The problem is in gb_lights_request_handler(). If we get a request to
change the config then we release the light with gb_lights_light_release()
and re-allocated it. However, if the allocation fails part way through
then we call gb_lights_light_release() again. This can lead to a couple
different double frees where we haven't cleared out the original values:
gb_lights_light_v4l2_unregister(light);
...
kfree(light->channels);
kfree(light->name);
I also made a small change to how we set "light->channels_count = 0;".
The original code handled this part fine and did not cause a use after
free but it was sort of complicated to read.
Fixes: 2870b52bae ("greybus: lights: add lights implementation")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Rui Miguel Silva <rmfrfs@gmail.com>
Link: https://lore.kernel.org/r/20190829122839.GA20116@mwanda
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Make use of the struct_size() helper instead of an open-coded version
in order to avoid any potential type mistakes, in particular in the
context in which this code is being used.
So, replace code of the following form:
sizeof(*resp) + props_count * sizeof(struct gb_power_supply_props_desc)
with:
struct_size(resp, props, props_count)
This code was detected with the help of Coccinelle.
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Rui Miguel Silva <rmfrfs@gmail.com>
Reviewed-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Since moving the message buffers off the stack, the dynamically
allocated get-prop-descriptor request buffer is incorrectly sized due to
using the pointer rather than request-struct size when creating the
operation.
Fortunately, the pointer size is always larger than this one-byte
request, but this could still cause trouble on the remote end due to the
unexpected message size.
Fixes: 9d15134d06 ("greybus: power_supply: rework get descriptors")
Cc: stable <stable@vger.kernel.org> # 4.9
Cc: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Reviewed-by: Rui Miguel Silva <rmfrfs@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
There are a few remaining drivers/staging/*/Kconfig files that do not
have SPDX identifiers in them. Add the correct GPL-2.0 identifier to
them to make scanning tools happy.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Challenge suggested by Coccinelle
Remove print statement following unsuccessful kmalloc when there
is not enough memory. Kmalloc and variants normally produce a
backtrace in such a case. Hence, a print statement is not necessary.
Found using the following Coccinelle semantic patch:
@@
identifier i,print;
constant char [] c;
@@
i = (\(kmalloc\|devm_kzalloc\|kmalloc_array\|
devm_ioremap\|usb_alloc_urb\|alloc_netdev\|dev_alloc_skb\|
kzalloc\|kcalloc\|kmem_cache_alloc\|kmem_cache_zalloc\|
kmem_cache_alloc_node\|kmalloc_node\|kzalloc_node\)(...));
(
if (i == NULL)
{
-print(...,c,...);
...when any
}
|
if (!i)
{
-print(...,c,...);
...when any
}
)
Signed-off-by: Sanjana Sanikommu <sanjana99reddy99@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Challenge suggested by coccinelle.
Remove unnecessary parathesis around the right hand of
assignment using the below script.
@@
binary operator op = {==,!=,&&,||,>=,<=,&,|};
expression l, r, t;
@@
(
l = (r op t)
|
l =
-(
r
-)
)
Signed-off-by: Sanjana Sanikommu <sanjana99reddy99@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Functions are implicitly declared with "extern". The compiler doesn't
need it. extern removed from drivers/staging/greybus/audio_codec.h
file.
Signed-off-by: Payal Kshirsagar <payal.s.kshirsagar.98@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Clean checkpatch.pl issue in various files:
CHECK: Alignment should match open parenthesis
Adjust parameters to match alignment with open paranthesis
Signed-off-by: Bhanusree Pola <bhanusreemahesh@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove blank line to resolve checkpatch.pl issue:
CHECK: Blank lines aren't necessary before a close brace '}'
Signed-off-by: Bhanusree Pola <bhanusreemahesh@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove unnecessary blank line
issue found with checkpatch.pl:
CHECK: Please don't use multiple blank lines
Signed-off-by: Bhanusree Pola <bhanusreemahesh@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Use the gpiod interface instead of the deprecated old non-descriptor
interface while continuing to ignore gpio flags from device tree in
"svc_reset_onoff()" for now.
Reviewed-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Nishad Kamdar <nishadkamdar@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Use the gpiod interface instead of the deprecated old non-descriptor
interface while continuing to ignore gpio flags from device tree in
functions "deassert_reset()" and "assert_reset()" for now.
Reviewed-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Nishad Kamdar <nishadkamdar@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Convert the GPIO driver to use the GPIO irqchip library
GPIOLIB_IRQCHIP instead of reimplementing the same.
Reviewed-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Nishad Kamdar <nishadkamdar@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Some parameters are aligned with parentheses.
Some parentheses was opened at end of line.
Signed-off-by: Cristian Sicilia <sicilia.cristian@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This reverts commit 57d053682f.
