- 30 Nov, 2011 36 commits
-
-
San Mehat authored
Now that we're murder-synchronous, this code path will never be called (and if it does, it doesn't tell us anything useful other than we killed a task that was already being killed by somebody else but hadn't gotten its' signal yet) Signed-off-by:
San Mehat <san@google.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@suse.de>
-
Christopher Lais authored
binder_deferred_release was not unmapping the page from the buffer before freeing it, causing memory corruption. This only happened when page(s) had not been freed by binder_update_page_range, which properly unmaps the pages. This only happens on architectures with VIPT aliasing. To reproduce, create a program which opens, mmaps, munmaps, then closes the binder very quickly. This should leave a page allocated when the binder is released. When binder_deferrred_release is called on the close, the page will remain mapped to the address in the linear proc->buffer. Later, we may map the same physical page to a different virtual address that has different coloring, and this may cause aliasing to occur. PAGE_POISONING will greatly increase your chances of noticing any problems. Signed-off-by:
Christopher Lais <chris+android@zenthought.org> Signed-off-by:
-
San Mehat authored
This patch optimizes lowmemkiller to not do any work when it has an outstanding kill-request. This greatly reduces the pressure on the task_list lock (improving interactivity), as well as improving the vmscan performance when under heavy memory pressure (by up to 20x in tests). Note: For this enhancement to work, you need CONFIG_PROFILING Signed-off-by:
-
San Mehat authored
Under certain circumstances, a process can take awhile to handle a sig-kill (especially if it's in a scheduler group with a very low share ratio). When this occurs, lowmemkiller returns to vmscan indicating the process memory has been freed - even though the process is still waiting to die. Since the memory hasn't actually freed, lowmemkiller is called again shortly after, and picks the same process to die; regardless of the fact that it has already been 'scheduled' to die and the memory has already been reported to vmscan as having been freed. Solution is to check fatal_signal_pending() on the selected task, and if it's already pending destruction return; indicating to vmscan that no resources were freed on this pass. Signed-off-by:
-
Arve Hjønnevåg authored
Some drivers flush the global workqueue when closed. This would deadlock if the last reference to the file was released from the binder. Signed-off-by:
Arve Hjønnevåg <arve@android.com> Signed-off-by:
-
Mike Lockwood authored
The timed output device never previously checked the return value of sscanf, resulting in an uninitialized int being passed to enable() if input value was invalid. Signed-off-by:
Mike Lockwood <lockwood@android.com> Signed-off-by:
-
Arve Hjønnevåg authored
Signed-off-by:
-
Arve Hjønnevåg authored
Signed-off-by:
-
San Mehat authored
Signed-off-by:
-
Arve Hjønnevåg authored
Signed-off-by:
-
Arve Hjønnevåg authored
Signed-off-by:
-
San Mehat authored
[Note, this is part of a patch from Sam, just the drivers/staging/ portion, that adds a function that the apanic code calls, but the apanic code isn't here, so just include part of this to make merges and diffs easier and this keeps things self-contained - gregkh] Signed-off-by:
-
Greg Kroah-Hartman authored
It builds, so ship it! Cc: Arve Hjønnevåg <arve@android.com> Cc: Brian Swetland <swetland@google.com> Signed-off-by: -
Greg Kroah-Hartman authored
This reverts commit 2cdf99ce. It now builds, so this can be reverted. Cc: Arve Hjønnevåg <arve@android.com> Cc: Brian Swetland <swetland@google.com> Signed-off-by:
-
Colin Cross authored
Signed-off-by: -
Arve Hjønnevåg authored
Signed-off-by: -
Corentin Chary authored
Signed-off-by:
Corentin Chary <corentincj@iksaif.net> Signed-off-by:
-
Greg Kroah-Hartman authored
This reverts commit b0a0ccfa. Turns out I was wrong, we want these in the tree. Note, I've disabled the drivers from the build at the moment, so other patches can be applied to fix some build issues due to internal api changes since the code was removed from the tree. Cc: Arve Hjønnevåg <arve@android.com> Cc: Brian Swetland <swetland@google.com> Signed-off-by:
-
Sean MacLennan authored
Now that the rtl8192e driver is split up, it makes sense to keep the rtllib code in one directory and the rtl8192e specific code in another. This patch contains the split and the fixup of includes. Since rtl_core.h already included rtllib.h and dot11d.h, rtl_core.h was updated to point to the parent directory. All other references to rtllib.h and dot11d.h in the rtl8192e specific code where deleted rather than fixed. This leaves just one file that needs to know the real location of the rtllib includes. Signed-off-by:
Sean MacLennan <seanm@seanm.ca> Signed-off-by:
-
Sean MacLennan authored
This patch splits the current r8192e_pci driver up into six different drivers: rtllib, rtllib_crypt, rtllib_crypt_ccmp, rtllib_crypt_tkip, rtllib_crypt_wep, and r8192e_pci. Now that they are proper modules, the init and exit functions do not need to be called directly. Also, the rtllib_*_null functions are not needed since they will be loaded on demand. Signed-off-by:
-
Sean MacLennan authored
The rtl8192e driver had a natural split between the more generic rtllib code and the more specific rtl8192e code. This patch exports all the symbols needed by the r8192 specific code from the rtllib generic code. Signed-off-by:
-
Sean MacLennan authored
Rename rtl_debug.h to rtllib_debug.h. Source files should include rtllib.h if they are generic and rtl_core.h if they are r8192e specific. Files should never include both. Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
-
Sean MacLennan authored
