28 Mar, 2019
1 commit
-
Fix sparse warnings:
drivers/uio/uio_fsl_elbc_gpcm.c:71:1: warning:
symbol 'dev_attr_reg_br' was not declared. Should it be static?
drivers/uio/uio_fsl_elbc_gpcm.c:72:1: warning:
symbol 'dev_attr_reg_or' was not declared. Should it be static?Signed-off-by: YueHaibing
Reviewed-by: Mukesh Ojha
31 Jan, 2019
3 commits
-
In uio_dev_add_attributes() error handing case, idev is used after
device_unregister(), in which 'idev' has been released, touch idev cause
use-after-free.Fixes: a93e7b331568 ("uio: Prevent device destruction while fds are open")
Signed-off-by: Liu Jian
Reviewed-by: Hamish Martin
Signed-off-by: Greg Kroah-Hartman -
'idev' is malloced in __uio_register_device() and leak free it before
leaving from the uio_get_minor() error handing case, it will cause
memory leak.Fixes: a93e7b331568 ("uio: Prevent device destruction while fds are open")
Signed-off-by: Liu Jian
Reviewed-by: Hamish Martin
Signed-off-by: Greg Kroah-Hartman -
Userspace code using uio_pci_generic may enable bus-mastering by
directly manipulating a PCI device's command register. If a userspace
program enables bus-mastering but exits/crashes uncleanly, bus-
mastering will still be enabled and stale DMA addresses may be
programmed and live in the device.Disable bus-mastering unconditionally on last close of a UIO PCI fd
to avoid this. If the device did not have bus-mastering enabled,
pci_clear_master() is a no-op.Signed-off-by: Venkatesh Srinivas
Reviewed-by: Bjorn Helgaas
Reviewed-by: Catherine Sullivan
Acked-by: Michael S. Tsirkin
Signed-off-by: Greg Kroah-Hartman
22 Jan, 2019
2 commits
-
It is not necessary to check idev->info several times under
mutex lock, so just remove redundant check.Signed-off-by: Chengguang Xu
Signed-off-by: Greg Kroah-Hartman -
Should jump to lable err_infoopen when idev->info is NULL
in uio_open().Signed-off-by: Chengguang Xu
Signed-off-by: Greg Kroah-Hartman
29 Dec, 2018
1 commit
-
Pull char/misc driver updates from Greg KH:
"Here is the big set of char and misc driver patches for 4.21-rc1.Lots of different types of driver things in here, as this tree seems
to be the "collection of various driver subsystems not big enough to
have their own git tree" lately.Anyway, some highlights of the changes in here:
- binderfs: is it a rule that all driver subsystems will eventually
grow to have their own filesystem? Binder now has one to handle the
use of it in containerized systems.This was discussed at the Plumbers conference a few months ago and
knocked into mergable shape very fast by Christian Brauner. Who
also has signed up to be another binder maintainer, showing a
distinct lack of good judgement :)- binder updates and fixes
- mei driver updates
- fpga driver updates and additions
- thunderbolt driver updates
- soundwire driver updates
- extcon driver updates
- nvmem driver updates
- hyper-v driver updates
- coresight driver updates
- pvpanic driver additions and reworking for more device support
- lp driver updates. Yes really, it's _finally_ moved to the proper
parallal port driver model, something I never thought I would see
happen. Good stuff.- other tiny driver updates and fixes.
All of these have been in linux-next for a while with no reported
issues"* tag 'char-misc-4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (116 commits)
MAINTAINERS: add another Android binder maintainer
intel_th: msu: Fix an off-by-one in attribute store
stm class: Add a reference to the SyS-T document
stm class: Fix a module refcount leak in policy creation error path
char: lp: use new parport device model
char: lp: properly count the lp devices
char: lp: use first unused lp number while registering
char: lp: detach the device when parallel port is removed
char: lp: introduce list to save port number
bus: qcom: remove duplicated include from qcom-ebi2.c
VMCI: Use memdup_user() rather than duplicating its implementation
char/rtc: Use of_node_name_eq for node name comparisons
misc: mic: fix a DMA pool free failure
ptp: fix an IS_ERR() vs NULL check
genwqe: Fix size check
binder: implement binderfs
binder: fix use-after-free due to ksys_close() during fdget()
bus: fsl-mc: remove duplicated include files
bus: fsl-mc: explicitly define the fsl_mc_command endianness
misc: ti-st: make array read_ver_cmd static, shrinks object size
...
