Greg Kroah-Hartman,
These issues were found by Dan Carpenter with a static checker and will check
message buffer lengths from userspace or avoid length overflows. Evgeniy
Polyakov has given his ack, and they can be applied to the stable branch as
well.
[PATCH 1/2] cn: verify msg->len before makin
Signed-off-by: David Fries
---
drivers/connector/connector.c |6 ++
1 file changed, 6 insertions(+)
diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c
index f612d68..30f5228 100644
--- a/drivers/connector/connector.c
+++ b/drivers/connector/connector.c
@@ -141,12
Reported-by: Dan Carpenter
Acked-by: Evgeniy Polyakov
Signed-off-by: David Fries
---
drivers/w1/w1_netlink.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/w1/w1_netlink.c b/drivers/w1/w1_netlink.c
index dd96562..881597a 100644
--- a/drivers/w1/w1_netlink.c
ill be freed and set to NULL
causing w1_slave_show to crash when it wakes up.
Signed-off-by: David Fries
Reported-By: Thorsten Bschorr
Tested-by: Thorsten Bschorr
Acked-by: Evgeniy Polyakov
---
This should be applied to the stable series as well. In the name of
full disclosure, this just narr
CPU and
> external disc load (timing and/or electrical issues); it seems that the
> sensor does not respond in time to the (periodic) search.
>
>
> Please email me if you need further information.
>
>
>
> Best regards,
> Thorsten Bschorr
> --
> To unsubscribe fr
On Wed, Mar 04, 2015 at 06:36:41PM +0300, ??? ??? wrote:
> Hi David
>
> 02.03.2015, 03:17, "David Fries" :
>
> > You are correct, it would be a race condition if it doesn't increment
> > the refcnt before unlocking the mutex, and it should get
upstream anyway).
>From 777f5fd75f5f99a3352863e83d226c7b65ebdaa4 Mon Sep 17 00:00:00 2001
From: David Fries
Date: Sat, 7 Mar 2015 22:25:37 -0600
Subject: [PATCH] w1_therm, don't let the slave go away while in w1_slave_show
A temperature conversion can take 750 ms to complete, if the senso
e if mobing the sl lock at the beginning of
> w1_slave_show can cause dead locks in other scenarios.
I'm not sure, I would probably switch back to the referencing counting
version I wrote earlier, or make the bus mutex lock a timed lock or
try lock first.
--
David Fries PGP pub CB1EE8F0
ht
On Tue, Mar 10, 2015 at 04:52:00PM +0300, Evgeniy Polyakov wrote:
> Hi
>
> 10.03.2015, 02:09, "David Fries" :
>
> > diff --git a/drivers/w1/slaves/w1_therm.c b/drivers/w1/slaves/w1_therm.c
> > index 1f11a20..39a9e6a 100644
> > --- a/drivers/w1/slave
On Sat, Mar 14, 2015 at 11:55:16PM +0300, Evgeniy Polyakov wrote:
> Hi David
>
> 12.03.2015, 03:54, "David Fries" :
> > Would that be removing all four refcnt, w1_slave, w1_master,
> > w1_family, w1_cb_block, or just some of them? It sounds good to me,
> >
On Wed, Mar 18, 2015 at 06:18:53PM +0300, Evgeniy Polyakov wrote:
> Hi
>
> 18.03.2015, 07:20, "David Fries" :
> > static void w1_therm_remove_slave(struct w1_slave *sl)
> > {
> > + int refcnt = atomic_sub_return(1, THERM_REFCNT(sl->family_data));
ocumentation/SubmittingPatches if you haven't
already.
Signed-off-by: David Fries
scripts/checkpatch.pl /tmp/w1_null_patch.patch
Thanks, keep up improving things.
On Fri, Feb 27, 2015 at 09:43:14AM +0100, Thorsten.Bschorr wrote:
> w1_slave_show unlocks the bus while waiting for the se
On Sun, Mar 01, 2015 at 04:48:22AM +0300, ??? ??? wrote:
> Hi everyone
>
> 28.02.2015, 23:18, "David Fries" :
> > Thanks for preparing the patch, it looks like it will go another
> > round, but that happens to everyone.
>
> Patch itself does
if (i != 0) {
/* failed to lock */
return i;
}
if (!refcnt)
/* got lock, but slave went away */
mutex_unl
101 - 114 of 114 matches
Mail list logo
