Am Freitag, den 20.09.2019, 18:01 +0200 schrieb Andrey Konovalov:
> > Reported-and-tested-by:
> > syzbot+d93dff37e6a89431c...@syzkaller.appspotmail.com
[..]
> Hi Oliver,
>
> I was wondering if you've submitted this patch anywhere? The bug is
> still happening.
>
> https://syzkaller.appspot.com/
Am Dienstag, den 20.08.2019, 19:55 +0100 schrieb Ben Hutchings:
> On Tue, 2019-04-30 at 15:07 +0200, Oliver Neukum wrote:
> > dvb_usb_device_exit() frees and uses the device name in that order
> > Fix by storing the name in a buffer before freeing it
> >
> > v2: fixed s
The driver needs an isochronous endpoint to be present. It will
oops in its absence. Add checking for it.
Reported-by: syzbot+d93dff37e6a89431c...@syzkaller.appspotmail.com
Signed-off-by: Oliver Neukum
---
drivers/media/usb/b2c2/flexcop-usb.c | 3 +++
1 file changed, 3 insertions(+)
diff --git
The driver needs to check the endpoint types, too, as opposed
to the number of endpoints. This also requires moving the check earlier.
Reported-by: syzbot+01a77b82edaa37406...@syzkaller.appspotmail.com
Signed-off-by: Oliver Neukum
---
drivers/media/rc/iguanair.c | 15 +++
1 file
This converts the driver to using the BIT macro to increase readability
Signed-off-by: Oliver Neukum
---
drivers/media/usb/pwc/pwc.h | 18 +-
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/drivers/media/usb/pwc/pwc.h b/drivers/media/usb/pwc/pwc.h
index
Kasan reported a use after free in cpia2_usb_disconnect()
It first freed everything and then woke up those waiting.
The reverse order is correct.
Signed-off-by: Oliver Neukum
Reported-by: syzbot+0c90fc937c84f97d0...@syzkaller.appspotmail.com
Fixes: 6c493f8b28c67 ("[media] cpia2: major ove
On Do, 2019-05-02 at 14:43 +0300, Laurent Pinchart wrote:
> Let's capitalise the comment and end it with a period to match the rest
> of the driver. With these small issues fixed,
>
> Reviewed-by: Laurent Pinchart
Hi,
thank you. I agree with them.
Regards
Oliver
dvb_usb_device_exit() frees and uses the device name in that order
Fix by storing the name in a buffer before freeing it
v2: fixed style issues
v3: strscpy used and variable names changed
v4: really use strscpy everywhere
Signed-off-by: Oliver Neukum
Reported-by: syzbot+26ec41e9f788b3eba
We need to check whether this work we are canceling actually is
initialized.
Signed-off-by: Oliver Neukum
Reported-by: syzbot+2e1ef9188251d9cc7...@syzkaller.appspotmail.com
---
drivers/media/usb/uvc/uvc_ctrl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/media
dvb_usb_device_exit() frees and uses the device name in that order
Fix by storing the name in a buffer before freeing it
v2: fixed style issues
v3: strscpy used and variable names changed
Signed-off-by: Oliver Neukum
Reported-by: syzbot+26ec41e9f788b3eba...@syzkaller.appspotmail.com
dvb_usb_device_exit() frees and uses the device name in that order
Fix by storing the name in a buffer before freeing it
v2: fixed style issues
Signed-off-by: Oliver Neukum
Reported-by: syzbot+26ec41e9f788b3eba...@syzkaller.appspotmail.com
---
drivers/media/usb/dvb-usb/dvb-usb-init.c | 7
Am Dienstag, den 15.05.2018, 18:01 +0200 schrieb Hans Verkuil:
> On 05/15/2018 05:46 PM, Oliver Neukum wrote:
> > Am Dienstag, den 15.05.2018, 16:28 +0200 schrieb Hans Verkuil:
> > > On 05/15/18 15:07, Oliver Neukum wrote:
> > > > usbtv_audio_fail:
> > >
Am Dienstag, den 15.05.2018, 16:28 +0200 schrieb Hans Verkuil:
> On 05/15/18 15:07, Oliver Neukum wrote:
> > The premature free in the error path is blocked by V4L
> > refcounting, not USB refcounting. Thanks to
> > Ben Hutchings for review.
> >
> > [v2] corrected
The premature free in the error path is blocked by V4L
refcounting, not USB refcounting. Thanks to
Ben Hutchings for review.
