YueHaibing [Wed, 23 Nov 2022 08:12:53 +0000 (16:12 +0800)]
staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
The skb is delivered to netif_rx() in rtllib_monitor_rx(), which may free it,
after calling this, dereferencing skb may trigger use-after-free.
Found by Smatch.
Fixes: 94a799425eee ("From: wlanfae <wlanfae@realtek.com> [PATCH 1/8] rtl8192e: Import new version of driver from realtek") Signed-off-by: YueHaibing <yuehaibing@huawei.com> Link: https://lore.kernel.org/r/20221123081253.22296-1-yuehaibing@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Umang Jain [Fri, 18 Nov 2022 08:42:43 +0000 (14:12 +0530)]
vc04_services: mmal-vchiq: Use bool for vchiq_mmal_component.in_use
In commit 7967656ffbfa ("coding-style: Clarify the expectations around
bool") the check to dis-allow bool structure members was removed from
checkpatch.pl. It promotes bool structure members to store boolean
values. This enhances code readability.
In commit 7967656ffbfa ("coding-style: Clarify the expectations around
bool") the check to dis-allow bool structure members was removed from
checkpatch.pl. It promotes bool structure members to store boolean
values. This enhances code readability.
Gaosheng Cui [Thu, 17 Nov 2022 03:59:14 +0000 (11:59 +0800)]
staging: vme_user: Fix possible UAF in tsi148_dma_list_add
Smatch report warning as follows:
drivers/staging/vme_user/vme_tsi148.c:1757 tsi148_dma_list_add() warn:
'&entry->list' not removed from list
In tsi148_dma_list_add(), the error path "goto err_dma" will not
remove entry->list from list->entries, but entry will be freed,
then list traversal may cause UAF.
Fix by removeing it from list->entries before free().
Philipp Hortmann [Sun, 13 Nov 2022 04:36:09 +0000 (05:36 +0100)]
staging: rtl8192e: Rename InterruptLog, RxCounter and bHwRfOffAction
Rename variable InterruptLog to int_log, RxCounter to rx_ctr and
bHwRfOffAction to hw_rf_off_action to avoid CamelCase which is not
accepted by checkpatch.
Philipp Hortmann [Sun, 13 Nov 2022 04:36:02 +0000 (05:36 +0100)]
staging: rtl8192e: Rename bFilterSour.., CCKPresentAt.. and ResetProg..
Rename variable bFilterSourceStationFrame to fltr_src_sta_frame,
CCKPresentAttentuation to cck_present_attn and ResetProgress to
rst_progress to avoid CamelCase which is not accepted by checkpatch.
Philipp Hortmann [Sun, 13 Nov 2022 04:35:55 +0000 (05:35 +0100)]
staging: rtl8192e: Rename bNetPromisc.., IntelPromiscu.. and bPromiscu..
Rename variable bNetPromiscuousMode to net_promiscuous_md,
IntelPromiscuousModeInfo to intel_promiscuous_md_info and bPromiscuousOn
to promiscuous_on to avoid CamelCase which is not accepted by checkpatch.
Philipp Hortmann [Sun, 13 Nov 2022 04:35:43 +0000 (05:35 +0100)]
staging: rtl8192e: Rename RFInProgres.., bEnableHT and RegChannelPlan
Rename variable RFInProgressTimeOut to rf_in_progress_timeout, bEnableHT
to enable_ht and RegChannelPlan to reg_chnl_plan to avoid CamelCase which
is not accepted by checkpatch.
Philipp Hortmann [Sun, 13 Nov 2022 04:35:27 +0000 (05:35 +0100)]
staging: rtl8192e: Rename Regdot11TxHT.., dot11HTOpera.. and RegHTSuppRa..
Rename variable Regdot11TxHTOperationalRateSet to
reg_dot11tx_ht_oper_rate_set, dot11HTOperationalRateSet to
dot11ht_oper_rate_set and RegHTSuppRateSet to reg_ht_supp_rate_set to
avoid CamelCase which is not accepted by checkpatch.
Philipp Hortmann [Sun, 13 Nov 2022 04:35:12 +0000 (05:35 +0100)]
staging: rtl8192e: Rename Regdot11HTOper.., bSupportM.. and PowerSaveCo..
Rename variable Regdot11HTOperationalRateSet to
reg_dot11ht_oper_rate_set, bSupportMode to support_mode and
PowerSaveControl to pwr_save_ctrl to avoid CamelCase which is not accepted
by checkpatch. Fix unnecessary parentheses warning from checkpatch when
used with this variables.
