1. 18 Mar, 2017 17 commits
    • Eric W. Biederman's avatar
      ucount: Remove the atomicity from ucount->count · ee6f7ee1
      Eric W. Biederman authored
      commit 040757f7 upstream.
      
      Always increment/decrement ucount->count under the ucounts_lock.  The
      increments are there already and moving the decrements there means the
      locking logic of the code is simpler.  This simplification in the
      locking logic fixes a race between put_ucounts and get_ucounts that
      could result in a use-after-free because the count could go zero then
      be found by get_ucounts and then be freed by put_ucounts.
      
      A bug presumably this one was found by a combination of syzkaller and
      KASAN.  JongWhan Kim reported the syzkaller failure and Dmitry Vyukov
      spotted the race in the code.
      
      Fixes: f6b2db1a ("userns: Make the count of user namespaces per user")
      Reported-by: default avatarJongHwan Kim <zzoru007@gmail.com>
      Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Reviewed-by: default avatarAndrei Vagin <avagin@gmail.com>
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      ee6f7ee1
    • Rik van Riel's avatar
      tracing: Add #undef to fix compile error · 8bb208d0
      Rik van Riel authored
      commit bf7165cf upstream.
      
      There are several trace include files that define TRACE_INCLUDE_FILE.
      
      Include several of them in the same .c file (as I currently have in
      some code I am working on), and the compile will blow up with a
      "warning: "TRACE_INCLUDE_FILE" redefined #define TRACE_INCLUDE_FILE syscalls"
      
      Every other include file in include/trace/events/ avoids that issue
      by having a #undef TRACE_INCLUDE_FILE before the #define; syscalls.h
      should have one, too.
      
      Link: http://lkml.kernel.org/r/20160928225554.13bd7ac6@annuminas.surriel.com
      
      Fixes: b8007ef7 ("tracing: Separate raw syscall from syscall tracer")
      Signed-off-by: default avatarRik van Riel <riel@redhat.com>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      8bb208d0
    • Arnd Bergmann's avatar
      cpmac: remove hopeless #warning · b72ae5ca
      Arnd Bergmann authored
      commit d43e6fb4 upstream.
      
      The #warning was present 10 years ago when the driver first got merged.
      As the platform is rather obsolete by now, it seems very unlikely that
      the warning will cause anyone to fix the code properly.
      
      kernelci.org reports the warning for every build in the meantime, so
      I think it's better to just turn it into a code comment to reduce
      noise.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b72ae5ca
    • Arnd Bergmann's avatar
      bcm63xx_enet: avoid uninitialized variable warning · 04275d2a
      Arnd Bergmann authored
      commit df384d43 upstream.
      
      gcc-7 and probably earlier versions get confused by this function
      and print a harmless warning:
      
      drivers/net/ethernet/broadcom/bcm63xx_enet.c: In function 'bcm_enet_open':
      drivers/net/ethernet/broadcom/bcm63xx_enet.c:1130:3: error: 'phydev' may be used uninitialized in this function [-Werror=maybe-uninitialized]
      
      This adds an initialization for the 'phydev' variable when it is unused
      and changes the check to test for that NULL pointer to make it clear
      that we always pass a valid pointer here.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      04275d2a
    • Arnd Bergmann's avatar
      MIPS: ralink: Remove unused rt*_wdt_reset functions · b7e968da
      Arnd Bergmann authored
      commit 886f9c69 upstream.
      
      All pointers to these functions were removed, so now they produce
      warnings:
      
      arch/mips/ralink/rt305x.c:92:13: error: 'rt305x_wdt_reset' defined but not used [-Werror=unused-function]
      
      This removes the functions. If we need them again, the patch can be
      reverted later.
      
      Fixes: f576fb6a ("MIPS: ralink: cleanup the soc specific pinmux data")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: John Crispin <john@phrozen.org>
      Cc: Colin Ian King <colin.king@canonical.com>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/15044/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b7e968da
    • Arnd Bergmann's avatar
      MIPS: ralink: Remove unused timer functions · dd2419e1
      Arnd Bergmann authored
      commit d92240d1 upstream.
      
