If the length of the socket buffer is 0xFFFFFFFF (max size for an
unsigned int), then payload_len becomes 0xFFFFFFF1 after subtracting 14
(ETH_HLEN). Then, mdp_len is set to payload_len + 16 (MDP_HDR_LEN)
which overflows and results in a value of 2. These values for
payload_len and mdp_len will pass current buffer size checks.
This patch checks if derived from skb->len sum may overflow.
The check is based on the following idea:
For any `unsigned V1, V2` and derived `unsigned SUM = V1 + V2`,
`V1 + V2` overflows iif `SUM < V1`.
Reported-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Andrey Shvetsov <andrey.shvetsov@k2l.de>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200116172238.6046-1-andrey.shvetsov@microchip.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Clean up the driver with the new managed buffer allocation API.
Also remove the unnecessary checks of channels in hw_params callback
as this is guaranteed by the hw constraints in anyway.
After these cleanups, the hw_params and hw_free callbacks became
empty, hence dropped.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20191210141356.18074-2-tiwai@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Pull staging / iio updates from Greg KH:
"Here is the big staging and iio set of patches for the 5.5-rc1
release.
It's the usual huge collection of cleanup patches all over the
drivers/staging/ area, along with a new staging driver, and a bunch of
new IIO drivers as well.
Full details are in the shortlog, but all of these have been in
linux-next for a long time with no reported issues"
* tag 'staging-5.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (548 commits)
staging: vchiq: Have vchiq_dump_* functions return an error code
staging: vchiq: Refactor indentation in vchiq_dump_* functions
staging: fwserial: Fix Kconfig indentation (seven spaces)
staging: vchiq_dump: Replace min with min_t
staging: vchiq: Fix block comment format in vchiq_dump()
staging: octeon: indent with tabs instead of spaces
staging: comedi: usbduxfast: usbduxfast_ai_cmdtest rounding error
staging: most: core: remove sysfs attr remove_link
staging: vc04: Fix Kconfig indentation
staging: pi433: Fix Kconfig indentation
staging: nvec: Fix Kconfig indentation
staging: most: Fix Kconfig indentation
staging: fwserial: Fix Kconfig indentation
staging: fbtft: Fix Kconfig indentation
fbtft: Drop OF dependency
fbtft: Make use of device property API
fbtft: Drop useless #ifdef CONFIG_OF and dead code
fbtft: Describe function parameters in kernel-doc
fbtft: Make sure string is NULL terminated
staging: rtl8723bs: remove set but not used variable 'change', 'pos'
...
This patch avoids that core component modules are being unloaded
while the related configfs interface has active items in its directories.
It is needed to prevent the situation where the core module cannot
be unloaded anymore, because the reference count 'used by' indicates that
the module is still being used and the usage count cannot be decreased by
calling rmdir, as the configfs directory has already been removed.
Signed-off-by: Christian Gromm <christian.gromm@microchip.com>
Link: https://lore.kernel.org/r/1573230068-27658-3-git-send-email-christian.gromm@microchip.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The recent change (*) in the ALSA memalloc core allows us to drop the
special vmalloc-specific allocation and page handling. This patch
coverts to the common code.
(*) 1fe7f397cf: ALSA: memalloc: Add vmalloc buffer allocation
support
7e8edae39f: ALSA: pcm: Handle special page mapping in the
default mmap handler
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://lore.kernel.org/r/20191108164528.998-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
We don't need dev_err() messages when platform_get_irq() fails now that
platform_get_irq() prints an error message itself when something goes
wrong. Let's remove these prints with a simple semantic patch.
// <smpl>
@@
expression ret;
struct platform_device *E;
@@
ret =
(
platform_get_irq(E, ...)
|
platform_get_irq_byname(E, ...)
);
if ( \( ret < 0 \| ret <= 0 \) )
{
(
-if (ret != -EPROBE_DEFER)
-{ ...