11 Dec, 2018
1 commit
-
This fixes the problem where uio application was unable to
use multple queues on restart. The root cause is that the callbacks
are cleared on disconnect. Change to setting up callbacks
everytime in open.Fixes: cdfa835c6e5e ("uio_hv_generic: defer opening vmbus until first use")
Reported-by: Mohammed Gamal
Signed-off-by: Stephen Hemminger
Signed-off-by: Greg Kroah-Hartman
27 Nov, 2018
1 commit
-
When the device is unregistered, it should wake up the blocking waiters.
Otherwise, they will sleep forever.Signed-off-by: Zhaolong Zhang
Signed-off-by: Greg Kroah-Hartman
26 Nov, 2018
1 commit
-
We want the char/misc fixes in here as well.
Signed-off-by: Greg Kroah-Hartman
12 Nov, 2018
2 commits
-
We should get 'driver_data' from 'struct device' directly. Going via
platform_device is an unneeded step back and forth.Signed-off-by: Wolfram Sang
Signed-off-by: Greg Kroah-Hartman -
I was trying to solve a double free but I introduced a more serious
NULL dereference bug. The problem is that if there is an IRQ which
triggers immediately, then we need "info->uio_dev" but it's not set yet.This patch puts the original initialization back to how it was and just
sets info->uio_dev to NULL on the error path so it should solve both
the Oops and the double free.Fixes: f019f07ecf6a ("uio: potential double frees if __uio_register_device() fails")
Reported-by: Mathias Thore
Signed-off-by: Dan Carpenter
Cc: stable
Tested-by: Mathias Thore
Signed-off-by: Greg Kroah-Hartman
03 Oct, 2018
2 commits
-
In preparation to remove the node name pointer from struct device_node,
convert printf users to use the %pOFn format specifier.Cc: Greg Kroah-Hartman
Signed-off-by: Rob Herring
Signed-off-by: Greg Kroah-Hartman -
Fixes the following sparse warning:
drivers/uio/uio.c:277:6: warning:
symbol 'uio_class_registered' was not declared. Should it be static?Fixes: ae61cf5b9913 ("uio: ensure class is registered before devices")
Signed-off-by: Wei Yongjun
Signed-off-by: Greg Kroah-Hartman
26 Sep, 2018
4 commits
-
This fixes two design flaws in hv_uio_generic.
Since hv_uio_probe is called from vmbus_probe with lock held
it potentially can cause sleep in an atomic section because
vmbus_open will wait for response from host.The hv_uio_generic driver could not handle applications
exiting and restarting because the vmbus channel was
persistent. Change the semantics so that the buffers are
allocated on probe, but not attached to host until
device is opened.Signed-off-by: Stephen Hemminger
Signed-off-by: Greg Kroah-Hartman -
The ring buffer is contiguous IOVA and is mapped via phys addr
for sysfs file. Use same method for the UIO mapping.Signed-off-by: Stephen Hemminger
Signed-off-by: Greg Kroah-Hartman -
Introduce the concept of mapping physical memory locations that
are normal memory. The new type UIO_MEM_IOVA are similar to
existing UIO_MEM_PHYS but the backing memory is not marked as uncached.Also, indent related switch to the currently used style.
