20 Feb, 2016
1 commit
-
The purpose of gigaset_device_release() is to kfree() the struct
ser_cardstate that contains our struct device. This is done via a bit of
a detour. First we make our struct device's driver_data point to the
container of our struct ser_cardstate (which is a struct cardstate). In
gigaset_device_release() we then retrieve that driver_data again. And
after that we finally kfree() the struct ser_cardstate that was saved in
the struct cardstate.All of this can be achieved much easier by using container_of() to get
from our struct device to its container, struct ser_cardstate. Do so.Note that at the time the detour was implemented commit b8b2c7d845d5
("base/platform: assert that dev_pm_domain callbacks are called
unconditionally") had just entered the tree. That commit disconnected
our platform_device and our platform_driver. These were reconnected
again in v4.5-rc2 through commit 25cad69f21f5 ("base/platform: Fix
platform drivers with no probe callback"). And one of the consequences
of that fix was that it broke the detour via driver_data. That's because
it made __device_release_driver() stop being a NOP for our struct device
and actually do stuff again. One of the things it now does, is setting
our driver_data to NULL. That, in turn, makes it impossible for
gigaset_device_release() to get to our struct cardstate. Which has the
net effect of leaking a struct ser_cardstate at every call of this
driver's tty close() operation. So using container_of() has the
additional benefit of actually working.Reported-by: Dmitry Vyukov
Tested-by: Dmitry Vyukov
Signed-off-by: Paul Bolle
Acked-by: Tilman Schmidt
Signed-off-by: David S. Miller
16 Dec, 2015
4 commits
-
device->platform_data and platform_device->resource are never used
and remain NULL through their entire life. Drops the kfree() calls
for them from the device release method.Signed-off-by: Tilman Schmidt
Signed-off-by: Paul Bolle
Signed-off-by: David S. Miller -
When shutting down the device, the struct ser_cardstate must not be
kfree()d immediately after the call to platform_device_unregister()
since the embedded struct platform_device is still in use.
Move the kfree() call to the release method instead.Signed-off-by: Tilman Schmidt
Fixes: 2869b23e4b95 ("drivers/isdn/gigaset: new M101 driver (v2)")
Reported-by: Sasha Levin
Signed-off-by: Paul Bolle
Signed-off-by: David S. Miller -
These checks do nothing useful to protect the code from races. On the
other hand if the old code has been masking a real bug we would like to
know about it.The check for tiocmset is kept because it is valid for a tty driver to
have a NULL tiocmset method. That in itself is probably a mistake given
modern coding practices - but needs fixing in the tty layer.Signed-off-by: Alan Cox
Acked-by: Tilman Schmidt
Signed-off-by: Paul Bolle
Signed-off-by: David S. Miller -
Commit f34d7a5b7010 ("tty: The big operations rework") changed
tty->driver to tty->ops but left NULL checks for tty->driver untouched.
Fix.Signed-off-by: Tilman Schmidt
[pebolle: removed Fixes tag]
Signed-off-by: Paul Bolle
Signed-off-by: David S. Miller
16 Jul, 2015
2 commits
-
The line discipline read and write methods are optional so the dummy
methods in ser_gigaset are unnecessary and can be removed.Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
Commit 79901317ce80 ("n_tty: Don't flush buffer when closing ldisc"),
first merged in kernel release 3.10, caused the following regression
in the Gigaset M101 driver:Before that commit, when closing the N_TTY line discipline in
preparation to switching to N_GIGASET_M101, receive_room would be
reset to a non-zero value by the call to n_tty_flush_buffer() in
n_tty's close method. With the removal of that call, receive_room
might be left at zero, blocking data reception on the serial line.The present patch fixes that regression by setting receive_room
to an appropriate value in the ldisc open method.Fixes: 79901317ce80 ("n_tty: Don't flush buffer when closing ldisc")
Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller
24 Mar, 2015
4 commits
-
Restructure the control structure of the modem response parser
to improve readability and error handling.Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
Separate CID detection from main parser loop.
Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
Separate literal string handling from main parser loop.
Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
Factor out queueing of modem response events into helper function
add_cid_event().Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller
11 Dec, 2014
4 commits
-
Kernel CAPI has been the recommended ISDN subsystem for the Gigaset
driver since kernel release 2.6.34.2. It provides full backwards
compatibility to the old I4L subsystem thanks to the capidrv module.
I4L has been marked as deprecated for more than seven years.Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
No need to pass a member of the cardstate structure as a separate
argument if the entire structure is already passed.Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
Replace the flag-controlled retry loop by explicit goto statements
in the error branches to make the control structure easier to
understand.Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
Function gigaset_skb_sent was declared twice, identically, in gigaset.h.
Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller
15 Oct, 2014
7 commits
-
In usb_gigaset function gigaset_write_cmd(), the length field of
the command buffer structure could be cleared by the transmit
tasklet before it was used for the function's return value.