Johan writes:
This commit doesn't even do what it claims. It leaves the two
spaces before tabs in place and instead removes a tab that was
used to indent a continuation line, and therefore also hurts
readability while introducing an inconsistency.
Reported-by: Johan Hovold <johan@kernel.org>
Cc: Ioannis Valasakis <code@wizofe.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This reverts commit fcb733b546.
Johan writes:
This patch removes the double newlines that were used as section
headers in the lengthy protocol header file, and therefore hurts
readability.
So I'm reverting it.
Reported-by: Johan Hovold <johan@kernel.org>
Cc: Ioannis Valasakis <code@wizofe.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove unmatched right bracket. Reported by uncrustify.
Signed-off-by: Ioannis Valasakis <code@wizofe.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove two instances of a comparison to BOOL.
Reported by coccinelle.
Signed-off-by: Ioannis Valasakis <code@wizofe.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove extra spaces before the tab character inside a comment section.
Reported by checkpatch.
Signed-off-by: Ioannis Valasakis <code@wizofe.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add extra spaces around the OR operator.
Reported by checkpatch.
Signed-off-by: Ioannis Valasakis <code@wizofe.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove extra blank lines to conform with coding style.
Reported by checkpatch.
Signed-off-by: Ioannis Valasakis <code@wizofe.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove extra space before a tab character.
Reported by checkpatch.
Signed-off-by: Ioannis Valasakis <code@wizofe.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Replace SPDX License Identifier comments with C comments.
Reported by checkpatch.
Signed-off-by: Ioannis Valasakis <code@wizofe.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Align arguments with the right side of the open left parentheses.
Reported by checkpatch.
Signed-off-by: Ioannis Valasakis <code@wizofe.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Replace the SPDX identifier with standard C comment.
Reported by checkpatch.
Signed-off-by: Ioannis Valasakis <code@wizofe.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Align parameters to the right side of the left parentheses
Reported by checkpatch.
Signed-off-by: Ioannis Valasakis <code@wizofe.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Shorten pointer NULL check by simple truth test.
Reported by checkpatch.
Signed-off-by: Ioannis Valasakis <code@wizofe.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
gb_loopback_device::list_op_async is never used except for the
LIST_INIT. The ::list field appears to have a few more uses, but on
closer inspection the linked list of struct gb_loopbacks that it heads
is never used for anything, so there's no reason to maintain it, much
less to keep it sorted.
Reviewed-by: Bryan O'Donoghue <pure.logic@nexus-software.ie>
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Pull staging/IIO driver updates from Greg KH:
"Here is the big staging and IIO driver pull request for 4.20-rc1.
There are lots of things here, we ended up adding more lines than
removing, thanks to a large influx of Comedi National Instrument
device support. Someday soon we need to get comedi out of staging...
Other than the comedi drivers, the "big" things here are:
- new iio drivers
- delete dgnc driver (no one used it and no one had the hardware
anymore)
- vbox driver updates and fixes
- erofs fixes
- tons and tons of tiny checkpatch fixes for almost all staging
drivers
All of these have been in linux-next, with the last few happening a
bit "late" due to them getting stuck on my laptop during travel to the
Mantainers summit"
* tag 'staging-4.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (690 commits)
staging: gasket: Fix sparse "incorrect type in assignment" warnings.
staging: gasket: remove debug logs for callback invocation
staging: gasket: remove debug logs in page table mapping calls
staging: rtl8188eu: core: Use sizeof(*p) instead of sizeof(struct P) for memory allocation
staging: ks7010: Remove extra blank line
staging: gasket: Remove extra blank line
staging: media: davinci_vpfe: Fix spelling mistake in enum
staging: speakup: Add a pair of braces
staging: wlan-ng: Replace long int with long
staging: MAINTAINERS: remove obsolete IPX staging directory
staging: MAINTAINERS: remove NCP filesystem entry
staging: rtl8188eu: cleanup comparsions to false
staging: gasket: Update device virtual address comment
staging: gasket: sysfs: fix attribute release comment
staging: gasket: apex: fix sysfs_show
staging: gasket: page_table: simplify gasket_components_to_dev_address
staging: gasket: page_table: fix comment in components_to_dev_address
staging: gasket: page table: fixup error path allocating coherent mem
staging: gasket: page_table: rearrange gasket_page_table_entry
staging: gasket: page_table: remove unnecessary PTE status set to free
...
It's not obvious how the code prevents adding more than 31 elements to
the list and thus invoking undefined behaviour in the 1 << new_lbid
expression, and in practice causing ->lbid values to repeat every 32
elements.
But the definition of struct gb_loopback is local to loopback.c, and the
lbid field is entirely unused outside of this function, so it seems we
can just drop it entirely.
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Reviewed-by: Bryan O'Donoghue <pure.logic@nexus-software.ie>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