Signed-off-by: Stephen Hemminger
Signed-off-by: Greg Kroah-Hartman -
Avoid going from struct page to virt address (and back) by just
keeping pointer to the allocated pages instead of virt address.Signed-off-by: Stephen Hemminger
Signed-off-by: Greg Kroah-Hartman
12 Sep, 2018
5 commits
-
As part of commit 9b85e95a3080 ("uio: Change return
type to vm_fault_t") in 4.19-rc1, this conversion
was missed. Now converted 'ret' to vm_fault_t type.Signed-off-by: Souptick Joarder
Signed-off-by: Greg Kroah-Hartman -
In preparation to remove the node name pointer from struct device_node,
convert printf users to use the %pOFn format specifier.Cc: Greg Kroah-Hartman
Signed-off-by: Rob Herring
Signed-off-by: Greg Kroah-Hartman -
When both uio and the uio drivers are built in the kernel, it is possible
for a driver to register devices before the uio class is registered.This may result in a NULL pointer dereference later on in
get_device_parent() when accessing the class glue_dirs spinlock.The trace looks like that:
Unable to handle kernel NULL pointer dereference at virtual address 00000140
[...]
[] _raw_spin_lock+0x14/0x48
[] device_add+0x154/0x6a0
[] device_create_groups_vargs+0x120/0x128
[] device_create+0x54/0x60
[] __uio_register_device+0x120/0x4a8
[] jaguar2_pci_probe+0x2d4/0x558
[] local_pci_probe+0x3c/0xb8
[] pci_device_probe+0x11c/0x180
[] driver_probe_device+0x22c/0x2d8
[] __driver_attach+0xbc/0xc0
[] bus_for_each_dev+0x4c/0x98
[] driver_attach+0x20/0x28
[] bus_add_driver+0x1b8/0x228
[] driver_register+0x60/0xf8
[] __pci_register_driver+0x40/0x48Return EPROBE_DEFER in that case so the driver can register the device
later.Signed-off-by: Alexandre Belloni
Signed-off-by: Greg Kroah-Hartman -
DEBUG is leftover from the development phase, remove it.
Signed-off-by: Stephen Hemminger
Signed-off-by: K. Y. Srinivasan
Signed-off-by: Greg Kroah-Hartman -
When using DPDK there is significant performance boost by using
the largest possible send and receive buffer area.Unfortunately, with UIO model there is not a good way to configure
this at run time. But it is okay to have a bigger buffer available
even if application only decides to use a smaller piece of it.Signed-off-by: Stephen Hemminger
Signed-off-by: K. Y. Srinivasan
Signed-off-by: Greg Kroah-Hartman
20 Aug, 2018
1 commit
-
Pull UIO fix from Greg KH:
"Here is a single UIO fix that I forgot to send before 4.18-final came
out. It reverts a UIO patch that went in the 4.18 development window
that was causing problems.This patch has been in linux-next for a while with no problems, I just
forgot to send it earlier, or as part of the larger char/misc patch
series from yesterday, my fault"* tag 'char-misc-4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
Revert "uio: use request_threaded_irq instead"
12 Aug, 2018
1 commit
-
Since mutex lock in irq hanler is useless currently, here will
remove it together with it.This reverts commit 9421e45f5ff3d558cf8b75a8cc0824530caf3453.
