This patch replaces the obsolete variable, __FUNCTION__,
that holds the name of the current function with
variable, __func__. Reported by checkpatch.pl.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch cleans up several code style issues found
in CmHost.c reported by checkpatch.pl. These include:
white space, braces, indents, and comments.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Variables stNVMReadWrite.uioffset and stNVMReadWrite.uiNumBytes
are chosen from userspace and can be very high. The sum of
these two digits would result in a small number. Therefore,
this patch verifies a negative number was not entered, and
reorganizes the equation to remove the integer overflow.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* 'staging-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (466 commits)
net/hyperv: Add support for jumbo frame up to 64KB
net/hyperv: Add NETVSP protocol version negotiation
net/hyperv: Remove unnecessary kmap_atomic in netvsc driver
staging/rtl8192e: Register against lib80211
staging/rtl8192e: Convert to lib80211_crypt_info
staging/rtl8192e: Convert to lib80211_crypt_data and lib80211_crypt_ops
staging/rtl8192e: Add lib80211.h to rtllib.h
staging/mei: add watchdog device registration wrappers
drm/omap: GEM, deal with cache
staging: vt6656: int.c, int.h: Change return of function to void
staging: usbip: removed unused definitions from header
staging: usbip: removed dead code from receive function
staging:iio: Drop {mark,unmark}_in_use callbacks
staging:iio: Drop buffer mark_param_change callback
staging:iio: Drop the unused buffer enable() and is_enabled() callbacks
staging:iio: Drop buffer busy flag
staging:iio: Make sure a device is only opened once at a time
staging:iio: Disallow modifying buffer size when buffer is enabled
staging:iio: Disallow changing scan elements in all buffered modes
staging:iio: Use iio_buffer_enabled instead of open coding it
...
Fix up conflict in drivers/staging/iio/adc/ad799x_core.c (removal of
module_init due to using module_i2c_driver() helper, next to removal of
MODULE_ALIAS due to using MODULE_DEVICE_TABLE instead).
Variable IoBuffer.InputLength is chosen from userspace,
and can therefore be less than the intended size. In this
case,the memory from the kmalloc call is eventually cast
to a PBULKWRM_BUFFER. If the IoBuffer.InputLength does not
meet the minimum size of PBULKWRM_BUFFER, then we will get
a kernel Oops. To resolve this issue, this patch verifies
IoBuffer.InputLength meets the minimum size before invoking
the kmalloc call.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This ioctl, IOCTL_BCM_GET_DRIVER_VERSION, is
responsible for sending the driver version
to userspace. However, the requested size stored
in IoBuffer.OutputLength may be incorrect.
Therefore, we altered the code to send the
exact length of the version, plus one for the
null character.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
In this clean up patch, I altered functions: copy_to/
from_user() to return -EFAULT when an error occurs.
I also replaced break statements when an error occurs
from copy_to/from_user() with direct returns of -EFAULT.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This is a clean up patch for IOCTL_BCM_NVM_WRITE
that replaces the assignment of the Status
variable with direct returns of the error code,
replaces the break statements with direct returns,
and removes a white space.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch fixes a memory error in ioctl,
IOCTL_BCM_NVM_WRITE. While copying data to
user space, if an error occurs, pReadData
is freed. Then, at the end of the ioctl,
pReadData was being freed again.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch reorders the semaphore locking.
It makes better sense to first evaluate
fw_download_sema semaphore then
NVMRdmWrmLocl semaphore. The
fw_download_sema is suppose to be
acquired in the START ioctl. If this is
not true, then it does not make sense
to continue.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This is a cleanup patch. I've shuffled the code around to
move the error handling closer to the calls. I've removed
some indent levels. I've replaced break statements with
direct returns.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch evaluates/calls the down_trylock locking
function directly, instead of storing the results
in a variable and evaluating the variable. These
changes were made in:
IOCTL_BCM_BUFFER_DOWNLOAD_STOP and
IOCTL_BCM_BUFFER_DOWNLOAD_START.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch releases semaphore locks when
an error occurrs while attempting to
download firmware for the bcm driver.
When downloading firmware for this driver,
a process is expected to call
the following ioctl's in this order:
(1)IOCTL_BCM_BUFFER_DOWNLOAD_START,
(2)IOCTL_BCM_BUFFER_DOWNLOAD, and (3)
IOCTL_BCM_BUFFER_DOWNLOAD_STOP.
Semaphore, “Adapter->fw_download_sema” is
expected to be acquired in the first ioctl,
IOCTL_BCM_BUFFER_DOWNLOAD_START, and it should
block until IOCTL_BCM_BUFFER_DOWNLOAD_STOP
is called. In this case, if an error
occurred before STOP finished, the semaphore
"Adapter->fw_download_sema" was not being released.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
In this ioctl, we are testing to see if the lock is held.
If it is not held, that means this ioctl used incorrectly.
