20 May, 2011
4 commits
-
The variable 'ret' is set but unused, and this pointed out that
errors from irlmp_connect_response() are not propagated to the
caller.Note that this is currently academic since irlmp_connect_response()
always returns 0. :-)Signed-off-by: David S. Miller
-
Signed-off-by: David S. Miller
-
Signed-off-by: David S. Miller
-
Signed-off-by: David S. Miller
13 May, 2011
1 commit
-
use tty_insert_flip_string and tty_flip_buffer_push to deliver incoming data
packets from the IrDA device instead of delivering the packets directly to the
line discipline. Following later approach resulted in warning "Sleeping function
called from invalid context".Signed-off-by: Amit Virdi
Acked-by: Alan Cox
Signed-off-by: David S. Miller
19 Apr, 2011
1 commit
-
Conflicts:
drivers/net/bnx2x/bnx2x_ethtool.c
18 Apr, 2011
2 commits
-
The variable 'd' is set but unused in irda_proc_register().
Just kill it off.
Signed-off-by: David S. Miller
-
The variable 'ret' is set but unused in irlap_state_sclose().
Just kill it off.
Signed-off-by: David S. Miller
13 Apr, 2011
1 commit
-
5b40964eadea40509d353318d2c82e8b7bf5e8a5 ("irda: Remove BKL instances
from af_irda.c") introduced a path where we have a locking unbalance.
If we pass invalid flags, we unlock a socket we never locked,
resulting in this...=====================================
[ BUG: bad unlock balance detected! ]
-------------------------------------
trinity/20101 is trying to release lock (sk_lock-AF_IRDA) at:
[] irda_sendmsg+0x207/0x21d [irda]
but there are no more locks to release!other info that might help us debug this:
no locks held by trinity/20101.stack backtrace:
Pid: 20101, comm: trinity Not tainted 2.6.39-rc3+ #3
Call Trace:
[] ? irda_sendmsg+0x207/0x21d [irda]
[] print_unlock_inbalance_bug+0xc7/0xd2
[] ? irda_sendmsg+0x207/0x21d [irda]
[] lock_release+0xcf/0x18e
[] release_sock+0x2d/0x155
[] irda_sendmsg+0x207/0x21d [irda]
[] __sock_sendmsg+0x69/0x75
[] sock_sendmsg+0xa1/0xb6
[] ? might_fault+0x5c/0xac
[] ? lock_release+0x181/0x18e
[] ? might_fault+0xa5/0xac
[] ? might_fault+0x5c/0xac
[] ? fcheck_files+0xb9/0xf0
[] ? copy_from_user+0x2f/0x31
[] ? verify_iovec+0x52/0xa6
[] sys_sendmsg+0x23a/0x2b8
[] ? lock_release+0x181/0x18e
[] ? up_read+0x28/0x2c
[] ? do_page_fault+0x360/0x3b4
[] ? trace_hardirqs_on_caller+0x10b/0x12f
[] ? finish_task_switch+0xb2/0xe3
[] ? finish_task_switch+0x46/0xe3
[] ? trace_hardirqs_off_caller+0x33/0x90
[] ? retint_swapgs+0x13/0x1b
[] ? trace_hardirqs_on_caller+0x10b/0x12f
[] ? audit_syscall_entry+0x11c/0x148
[] ? trace_hardirqs_on_thunk+0x3a/0x3f
[] system_call_fastpath+0x16/0x1bSigned-off-by: Dave Jones
Signed-off-by: David S. Miller
31 Mar, 2011
1 commit
-
Fixes generated by 'codespell' and manually reviewed.
Signed-off-by: Lucas De Marchi
28 Mar, 2011
2 commits
-
Length fields provided by a peer for names and attributes may be longer
than the destination array sizes. Validate lengths to prevent stack
buffer overflows.Signed-off-by: Dan Rosenberg
Cc: stable@kernel.org
Signed-off-by: David S. Miller -
Invalid nicknames containing only spaces will result in an underflow in
a memcpy size calculation, subsequently destroying the heap and
panicking.v2 also catches the case where the provided nickname is longer than the
buffer size, which can result in controllable heap corruption.Signed-off-by: Dan Rosenberg
Cc: stable@kernel.org
Signed-off-by: David S. Miller
18 Feb, 2011
3 commits
-
Only oddities here are a couple of drivers that bogusly called the ldisc
helpers instead of returning -ENOIOCTLCMD. Fix the bug and the rest goes
away.Signed-off-by: Alan Cox
Signed-off-by: Greg Kroah-Hartman -
Doing tiocmget was such fun we should do tiocmset as well for the same
reasonsSigned-off-by: Alan Cox
Signed-off-by: Greg Kroah-Hartman -
We don't actually need this and it causes problems for internal use of
this functionality. Currently there is a single use of the FILE * pointer.