      The functions were originally used for the module unload path,
      but are not referenced any more and just cause warnings:
      
      arch/mips/ralink/timer.c:104:13: error: 'rt_timer_disable' defined but not used [-Werror=unused-function]
      arch/mips/ralink/timer.c:74:13: error: 'rt_timer_free' defined but not used [-Werror=unused-function]
      
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Fixes: 62ee73d2 ("MIPS: ralink: Make timer explicitly non-modular")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Cc: John Crispin <john@phrozen.org>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/15041/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      dd2419e1
    • John Crispin's avatar
      MIPS: ralink: Cosmetic change to prom_init(). · f3406418
      John Crispin authored
      commit 9c48568b upstream.
      
      Over the years the code has been changed various times leading to
      argc/argv being defined in a different function to where we actually
      use the variables. Clean this up by moving them to prom_init_cmdline().
      Signed-off-by: default avatarJohn Crispin <john@phrozen.org>
      Cc: linux-mips@linux-mips.org
      Patchwork: https://patchwork.linux-mips.org/patch/14902/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f3406418
    • Arnd Bergmann's avatar
      mtd: pmcmsp: use kstrndup instead of kmalloc+strncpy · 7b767f6b
      Arnd Bergmann authored
      commit 906b2684 upstream.
      
      kernelci.org reports a warning for this driver, as it copies a local
      variable into a 'const char *' string:
      
          drivers/mtd/maps/pmcmsp-flash.c:149:30: warning: passing argument 1 of 'strncpy' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
      
      Using kstrndup() simplifies the code and avoids the warning.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Acked-by: default avatarMarek Vasut <marek.vasut@gmail.com>
      Signed-off-by: default avatarBrian Norris <computersforpeace@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7b767f6b
    • Arnd Bergmann's avatar
      MIPS: Update lemote2f_defconfig for CPU_FREQ_STAT change · 976e40d7
      Arnd Bergmann authored
      commit b3f60461 upstream.
      
      Since linux-4.8, CPU_FREQ_STAT is a bool symbol, causing a warning in
      kernelci.org:
      
      arch/mips/configs/lemote2f_defconfig:42:warning: symbol value 'm' invalid for CPU_FREQ_STAT
      
      This updates the defconfig to have the feature built-in.
      
      Fixes: 1aefc75b ("cpufreq: stats: Make the stats code non-modular")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/15000/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      976e40d7
    • Arnd Bergmann's avatar
      MIPS: ip22: Fix ip28 build for modern gcc · dd2ef28e
      Arnd Bergmann authored
      commit 23ca9b52 upstream.
      
      kernelci reports a failure of the ip28_defconfig build after upgrading its
      gcc version:
      
      arch/mips/sgi-ip22/Platform:29: *** gcc doesn't support needed option -mr10k-cache-barrier=store.  Stop.
      
      The problem apparently is that the -mr10k-cache-barrier=store option is now
      rejected for CPUs other than r10k. Explicitly including the CPU in the
      check fixes this and is safe because both options were introduced in
      gcc-4.4.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/15049/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      dd2ef28e
    • Arnd Bergmann's avatar
      MIPS: Update ip27_defconfig for SCSI_DH change · aff853ab
      Arnd Bergmann authored
      commit ea58fca1 upstream.
      
      Since linux-4.3, SCSI_DH is a bool symbol, causing a warning in
      kernelci.org:
      
      arch/mips/configs/ip27_defconfig:136:warning: symbol value 'm' invalid for SCSI_DH
      
      This updates the defconfig to have the feature built-in.
      
      Fixes: 086b91d0 ("scsi_dh: integrate into the core SCSI code")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/15001/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      aff853ab
    • Arnd Bergmann's avatar
      MIPS: ip27: Disable qlge driver in defconfig · 23096c56
      Arnd Bergmann authored
      commit b6176494 upstream.
      
