Age | Commit message (Collapse) | Author | Files | Lines |
|
nonstatic_find_mem_region()
[ Upstream commit 977d2e7c63c3d04d07ba340b39987742e3241554 ]
In nonstatic_find_mem_region(), pcmcia_make_resource() is assigned to
res and used in pci_bus_alloc_resource(). There a dereference of res
in pci_bus_alloc_resource(), which could lead to a NULL pointer
dereference on failure of pcmcia_make_resource().
Fix this bug by adding a check of res.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_PCCARD_NONSTATIC=y show no new warnings,
and our static analyzer no longer warns about this code.
Fixes: 49b1153adfe1 ("pcmcia: move all pcmcia_resource_ops providers into one module")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
__nonstatic_find_io_region()
[ Upstream commit ca0fe0d7c35c97528bdf621fdca75f13157c27af ]
In __nonstatic_find_io_region(), pcmcia_make_resource() is assigned to
res and used in pci_bus_alloc_resource(). There is a dereference of res
in pci_bus_alloc_resource(), which could lead to a NULL pointer
dereference on failure of pcmcia_make_resource().
Fix this bug by adding a check of res.
This bug was found by a static analyzer. The analysis employs
differential checking to identify inconsistent security operations
(e.g., checks or kfrees) between two code paths and confirms that the
inconsistent operations are not recovered in the current function or
the callers, so they constitute bugs.
Note that, as a bug found by static analysis, it can be a false
positive or hard to trigger. Multiple researchers have cross-reviewed
the bug.
Builds with CONFIG_PCCARD_NONSTATIC=y show no new warnings,
and our static analyzer no longer warns about this code.
Fixes: 49b1153adfe1 ("pcmcia: move all pcmcia_resource_ops providers into one module")
Signed-off-by: Zhou Qingyang <zhou1615@umn.edu>
[linux@dominikbrodowski.net: Fix typo in commit message]
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
Even though it is just in a dev_dbg statement, improve the printk format
to use %pr instead of plain %p.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Reduce object size a little by using dev_<level>
calls instead of dev_printk(KERN_<LEVEL>.
Other miscellanea:
o Coalesce formats
o Realign arguments
o Use pr_cont instead of naked printk
reorder test to use "%s\n"
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Conflicts:
drivers/devfreq/exynos4_bus.c
Sync with Linus' tree to be able to apply patches that are
against newer code (mvneta).
|
|
Coverity complains about a use after free for 'res1' and 'res2' since
we use the value of the pointers in a 'dev_dbg()' after they have been
freed. That's not really a problem, but it still seems cleaner to
defer freeing until we are completely done with the pointers.
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
|
CONFIG_HOTPLUG is going away as an option so __devexit is no
longer needed.
Signed-off-by: Bill Pemberton <wfp5p@virginia.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
CONFIG_HOTPLUG is going away as an option so __devinit is no longer
needed.
Signed-off-by: Bill Pemberton <wfp5p@virginia.edu>
Cc: Eric Miao <eric.y.miao@gmail.com>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Haojian Zhuang <haojian.zhuang@gmail.com>
Acked-by: Eric Miao <eric.y.miao@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
CONFIG_HOTPLUG is going away as an option so __devexit_p is no longer
needed.
Signed-off-by: Bill Pemberton <wfp5p@virginia.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Several fixes as well where the +1 was missing.
Done via coccinelle scripts like:
@@
struct resource *ptr;
@@
- ptr->end - ptr->start + 1
+ resource_size(ptr)
and some grep and typing.
Mostly uncompiled, no cross-compilers.
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
|
pcmcia_enable_device() now replaces pcmcia_request_configuration().
Instead of config_req_t, all necessary flags are either passed as
a parameter to pcmcia_enable_device(), or (in rare circumstances)
set in struct pcmcia_device -> flags.
With the last remaining user of include/pcmcia/cs.h gone, remove
all references.
CC: netdev@vger.kernel.org
CC: linux-wireless@vger.kernel.org
CC: linux-ide@vger.kernel.org
CC: linux-usb@vger.kernel.org
CC: laforge@gnumonks.org
CC: linux-mtd@lists.infradead.org
CC: alsa-devel@alsa-project.org
CC: linux-serial@vger.kernel.org
CC: Jiri Kosina <jkosina@suse.cz>
CC: linux-scsi@vger.kernel.org
Acked-by: Gustavo F. Padovan <padovan@profusion.mobi> (for drivers/bluetooth)
Tested-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Insert PCMCIA device resources into the resource tree. However, this is
currently only implemented for sockets which do not statically map the
resources.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Remove some obsolete definitions from cs.h
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Remove cs_types.h which is no longer needed: Most definitions aren't
used at all, a few can be made away with, and two remaining definitions
(typedefs, unfortunatley) may be moved to more specific places.
CC: linux-ide@vger.kernel.org
CC: linux-usb@vger.kernel.org
CC: laforge@gnumonks.org
CC: linux-mtd@lists.infradead.org
CC: alsa-devel@alsa-project.org
CC: linux-serial@vger.kernel.org
Acked-by: Marcel Holtmann <marcel@holtmann.org> (for drivers/bluetooth/)
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
As we only provide one way to set up resources now, we can remove
the resource-setup-related bitfield (except resource_setup_done).