Reported-by: james.r.harris@intel.com
CC: Ahsan Atta
Signed-off-by: Xiubo Li
Signed-off-by: Greg Kroah-Hartman
02 Aug, 2018
3 commits
-
The uio_unregister_device() function assumes that if "info->uio_dev" is
non-NULL that means "info" is fully allocated. Setting info->uio_de
has to be the last thing in the function.In the current code, if request_threaded_irq() fails then we return with
info->uio_dev set to non-NULL but info is not fully allocated and it can
lead to double frees.Fixes: beafc54c4e2f ("UIO: Add the User IO core code")
Signed-off-by: Dan Carpenter
Signed-off-by: Greg Kroah-Hartman -
The call trace:
XXX/1910 is trying to acquire lock:
(&mm->mmap_sem){++++++}, at: [] might_fault+0x57/0xb0but task is already holding lock:
(&idev->info_lock){+.+...}, at: [] uio_write+0x46/0x130 [uio]which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&idev->info_lock){+.+...}:
[] lock_acquire+0x99/0x1e0
[] mutex_lock_nested+0x93/0x410
[] uio_mmap+0x2d/0x170 [uio]
[] mmap_region+0x428/0x650
[] do_mmap+0x3b8/0x4e0
[] vm_mmap_pgoff+0xd3/0x120
[] SyS_mmap_pgoff+0x1f1/0x270
[] SyS_mmap+0x22/0x30
[] system_call_fastpath+0x1c/0x21-> #0 (&mm->mmap_sem){++++++}:
[] __lock_acquire+0xdac/0x15f0
[] lock_acquire+0x99/0x1e0
[] might_fault+0x84/0xb0
[] uio_write+0xb4/0x130 [uio]
[] vfs_write+0xc3/0x1f0
[] SyS_write+0x8a/0x100
[] system_call_fastpath+0x1c/0x21other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&idev->info_lock);
lock(&mm->mmap_sem);
lock(&idev->info_lock);
lock(&mm->mmap_sem);*** DEADLOCK ***
1 lock held by XXX/1910:
#0: (&idev->info_lock){+.+...}, at: [] uio_write+0x46/0x130 [uio]stack backtrace:
CPU: 0 PID: 1910 Comm: XXX Kdump: loaded Not tainted #1
Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/19/2017
Call Trace:
[] dump_stack+0x19/0x1b
[] print_circular_bug+0x1f9/0x207
[] check_prevs_add+0x957/0x960
[] __lock_acquire+0xdac/0x15f0
[] ? mark_held_locks+0xb9/0x140
[] lock_acquire+0x99/0x1e0
[] ? might_fault+0x57/0xb0
[] might_fault+0x84/0xb0
[] ? might_fault+0x57/0xb0
[] uio_write+0xb4/0x130 [uio]
[] vfs_write+0xc3/0x1f0
[] ? fget_light+0xfc/0x510
[] SyS_write+0x8a/0x100
[] system_call_fastpath+0x1c/0x21Signed-off-by: Xiubo Li
Signed-off-by: Greg Kroah-Hartman -
There are two bugs here. First the error codes weren't set on several
paths. And second, if the call to request_threaded_irq() inside
uio_register_device() fails then it would lead to a double free when
we call uio_unregister_device() inside pruss_cleanup().Signed-off-by: Dan Carpenter
Signed-off-by: Greg Kroah-Hartman
21 Jul, 2018
3 commits
-
For those without any license text present or short reference
to GPL, add SPDX tag.Signed-off-by: Stephen Hemminger
Signed-off-by: Greg Kroah-Hartman -
uio_mmap has multiple fail paths to set return value to nonzero then
goto out. However, it always returns *0* from the *out* at end, and
this will mislead callers who check the return value of this function.Fixes: 57c5f4df0a5a0ee ("uio: fix crash after the device is unregistered")
CC: Xiubo Li
Signed-off-by: Hailong Liu
Cc: stable
Signed-off-by: Jiang Biao
Signed-off-by: Greg Kroah-Hartman -
Replace short statement in comment with proper SPDX
license tag.Signed-off-by: Stephen Hemminger
Signed-off-by: Greg Kroah-Hartman
07 Jul, 2018
3 commits
-
For the target_core_user use case, after the device is unregistered
it maybe still opened in user space, then the kernel will crash, like:[ 251.163692] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
[ 251.163820] IP: [] show_name+0x23/0x40 [uio]
[ 251.163965] PGD 8000000062694067 PUD 62696067 PMD 0
[ 251.164097] Oops: 0000 [#1] SMP
...