      One of the last remaining failures in kernelci.org is for a gcc bug:
      
      drivers/net/ethernet/qlogic/qlge/qlge_main.c:4819:1: error: insn does not satisfy its constraints:
      drivers/net/ethernet/qlogic/qlge/qlge_main.c:4819:1: internal compiler error: in extract_constrain_insn, at recog.c:2190
      
      This is apparently broken in gcc-6 but fixed in gcc-7, and I cannot
      reproduce the problem here. However, it is clear that ip27_defconfig
      does not actually need this driver as the platform has only PCI-X but
      not PCIe, and the qlge adapter in turn is PCIe-only.
      
      The driver was originally enabled in 2010 along with lots of other
      drivers.
      
      Fixes: 59d302b3 ("MIPS: IP27: Make defconfig useful again.")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/15197/Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      23096c56
    • Arnd Bergmann's avatar
      MIPS: VDSO: avoid duplicate CAC_BASE definition · ad8387a6
      Arnd Bergmann authored
      commit 1742ac26 upstream.
      
      vdso.h includes <spaces.h> implicitly after defining CONFIG_32BITS.
      This defeats the override in mach-ip27/spaces.h, leading to
      a build error that shows up in kernelci.org:
      
      In file included from arch/mips/include/asm/mach-ip27/spaces.h:29:0,
                       from arch/mips/include/asm/page.h:12,
                       from arch/mips/vdso/vdso.h:26,
                       from arch/mips/vdso/gettimeofday.c:11:
      arch/mips/include/asm/mach-generic/spaces.h:28:0: error: "CAC_BASE" redefined [-Werror]
       #define CAC_BASE  _AC(0x80000000, UL)
      
      An earlier patch tried to make the second definition conditional,
      but that patch had the #ifdef in the wrong place, and would lead
      to another warning:
      
      arch/mips/include/asm/io.h: In function 'phys_to_virt':
      arch/mips/include/asm/io.h:138:9: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast]
      
      For all I can tell, there is no other reason than vdso32 to ever
      include this file with CONFIG_32BITS set, and the vdso itself should
      never refer to the base addresses as it is running in user space,
      so adding an #ifdef here is safe.
      
      Link: https://patchwork.kernel.org/patch/9418187/
      Fixes: 3ffc17d8 ("MIPS: Adjust MIPS64 CAC_BASE to reflect Config.K0")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: Paul Burton <paul.burton@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/15039/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      ad8387a6
    • Arnd Bergmann's avatar
      MIPS: Update defconfigs for NF_CT_PROTO_DCCP/UDPLITE change · 5841e3d3
      Arnd Bergmann authored
      commit 9ddc16ad upstream.
      
      In linux-4.10-rc, NF_CT_PROTO_UDPLITE and NF_CT_PROTO_DCCP are bool
      symbols instead of tristate, and kernelci.org reports a bunch of
      warnings for this, like:
      
      arch/mips/configs/malta_kvm_guest_defconfig:63:warning: symbol value 'm' invalid for NF_CT_PROTO_UDPLITE
      arch/mips/configs/malta_defconfig:62:warning: symbol value 'm' invalid for NF_CT_PROTO_DCCP
      arch/mips/configs/malta_defconfig:63:warning: symbol value 'm' invalid for NF_CT_PROTO_UDPLITE
      arch/mips/configs/ip22_defconfig:70:warning: symbol value 'm' invalid for NF_CT_PROTO_DCCP
      arch/mips/configs/ip22_defconfig:71:warning: symbol value 'm' invalid for NF_CT_PROTO_UDPLITE
      
      This changes all the MIPS defconfigs with these symbols to have them
      built-in.
      
      Fixes: 9b91c96c ("netfilter: conntrack: built-in support for UDPlite")
      Fixes: c51d3901 ("netfilter: conntrack: built-in support for DCCP")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/14999/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      5841e3d3
    • Arnd Bergmann's avatar
      crypto: improve gcc optimization flags for serpent and wp512 · 2c1820ea
      Arnd Bergmann authored
      commit 7d6e9105 upstream.
      
