is now called from configure_filter, which is not
allowed to sleep. The filter configuration packet allocation should be
atomic now.
Thanks to Dmitry Torokhov <dtor@insightbb.com> for reporting this bug.
Signed-off-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This patch removes all double includes of the same file. This
makes scripts/checkincludes.pl happy.
Signed-off-by: Holger Schurig <hs4233@mail.mn-solutions.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
The wrong pointer is passed to ieee80211_get_morefrag. Fix this.
While we're at it, reorder things so they look better and the rts duration
calculation is done with the right length.
Thanks to Christoph Hellwig for finding the ieee80211_get_morefrag issue.
Signed-off-by: Michael Wu <flamingice@sourmilk.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
ipw2100 wasn't sending WEXT scan events at all on scan completion. And
like ipw2200, the driver aggressively auto-scans, requiring
non-user-requested scan events to be batched together and sent at
specific intervals instead of many times per seconds.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Fix bogus copying of data into userspace when HIDIOCGRDESC is issued.
HID-transport layer makes sure that dev->hid->rdesc is not larger than
HID_MAX_DESCRIPTOR_SIZE.
Noticed-by: Al Viro <viro@ftp.linux.org.uk>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
0x1106, 0x7204 is unknown and thus is not an IGP/GPU.
0x1106, 0x3304 is K8M800 hostbridge, not an IGP/GPU.
None of them are in drm git tree.
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>
This makes sure each blit starts as early as possible, which may improve
texture upload performance in some cases.
Signed-off-by: Dave Airlie <airlied@redhat.com>
The data is now in kernel space, copied in/out as appropriate according to t
This results in DRM_COPY_{TO,FROM}_USER going away, and error paths to deal
with those failures. This also means that XFree86 4.2.0 support for i810 DR
is lost.
Signed-off-by: Dave Airlie <airlied@linux.ie>
As a fallout, replace filp storage with file_priv storage for "unique
identifier of a client" all over the DRM. There is a 1:1 mapping, so this
should be a noop. This could be a minor performance improvement, as everyth
on Linux dereferenced filp to get file_priv anyway, while only the mmap ioct
went the other direction.
Signed-off-by: Dave Airlie <airlied@linux.ie>
This was used to make all ioctl handlers return -errno on linux and errno on
*BSD. Instead, just return -errno in shared code, and flip sign on return f
shared code to *BSD code.
Signed-off-by: Dave Airlie <airlied@linux.ie>
Coverity spotted a "use after free" bug in
drivers/char/agp/amd-k7-agp.c::amd_create_gatt_pages().
The problem is this:
If "entry = kzalloc(sizeof(struct amd_page_map), GFP_KERNEL);"
fails, then there's a loop in the function to free all entries
allocated so far and break out of the allocation loop. That in itself
is pretty sane, but then the (now freed) 'tables' is assigned to
amd_irongate_private.gatt_pages and 'retval' is set to -ENOMEM which
causes amd_free_gatt_pages(); to be called at the end of the function.
The problem with this is that amd_free_gatt_pages() will then loop
'amd_irongate_private.num_tables' times and try to free each entry in
tables[] - this is bad since tables has already been freed and
furthermore it will call kfree(tables) at the end - a double free.
This patch removes the freeing loop in amd_create_gatt_pages() and
instead relies entirely on the call to amd_free_gatt_pages() to free
everything we allocated in case of an error. It also sets
amd_irongate_private.num_tables to the actual number of entries
allocated instead of just using the value passed in from the caller -
this ensures that amd_free_gatt_pages() will only attempt to free
stuff that was actually allocated.
Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>
With Andi's clflush fixup, we were getting hangs on server exit, flushing the
mappings after freeing each page helped.
This showed up a race condition where the pages after being freed could be
reused before the agp mappings had been flushed. Flushing after each single
page is a bad thing for future drm work, so make the page destroy a two pass
unmapping all the pages, flushing the mappings, and then destroying the pages.
Signed-off-by: Dave Airlie <airlied@linux.ie>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Make sure the mmc_spi driver can build without CONFIG_BLOCK.
Issue noted by "Avuton Olrich" <avuton@gmail.com> and randconfig.
While that won't be a common configuration, sometimes embedded
boards use SDIO to interface WLAN or Bluetooth chips (vs some
parallel interface), and don't provide an MMC/SD socket for use
with flash memory cards.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The call to napi_disable() in the PCI shutdown handler is problematic,
and is aggravated by the new NAPI.
Also, make sure watchdog timer doesn't go off.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
- killed paranoid NULL Pointer check
- human readable LED states
- support for "Eicon DIVA USB 4.0" (0x071d/0x1005)
Signed-off-by: Martin Bachem <info@colognechip.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
if your mask is host-endian, you should apply it after le64_to_cpu();
if it's little-endian - before. Doing both (for the same mask and
little-endian value) is broken.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
deal with signedness of the stuff passed to set_bit() et.al.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
... since that sucker is not 32bit-only and on 64bit skb->tail is an
offset, not a pointer.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Using readw() and friends => needs to pull io.h and not all targets are
doing that via indirect chains.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
It looks like hidraw_connect() is leaking memory in case of failure.
Also it should return -ENOMEM when kzalloc fails.
Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
hidraw is an interface that is going to obsolete hiddev one
day.
Many userland applications are using libusb instead of using
kernel-provided hiddev interface. This is caused by various
reasons - the HID parser in kernel doesn't handle all the
HID hardware on the planet properly, some devices might require
its own specific quirks/drivers, etc.
hiddev interface tries to do its best to parse all the received
reports properly, and presents only parsed usages into userspace.
This is however often not enough, and that's the reason why
many userland applications just don't use hiddev at all, and
rather use libusb to read raw USB events and process them on
their own.
Another drawback of hiddev is that it is USB-specific.
hidraw interface provides userspace readers with really raw HID
reports, no matter what the low-level transport layer is (USB/BT),
and gives the userland applications all the freedom to process
the HID reports in a way they wish to.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This allows the mtdconcat driver to work with NAND flash devices that
support sub-page writes.
Signed-off-by: Chris Paulson-Ellis <chris@edesix.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Marc Pignat