-dev_err(...);
-... }
|
...
-dev_err(...);
)
...
}
// </smpl>
While we're here, remove braces on if statements that only have one
statement (manually).
Signed-off-by: Stephen Boyd <swboyd@chromium.org>
Link: https://lore.kernel.org/r/20190730181557.90391-43-swboyd@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove function dim_norm_ctrl_async_buffer_size as it does nothing
except call norm_ctrl_async_buffer_size.
Rename norm_ctrl_async_buffer_size to dim_norm_ctrl_async_buffer_size to
maintain compatibility with call sites of the latter.
Change type of new dim_norm_ctrl_async_buffer_size from static inline to
non-static to match the old version.
Modify only remaining call site of norm_ctrl_async_buffer_size to call
dim_norm_ctrl_async_buffer_size instead.
Issue found with Coccinelle.
Signed-off-by: Nishka Dasgupta <nishkadg.linux@gmail.com>
Link: https://lore.kernel.org/r/20190708064145.3250-1-nishkadg.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Pull driver core and debugfs updates from Greg KH:
"Here is the "big" driver core and debugfs changes for 5.3-rc1
It's a lot of different patches, all across the tree due to some api
changes and lots of debugfs cleanups.
Other than the debugfs cleanups, in this set of changes we have:
- bus iteration function cleanups
- scripts/get_abi.pl tool to display and parse Documentation/ABI
entries in a simple way
- cleanups to Documenatation/ABI/ entries to make them parse easier
due to typos and other minor things
- default_attrs use for some ktype users
- driver model documentation file conversions to .rst
- compressed firmware file loading
- deferred probe fixes
All of these have been in linux-next for a while, with a bunch of
merge issues that Stephen has been patient with me for"
* tag 'driver-core-5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (102 commits)
debugfs: make error message a bit more verbose
orangefs: fix build warning from debugfs cleanup patch
ubifs: fix build warning after debugfs cleanup patch
driver: core: Allow subsystems to continue deferring probe
drivers: base: cacheinfo: Ensure cpu hotplug work is done before Intel RDT
arch_topology: Remove error messages on out-of-memory conditions
lib: notifier-error-inject: no need to check return value of debugfs_create functions
swiotlb: no need to check return value of debugfs_create functions
ceph: no need to check return value of debugfs_create functions
sunrpc: no need to check return value of debugfs_create functions
ubifs: no need to check return value of debugfs_create functions
orangefs: no need to check return value of debugfs_create functions
nfsd: no need to check return value of debugfs_create functions
lib: 842: no need to check return value of debugfs_create functions
debugfs: provide pr_fmt() macro
debugfs: log errors when something goes wrong
drivers: s390/cio: Fix compilation warning about const qualifiers
drivers: Add generic helper to match by of_node
driver_find_device: Unify the match function with class_find_device()
bus_find_device: Unify the match callback with class_find_device
...
Instead of filling in the struct v4l2_capability device_caps
field, fill in the struct video_device device_caps field.
That way the V4L2 core knows what the capabilities of the
video device are.
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch makes the modules net and video deregister its config subsystems
when the modules are removed from the kernel.
Signed-off-by: Christian Gromm <christian.gromm@microchip.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch makes the core components net and video register their config
subsystems with configFS. It is needed to have the configuration interface
of the modules exposed to user space.
Signed-off-by: Christian Gromm <christian.gromm@microchip.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
- Resolve the following warning from the Kconfig,
"WARNING: prefer 'help' over '---help---' for new help texts
Signed-off-by: Moses Christopher <moseschristopherb@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The strcpy() function is being deprecated. Replace it by the safer
strscpy() and fix the following Coverity warning:
"You might overrun the 80-character fixed-size string iface->p->name
by copying iface->description without checking the length."
Addresses-Coverity-ID: 1444760 ("Copy into fixed size buffer")
Fixes: 131ac62253 ("staging: most: core: use device description as name")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