Fix by copying to a local variable before scheduling the tasklet.Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
Have callers of capi_cmsg2message and capi_message2cmsg handle
non-zero return values indicating failure.Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
at_state structures may be allocated individually or as part of a
cardstate or bc_state structure. The disconnect() function handled
both cases, creating a risk that it might try to deallocate an
at_state structure that had not been allocated individually.
Fix by splitting disconnect() into two variants handling cases
with and without an associated B channel separately, and adding
an explicit check.Spotted with Coverity.
Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
In do_action, a NULL pointer might be passed to function start_dial
which will dereference it.
Fix by adding a check for NULL before the call.Spotted with Coverity.
Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
In dump_rawmsg, the length field from a received data package was
used unscrutinized, allowing an attacker to control the size of the
allocated buffer and the number of times the output loop iterates.
Fix by limiting to a reasonable value.Spotted with Coverity.
Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
In gigaset_isdn_regdev, the name field may not have a null terminator
if the source string's length is equal to the buffer size.
Fix by zero filling the structure and excluding the last byte of the
name field from the copy.Spotted with Coverity.
Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
If we take the unsupported supplementary service notification mask
path, we end up falling through and overwriting the error code.
Insert a break statement to skip the remainder of the switch case
and proceed to sending the reply message.Spotted with Coverity.
Reported-by: Dave Jones
Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller
06 Oct, 2014
3 commits
-
Use function usb_endpoint_num() for the bulk endpoint and store
the endpoint number in the cardstate structure instead of the raw
endpoint address value.Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
Field int_in_endpointAddr was set but never used. Drop it.
Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
Avoid cascading warnings when leaving DLE mode fails by clearing
the DLE flag before entering recovery.Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller
23 Aug, 2014
2 commits
-
This patch introduces the use of the function usb_endpoint_num.
The Coccinelle semantic patch that makes these changes is as follows:
@@ struct usb_endpoint_descriptor *epd; @@
- (epd->bEndpointAddress & \(USB_ENDPOINT_NUMBER_MASK\|0x0f\))
+ usb_endpoint_num(epd)Signed-off-by: Himangi Saraogi
Acked-by: Julia Lawall
Acked-by: Tilman Schmidt
Signed-off-by: David S. Miller -
This patch introduces the use of the function usb_endpoint_num.
The Coccinelle semantic patch that makes these changes is as follows:
@@ struct usb_endpoint_descriptor *epd; @@
- (epd->bEndpointAddress & \(USB_ENDPOINT_NUMBER_MASK\|0x0f\))
+ usb_endpoint_num(epd)Signed-off-by: Himangi Saraogi
Acked-by: Julia Lawall
Acked-by: Tilman Schmidt
Signed-off-by: David S. Miller
30 Jul, 2014
1 commit
-
There is a lack of usb_put_dev(udev) on failure path in gigaset_probe().
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov
Acked-by: Tilman Schmidt
Signed-off-by: David S. Miller
02 May, 2013
1 commit
-
Pull VFS updates from Al Viro,
Misc cleanups all over the place, mainly wrt /proc interfaces (switch
create_proc_entry to proc_create(), get rid of the deprecated
create_proc_read_entry() in favor of using proc_create_data() and
seq_file etc).7kloc removed.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (204 commits)
don't bother with deferred freeing of fdtables
proc: Move non-public stuff from linux/proc_fs.h to fs/proc/internal.h
proc: Make the PROC_I() and PDE() macros internal to procfs
proc: Supply a function to remove a proc entry by PDE
take cgroup_open() and cpuset_open() to fs/proc/base.c
ppc: Clean up scanlog
ppc: Clean up rtas_flash driver somewhat
hostap: proc: Use remove_proc_subtree()
drm: proc: Use remove_proc_subtree()
drm: proc: Use minor->index to label things, not PDE->name
drm: Constify drm_proc_list[]
zoran: Don't print proc_dir_entry data in debug
reiserfs: Don't access the proc_dir_entry in r_open(), r_start() r_show()
proc: Supply an accessor for getting the data from a PDE's parent
airo: Use remove_proc_subtree()
rtl8192u: Don't need to save device proc dir PDE
rtl8187se: Use a dir under /proc/net/r8180/
proc: Add proc_mkdir_data()
proc: Move some bits from linux/proc_fs.h to linux/{of.h,signal.h,tty.h}
proc: Move PDE_NET() to fs/proc/proc_net.c
...
