Commit Graph

19 Commits

Author SHA1 Message Date
Marcel Holtmann 059819a41d [PATCH] Fix buffer overflow in Omnikey CardMan 4040 driver (CVE-2007-0005)
Based on a patch from Don Howard <dhoward@redhat.com>

When calling write() with a buffer larger than 512 bytes, the
driver's write buffer overflows, allowing to overwrite the EIP and
execute arbitrary code with kernel privileges.

In read(), there exists a similar problem, but coming from the device.
A malicous or buggy device sending more than 512 bytes can overflow
of the driver's read buffer, with the same effects as above.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Harald Welte <laforge@gnumonks.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-06 18:01:04 -08:00
Jiri Slaby 40565f1962 [PATCH] Char: timers cleanup
- Use timer macros to set function and data members and to modify
  expiration time.
- Use DEFINE_TIMER for global timers and do not init them at run-time in
  these cases.
- del_timer_sync is common in most cases -- we want to wait for timer
  function if it's still running.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Cc: Dave Airlie <airlied@linux.ie>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: Alessandro Zummo <a.zummo@towertech.it>
Cc: Paul Fulghum <paulkf@microgate.com>
Cc: Kylene Jo Hall <kjhall@us.ibm.com>
Cc: Wim Van Sebroeck <wim@iguana.be>
Acked-by: Dmitry Torokhov <dtor@mail.ru>	(Input bits)
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-02-12 09:48:30 -08:00
Dominik Brodowski af2b3b503a [PATCH] pcmcia: conf.ConfigBase and conf.Present consolidation
struct pcmcia_device *p_dev->conf.ConfigBase and .Present are set in almost
all PCMICA driver right at the beginning, using the same calls but slightly
different implementations. Unfiy this in the PCMCIA core.

Includes a small bugfix ("drivers/net/pcmcia/xirc2ps_cs.c: remove unused
label") from and Signed-off-by Adrian Bunk <bunk@stusta.de>

Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
2006-12-04 20:12:02 -05:00
Akinobu Mita 5eb5fc97d8 [PATCH] cm4000_cs: fix return value check
The return value of class_create() need to be checked with IS_ERR().
And register_chrdev() returns errno on failure.
This patch includes these fixes for cm4000_cs and cm4040_cs.

Signed-off-by: Akinbou Mita <akinobu.mita@gmail.com>
Signed-off-by: Harald Welte <laforge@gnumonks.org>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
2006-12-04 20:09:13 -05:00
Arjan van de Ven 62322d2554 [PATCH] make more file_operation structs static
Mark the static struct file_operations in drivers/char as const.  Making
them const prevents accidental bugs, and moves them to the .rodata section
so that they no longer do any false sharing; in addition with the proper
debug option they are then protected against corruption..

[akpm@osdl.org: build fix]
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-03 15:26:59 -07:00
Harald Welte 7fc5b1e3a1 [Cardman 40x0] Fix udev device creation
This patch corrects the order of the calls to register_chrdev() and
pcmcia_register_driver().  Now udev correctly creates userspace device
files /dev/cmmN and /dev/cmxN respectively.

Based on an earlier patch by Jan Niehusmann <jan@gondor.com>.

Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-05-10 13:46:02 -07:00
Dominik Brodowski 9940ec3617 [PATCH] pcmcia: convert DEV_OK to pcmcia_dev_present
Instead of the DEV_OK macro, drivers should use pcmcia_dev_present().

Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
2006-03-31 17:26:57 +02:00
Dominik Brodowski e2d4096365 [PATCH] pcmcia: use bitfield instead of p_state and state
Instead of the two status values struct pcmcia_device->p_state and state,
use descriptive bitfields. Most value-checking in drivers was invalid, as
the core now only calls the ->remove() (a.k.a. detach) function in case the
attachement _and_ configuration was successful.

Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
2006-03-31 17:26:33 +02:00
Dominik Brodowski 15b99ac172 [PATCH] pcmcia: add return value to _config() functions
Most of the driver initialization isn't done in the .probe function, but in
the internal _config() functions. Make them return a value, so that .probe
can properly report whether the probing of the device succeeded or not.

Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
2006-03-31 17:26:06 +02:00
Dominik Brodowski fba395eee7 [PATCH] pcmcia: remove dev_link_t and client_handle_t indirection
dev_link_t * and client_handle_t both mean struct pcmcai_device * by now.
Therefore, remove all such indirections.

Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
2006-03-31 17:21:06 +02:00
Dominik Brodowski fd238232cd [PATCH] pcmcia: embed dev_link_t into struct pcmcia_device
Embed dev_link_t into struct pcmcia_device(), as they basically address the
same entity. The actual contents of dev_link_t will be cleaned up step by step.
This patch includes a bugfix from and signed-off-by Andrew Morton.

Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
2006-03-31 17:15:57 +02:00
Dominik Brodowski 70294b4683 [PATCH] pcmcia: remove unneeded Vcc pseudo setting
As we do not allow setting Vcc in the pcmcia core, and Vpp1 and
Vpp2 can only be set to the same value, a lot of code can be
streamlined.

Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
2006-03-31 17:15:55 +02:00
Dominik Brodowski 8661bb5b4a [PATCH] pcmcia: default suspend and resume handling
In all but one case, the suspend and resume functions of PCMCIA drivers
contain mostly of calls to pcmcia_release_configuration() and
pcmcia_request_configuration(). Therefore, move this code out of the
drivers and into the core.

Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
2006-03-31 17:15:52 +02:00
Dominik Brodowski 5f2a71fcb7 [PATCH] pcmcia: add pcmcia_disable_device
pcmcia_disable_device(struct pcmcia_device *p_dev) performs the necessary
cleanups upon device or driver removal: it calls the appropriate
pcmcia_release_* functions, and can replace (most) of the current drivers'
_release() functions.

Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
2006-03-31 17:15:50 +02:00
Harald Welte 67bc620006 [PATCH] pcmcia: CM4000, CM4040 Driver fixes
Using this patch, Omnikey CardMan 4000 and 4040 devices automatically
get their device nodes created by udev.

Also, we now check for (and handle) failure of pcmcia_register_driver()

Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
2006-03-01 11:18:30 +01:00
Dominik Brodowski f8cfa618dc [PATCH] pcmcia: unify attach, EVENT_CARD_INSERTION handlers into one probe callback
Unify the EVENT_CARD_INSERTION and "attach" callbacks to one unified
probe() callback. As all in-kernel drivers are changed to this new
callback, there will be no temporary backwards-compatibility. Inside a
probe() function, each driver _must_ set struct pcmcia_device
*p_dev->instance and instance->handle correctly.

With these patches, the basic driver interface for 16-bit PCMCIA drivers
now has the classic four callbacks known also from other buses:

        int (*probe)            (struct pcmcia_device *dev);
        void (*remove)          (struct pcmcia_device *dev);

        int (*suspend)          (struct pcmcia_device *dev);
        int (*resume)           (struct pcmcia_device *dev);

Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
2006-01-06 00:03:24 +01:00
Dominik Brodowski cc3b4866be [PATCH] pcmcia: unify detach, REMOVAL_EVENT handlers into one remove callback
Unify the "detach" and REMOVAL_EVENT handlers to one "remove" function.
Old functionality is preserved, for the moment.

Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
2006-01-06 00:03:10 +01:00
Dominik Brodowski 98e4c28b7e [PATCH] pcmcia: new suspend core
Move the suspend and resume methods out of the event handler, and into
special functions. Also use these functions for pre- and post-reset, as
almost all drivers already do, and the remaining ones can easily be
converted.

Bugfix to include/pcmcia/ds.c
Signed-off-by: Andrew Morton <akpm@osdl.org>

Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
2006-01-05 23:59:02 +01:00
Harald Welte 77c44ab1d8 [PATCH] New Omnikey Cardman 4040 driver
Add new Omnikey Cardman 4040 smartcard reader driver

Signed-off-by: Harald Welte <laforge@gnumonks.org>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-13 18:14:10 -08:00