In addition, pcmcia_state only consisted of one entry, so remove
this bitfield as well.
Suggested-by: Komuro <komurojun-mbn@nifty.com>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
On the PCI root bus on the x86 architecture, the risk of hitting
some strange system devices is too high: If a driver isn't loaded,
the resources are not claimed; even if a driver is loaded, it
may not request all resources or even the wrong one. We can neither
trust the rest of the kernel nor ACPI/PNP and CRS parsing to get it
right.
Therefore, explicitly spell out what safeguards we provide, and add
a safeguard to only use resources which are set up exclusively for
the secondary PCI bus (non-subtractive mode): the risk of hitting
system devices is quite low, as they usually aren't connected to
the secondary PCI bus.
CC: Jesse Barnes <jbarnes@virtuousgeek.org>
CC: Bjorn Helgaas <bjorn.helgaas@hp.com>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Clean up the alloc_io_space() function by moving most of it to
the actual resource_ops. This allows for a bit less re-directions.
Future cleanups will follow, and will make up for the code
duplication currently present between rsrc_iodyn and rsrc_nonstatic
(which are hardly ever built at the same time anyway, therefore no
increase in built size).
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Size needs to be calculated after manipulating with the start value.
Reported-by: Komuro <komurojun-mbn@nifty.com>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Similar to commit 7a96e87d, we need to be aware of any parent PCI
device when requesting IO regions, even only for testing
("probing").
Reported-by: Komuro <komurojun-mbn@nifty.com>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
- pcmcia_align() used a "start" variable twice. That's obviously a bad
idea.
- pcmcia_common_resource() needs the current "start" parameter being
passed, instead of res->start.
- pcmcia_common_resource() doesn't use the size and align parameters,
so get rid of those.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6:
x86/PCI: truncate _CRS windows with _LEN > _MAX - _MIN + 1
x86/PCI: for host bridge address space collisions, show conflicting resource
frv/PCI: remove redundant warnings
x86/PCI: remove redundant warnings
PCI: don't say we claimed a resource if we failed
PCI quirk: Disable MSI on VIA K8T890 systems
PCI quirk: RS780/RS880: work around missing MSI initialization
PCI quirk: only apply CX700 PCI bus parking quirk if external VT6212L is present
PCI: complain about devices that seem to be broken
PCI: print resources consistently with %pR
PCI: make disabled window printk style match the enabled ones
PCI: break out primary/secondary/subordinate for readability
PCI: for address space collisions, show conflicting resource
resources: add interfaces that return conflict information
PCI: cleanup error return for pcix get and set mmrbc functions
PCI: fix access of PCI_X_CMD by pcix get and set mmrbc functions
PCI: kill off pci_register_set_vga_state() symbol export.
PCI: fix return value from pcix_get_max_mmrbc()
|
|
No functional change; just print resources in the conventional style.
Signed-off-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
|
|
On x86 systems using ACPI _CRS information -- now the default for
post-2008 systems -- the PCI root bus no longer pretends to be
offering the root ioport_resource. To avoid accidentally hitting
some platform / system device, use only I/O ports >= 0x100 for
PCMCIA devices on x86.
Reported-by: Komuro <komurojun-mbn@nifty.com>
CC: Bjorn Helgaas <bjorn.helgaas@hp.com>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia-2.6: (49 commits)
pcmcia: validate late-added resources
pcmcia: allow for extension of resource interval
pcmcia: remove useless msleep in ds.c
pcmcia: use read_cis_mem return value
pcmcia: handle error in serial_cs config calls
pcmcia: add locking to pcmcia_{read,write}_cis_mem
pcmcia: avoid prod_id memleak
pcmcia: avoid sysfs-related lockup for cardbus
pcmcia: use state machine for extended requery
pcmcia: delay re-scanning and re-querying of PCMCIA bus
pcmcia: use pccardd to handle eject, insert, suspend and resume requests
pcmcia: use ops_mutex for rsrc_{mgr,nonstatic} locking
pcmcia: use mutex for dynid lock
pcmcia: assert locking to struct pcmcia_device
pcmcia: add locking documentation
pcmcia: simplify locking
pcmcia: add locking to struct pcmcia_socket->pcmcia_state()
pcmcia: protect s->device_count
pcmcia: properly lock skt->irq, skt->irq_mask
pcmcia: lock ops->set_socket
...
|
|
Currently, only those mem resources are validated which are already
registered at the time the first PCMCIA card is inserted. As we can
only validate resources immediately after card insert, store
"registered" mem resources in mem_db, and only upon validation move
them to mem_db_valid. When allocationg mem resources, mem_db_valid is
then preferred to mem_db.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
No functional change; this converts loops that iterate from 0 to
PCI_BUS_NUM_RESOURCES through pci_bus resource[] table to use the
pci_bus_for_each_resource() iterator instead.
This doesn't change the way resources are stored; it merely removes
dependencies on the fact that they're in a table.