That is the serial core which uses it to check tty_hung_up_p. However if
that is true then IO_ERROR is also already set so the check may be removed.Signed-off-by: Alan Cox
Signed-off-by: Greg Kroah-Hartman
27 Dec, 2010
2 commits
-
Conflicts:
net/ipv4/fib_frontend.c -
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (42 commits)
ipv4: dont create routes on down devices
epic100: hamachi: yellowfin: Fix skb allocation size
sundance: Fix oopses with corrupted skb_shared_info
Revert "ipv4: Allow configuring subnets as local addresses"
USB: mcs7830: return negative if auto negotiate fails
irda: prevent integer underflow in IRLMP_ENUMDEVICES
tcp: fix listening_get_next()
atl1c: Do not use legacy PCI power management
mac80211: fix mesh forwarding
MAINTAINERS: email address change
net: Fix range checks in tcf_valid_offset().
net_sched: sch_sfq: fix allot handling
hostap: remove netif_stop_queue from init
mac80211/rt2x00: add ieee80211_tx_status_ni()
typhoon: memory corruption in typhoon_get_drvinfo()
net: Add USB PID for new MOSCHIP USB ethernet controller MCS7832 variant
net_sched: always clone skbs
ipv6: Fragment locally generated tunnel-mode IPSec6 packets as needed.
netlink: fix gcc -Wconversion compilation warning
asix: add USB ID for Logitec LAN-GTJ U2A
...
24 Dec, 2010
1 commit
-
If the user-provided len is less than the expected offset, the
IRLMP_ENUMDEVICES getsockopt will do a copy_to_user() with a very large
size value. While this isn't be a security issue on x86 because it will
get caught by the access_ok() check, it may leak large amounts of kernel
heap on other architectures. In any event, this patch fixes it.Signed-off-by: Dan Rosenberg
Signed-off-by: David S. Miller
23 Nov, 2010
3 commits
-
Changed Makefile to use -y instead of -objs
because -objs is deprecated and not mentioned in
Documentation/kbuild/makefiles.txt.Signed-off-by: Tracey Dent
Signed-off-by: David S. Miller -
Changed Makefile to use -y instead of -objs
because -objs is deprecated and not mentioned in
Documentation/kbuild/makefiles.txt.Signed-off-by: Tracey Dent
Signed-off-by: David S. Miller -
Changed Makefile to use -y instead of -objs
because -objs is deprecated and not mentioned in
Documentation/kbuild/makefiles.txt.Signed-off-by: Tracey Dent
Signed-off-by: David S. Miller
20 Nov, 2010
1 commit
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (31 commits)
net: fix kernel-doc for sk_filter_rcu_release
be2net: Fix to avoid firmware update when interface is not open.
netfilter: fix IP_VS dependencies
net: irda: irttp: sync error paths of data- and udata-requests
ipv6: Expose reachable and retrans timer values as msecs
ipv6: Expose IFLA_PROTINFO timer values in msecs instead of jiffies
3c59x: fix build failure on !CONFIG_PCI
ipg.c: remove id [SUNDANCE, 0x1021]
net: caif: spi: fix potential NULL dereference
ath9k_htc: Avoid setting QoS control for non-QoS frames
net: zero kobject in rx_queue_release
net: Fix duplicate volatile warning.
MAINTAINERS: Add stmmac maintainer
bonding: fix a race in IGMP handling
cfg80211: fix can_beacon_sec_chan, reenable HT40
gianfar: fix signedness issue
net: bnx2x: fix error value sign
8139cp: fix checksum broken
r8169: fix checksum broken
rds: Integer overflow in RDS cmsg handling
...
19 Nov, 2010
1 commit
-
irttp_data_request() returns meaningful errorcodes, while irttp_udata_request()
just returns -1 in similar situations. Sync the two and the loglevels of the
accompanying output.Signed-off-by: Wolfram Sang
Cc: Samuel Ortiz
Cc: David Miller
Signed-off-by: David S. Miller
18 Nov, 2010
1 commit
-
The big kernel lock has been removed from all these files at some point,
leaving only the #include.Remove this too as a cleanup.