Philipp Hortmann [Sun, 13 Nov 2022 04:34:54 +0000 (05:34 +0100)]
staging: rtl8192e: Rename bTxDisableRate.., RegMaxLPSAwa.. and bTxUseD..
Rename variable bTxDisableRateFallBack to tx_dis_rate_fallback,
RegMaxLPSAwakeIntvl to reg_max_lps_awake_intvl and
bTxUseDriverAssingedRate to tx_use_drv_assinged_rate to avoid CamelCase
which is not accepted by checkpatch.
Michael Straube [Fri, 11 Nov 2022 08:37:32 +0000 (09:37 +0100)]
staging: r8188eu: convert _rtw_init_xmit_priv() to common error logic
Convert the function _rtw_init_xmit_priv() away from returning _FAIL
or _SUCCESS which uses inverted error logic. Use the common error
logic instead. Return 0 for success and negative values for failure.
Michael Straube [Fri, 11 Nov 2022 08:37:31 +0000 (09:37 +0100)]
staging: r8188eu: convert rtw_xmit_resource_alloc() to common error logic
Convert the function rtw_xmit_resource_alloc() away from returning
_FAIL or _SUCCESS which uses inverted error logic. Use the common
error logic instead. Return 0 for success and negative values for
failure.
Michael Straube [Fri, 11 Nov 2022 08:37:30 +0000 (09:37 +0100)]
staging: r8188eu: convert aes_cipher() to void
The function aes_cipher() returns always _SUCCESS and its callers
do not use the return value. So we can convert the return type to
void and get rid of another use of _SUCCESS.
Michael Straube [Thu, 10 Nov 2022 09:09:27 +0000 (10:09 +0100)]
staging: r8188eu: rename three functions
Prefix the names of the following functions with the driver name. The
original names are bad for the global namespace. While at it, convert
is_IBSS_empty() to all lower case to follow kernel coding style.
Several ieee80211_* symbol names are extended with _rsl tag using
macros. This is done to avoid a conflict when a similar symbol is
already in use in another part of kernel and may lead to conflicts.
However, most of these base symbol names are not found to being used
anywhere in the code and hence are not useful today. These symbols
are not used outside of the module and hence can be safely removed.
The code continues to use the original symbol names.
Deepak R Varma [Wed, 9 Nov 2022 10:42:43 +0000 (16:12 +0530)]
staging: fieldbus: use sysfs_emit() in show functions
The show() methods should only use sysfs_emit() when formatting values
to be returned to the user space.
Ref: Documentation/filesystems/sysfs.rst
Issue identified by coccicheck.
staging: ks7010: Avoid clashing function prototypes
When built with Control Flow Integrity, function prototypes between
caller and function declaration must match. These mismatches are visible
at compile time with the new -Wcast-function-type-strict in Clang[1].
Fix a total of 27 warnings like these:
drivers/staging/ks7010/ks_wlan_net.c:2415:2: warning: cast from 'int (*)(struct net_device *, struct iw_request_info *, struct iw_point *, char *)' to 'iw_handler' (aka 'int (*)(struct net_device *, struct iw_request_info *, union iwreq_data *, char *)') converts to incompatible function type [-Wcast-function-type-strict]
(iw_handler)ks_wlan_get_firmware_version,/* 3 KS_WLAN_GET_FIRM_VERSION */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The ks_wlan_net Wireless Extension handler callbacks (iw_handler) use a
union for the data argument. Actually use the union and perform explicit
member selection in the function body instead of having a function
prototype mismatch. There are no resulting binary differences
before/after changes.
These changes were made partly manually and partly with the help of
Coccinelle.
Duoming Zhou [Tue, 18 Oct 2022 08:34:24 +0000 (16:34 +0800)]
drivers: staging: r8188eu: Fix sleep-in-atomic-context bug in rtw_join_timeout_handler
The rtw_join_timeout_handler() is a timer handler that
runs in atomic context, but it could call msleep().
As a result, the sleep-in-atomic-context bug will happen.
The process is shown below:
Martin Kaiser [Mon, 7 Nov 2022 20:28:22 +0000 (21:28 +0100)]
staging: r8188eu: use a qos_hdr in validate_recv_data_frame
Define a struct ieee80211_qos_hdr in the validate_recv_data_frame
function. Use this struct to replace some numeric offsets and make the
code easier to understand.