[ 251.165605] e1000 mptscsih mptbase drm_panel_orientation_quirks dm_mirror dm_region_hash dm_log dm_mod
[ 251.166014] CPU: 0 PID: 13380 Comm: tcmu-runner Kdump: loaded Not tainted 3.10.0-916.el7.test.x86_64 #1
[ 251.166381] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 05/19/2017
[ 251.166747] task: ffff971eb91db0c0 ti: ffff971e9e384000 task.ti: ffff971e9e384000
[ 251.167137] RIP: 0010:[] [] show_name+0x23/0x40 [uio]
[ 251.167563] RSP: 0018:ffff971e9e387dc8 EFLAGS: 00010282
[ 251.167978] RAX: 0000000000000000 RBX: ffff971e9e3f8000 RCX: ffff971eb8368d98
[ 251.168408] RDX: ffff971e9e3f8000 RSI: ffffffffc0738084 RDI: ffff971e9e3f8000
[ 251.168856] RBP: ffff971e9e387dd0 R08: ffff971eb8bc0018 R09: 0000000000000000
[ 251.169296] R10: 0000000000001000 R11: ffffffffa09d444d R12: ffffffffa1076e80
[ 251.169750] R13: ffff971e9e387f18 R14: 0000000000000001 R15: ffff971e9cfb1c80
[ 251.170213] FS: 00007ff37d175880(0000) GS:ffff971ebb600000(0000) knlGS:0000000000000000
[ 251.170693] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 251.171248] CR2: 0000000000000008 CR3: 00000000001f6000 CR4: 00000000003607f0
[ 251.172071] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 251.172640] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 251.173236] Call Trace:
[ 251.173789] [] dev_attr_show+0x23/0x60
[ 251.174356] [] ? mutex_lock+0x12/0x2f
[ 251.174892] [] sysfs_kf_seq_show+0xcf/0x1f0
[ 251.175433] [] kernfs_seq_show+0x26/0x30
[ 251.175981] [] seq_read+0x110/0x3f0
[ 251.176609] [] kernfs_fop_read+0xf5/0x160
[ 251.177158] [] vfs_read+0x9f/0x170
[ 251.177707] [] SyS_read+0x7f/0xf0
[ 251.178268] [] system_call_fastpath+0x1c/0x21
[ 251.178823] Code: 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 53 48 89 d3 e8 7e 96 56 e0 48 8b 80 d8 02 00 00 48 89 df 48 c7 c6 84 80 73 c0 8b 50 08 31 c0 e8 e2 67 44 e0 5b 48 98 5d c3 0f 1f 00 66 2e
[ 251.180115] RIP [] show_name+0x23/0x40 [uio]
[ 251.180820] RSP
[ 251.181473] CR2: 0000000000000008CC: Hamish Martin
CC: Mike Christie
Reviewed-by: Hamish Martin
Signed-off-by: Xiubo Li
Signed-off-by: Greg Kroah-Hartman -
We are hitting a regression with the following commit:
commit a93e7b331568227500186a465fee3c2cb5dffd1f
Author: Hamish Martin
Date: Mon May 14 13:32:23 2018 +1200uio: Prevent device destruction while fds are open
The problem is the addition of spin_lock_irqsave in uio_write. This
leads to hitting uio_write -> copy_from_user -> _copy_from_user ->
might_fault and the logs filling up with sleeping warnings.I also noticed some uio drivers allocate memory, sleep, grab mutexes
from callouts like open() and release and uio is now doing
spin_lock_irqsave while calling them.Reported-by: Mike Christie
CC: Hamish Martin
Reviewed-by: Hamish Martin
Signed-off-by: Xiubo Li
Signed-off-by: Greg Kroah-Hartman -
Prepraing for changing to use mutex lock.
Signed-off-by: Xiubo Li
Signed-off-by: Greg Kroah-Hartman
13 Jun, 2018
1 commit
-
The kzalloc() function has a 2-factor argument form, kcalloc(). This
patch replaces cases of:kzalloc(a * b, gfp)
with:
kcalloc(a * b, gfp)as well as handling cases of:
kzalloc(a * b * c, gfp)
with:
kzalloc(array3_size(a, b, c), gfp)
as it's slightly less ugly than:
kzalloc_array(array_size(a, b), c, gfp)
This does, however, attempt to ignore constant size factors like:
kzalloc(4 * 1024, gfp)
though any constants defined via macros get caught up in the conversion.
