Stanse found that pSMBFile in cifs_ioctl and file->f_path.dentry in
cifs_user_write are dereferenced prior their test to NULL.
The alternative is not to dereference them before the tests. The patch is
to point out the problem, you have to decide.
While at it we cache the inode in cifs_user_write to a local variable
and use all over the function.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: Steve French <sfrench@samba.org>
Cc: linux-cifs@vger.kernel.org
Cc: Jeff Layton <jlayton@redhat.com>
Cc: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Stopping TX queues at driver load time is not necessary.
Signed-off-by: Casey Leedom <leedom@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Remove racy queue stopping after device registration.
Signed-off-by: Dimitris Michailidis <dm@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Remove racy queue stopping after device registration.
Signed-off-by: Divy Le Ray <divy@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When expanding a parameterised string we may run out of space, this
triggers a realloc. When computing the new allocation size we do not
allow for the terminating '\0'. Allow for this when calculating the new
length.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commit 7d945a3aa7 ("logfs get_sb, part 3") broke the logfs build when
CONFIG_MTD is set due to a mangled logfs_get_sb_mtd() definition.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
In dev_pick_tx recompute the queue index if the value stored in the
socket is greater than or equal to the number of real queues for the
device. The saved index in the sock structure is not guaranteed to
be appropriate for the egress device (this could happen on a route
change or in presence of tunnelling). The result of the queue index
being bad would be to return a bogus queue (crash could prersumably
follow).
Signed-off-by: Tom Herbert <therbert@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Add missing newlines.
Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Arnd's recent patch series tagged this device with noop_llseek,
conservatively. In fact, it should be no_llseek, which we arrange
for by opening the device with nonseekable_open().
Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
The existing asm-generic/stat.h specifies st_mtime, etc., as a 32-value,
and works well for 32-bit architectures (currently microblaze, score,
and 32-bit tile). However, for 64-bit architectures it isn't sufficient
to return 32 bits of time_t; this isn't good insurance against the 2037
rollover. (It also makes glibc support less convenient, since we can't
use glibc's handy STAT_IS_KERNEL_STAT mode.)
This change extends the two "timespec" fields for each of the three atime,
mtime, and ctime fields from "int" to "long". As a result, on 32-bit
platforms nothing changes, and 64-bit platforms will now work as expected.
The only wrinkle is 32-bit userspace under 64-bit kernels taking advantage
of COMPAT mode. For these, we leave the "struct stat64" definitions with
the "int" versions of the time_t and nsec fields, so that architectures
can implement compat_sys_stat64() and friends with sys_stat64(), etc.,
and get the expected 32-bit structure layout. This requires a
field-by-field copy in the kernel, implemented by the code guarded
under __ARCH_WANT_STAT64.
This does mean that the shape of the "struct stat" and "struct stat64"
structures is different on a 64-bit kernel, but only one of the two
structures should ever be used by any given process: "struct stat"
is meant for 64-bit userspace only, and "struct stat64" for 32-bit
userspace only. (On a 32-bit kernel the two structures continue to have
the same shape, since "long" is 32 bits.)
The alternative is keeping the two structures the same shape on 64-bit
kernels, which means a 64-bit time_t in "struct stat64" for 32-bit
processes. This is a little unnatural since 32-bit userspace can't
do anything with 64 bits of time_t information, since time_t is just
"long", not "int64_t"; and in any case 32-bit userspace might expect
to be running under a 32-bit kernel, which can't provide the high 32
bits anyway. In the case of a 32-bit kernel we'd then be extending the
kernel's 32-bit time_t to 64 bits, then truncating it back to 32 bits
again in userspace, for no particular reason. And, as mentioned above,
if we have 64-bit time_t for 32-bit processes we can't easily use glibc's
STAT_IS_KERNEL_STAT, since glibc's stat structure requires an embedded
"struct timespec", which is a pair of "long" (32-bit) values in a 32-bit
userspace. "Inventive" solutions are possible, but are pretty hacky.
Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
The kernel was allowing any component of the pt_regs to be updated either
by signal handlers writing to the stack, or by processes writing via
PTRACE_POKEUSR or PTRACE_SETREGS, which meant they could set their PL
up from 0 to 1 and get access to kernel code and data (or, in practice,
cause a kernel panic). We now always reset the ex1 field, allowing the
user to set their ICS bit only.
Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
This change is modelled on similar fixes for other architectures.
The pt_regs "faultnum" member is set to the trap (fault) number that
caused us to enter the kernel, and is INT_SWINT_1 for the syscall software
interrupt. We already supported a pseudo value, INT_SWINT_1_SIGRETURN,
that we used for the rt_sigreturn syscall; it avoided the case where
one signal was handled, then we "tail-called" to another handler.
This change avoids the similar case where we start to call one handler,
then are preempted into another handler when we start trying to run
the first handler. We clear ->faultnum after calling handle_signal(),
and to be paranoid also in the case where there was no signal to deliver.
Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
For the "initfree" boot argument it's not that big a deal, but
to avoid warnings in the code, we check for a valid value before
allowing the specified argument to override the kernel default.
Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
This completes the tile migration to the new naming scheme for
the architecture-specific irq management code.
Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
This change makes KM_TYPE_NR independent of the actual deprecated
list of km_type values, which are no longer used in tile code anywhere.
For now we leave it set to 8, allowing that many nested mappings,
and thus reserving 32MB of address space.
A few remaining places using KM_* values were cleaned up as well.
Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
According to the linux/clk.h definition we should be handing back an
errno value or a valid rate. This fixes up the case where 0 can be
returned for invalid frequencies or cases where rounding has no
selectable candidate.
Reported-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Change the regsister/unregister routines to generate better
messages, and control arrival of new frames when USB device is
unplugged.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Serious bug in original code, if app reads 10 bytes but 20 byte msg
received memory would get overwritten.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Use standard network statistics variables and routines.
Transmit counters are per queue, and skb mapping is already in
skb and does not need to be recomputed. Move SearchVcId to only
place it is used.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Since classification and queue control are separate, allow
classification even if device is down now; this avoids races
on startup/shutdown.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Use namespace tool from kernel scripts to identify dead code and
functions that should be static.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Crash is triggered by commit e6484930d7 ("net: allocate tx queues in
register_netdevice"), which moved tx netqueue creation into register_netdev.
So now calling netif_stop_queue() before register_netdev causes an oops.
Move netif_stop_queue() after net device registration to fix crash.
Signed-off-by: Dmitry Artamonow <mad_soft@inbox.ru>
Signed-off-by: Denis Kirjanov <dkirjanov@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eliminate global variable in transmit path
The Leader can be on the stack, and get rid of unnecessary timeval.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Remove dead fields, change fields that only have true/false to boolean;
and rearrange to save space.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Touching the queue state before register_netdev is not
allowed, and besides the queue state before ->open()
is "don't care"
Reported-by: Josh Boyer <jwboyer@gmail.com>
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Many of the config bit are presently duplicated between the platforms,
which will gradually cleaned up through centralization. For the moment we
expose some new INTC features through drivers/sh/Kconfig that the ARM
platforms presently don't enable, so make it generally available.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Since usbnet already took usb runtime pm, we have to
enable runtime pm for usb interface of usbnet, otherwise
usb_autopm_get_interface may return failure and cause
'ifconfig usb0 up' failed if USB_SUSPEND(RUNTIME_PM) is
enabled.
Cc: David Brownell <dbrownell@users.sourceforge.net>
Cc: Greg Kroah-Hartman <gregkh@suse.de>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: Joe Perches <joe@perches.com>
Cc: Oliver Neukum <oliver@neukum.org>
Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
'sparse' spotted that the parameters to kzalloc in l2tp_dfs_seq_open
were swapped.
Tested on current git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git
at 1792f17b72 build, boots and I can see that directory,
but there again I could see /sys/kernel/debug/l2tp with it swapped; I don't have
any l2tp in use.
Signed-off-by: Dr. David Alan Gilbert <linux@treblig.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Sparse caught several places where ioctl interface was incorrectly using user
memory. Fix all the ioctl cases for casting and __user annotation.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>