      An ancient gcc bug (first reported in 2003) has apparently resurfaced
      on MIPS, where kernelci.org reports an overly large stack frame in the
      whirlpool hash algorithm:
      
      crypto/wp512.c:987:1: warning: the frame size of 1112 bytes is larger than 1024 bytes [-Wframe-larger-than=]
      
      With some testing in different configurations, I'm seeing large
      variations in stack frames size up to 1500 bytes for what should have
      around 300 bytes at most. I also checked the reference implementation,
      which is essentially the same code but also comes with some test and
      benchmarking infrastructure.
      
      It seems that recent compiler versions on at least arm, arm64 and powerpc
      have a partial fix for this problem, but enabling "-fsched-pressure", but
      even with that fix they suffer from the issue to a certain degree. Some
      testing on arm64 shows that the time needed to hash a given amount of
      data is roughly proportional to the stack frame size here, which makes
      sense given that the wp512 implementation is doing lots of loads for
      table lookups, and the problem with the overly large stack is a result
      of doing a lot more loads and stores for spilled registers (as seen from
      inspecting the object code).
      
      Disabling -fschedule-insns consistently fixes the problem for wp512,
      in my collection of cross-compilers, the results are consistently better
      or identical when comparing the stack sizes in this function, though
      some architectures (notable x86) have schedule-insns disabled by
      default.
      
      The four columns are:
      default: -O2
      press:	 -O2 -fsched-pressure
      nopress: -O2 -fschedule-insns -fno-sched-pressure
      nosched: -O2 -no-schedule-insns (disables sched-pressure)
      
      				default	press	nopress	nosched
      alpha-linux-gcc-4.9.3		1136	848	1136	176
      am33_2.0-linux-gcc-4.9.3	2100	2076	2100	2104
      arm-linux-gnueabi-gcc-4.9.3	848	848	1048	352
      cris-linux-gcc-4.9.3		272	272	272	272
      frv-linux-gcc-4.9.3		1128	1000	1128	280
      hppa64-linux-gcc-4.9.3		1128	336	1128	184
      hppa-linux-gcc-4.9.3		644	308	644	276
      i386-linux-gcc-4.9.3		352	352	352	352
      m32r-linux-gcc-4.9.3		720	656	720	268
      microblaze-linux-gcc-4.9.3	1108	604	1108	256
      mips64-linux-gcc-4.9.3		1328	592	1328	208
      mips-linux-gcc-4.9.3		1096	624	1096	240
      powerpc64-linux-gcc-4.9.3	1088	432	1088	160
      powerpc-linux-gcc-4.9.3		1080	584	1080	224
      s390-linux-gcc-4.9.3		456	456	624	360
      sh3-linux-gcc-4.9.3		292	292	292	292
      sparc64-linux-gcc-4.9.3		992	240	992	208
      sparc-linux-gcc-4.9.3		680	592	680	312
      x86_64-linux-gcc-4.9.3		224	240	272	224
      xtensa-linux-gcc-4.9.3		1152	704	1152	304
      
      aarch64-linux-gcc-7.0.0		224	224	1104	208
      arm-linux-gnueabi-gcc-7.0.1	824	824	1048	352
      mips-linux-gcc-7.0.0		1120	648	1120	272
      x86_64-linux-gcc-7.0.1		240	240	304	240
      
      arm-linux-gnueabi-gcc-4.4.7	840			392
      arm-linux-gnueabi-gcc-4.5.4	784	728	784	320
      arm-linux-gnueabi-gcc-4.6.4	736	728	736	304
      arm-linux-gnueabi-gcc-4.7.4	944	784	944	352
      arm-linux-gnueabi-gcc-4.8.5	464	464	760	352
      arm-linux-gnueabi-gcc-4.9.3	848	848	1048	352
      arm-linux-gnueabi-gcc-5.3.1	824	824	1064	336
      arm-linux-gnueabi-gcc-6.1.1	808	808	1056	344
      arm-linux-gnueabi-gcc-7.0.1	824	824	1048	352
      
      Trying the same test for serpent-generic, the picture is a bit different,
      and while -fno-schedule-insns is generally better here than the default,
      -fsched-pressure wins overall, so I picked that instead.
      