Pointers to structures udphdr and dhcpMessage are derived by casting
adjacent pointers with size_t. Such typecast of pointer using size_t
is not preferred. The code looks complex and delicate. Simplify such
casting by utilizing generic "void *" casting.
Michael Straube [Sun, 6 Nov 2022 13:34:43 +0000 (14:34 +0100)]
staging: r8188eu: clean up error handling in rtw_start_drv_threads()
Convert the error handling in the function rtw_start_drv_threads() to
the common logic used in the kernel. Another step to get rid of _FAIL
and _SUCCESS which uses inverted logic.
Martin Kaiser [Sun, 6 Nov 2022 12:48:57 +0000 (13:48 +0100)]
staging: r8188eu: remove state checks in rtw_led_control
There's no need to check for bSurpriseRemoved or bDriverStopped in the
rtw_led_control function. This function schedules a delayed worker which
calls SwLedOn or SwLedOff (or the function calls SwLedOff directly).
SwLedOn and SwLedOff check bDriverStopped themselves or they initiate a
USB control transfer via usb_write, where bSurpriseRemoved is checked.
Martin Kaiser [Sun, 6 Nov 2022 12:48:53 +0000 (13:48 +0100)]
staging: r8188eu: don't store addba request
There's no need to store an incoming addba request in struct
mlme_ext_info. We only need the addba request to copy some of its fields
into our addba response.
It's simpler to pass the incoming request's management frame to
issue_action_BA as an additional parameter. issue_action_BA can then
extract the required fields. If issue_action_BA prepares a request rather
than a response, the caller sets the parameter for the incoming request to
NULL.
return boolean values. Convert their return type to bool and replace
_FAIL, which is defined as 0, with false. Another step to get rid of
_SUCCESS / _FAIL.
Some structures are only declared but have not been used anywhere
in the code. Remove such unused structs. Issue identified as part
of coccicheck report driven code investigation.
Suggested-by: Pavel Skripkin <paskripkin@gmail.com> Signed-off-by: Deepak R Varma <drv@mailo.com> Tested-by: Philipp Hortmann <philipp.g.hortmann@gmail.com> # Edimax N150 Link: https://lore.kernel.org/r/Y2LYvhr74ng+xFbz@qemulion Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Deepak R Varma [Sun, 6 Nov 2022 10:21:58 +0000 (15:51 +0530)]
staging: emxx_udc: use min helper macro for variable comparison
Simplify code by using min helper macros in place of lengthy if/else
block oriented logical evaluation and value assignment. This issue is
identified by coccicheck using the minmax.cocci file.
Deepak R Varma [Sat, 5 Nov 2022 11:15:52 +0000 (16:45 +0530)]
staging: rtl8723bs: replace underutilized struct by array variable
For structure iqk_matrix_regs_setting, only the "Value" member variable
is utilized whereas the other struct members are only declared but not
utilised. Replace the struct declaration and implementation by an
equivalent variable similar to the only used struct member variable.
While in there, update the macro mixed case names to uppercase style.
The resultant code is simpler and is easy to maintain.
Suggested-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Deepak R Varma <drv@mailo.com> Link: https://lore.kernel.org/r/Y2ZF6O1KU3zZ6r3C@qemulion Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Larry Finger [Fri, 4 Nov 2022 01:27:50 +0000 (20:27 -0500)]
staging: rtl8192e: Fix divide fault when calculating beacon age
When the configuration parameter CONFIG_HZ is less that 100, the compiler
generates an error as follows:
../drivers/staging/rtl8192e/rtllib_wx.c: In function 'rtl819x_translate_scan':
../drivers/staging/rtl8192e/rtllib_wx.c:220:57: warning: division by zero [-Wdiv-by-zero]
220 | (jiffies - network->last_scanned) / (HZ / 100));
| ^
In file included from ../include/linux/skbuff.h:45,
from ../include/linux/if_ether.h:19,
from ../include/linux/etherdevice.h:20,
from ../drivers/staging/rtl8192e/rtllib_wx.c:18:
../drivers/staging/rtl8192e/rtllib_wx.c: In function 'rtllib_wx_get_scan':
../drivers/staging/rtl8192e/rtllib_wx.c:261:70: warning: division by zero [-Wdiv-by-zero]
261 | (jiffies - network->last_scanned) /
|
In fact, is HZ is not a multiple of 100, the calculation will be wrong,
but it will compile correctly.
