1. 25 7月, 2016 23 次提交
  2. 18 7月, 2016 3 次提交
    • R
      mmc: pxamci: fix potential oops · b3802db5
      Robert Jarzmik 提交于
      As reported by Dan in his report in [1], there is a potential NULL
      pointer derefence if these conditions are met :
       - there is no platform_data provided, ie. host->pdata = NULL
      
      Fix this by only using the platform data ro_invert when a gpio for
      read-only is provided by the platform data.
      
      This doesn't appear yet as every pxa board provides a platform_data, and
      calls pxa_set_mci_info() with a non NULL pointer.
      
      [1] [bug report] mmc: pxamci: fix card detect with slot-gpio API.
      The commit fd546ee6 ("mmc: pxamci: fix card detect with slot-gpio
      API") from Sep 26, 2015, leads to the following static checker warning:
      
      	drivers/mmc/host/pxamci.c:809 pxamci_probe()
      	warn: variable dereferenced before check 'host->pdata' (see line 798)
      
      Fixes: fd546ee6 ("mmc: pxamci: fix card detect with slot-gpio API")
      Reported-by: NDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: NRobert Jarzmik <robert.jarzmik@free.fr>
      Signed-off-by: NUlf Hansson <ulf.hansson@linaro.org>
      b3802db5
    • T
      mmc: block: fix packed command header endianness · f68381a7
      Taras Kondratiuk 提交于
      The code that fills packed command header assumes that CPU runs in
      little-endian mode. Hence the header is malformed in big-endian mode
      and causes MMC data transfer errors:
      
      [  563.200828] mmcblk0: error -110 transferring data, sector 2048, nr 8, cmd response 0x900, card status 0xc40
      [  563.219647] mmcblk0: packed cmd failed, nr 2, sectors 16, failure index: -1
      
      Convert header data to LE.
      Signed-off-by: NTaras Kondratiuk <takondra@cisco.com>
      Fixes: ce39f9d1 ("mmc: support packed write command for eMMC4.5 devices")
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NUlf Hansson <ulf.hansson@linaro.org>
      f68381a7
    • V
      mmc: block: fix free of uninitialized 'idata->buf' · bfe5b1b1
      Ville Viinikka 提交于
      Set 'idata->buf' to NULL so that it never gets returned without
      initialization. This fixes a bug where mmc_blk_ioctl_cmd() would
      free both 'idata' and 'idata->buf' but 'idata->buf' was returned
      uninitialized.
      
      Fixes: 1ff8950c ("mmc: block: change to use kmalloc when copy data from userspace")
      Signed-off-by: NVille Viinikka <ville@tuxera.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NUlf Hansson <ulf.hansson@linaro.org>
      bfe5b1b1
  3. 02 6月, 2016 3 次提交
  4. 28 5月, 2016 1 次提交
    • A
      remove lots of IS_ERR_VALUE abuses · 287980e4
      Arnd Bergmann 提交于
      Most users of IS_ERR_VALUE() in the kernel are wrong, as they
      pass an 'int' into a function that takes an 'unsigned long'
      argument. This happens to work because the type is sign-extended
      on 64-bit architectures before it gets converted into an
      unsigned type.
      
      However, anything that passes an 'unsigned short' or 'unsigned int'
      argument into IS_ERR_VALUE() is guaranteed to be broken, as are
      8-bit integers and types that are wider than 'unsigned long'.
      
      Andrzej Hajda has already fixed a lot of the worst abusers that
      were causing actual bugs, but it would be nice to prevent any
      users that are not passing 'unsigned long' arguments.
      
      This patch changes all users of IS_ERR_VALUE() that I could find
      on 32-bit ARM randconfig builds and x86 allmodconfig. For the
      moment, this doesn't change the definition of IS_ERR_VALUE()
      because there are probably still architecture specific users
      elsewhere.
      
      Almost all the warnings I got are for files that are better off
      using 'if (err)' or 'if (err < 0)'.
      The only legitimate user I could find that we get a warning for
      is the (32-bit only) freescale fman driver, so I did not remove
      the IS_ERR_VALUE() there but changed the type to 'unsigned long'.
      For 9pfs, I just worked around one user whose calling conventions
      are so obscure that I did not dare change the behavior.
      
      I was using this definition for testing:
      
       #define IS_ERR_VALUE(x) ((unsigned long*)NULL == (typeof (x)*)NULL && \
             unlikely((unsigned long long)(x) >= (unsigned long long)(typeof(x))-MAX_ERRNO))
      
      which ends up making all 16-bit or wider types work correctly with
      the most plausible interpretation of what IS_ERR_VALUE() was supposed
      to return according to its users, but also causes a compile-time
      warning for any users that do not pass an 'unsigned long' argument.
      
      I suggested this approach earlier this year, but back then we ended
      up deciding to just fix the users that are obviously broken. After
      the initial warning that caused me to get involved in the discussion
      (fs/gfs2/dir.c) showed up again in the mainline kernel, Linus
      asked me to send the whole thing again.
      
      [ Updated the 9p parts as per Al Viro  - Linus ]
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Cc: Andrzej Hajda <a.hajda@samsung.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Link: https://lkml.org/lkml/2016/1/7/363
      Link: https://lkml.org/lkml/2016/5/27/486
      Acked-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org> # For nvmem part
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      287980e4
  5. 23 5月, 2016 6 次提交
  6. 20 5月, 2016 1 次提交
  7. 17 5月, 2016 3 次提交