Any factors with a sizeof() of "unsigned char", "char", and "u8" were
dropped, since they're redundant.The Coccinelle script used for this was:
// Fix redundant parens around sizeof().
@@
type TYPE;
expression THING, E;
@@(
kzalloc(
- (sizeof(TYPE)) * E
+ sizeof(TYPE) * E
, ...)
|
kzalloc(
- (sizeof(THING)) * E
+ sizeof(THING) * E
, ...)
)// Drop single-byte sizes and redundant parens.
@@
expression COUNT;
typedef u8;
typedef __u8;
@@(
kzalloc(
- sizeof(u8) * (COUNT)
+ COUNT
, ...)
|
kzalloc(
- sizeof(__u8) * (COUNT)
+ COUNT
, ...)
|
kzalloc(
- sizeof(char) * (COUNT)
+ COUNT
, ...)
|
kzalloc(
- sizeof(unsigned char) * (COUNT)
+ COUNT
, ...)
|
kzalloc(
- sizeof(u8) * COUNT
+ COUNT
, ...)
|
kzalloc(
- sizeof(__u8) * COUNT
+ COUNT
, ...)
|
kzalloc(
- sizeof(char) * COUNT
+ COUNT
, ...)
|
kzalloc(
- sizeof(unsigned char) * COUNT
+ COUNT
, ...)
)// 2-factor product with sizeof(type/expression) and identifier or constant.
@@
type TYPE;
expression THING;
identifier COUNT_ID;
constant COUNT_CONST;
@@(
- kzalloc
+ kcalloc
(
- sizeof(TYPE) * (COUNT_ID)
+ COUNT_ID, sizeof(TYPE)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(TYPE) * COUNT_ID
+ COUNT_ID, sizeof(TYPE)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(TYPE) * (COUNT_CONST)
+ COUNT_CONST, sizeof(TYPE)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(TYPE) * COUNT_CONST
+ COUNT_CONST, sizeof(TYPE)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(THING) * (COUNT_ID)
+ COUNT_ID, sizeof(THING)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(THING) * COUNT_ID
+ COUNT_ID, sizeof(THING)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(THING) * (COUNT_CONST)
+ COUNT_CONST, sizeof(THING)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(THING) * COUNT_CONST
+ COUNT_CONST, sizeof(THING)
, ...)
)// 2-factor product, only identifiers.
@@
identifier SIZE, COUNT;
@@- kzalloc
+ kcalloc
(
- SIZE * COUNT
+ COUNT, SIZE
, ...)// 3-factor product with 1 sizeof(type) or sizeof(expression), with
// redundant parens removed.
@@
expression THING;
identifier STRIDE, COUNT;
type TYPE;
@@(
kzalloc(
- sizeof(TYPE) * (COUNT) * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
kzalloc(
- sizeof(TYPE) * (COUNT) * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
kzalloc(
- sizeof(TYPE) * COUNT * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
kzalloc(
- sizeof(TYPE) * COUNT * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
kzalloc(
- sizeof(THING) * (COUNT) * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
|
kzalloc(
- sizeof(THING) * (COUNT) * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
|
kzalloc(
- sizeof(THING) * COUNT * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
|
kzalloc(
- sizeof(THING) * COUNT * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
)// 3-factor product with 2 sizeof(variable), with redundant parens removed.
@@
expression THING1, THING2;
identifier COUNT;
type TYPE1, TYPE2;
@@(
kzalloc(
- sizeof(TYPE1) * sizeof(TYPE2) * COUNT
+ array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
, ...)
|
kzalloc(
- sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+ array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
, ...)
|
kzalloc(
- sizeof(THING1) * sizeof(THING2) * COUNT
+ array3_size(COUNT, sizeof(THING1), sizeof(THING2))
, ...)
|
kzalloc(
- sizeof(THING1) * sizeof(THING2) * (COUNT)
+ array3_size(COUNT, sizeof(THING1), sizeof(THING2))
, ...)
|
kzalloc(
- sizeof(TYPE1) * sizeof(THING2) * COUNT
+ array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
, ...)
|
kzalloc(
- sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+ array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
, ...)