10 Apr, 2013
1 commit
-
The only part of proc_dir_entry the code outside of fs/proc
really cares about is PDE(inode)->data. Provide a helper
for that; static inline for now, eventually will be moved
to fs/proc, along with the knowledge of struct proc_dir_entry
layout.Signed-off-by: Al Viro
19 Mar, 2013
1 commit
-
It allows for cleaning up on a considerable amount of places. They did
port_get, wakeup, kref_put. Now the only thing needed is to call
tty_port_tty_wakeup which does exactly that.One exception is ifx6x60 where tty_wakeup was open-coded. We now call
tty_wakeup properly there.Signed-off-by: Jiri Slaby
Signed-off-by: Greg Kroah-Hartman
22 Feb, 2013
1 commit
-
Pull tty/serial patches from Greg Kroah-Hartman:
"Here's the big tty/serial driver patches for 3.9-rc1.More tty port rework and fixes from Jiri here, as well as lots of
individual serial driver updates and fixes.All of these have been in the linux-next tree for a while."
* tag 'tty-3.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: (140 commits)
tty: mxser: improve error handling in mxser_probe() and mxser_module_init()
serial: imx: fix uninitialized variable warning
serial: tegra: assume CONFIG_OF
TTY: do not update atime/mtime on read/write
lguest: select CONFIG_TTY to build properly.
ARM defconfigs: add missing inclusions of linux/platform_device.h
fb/exynos: include platform_device.h
ARM: sa1100/assabet: include platform_device.h directly
serial: imx: Fix recursive locking bug
pps: Fix build breakage from decoupling pps from tty
tty: Remove ancient hardpps()
pps: Additional cleanups in uart_handle_dcd_change
pps: Move timestamp read into PPS code proper
pps: Don't crash the machine when exiting will do
pps: Fix a use-after free bug when unregistering a source.
pps: Use pps_lookup_dev to reduce ldisc coupling
pps: Add pps_lookup_dev() function
tty: serial: uartlite: Support uartlite on big and little endian systems
tty: serial: uartlite: Fix sparse and checkpatch warnings
serial/arc-uart: Miscll DT related updates (Grant's review comments)
...Fix up trivial conflicts, mostly just due to the TTY config option
clashing with the EXPERIMENTAL removal.
30 Jan, 2013
1 commit
-
Bring in the 'net' tree so that we can get some ipv4/ipv6 bug
fixes that some net-next work will build upon.Signed-off-by: David S. Miller
22 Jan, 2013
5 commits
-
Cosmetic changes to drivers/isdn/gigaset/ev-layer.c and
drivers/isdn/gigaset/gigaset.h to improve readability.Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
Rearrange the gigaset_freecs() function to make it more readable,
and adapt gigaset_initcs() accordingly.Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
Avoid forward declarations and remove a needless initialization.
Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
Some firmware releases of Gigaset M105 do not accept AT+VLS=0 command
in DLE mode, so always leave DLE mode before sending the command.Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller -
If subtracting 12 from l leaves zero we'd do a zero size allocation,
leading to an oops later when we try to set the NUL terminator.Reported-by: Dan Carpenter
Signed-off-by: Tilman Schmidt
Signed-off-by: David S. Miller
19 Jan, 2013
1 commit
-
The option allows you to remove TTY and compile without errors. This
saves space on systems that won't support TTY interfaces anyway.
bloat-o-meter output is below.The bulk of this patch consists of Kconfig changes adding "depends on
TTY" to various serial devices and similar drivers that require the TTY
layer. Ideally, these dependencies would occur on a common intermediate
symbol such as SERIO, but most drivers "select SERIO" rather than
"depends on SERIO", and "select" does not respect dependencies.bloat-o-meter output comparing our previous minimal to new minimal by
removing TTY. The list is filtered to not show removed entries with awk
'$3 != "-"' as the list was very long.add/remove: 0/226 grow/shrink: 2/14 up/down: 6/-35356 (-35350)
function old new delta
chr_dev_init 166 170 +4
allow_signal 80 82 +2
static.__warned 143 142 -1
disallow_signal 63 62 -1
__set_special_pids 95 94 -1
unregister_console 126 121 -5
start_kernel 546 541 -5
register_console 593 588 -5
copy_from_user 45 40 -5
sys_setsid 128 120 -8
sys_vhangup 32 19 -13
do_exit 1543 1526 -17
bitmap_zero 60 40 -20
arch_local_irq_save 137 117 -20
release_task 674 652 -22
static.spin_unlock_irqrestore 308 260 -48Signed-off-by: Joe Millenbach
Reviewed-by: Jamey Sharp
Reviewed-by: Josh Triplett
Signed-off-by: Greg Kroah-Hartman
16 Jan, 2013
1 commit
-
Now, we start converting tty buffer functions to actually use
tty_port. This will allow us to get rid of the need of tty in many
call sites. Only tty_port will needed and hence no more
tty_port_tty_get in those paths.Now, the one where most of tty_port_tty_get gets removed:
tty_flip_buffer_push.IOW we also closed all the races in drivers not using tty_port_tty_get
at all yet.Also we move tty_flip_buffer_push declaration from include/linux/tty.h
to include/linux/tty_flip.h to all others while we are changing it
anyway.Signed-off-by: Jiri Slaby
Signed-off-by: Greg Kroah-Hartman