1. 08 6月, 2011 5 次提交
    • J
      pti: double-free security PTI fix · 29021bcc
      J Freyensee 提交于
      This patch fixes a double-free error that will not always be
      seen unless /dev/pti char interface is stressed.
      Signed-off-by: NJ Freyensee <james_p_freyensee@linux.intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
      29021bcc
    • S
      drivers:misc: ti-st: fix skipping of change remote baud · 9d031d94
      Shahar Lev 提交于
      Before the incrementing of ptr in skip_change_remote_baud,
      it points to cur_action, but the increment is done by
      the size of nxt_action instead. This could cause ptr
      to not point to a bts_action structure, which is
      harmful for the increment of ptr done in download_firmware.
      Therefore, the skipping is first done for cur_action.
      Signed-off-by: NShahar Lev <shahar@wizery.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
      9d031d94
    • A
      drivers/base/platform.c: don't mark platform_device_register_resndata() as __init_or_module · bb2b43fe
      Andrew Morton 提交于
      This reverts 737a3bb9 ("Driver core: move platform device
      creation helpers to .init.text (if MODULE=n)").  That patch assumed that
      platform_device_register_resndata() is only ever called from __init code
      but that isn't true in the case ioctl->drm_ioctl->radeon_cp_init().
      
      Addresses https://bugzilla.kernel.org/show_bug.cgi?id=35192
      
      Cc: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
      Reported-by: NAnthony Basile <blueness@gentoo.org>
      Cc: Greg KH <gregkh@suse.de>
      Cc: David Airlie <airlied@linux.ie>
      Cc: <stable@kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
      bb2b43fe
    • S
      st_kim: Handle case of no device found for ID 0 · 7316a9f2
      Steven Rostedt 提交于
      Running ktest.pl, I hit this bug:
      
      [   19.780654] BUG: unable to handle kernel NULL pointer dereference at 0000000c
      [   19.780660] IP: [<c112efcd>] dev_get_drvdata+0xc/0x46
      [   19.780669] *pdpt = 0000000031daf001 *pde = 0000000000000000
      [   19.780673] Oops: 0000 [#1] SMP
      [   19.780680] Dumping ftrace buffer:^M
      [   19.780685]    (ftrace buffer empty)
      [   19.780687] Modules linked in: ide_pci_generic firewire_ohci firewire_core evbug crc_itu_t e1000 ide_core i2c_i801 iTCO_wdt
      [   19.780697]
      [   19.780700] Pid: 346, comm: v4l_id Not tainted 2.6.39-test-02740-gcaebc160-dirty #4                  /DG965MQ
      [   19.780706] EIP: 0060:[<c112efcd>] EFLAGS: 00010202 CPU: 0
      [   19.780709] EIP is at dev_get_drvdata+0xc/0x46
      [   19.780712] EAX: 00000008 EBX: f1e37da4 ECX: 00000000 EDX: 00000000
      [   19.780715] ESI: f1c3f200 EDI: c33ec95c EBP: f1e37d80 ESP: f1e37d80
      [   19.780718]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
      [   19.780721] Process v4l_id (pid: 346, ti=f1e36000 task=f2bc2a60 task.ti=f1e36000)
      [   19.780723] Stack:
      [   19.780725]  f1e37d8c c117d395 c33ec93c f1e37db4 c117a0f9 00000002 00000000 c1725e54
      [   19.780732]  00000001 00000007 f2918c90 f1c3f200 c33ec95c f1e37dd4 c1789d3d 22222222
      [   19.780740]  22222222 22222222 f2918c90 f1c3f200 f29194f4 f1e37de8 c178d5c4 c1725e54
      [   19.780747] Call Trace:
      [   19.780752]  [<c117d395>] st_kim_ref+0x28/0x41
      [   19.780756]  [<c117a0f9>] st_register+0x29/0x562
      [   19.780761]  [<c1725e54>] ? v4l2_open+0x111/0x1e3
      [   19.780766]  [<c1789d3d>] fmc_prepare+0x97/0x424
      [   19.780770]  [<c178d5c4>] fm_v4l2_fops_open+0x70/0x106
      [   19.780773]  [<c1725e54>] ? v4l2_open+0x111/0x1e3
      [   19.780777]  [<c1725e9b>] v4l2_open+0x158/0x1e3
      [   19.780782]  [<c065173b>] chrdev_open+0x22c/0x276
      [   19.780787]  [<c0647c4e>] __dentry_open+0x35c/0x581
      [   19.780792]  [<c06498f9>] nameidata_to_filp+0x7c/0x96
      [   19.780795]  [<c065150f>] ? cdev_put+0x57/0x57
      [   19.780800]  [<c0660cad>] do_last+0x743/0x9d4
      [   19.780804]  [<c065d5fc>] ? path_init+0x1ee/0x596
      [   19.780808]  [<c0661481>] path_openat+0x10c/0x597
      [   19.780813]  [<c05204a1>] ? trace_hardirqs_off+0x27/0x37
      [   19.780817]  [<c0509651>] ? local_clock+0x78/0xc7
      [   19.780821]  [<c0661945>] do_filp_open+0x39/0xc2
      [   19.780827]  [<c1cabc76>] ? _raw_spin_unlock+0x4c/0x5d^M
      [   19.780831]  [<c0674ccd>] ? alloc_fd+0x19e/0x1b7
      [   19.780836]  [<c06499ca>] do_sys_open+0xb7/0x1bd
      [   19.780840]  [<c0608eea>] ? sys_munmap+0x78/0x8d
      [   19.780844]  [<c0649b06>] sys_open+0x36/0x58
      [   19.780849]  [<c1cb809f>] sysenter_do_call+0x12/0x38
      [   19.780852] Code: d8 2f 20 c3 01 83 15 dc 2f 20 c3 00 f0 ff 00 83 05 e0 2f 20 c3 01 83 15 e4 2f 20 c3 00 5d c3 55 89 e5 3e 8d 74 26 00 85 c0 74 28 <8b> 40 04 83 05 e8 2f 20 c3 01 83 15 ec 2f 20 c3 00 85 c0 74 13 ^M
      [   19.780889] EIP: [<c112efcd>] dev_get_drvdata+0xc/0x46 SS:ESP 0068:f1e37d80
      [   19.780894] CR2: 000000000000000c
      [   19.780898] ---[ end trace e7d1d0f6a2d1d390 ]---
      
      The id of 0 passed to st_kim_ref() found no device, keeping pdev null,
      and causing pdev->dev cause a NULL pointer dereference. After having
      st_kim_ref() check for NULL, the st_unregister() function needed to be
      updated to handle the case that st_gdata was not set by the
      st_kim_ref().
      Signed-off-by: NSteven Rostedt <rostedt@goodmis.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
      7316a9f2
    • R
      firmware: fix GOOGLE_SMI kconfig dependency warning · 5daf538a
      Randy Dunlap 提交于
      Is it meaningful/useful to enable EFI_VARS but not EFI?
      That's what GOOGLE_SMI does.  Make it enable EFI also.
      
      Fixes this kconfig dependency warning:
      
      warning: (GOOGLE_SMI) selects EFI_VARS which has unmet direct dependencies (EFI)
      Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com>
      Acked-by: NMike Waychison <mikew@google.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
      5daf538a
  2. 06 6月, 2011 5 次提交
  3. 05 6月, 2011 4 次提交
  4. 04 6月, 2011 24 次提交
  5. 03 6月, 2011 2 次提交