[v2] corrected attributions
Signed-off-by: Oliver Neukum
Fixes: 50e704453553 ("media: usbtv: prevent double free in error case")
CC: sta...@vger.kernel.org
R
The premature free in the error path is blocked by V4L
refcounting, not USB refcounting. Thanks to
Ben Hutchings for review.
Signed-off-by: Oliver Neukum
Fixes: 50e704453553 ("media: usbtv: prevent double free in error case")
---
drivers/media/usb/usbtv/usbtv-core.c | 3 ++-
1 file
=> kfree(usbtv) (1st time)
usbtv_video_fail:
usb_set_intfdata(intf, NULL);
usb_put_dev(usbtv->udev);
kfree(usbtv); (2nd time)
So, as we have refcounting, use it
Reported-by: Yavuz, Tuba
Signed-off-by: Oliver Neukum
CC: sta...@vger.kernel.org
---
drivers/
Am Donnerstag, den 30.03.2017, 11:55 -0400 schrieb Alan Stern:
>
> I'm pretty sure that usb-storage does not do this, at least, not when
> operating in its normal Bulk-Only-Transport mode. It never tries to
> read the results of an earlier transfer after carrying out a later
> transfer to any
Am Donnerstag, den 30.03.2017, 07:28 -0300 schrieb Mauro Carvalho
Chehab:
> Em Thu, 30 Mar 2017 12:34:32 +0300
> Laurent Pinchart escreveu:
>
> >
Hi,
> > > That effectively changes the API. Many network drivers are written with
> > > the assumption that any contiguous buffer is valid. In fact
Am Donnerstag, den 30.03.2017, 01:15 +0300 schrieb Laurent Pinchart:
> > + may also override PAD bytes at the end of the ``transfer_buffer``, up to
> > the
> > + size of the CPU word.
>
> "May" is quite weak here. If some host controller drivers require buffers to
> be aligned, then it's an A
Allow for SS+ USB devices
Signed-off-by: Oliver Neukum
---
drivers/media/usb/uvc/uvc_video.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/media/usb/uvc/uvc_video.c
b/drivers/media/usb/uvc/uvc_video.c
index 075a0fe..b5589d5 100644
--- a/drivers/media/usb/uvc/uvc_video.c
+++ b
Allow for SS+ devices
Signed-off-by: Oliver Neukum
---
drivers/media/usb/gspca/gspca.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/usb/gspca/gspca.c b/drivers/media/usb/gspca/gspca.c
index af5cd82..69d56f3 100644
--- a/drivers/media/usb/gspca/gspca.c
+++ b
This fixes the crash reported in:
http://seclists.org/bugtraq/2015/Oct/35
The interface number needs a sanity check.
Signed-off-by: Oliver Neukum
---
drivers/media/usb/usbvision/usbvision-video.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/drivers/media/usb/usbvision/usbvision
On Mon, 2015-09-07 at 18:23 +0200, Mian Yousaf Kaukab wrote:
> urb completion callback is executed in host controllers interrupt
> context. To keep preempt disable time short, add urbs to a list on
> completion and schedule work to process the list.
>
> Moreover, save timestamp and sof number in t
?
It is attached.
> Why does it need more buffers, is it a superspeed webcam ?
No. It is HS.
> > Signed-off-by: Oliver Neukum
> > ---
> > drivers/media/usb/uvc/uvcvideo.h | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a
Hi,
I've got a new camera which perfectly works at some
resolutions (640x480, 640x360, 160x120). At all other resolutions
I get a black screen because all frames are dropped due to
a set error bit "Payload dropped (error bit set)"
Any idea how to debug it?
Regards
Oliver
On Thursday 11 July 2013 16:18:17 Sergei Shtylyov wrote:
> I don't think this patch passes checkpatch.pl.
This series is a mechanical replacement in dozens of drivers.
We cannot demand nice formatting. If you want to do something
productive, check the locking in the driver.
Regards
Ming Lei reported:
IMO, there is a minor fault in the error handling path of
uvc_status_start() inside uvc_v4l2_open(), and the 'users' count
should have been decreased before usb_autopm_put_interface().
In theory, the warning can be triggered when the device is
opened just between usb_autopm_put_i
Am Samstag, 17. März 2012, 17:00:36 schrieb santosh prasad nayak:
> Oliver,
>
> The following changes are for review only not a formal patch.