The RTL_DEBUG enum is used for rt_global_debug_component global variable and RT_TRACE. It should be in rtl_debug.h and not rtl_core.h. The rtl8192_proc_* functions are r8192 specific and should not be in rtl_debug.h. Move them to rtl_core.h. Signed-off-by:
-
Sean MacLennan authored
This patch cleans up rtl_debug.h by removing all the unused defines and stub functions. The changes to rtl_core.c are just to remove the deleted stub function calls. The changes to rtl_debug.c are functions that are never called. Signed-off-by:
-
Andreas Ruprecht authored
The lis3l02dq_read_event_config() function returned an ssize_t up to now, which lead to a compiler warning in line 660 (initialization from incompatible pointer type). The iio_info struct is defined to accept an int-returning function as the read_event_config parameter. Also it seems odd to have the check for (ret < 0) and return ret in this case, when the return type is signed. Signed-off-by:
Andreas Ruprecht <rupran@einserver.de> Acked-by:
Jonathan Cameron <jic23@kernel.org> Signed-off-by:
-
Martyn Welch authored
The loop used to reset the interrupt masks has faulty logic. There are 4 banks of 8 I/O, however each mask is comprised of 2 bits and thus there are 8 sets of registers to clear. Driver was wrongly equating this with 8 banks leading to a us writing past the end of the "bank" array (used to store mask configuration as these registers are write only) and thus causing memory corruption. Clear both registers of masks for each bank and half iterations. Reported-by:
Martyn Welch <martyn.welch@ge.com> Signed-off-by:
-
Andreas Ruprecht authored
The function ad7280_store_balance_timer() parses data from a char* buffer into a long variable, but uses the the function strict_strtoul which expects a pointer to an unsigned long variable as its third parameter. As Dan Carpenter mentioned, the values are capped a few lines later, but a check if val is negative is missing. Now this function will return -ERANGE if there is a representation of a negative number in buf. Additionally the checkpatch.pl considers strict_strtoul as obsolete. I replaced its call with the suggested kstrtoul. Signed-off-by:
-
Thomas Meyer authored
The advantage of kcalloc is, that will prevent integer overflows which could result from the multiplication of number of elements and size and it is also a bit nicer to read. The semantic patch that makes this change is available in https://lkml.org/lkml/2011/11/25/107Signed-off-by:
Thomas Meyer <thomas@m3y3r.de> Signed-off-by:
-
Xi Wang authored
There are two potential integer overflows in private_ioctl() if userspace passes in a large sList.uItem / sNodeList.uItem. The subsequent call to kmalloc() would allocate a small buffer, leading to a memory corruption. Reported-by:
Dan Rosenberg <drosenberg@vsecurity.com> Signed-off-by:
Xi Wang <xi.wang@gmail.com> Signed-off-by:
-
Xi Wang authored
There are two potential integer overflows in private_ioctl() if userspace passes in a large sList.uItem / sNodeList.uItem. The subsequent call to kmalloc() would allocate a small buffer, leading to a memory corruption. Reported-by:
-
Marcos Paulo de Souza authored
In all locations that call this function ignore your returna, so remove it. Signed-off-by:
Marcos Paulo de Souza <marcos.mage@gmail.com> Cc: Forest Bond <forest@alittletooquiet.net> Signed-off-by:
-
Marcos Paulo de Souza authored
This patch removes a lot of commented code, and some return calls of void functions. Signed-off-by:
-
Marcos Paulo de Souza authored
Remved some commented code, and fixed some style issues. was removed too a redundant if statement. Signed-off-by:
-
Marcos Paulo de Souza authored
Removed return call of void functions. Removed some code style issues. Signed-off-by:
-
Marcos Paulo de Souza authored
Signed-off-by:
-
Marcos Paulo de Souza authored
Removed the function iwctl_giwnwid, that just return a error code. Changes v1 to v2: Removed same functions of vt6655 and vt6656. Signed-off-by:
-
- 29 Nov, 2011 4 commits
-
-
Haiyang Zhang authored
hv_netvsc has been reviewed on netdev mailing list on 6/09/2011. All recommended changes have been made. We are requesting to move it out of staging area. Signed-off-by:
Haiyang Zhang <haiyangz@microsoft.com> Signed-off-by:
KY Srinivasan <kys@microsoft.com> Signed-off-by:
Mike Sterling <Mike.Sterling@microsoft.com> Acked-by:
Stephen Hemminger <shemminger@vyatta.com> Acked-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
-
Andreas Ruprecht authored
The code in sca3000_store_measurement_mode() uses the variable val to do bitwise operations with an int mask and or-s it into st->rx[0] which is an entry in a u8 array (see sca3000.h). This means up to now values larger than a u8 were silently ignored and just the lower 8 bits counted into the value that was written into st->rx[0]. This code will return -ERANGE if the value in buf was too large to fit into a u8. Signed-off-by:
-
Andreas Ruprecht authored
In lis3102dq_write_frequency() we used a long variable to store the value parsed from the char* buffer buf, as there only was a strict_strtol() function to parse values. Now we have got kstrto* which allows us to convert to the right data type in most cases. In this particular function we want to write a frequency value, and it doesn't make sense to allow negative values here (as Dan Carpenter pointed out in a previous email). This means we can now parse the value into an unsigned long and get an error for invalid (e.g. negative) values. Signed-off-by:
-
Andreas Ruprecht authored
In the adis16220_write_16bit() function we used a long value to store parsed data from the char* buffer buf. The called function to actually write the data, adis16220_spi_write_reg_16(), takes a u16 value as a parameter, so up to now a value larger than u16 was silently ignored as it was only truncated when passing the parameter. Now this function will only accept values fitting into a u16. Additionally the parsing function was changed to overcome the now obsolete strict_strtol() function. Signed-off-by:
-