Signed-off-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
|
|
Now that we return the new resource start position, there is no
need to update "struct resource" inside the align function.
Therefore, mark the struct resource as const.
Cc: Bjorn Helgaas <bjorn.helgaas@hp.com>
Cc: Yinghai Lu <yhlu.kernel@gmail.com>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
|
|
As suggested by Linus, align functions should return the start
of a resource, not void. An update of "res->start" is no longer
necessary.
Cc: Bjorn Helgaas <bjorn.helgaas@hp.com>
Cc: Yinghai Lu <yhlu.kernel@gmail.com>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
|
|
If a new interval overlaps or extends an existing interval in
add_interval(), do not fail, but extend the existing interval.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Tested-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Protect the pccard_operations callback "set_mem_map" by a new
mutex ops_mutex. This mutex also protects the following values
in struct pcmcia_socket:
pccard_mem_map win[]
pccard_mem_map cis_mem
void __iomem *cis_virt
Tested-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
As PCMCIA is the only real user of CIS access functions, include
cistpl.c in the PCMCIA module, not in the PCMCIA & CardBus core
module.
Tested-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Add a lot of documentation to the rsrc_nonstatic io memory probe
functions. Also, add a first memory probe call -- just checking
whether request_resource() succeeds -- upon adding of resources.
Tested-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
In pccard_validate_cis(), validate the card CIS, not the CIS cache.
Also, destroy the CIS cache if pccard_validate_cis fails.
Furthermore, do not remove the fake CIS in destroy_cis_cache() but
do so explicitely in the code paths where it makes sense.
Tested-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Do not release any iomem resources already in use.
Tested-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Fix several CodingStyle issues in drivers/pcmcia/ . checkpatch.pl no longer
reports errors in the PCMCIA core. The remaining warnings mostly relate to
wrong indent -- PCMCIA historically used 4 spaces --, to lines over 80
characters and to hundreds of typedefs. The cleanup of those will follow
in the future.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
pccard_read_tuple(), which is only used by the PCMCIA core, should
handle TUPLE_RETURN_COMMON more sensibly: If a specific function (which
may be 0) is requested, set tuple.Attributes = 0 as was done in all
PCMCIA drivers. If, however, BIND_FN_ALL is requested, return the
"common" tuple. As to the callers of pccard_read_tuple():
- All calls to pcmcia_validate_cis() had set the "function" parameter to
BIND_FN_ALL. Therefore, remove the "function" parameter and make the
parameter to pccard_read_tuple explicit.
- Calls to CISTPL_VERS_1 and CISTPL_MANFID now set BIND_FN_ALL. This was
already the case for calls to CISTPL_LONGLINK_MFC.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Signed-off-by: Frans Pop <elendil@planet.nl>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Signed-Off-By: Kay Sievers <kay.sievers@vrfy.org>
Acked-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia-2.6: (49 commits)
pcmcia: ioctl-internal definitions
pcmcia: cistpl header cleanup
pcmcia: remove unused argument to pcmcia_parse_tuple()
pcmcia: card services header cleanup
pcmcia: device_id header cleanup
pcmcia: encapsulate ioaddr_t
pcmcia: cleanup device driver header file
pcmcia: cleanup socket services header file
pcmcia: merge ds_internal.h into cs_internal.h
pcmcia: cleanup cs_internal.h
pcmcia: cs_internal.h is internal
pcmcia: use dev_printk for cs_error()
pcmcia: remove CS_ error codes alltogether
pcmcia: deprecate CS_BAD_TUPLE
pcmcia: deprecate CS_BAD_ARGS
pcmcia: deprecate CS_BAD_BASE, CS_BAD_IRQ, CS_BAD_OFFSET and CS_BAD_SIZE
pcmcia: deprecate CS_BAD_ATTRIBUTE, CS_BAD_TYPE and CS_BAD_PAGE
pcmcia: deprecate CS_NO_MORE_ITEMS
pcmcia: deprecate CS_IN_USE
pcmcia: deprecate CS_CONFIGURATION_LOCKED
...
Fix trivial conflict in drivers/pcmcia/ds.c manually
|
|
CS_OUT_OF_RESOURCE was almost only used to note -ENOMEM situations.
Therefore, use -ENOMEM explicitely, and also print out warnings.
CC: netdev@vger.kernel.org
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Instead of using own error or success codes, the PCMCIA code should rely on
the generic return values. Therefore, replace all occurrences of CS_SUCCESS
with 0.
CC: netdev@vger.kernel.org
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Bug found by Harvey Harrison and Stephen Rothwell.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
The code in include/pcmcia/bulkmem.h was only kept for compatibility reasons.
Therefore, move the remaining region_info_t definition to ds.h
[linux@dominikbrodowski.net: do not modify the IOCTL, move definition to
ds.h, and update changelog]
Signed-off-by: Magnus Damm <damm@opensource.se>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
As cisinfo_t only contains one unsigned_int, pccard_validate_cis can
be simplified by passing that around directly.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|
|
Let pcmcia_ioctl interact with rsrc_nonstatic using functions which
rsrc_nonstatic.c has to use anyway.
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
|