>
> -
> - if (mutex_lock_interruptible(&
Am Freitag, 16. März 2012, 17:56:20 schrieb santosh prasad nayak:
> On Fri, Mar 16, 2012 at 10:02 PM, Oliver Neukum wrote:
> >
> > Indeed there's a lot wrong here. The idea of having an interruptible
> > sleep in probe() is arcane. You need a very, very, very good reas
Am Freitag, 16. März 2012, 17:23:58 schrieb santosh nayak:
> From: Santosh Nayak
>
> In s2250_probe(), If locking attempt is interrupted by a signal then
> it should return -EINTR after unregistering audio device and making free
> the allocated memory.
>
> At present, if locking is interrupted b
Am Montag, 16. Januar 2012, 14:03:07 schrieb Hans Verkuil:
> > Oh, I forgot. You have no guarantee the hid driver is already loaded.
> > This driver needs to also gracefully handle being called for a HID
> > device.
>
> And how do I do that? Do you have a pointer to another driver for me?
As you'
Am Montag, 16. Januar 2012, 14:02:05 schrieb Hans Verkuil:
> > > +/* Set frequency (if non-0), PA, mute and turn on/off the FM
> > > transmitter. */ +static int keene_cmd_main(struct keene_device *radio,
> > > unsigned freq, bool play) +{
> > > + unsigned short freq_send = freq ? (freq - 76 * 160
Am Montag, 16. Januar 2012, 13:29:18 schrieb Hans Verkuil:
> From: Hans Verkuil
>
> Signed-off-by: Hans Verkuil
> ---
> drivers/media/video/v4l2-ctrls.c |2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/media/video/v4l2-ctrls.c
> b/drivers/media/video/v4l2
Am Montag, 16. Januar 2012, 13:29:19 schrieb Hans Verkuil:
> +/* check if the device is present and register with v4l and usb if it is */
> +static int usb_keene_probe(struct usb_interface *intf,
> + const struct usb_device_id *id)
> +{
> + struct keene_device *r
Am Montag, 16. Januar 2012, 13:29:19 schrieb Hans Verkuil:
> From: Hans Verkuil
> +MODULE_DEVICE_TABLE(usb, usb_keene_device_table);
> +
> +struct keene_device {
> + struct usb_device *usbdev;
> + struct usb_interface *intf;
> + struct video_device vdev;
> + struct v4l2_device v4l
Am Mittwoch, 5. Oktober 2011, 10:16:06 schrieb Oliver Neukum:
> Am Mittwoch, 5. Oktober 2011, 08:19:10 schrieb Antti Palosaari:
> > On 10/05/2011 09:15 AM, Oliver Neukum wrote:
>
> > > But, Greg, Antti makes a very valid point here. The generic code assumes
> > &g
Am Mittwoch, 5. Oktober 2011, 08:19:10 schrieb Antti Palosaari:
> On 10/05/2011 09:15 AM, Oliver Neukum wrote:
> > But, Greg, Antti makes a very valid point here. The generic code assumes
> > that
> > it owns intfdata, that is you cannot use it as is for access to any
Am Mittwoch, 5. Oktober 2011, 07:58:51 schrieb Antti Palosaari:
> On 10/05/2011 07:59 AM, Greg KH wrote:
> > Why not just use the usb-serial core and then you get a ttyUSB* device
> > node "for free"? It also should provide a lot of the basic tty
> > infrastructure and ring buffer logic all ready
Am Montag, 29. August 2011, 05:54:36 schrieb Antti Palosaari:
> On 08/29/2011 03:36 AM, Greg KH wrote:
> > On Mon, Aug 29, 2011 at 02:30:26AM +0300, Antti Palosaari wrote:
> >> I am trying to implement DVB USB device smartcard reader support
> >> using USB-serial.
> >
> > Really? Why? That doesn'
Am Freitag, 5. August 2011, 09:45:56 schrieb Hans de Goede:
> This is the issue on which I feel a bit stonewalled. Simple putting your
> fingers in your ears and singing la la la do it in userspace is not going
> to cut it here. There is no way to do this race free in userspace, unless
> all possib
Am Freitag, 5. August 2011, 00:56:03 schrieb Greg KH:
> On Thu, Aug 04, 2011 at 07:21:47PM -0300, Mauro Carvalho Chehab wrote:
> > I know that this problem were somewhat solved for 3G modems, with the usage
> > of the userspace problem usb_modeswitch, and with some quirks for the USB
> > storage dr
Am Mittwoch, 13. Juli 2011, 10:51:11 schrieb Ming Lei:
> Hi,
>
> On Wed, Jul 13, 2011 at 4:38 PM, Laurent Pinchart
> wrote:
>
> > They can still work, but not optimally, as they will be reset instead of
> > suspended/resumed. That's not acceptable.