The fix is to get rid of the (HZ / 100) portion. To decrease any round-off
errors, the compiler is forced to perform the 100 * jiffies-difference
before dividing by HZ. This patch is only compile tested.
Reported-by: Randy Dunlap <rdunlap@infradead.org> Acked-by: Randy Dunlap <rdunlap@infradead.org> # build-tested Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Tested-by: Philipp Hortmann <philipp.g.hortmann@gmail.com> Link: https://lore.kernel.org/r/20221104012750.2076-1-Larry.Finger@lwfinger.net Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Phillip Potter [Thu, 3 Nov 2022 23:06:32 +0000 (23:06 +0000)]
staging: r8188eu: change return type of rtw_set_802_11_disassociate to void
Change return type of rtw_set_802_11_disassociate to void. This function
always returns 'true' no matter what, so there is no need to return a
value, and no need to check for it in the two call sites within
rtw_wx_set_mlme. Also, as we are no longer using ret in rtw_wx_set_mlme
except as the return value, just remove it and return 0 directly.
Suggested-by: Michael Straube <straube.linux@gmail.com> Signed-off-by: Phillip Potter <phil@philpotter.co.uk> Tested-by: Philipp Hortmann <philipp.g.hortmann@gmail.com> # Edimax N150 Link: https://lore.kernel.org/r/20221103230632.6946-1-phil@philpotter.co.uk Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Instance IQKMatrixRegSetting of struct ijk_matrix_regs_set is
initialised and its member variables are assigned values, but it is
not used anywhere. Remove the structure and its unused implementation.
Suggested-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Deepak R Varma <drv@mailo.com> Link: https://lore.kernel.org/r/Y2P6Jj+IcPss0wFd@qemulion Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Deepak R Varma [Thu, 3 Nov 2022 09:33:29 +0000 (15:03 +0530)]
staging: rtl8723bs: Use min/max macros for variable comparison
Simplify code by using min and max helper macros in place of lengthy
if/else block oriented logical evaluation and value assignment. This
issue is identified by coccicheck using the minmax.cocci file.
Deepak R Varma [Wed, 2 Nov 2022 22:36:59 +0000 (04:06 +0530)]
staging: rtl8192e: Use min_t/max_t macros for variable comparison
Simplify code by using min_t and max_t helper macros in place of lengthy
if/else block oriented logical evaluation and value assignment. This
issue is identified by coccicheck using the minmax.cocci file.
Use the *_t variants of min/max macros to avoid compiler warnings about
data typecast.
Also, use u32 as type for min_t macro to avoid any truncation of data
associated with enum constant HT_AGG_SIZE_32K.
Signed-off-by: Deepak R Varma <drv@mailo.com> Tested-by: Philipp Hortmann <philipp.g.hortmann@gmail.com> Link: https://lore.kernel.org/r/Y2LxC2kziM1TznhO@qemulion Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Phillip Potter [Wed, 2 Nov 2022 00:36:13 +0000 (00:36 +0000)]
staging: r8188eu: convert rtw_setdatarate_cmd to correct error semantics
Convert rtw_setdatarate_cmd function to use proper error return codes
rather than _SUCCESS and _FAIL, and a simpler 'return 0;' style. For now,
wrap rtw_enqueue_cmd call and return -EPERM if it fails, as converting
this function makes more sense later on due to its large number of callers.
Also change rtw_wx_set_rate function to pass through the proper error
code rather than just 0 or -1.
Pointer reference to struct wlan_ie_ibss_parms is added as a member
variable to 2 structures; However, these references are never used.
Remove such unused struct references. The cleanup also renders the
struct useless; so remove it as well.
Issue identified as part of coccicheck based code analysis.
Pointer reference to struct wlan_ie_tim is added as a member
variable of a structure; However, this references is never
used. Remove such unused struct reference. The cleanup also
renders the struct useless; so remove it as well.
Issue identified as part of coccicheck based code analysis.
Pointer reference to struct wlan_ie_supp_rates is added as a member
variable to 7 different structures. However, these references are
never used. Remove such unused struct references. The cleanup also
renders the struct useless; so remove it as well.
Issue identified as part of coccicheck based code analysis.
Pointer reference to struct wlan_ie_ssid is added as a member variable
to 5 different structures. However, these references are never used.
Remove such unused struct references. The cleanup also renders the
struct useless; so remove it as well.
Issue identified as part of coccicheck based code analysis.