Signed-off-by: Arnd Bergmann
Signed-off-by: Linus Torvalds
17 Nov, 2010
1 commit
-
Sending zero byte packets is not neccessarily an error (AF_INET accepts it,
too), so just apply a shortcut. This was discovered because of a non-working
software with WINE. Seehttp://bugs.winehq.org/show_bug.cgi?id=19397#c86
http://thread.gmane.org/gmane.linux.irda.general/1643for very detailed debugging information and a testcase. Kudos to Wolfgang for
those!Reported-by: Wolfgang Schwotzer
Signed-off-by: Wolfram Sang
Tested-by: Mike Evans
Signed-off-by: David S. Miller
25 Oct, 2010
1 commit
-
* 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (39 commits)
Update broken web addresses in arch directory.
Update broken web addresses in the kernel.
Revert "drivers/usb: Remove unnecessary return's from void functions" for musb gadget
Revert "Fix typo: configuation => configuration" partially
ida: document IDA_BITMAP_LONGS calculation
ext2: fix a typo on comment in ext2/inode.c
drivers/scsi: Remove unnecessary casts of private_data
drivers/s390: Remove unnecessary casts of private_data
net/sunrpc/rpc_pipe.c: Remove unnecessary casts of private_data
drivers/infiniband: Remove unnecessary casts of private_data
drivers/gpu/drm: Remove unnecessary casts of private_data
kernel/pm_qos_params.c: Remove unnecessary casts of private_data
fs/ecryptfs: Remove unnecessary casts of private_data
fs/seq_file.c: Remove unnecessary casts of private_data
arm: uengine.c: remove C99 comments
arm: scoop.c: remove C99 comments
Fix typo configue => configure in comments
Fix typo: configuation => configuration
Fix typo interrest[ing|ed] => interest[ing|ed]
Fix various typos of valid in comments
...Fix up trivial conflicts in:
drivers/char/ipmi/ipmi_si_intf.c
drivers/usb/gadget/rndis.c
net/irda/irnet/irnet_ppp.c
11 Oct, 2010
4 commits
-
While parsing the GetValuebyClass command frame, we could potentially write
passed the skb->data pointer.Cc: stable@kernel.org
Reported-by: Ilja Van Sprundel
Signed-off-by: Samuel Ortiz -
Cc: stable@kernel.org
Reported-by: Ilja Van Sprundel
Signed-off-by: Samuel Ortiz -
The code intends to lock the irnet_socket, so adding a mutex to it allows
for a complet BKL removal.Signed-off-by: Samuel Ortiz
-
Most of the times, lock_kernel() was pointless or could simply be replaced
by lock_sock().Signed-off-by: Samuel Ortiz
24 Sep, 2010
1 commit
-
Change "return (EXPR);" to "return EXPR;"
return is not a function, parentheses are not required.
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
23 Sep, 2010
1 commit
-
Signed-off-by: Thomas Weber
Acked-by: David S. Miller
Signed-off-by: Jiri Kosina
16 Sep, 2010
1 commit
-
There may be applications trying to seek
on the irnet character device, so we should
use noop_llseek to avoid returning an error
when the default llseek changes to no_llseek.Signed-off-by: Arnd Bergmann
Cc: Samuel Ortiz
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller
15 Sep, 2010
1 commit
-
Signed-off-by: Joe Perches
Signed-off-by: David S. Miller
10 Sep, 2010
1 commit
-
Conflicts:
net/mac80211/main.c
08 Sep, 2010
1 commit
-
This is an off by one. We would go past the end when we NUL terminate
the "value" string at end of the function. The "value" buffer is
allocated in irlan_client_parse_response() or
irlan_provider_parse_command().CC: stable@kernel.org
Signed-off-by: Dan Carpenter
Signed-off-by: David S. Miller
31 Aug, 2010
1 commit
-
If irda_open_tsap() fails, the irda_bind() code tries to destroy
the ->ias_obj object by hand, but does so wrongly.In particular, it fails to a) release the hashbin attached to the
object and b) reset the self->ias_obj pointer to NULL.Fix both problems by using irias_delete_object() and explicitly
setting self->ias_obj to NULL, just as irda_release() does.Reported-by: Tavis Ormandy
Signed-off-by: David S. Miller
22 Aug, 2010
1 commit
-
struct net_device has its own struct net_device_stats member, so use
this one instead of a private copy in the irlan_cb struct.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
19 Aug, 2010
1 commit
-
After skb is queued, its illegal to dereference it.
Cache skb->len into a temporary variable.
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
05 Aug, 2010
1 commit
-
The PPP channel ops structure should be const.
Cleanup the declarations to use standard C99 format.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