>
> If the "reset" you mentioned is usb bus re
Am Dienstag, 22. März 2011, 14:08:17 schrieb Florian Mickler:
> Am 22.03.2011 12:10 schrieb "Roedel, Joerg" :
> >
> > On Mon, Mar 21, 2011 at 05:03:15PM -0400, Florian Mickler wrote:
> > > I guess (not verified), that the dma api takes sufficient precautions
> > > to abort the dma transfer if a tim
Am Sonntag, 6. März 2011, 16:45:21 schrieb Florian Mickler:
> Hm.. allocating the buffer
> in the probe routine and deallocating it in the usb_driver disconnect
> callback should work?
Yes.
> How come that it must be a seperate kmalloc buffer? Is it some aligning
> that kmalloc garantees?
On
Am Sonntag, 6. März 2011, 15:38:05 schrieb Florian Mickler:
> On Sun, 6 Mar 2011 13:06:09 +0100
> Oliver Neukum wrote:
>
> > Am Sonntag, 6. März 2011, 12:16:52 schrieb Florian Mickler:
> > > Please take a look at it, as I do not do that much kernel hacking
> > &g
Am Sonntag, 6. März 2011, 12:16:52 schrieb Florian Mickler:
> This should fix warnings seen by some:
> WARNING: at lib/dma-debug.c:866 check_for_stack
>
> Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=15977.
> Reported-by: Zdenek Kabelac
> Signed-off-by: Florian Mickler
> CC: Mauro Ca
Am Dienstag, 19. Oktober 2010, 21:37:35 schrieb Greg KH:
> > So no need to clean it up for multiprocessor support.
> >
> > http://download.intel.com/design/chipsets/datashts/29067602.pdf
> > http://www.intel.com/design/chipsets/specupdt/29069403.pdf
>
> Great, we can just drop all calls to lock_k
Am Dienstag, 13. April 2010 00:29:32 schrieb Sarah Sharp:
> I figured out how to patch the gspca driver, but not uvcvideo. The
> patch looks a bit hackish; can with experience with that driver look it
> over? Can anyone tell me where to look for the usb_set_interface() in
> uvcvideo?
drivers/med
Am Mittwoch, 3. Februar 2010 17:02:49 schrieb roel kluin:
> > The bug is caused by this:
> >
> >if (cold) {
> >info("found a '%s' in cold state, will try to load a
> > firmware",desc->name);
> >ret = dvb_usb_download_firmware(udev,props);
> >
Am Dienstag, 2. Februar 2010 15:29:46 schrieb Roel Kluin:
> If in a cold state and the download succeeded ret is zero, but we
> should return -ENOMEM.
>
> Signed-off-by: Roel Kluin
> ---
> Or shouldn't we?
We should and we do if cold==0.
The bug is caused by this:
if (cold) {
Am Samstag, 24. Oktober 2009 18:44:34 schrieb Gonsolo:
> Hi!
>
> The following script fixes an annoying 62 second hang when resuming
> while my Nova-T stick is connected to my notebook.
>
Do you have any idea why it doesn't find its firmware?
Regards
Oliver
--
To unsubscri
This patch removes an unneeded power management primitive.
Power management is automatically enabled as probe ends.
Signed-off-by: Oliver Neukum
Hi,
please accept this patch for the next merge window, as this
patch changes no functionality and removes a primitive that
won't be supported i
The irq handler will touch memory. Even in the error case some URBs may
complete. Thus no memory must be kfreed before all URBs are killed.
Signed-off-by: Oliver Neukum
--
commit e91d238d2b6f83f9b64b57b570ee150b1cd008e7
Author: Oliver Neukum
Date: Fri Jul 3 18:18:26 2009 +0200
stv680
Am Sonntag, 7. Juni 2009 15:41:13 schrieb Alexey Klimov:
> > If not, the driver may not be 64bit clean. Which driver is affected?
>
> media/radio/radio-mr800.c
I can see no obvious 64bit problem.
> Please, also take a look in my first letter to usb and v4l mail lists
> from May 27.
Please resen
Am Freitag, 5. Juni 2009 00:43:04 schrieb Alexey Klimov:
> Is there any ideas about different behaviour of device on 32- and
> 64-bit platforms with the same usb bulk messages?
> Any input is welcome.
Are you running a 32 bit userland? If so, ioctls could be critical.
If not, the driver may not be
55 matches
Mail list logo