      				default	press	nopress	nosched
      alpha-linux-gcc-4.9.3		1392	864	1392	960
      am33_2.0-linux-gcc-4.9.3	536	524	536	528
      arm-linux-gnueabi-gcc-4.9.3	552	552	776	536
      cris-linux-gcc-4.9.3		528	528	528	528
      frv-linux-gcc-4.9.3		536	400	536	504
      hppa64-linux-gcc-4.9.3		524	208	524	480
      hppa-linux-gcc-4.9.3		768	472	768	508
      i386-linux-gcc-4.9.3		564	564	564	564
      m32r-linux-gcc-4.9.3		712	576	712	532
      microblaze-linux-gcc-4.9.3	724	392	724	512
      mips64-linux-gcc-4.9.3		720	384	720	496
      mips-linux-gcc-4.9.3		728	384	728	496
      powerpc64-linux-gcc-4.9.3	704	304	704	480
      powerpc-linux-gcc-4.9.3		704	296	704	480
      s390-linux-gcc-4.9.3		560	560	592	536
      sh3-linux-gcc-4.9.3		540	540	540	540
      sparc64-linux-gcc-4.9.3		544	352	544	496
      sparc-linux-gcc-4.9.3		544	344	544	496
      x86_64-linux-gcc-4.9.3		528	536	576	528
      xtensa-linux-gcc-4.9.3		752	544	752	544
      
      aarch64-linux-gcc-7.0.0		432	432	656	480
      arm-linux-gnueabi-gcc-7.0.1	616	616	808	536
      mips-linux-gcc-7.0.0		720	464	720	488
      x86_64-linux-gcc-7.0.1		536	528	600	536
      
      arm-linux-gnueabi-gcc-4.4.7	592			440
      arm-linux-gnueabi-gcc-4.5.4	776	448	776	544
      arm-linux-gnueabi-gcc-4.6.4	776	448	776	544
      arm-linux-gnueabi-gcc-4.7.4	768	448	768	544
      arm-linux-gnueabi-gcc-4.8.5	488	488	776	544
      arm-linux-gnueabi-gcc-4.9.3	552	552	776	536
      arm-linux-gnueabi-gcc-5.3.1	552	552	776	536
      arm-linux-gnueabi-gcc-6.1.1	560	560	776	536
      arm-linux-gnueabi-gcc-7.0.1	616	616	808	536
      
      I did not do any runtime tests with serpent, so it is possible that stack
      frame size does not directly correlate with runtime performance here and
      it actually makes things worse, but it's more likely to help here, and
      the reduced stack frame size is probably enough reason to apply the patch,
      especially given that the crypto code is often used in deep call chains.
      
      Link: https://kernelci.org/build/id/58797d7559b5149efdf6c3a9/logs/
      Link: http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
      Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=11488
      Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79149
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      2c1820ea
    • Johan Hovold's avatar
      USB: serial: digi_acceleport: fix OOB-event processing · ce4d67cb
      Johan Hovold authored
      commit 2e46565c upstream.
      
      A recent change claimed to fix an off-by-one error in the OOB-port
      completion handler, but instead introduced such an error. This could
      specifically led to modem-status changes going unnoticed, effectively
      breaking TIOCMGET.
      
      Note that the offending commit fixes a loop-condition underflow and is
      marked for stable, but should not be backported without this fix.
      Reported-by: default avatarBen Hutchings <ben@decadent.org.uk>
      Fixes: 2d380889 ("USB: serial: digi_acceleport: fix OOB data sanity
      check")
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      ce4d67cb
    • Johan Hovold's avatar
      USB: serial: digi_acceleport: fix OOB data sanity check · e1533c46
      Johan Hovold authored
      commit 2d380889 upstream.
      
      Make sure to check for short transfers to avoid underflow in a loop
      condition when parsing the receive buffer.
      
      Also fix an off-by-one error in the incomplete sanity check which could
      lead to invalid data being parsed.
      
      Fixes: 8c209e67 ("USB: make actual_length in struct urb field u32")
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Reviewed-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      e1533c46
  2. 15 Mar, 2017 23 commits