Therefore, we do not want to take the lock ourselves here.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch removes a superfluous "do while"
statement in IOCTL_BCM_BUFFER_DOWNLOAD.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch verifies two conditions before executing
a kmalloc call. First, it checks to see that
IoBuffer.OutputLength is not greater than an
unsigned short. If so, an invalid value may be
returned. The second change is a check to make
sure IoBuffer.OutputLength is not equal to
zero. Which simply keeps this code inline with
the other ioctl, IOCTL_BCM_REGISTER_READ_PRIVATE.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch fixes an information leak in ioctl
IOCTL_BCM_REGISTER_READ_PRIVATE and
IOCTL_BCM_EEPROM_REGISTER_READ when determining
the number of bytes to copy to user space. Function,
usb_control_msg, returns the correct number of
bytes from the hardware. Instead of using
this value, we were using a value derived from
user space. In this case, this value could be more
than the hardware allocated. Therefore, this
patch copies the proper number of bytes from
the hardware, and uses this value as the maximum
number of bytes for user space.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Diego F. Marfil <diegomarfil@gmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Diego F. Marfil <diegomarfil@gmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Diego F. Marfil <diegomarfil@gmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch fixes three initialization errors.
One is an incorrect initialization of a static
variable. The other two are incorrect
initializations in an if statement. These
errors were found by checkpatch.pl.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch fixes multiple coding style issues in file,
InterfaceDld.c, found by checkpatch.pl.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch cleans up several code style issues found
in InterfaceMisc.c reported by checkpatch.pl.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch removes an assignment from three if
conditions. In all three cases, the line of code was
attempting to allocate memory, and check
if the memory was allocated in the if statement.
This issue was reported by checkpatch.pl.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch cleans up several code style issues found
in InterfaceInit.c reported by checkpatch.pl.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch fixes an error where an assignment "="
was being used in an if statement to determine if
Firmware was downloaded. This patch removes that
assignment, and places it above the if statement.
The if statement then evaluates the status to
verify if "0" successful, or != 0 failure.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
There is a case where an assignment was being done
in an if condition. This patch removes the assignment
from the if condition and places the assignment above
the if statement; thereby improving the readability of
the code.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch replaces the obsolete variable, __FUNCTION__, that
holds the name of the current function with variable, __func__.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch cleans up several hundred code style issues found
in Misc.c reported by checkpatch.pl.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch alters a line of code to make it more readable
and easier to understand. The purpose of the original line
of code was to compute the amount of memory to request from
kmalloc. This mulit-step algorithm was being done in one
line of code, thus making it more difficult to understand.
Therefore, I split this algorithm into three logical steps.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch fixes two issues within bcm/Bcmchar.c. The
first condition in the or statement checks if variable
IoBuffer.OutputLength, defined from user space, is
greater than the maximum value allowed for an
unsigned short. IoBuffer.OutputLength is then used
in a kmalloc call to return a pointer to memory. If
this size is greater than an unsigned short, it
becomes useless. The second condition in the or statement
checks if the same variable, IoBuffer.OutputLength is
equal to zero before invoking the kmalloc call. In
this case, if a zero size is sent to kmalloc, a valid
pointer to memory is returned instead of the expected NULL.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
In the source file there are a lot of warnings. I will send it in parts to be more easy to
review. All the changes in this file its just alignment, and things like that.
Signed-off-by: Marcos Paulo de Souza <marcos.mage@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
In the first alteration, the MAX_CNTL_PKT_SIZE is the
maximum size of the control packet in ->Adapter->txctlpacket[]
which is defined in InitAdapter(). This caps the size of
kmalloc memory allocation. In the second change, this max
cap fixes a potential memory corruption bug when subsequent
memset and memcpy calls are invoked.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
If IoBuffer.InputLength is zero then this will cause an Oops when
we dereference the ZERO_SIZE_PTR. Or if it's smaller than
sizeof(struct link_request) then we would get memory corruption
when we set ->PLength in CopyBufferToControlPacket().
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Buff is only used as a temporary buffer within the function, so it should
be freed before leaving the function in an error case.
A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
@exists@
local idexpression x;
statement S,S1;
expression E;
identifier fl;
expression *ptr != NULL;
@@
x = \(kmalloc\|kzalloc\|kcalloc\)(...);
...
if (x == NULL) S
<... when != x
when != if (...) { <+...kfree(x)...+> }
when any
when != true x == NULL
x->fl
...>
(
if (x == NULL) S1
|
if (...) { ... when != x
when forall
(
return \(0\|<+...x...+>\|ptr\);
|
* return ...;
)
}
)
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch fixes a potential memory leak were temp_buff buffer
is not being freed when a certain condition is true.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Reviewed-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Tool checkpatch.pl reported the following error: extern struct class *bcm_class;"
declaration not allowed in .c files. Therefore, I move this declaration into
the header "headers.h" file.
Signed-off-by: Kevin McKinney <klmckinney1@gmail.com>
Reviewed-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>