)// 3-factor product, only identifiers, with redundant parens removed.
@@
identifier STRIDE, SIZE, COUNT;
@@(
kzalloc(
- (COUNT) * STRIDE * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kzalloc(
- COUNT * (STRIDE) * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kzalloc(
- COUNT * STRIDE * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kzalloc(
- (COUNT) * (STRIDE) * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kzalloc(
- COUNT * (STRIDE) * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kzalloc(
- (COUNT) * STRIDE * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kzalloc(
- (COUNT) * (STRIDE) * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kzalloc(
- COUNT * STRIDE * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
)// Any remaining multi-factor products, first at least 3-factor products,
// when they're not all constants...
@@
expression E1, E2, E3;
constant C1, C2, C3;
@@(
kzalloc(C1 * C2 * C3, ...)
|
kzalloc(
- (E1) * E2 * E3
+ array3_size(E1, E2, E3)
, ...)
|
kzalloc(
- (E1) * (E2) * E3
+ array3_size(E1, E2, E3)
, ...)
|
kzalloc(
- (E1) * (E2) * (E3)
+ array3_size(E1, E2, E3)
, ...)
|
kzalloc(
- E1 * E2 * E3
+ array3_size(E1, E2, E3)
, ...)
)// And then all remaining 2 factors products when they're not all constants,
// keeping sizeof() as the second factor argument.
@@
expression THING, E1, E2;
type TYPE;
constant C1, C2, C3;
@@(
kzalloc(sizeof(THING) * C2, ...)
|
kzalloc(sizeof(TYPE) * C2, ...)
|
kzalloc(C1 * C2 * C3, ...)
|
kzalloc(C1 * C2, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(TYPE) * (E2)
+ E2, sizeof(TYPE)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(TYPE) * E2
+ E2, sizeof(TYPE)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(THING) * (E2)
+ E2, sizeof(THING)
, ...)
|
- kzalloc
+ kcalloc
(
- sizeof(THING) * E2
+ E2, sizeof(THING)
, ...)
|
- kzalloc
+ kcalloc
(
- (E1) * E2
+ E1, E2
, ...)
|
- kzalloc
+ kcalloc
(
- (E1) * (E2)
+ E1, E2
, ...)
|
- kzalloc
+ kcalloc
(
- E1 * E2
+ E1, E2
, ...)
)Signed-off-by: Kees Cook
14 May, 2018
2 commits
-
Prevent destruction of a uio_device while user space apps hold open
file descriptors to that device. Further, access to the 'info' member
of the struct uio_device is protected by spinlock. This is to ensure
stale pointers to data not under control of the UIO subsystem are not
dereferenced.Signed-off-by: Hamish Martin
Reviewed-by: Chris Packham
Signed-off-by: Greg Kroah-Hartman -
Drive all return paths for uio_write() through a single block at the
end of the function.Signed-off-by: Hamish Martin
Reviewed-by: Chris Packham
Signed-off-by: Greg Kroah-Hartman
30 Apr, 2018
1 commit
-
We want the fixes in here as well.
Signed-off-by: Greg Kroah-Hartman
23 Apr, 2018
2 commits
-
Structure platform_driver does not need to set the owner field, as this
will be populated by the driver core.Generated by scripts/coccinelle/api/platform_no_drv_owner.cocci.
Signed-off-by: Fabio Estevam
Signed-off-by: Greg Kroah-Hartman -
Use new return type vm_fault_t for fault handler
in struct vm_operations_struct. For now, this is
just documenting that the function returns a VM_
FAULT value rather than an errno. Once all inst
ances are converted, vm_fault_t will become a di
stinct type.Reference - 1c8f422059ae ("mm: change return type
to vm_fault_t")Signed-off-by: Souptick Joarder
Reviewed-by: Matthew Wilcox
Signed-off-by: Greg Kroah-Hartman