Michael Straube [Tue, 1 Nov 2022 19:14:58 +0000 (20:14 +0100)]
staging: r8188eu: convert rtw_free_stainfo() to void
The function rtw_free_stainfo() returns always _SUCCESS and none of
its callers uses the return value. We can safely make the function
void. Yet another tiny step towards getting rid of _FAIL / _SUCCESS.
Deepak R Varma [Mon, 31 Oct 2022 17:55:39 +0000 (23:25 +0530)]
staging: rtl8192u: remove unnecessary function implementation
This driver is a single standalone driver and does not have any loading
dependencies on another associated drivers. The build results in one
single .ko object. The current implementation of the function
ieee80211_tkip_null simply returns back to the caller without any useful
instruction executions. It does not lead to auto-loading of any other
associated modules as the initial design implementation appears to be.
Hence the call to ieee80211_tkip_null() and its implementation is
unnecessary and should be removed.
staging: octeon: cvmx_ptr_to_phys() should return physaddr_t
On 32-bit without physical address extensions (e.g. sh-allmodconfig):
drivers/staging/octeon/ethernet-mem.c: In function ‘cvm_oct_free_hw_memory’:
./arch/sh/include/asm/io.h:239:32: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast]
239 | #define phys_to_virt(address) ((void *)(address))
| ^
drivers/staging/octeon/ethernet-mem.c:123:18: note: in expansion of macro ‘phys_to_virt’
123 | fpa = (char *)phys_to_virt(cvmx_ptr_to_phys(fpa));
| ^~~~~~~~~~~~
Fix this by making cvmx_ptr_to_phys() return physaddr_t instead of
uint64_t.
Martin Kaiser [Mon, 31 Oct 2022 20:54:10 +0000 (21:54 +0100)]
staging: r8188eu: use ether_addr_equal for address comparison
We can use ether_addr_equal instead of memcmp in
update_recvframe_phyinfo_88e for comparing the incoming frame's
destination address with our local address.
Both struct ieee80211_hdr and struct eeprom_priv's mac_addr component are
2-byte aligned.
Suggested-by: Joe Perches <joe@perches.com> Tested-by: Philipp Hortmann <philipp.g.hortmann@gmail.com> # Edimax N150 Signed-off-by: Martin Kaiser <martin@kaiser.cx> Link: https://lore.kernel.org/r/20221031205412.124871-2-martin@kaiser.cx Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Martin Kaiser [Sun, 30 Oct 2022 17:33:25 +0000 (18:33 +0100)]
staging: r8188eu: rtw_action_public_decache's token is a u8
Both callers of rtw_action_public_decache pass a u8 value for the token
parameter. We can change token from s32 to u8 and remove the code for
token < 0.
Martin Kaiser [Sun, 30 Oct 2022 17:33:21 +0000 (18:33 +0100)]
staging: r8188eu: replace GetAddr1Ptr call in OnAction_p2p
Define a struct ieee80211_mgmt in OnAction_p2p and use it to check the
destination address. This replaces a call to the driver-specific
GetAddr1Ptr function.
Martin Kaiser [Sun, 30 Oct 2022 17:33:16 +0000 (18:33 +0100)]
staging: r8188eu: make on_action_public static void
The on_action_public function is called only by OnAction. This function
also lives in rtw_mlme_ext.c and does not check the return value from
on_action_public.
We can make on_action_public a static void function.
The ret variable is no longer needed if we don't return a value. It can
be removed.
Reported-by: kernel test robot <lkp@intel.com> Tested-by: Philipp Hortmann <philipp.g.hortmann@gmail.com> # Edimax N150 Signed-off-by: Martin Kaiser <martin@kaiser.cx> Link: https://lore.kernel.org/r/20221030173326.1588647-4-martin@kaiser.cx Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Nam Cao [Tue, 25 Oct 2022 09:12:26 +0000 (11:12 +0200)]
staging: rtl8712: fix potential memory leak
In r8712_init_drv_sw(), whenever any function call returns error, it is
returned immediately without properly cleaning up the other successfully
executed functions. This can cause memory leak.
Instead of return immediately, free all the allocated buffers first.
Nam Cao [Tue, 25 Oct 2022 09:12:25 +0000 (11:12 +0200)]
staging: rtl8712: check for return value of _r8712_init_xmit_priv()
The return value of _r8712_init_xmit_priv() is never checked and the driver
always continue execution as if all is well. This will cause problems
if, for example, buffers cannot be allocated and the driver continue and
use those buffers.
Check for return value of _r8712_init_xmit_priv() and return error (if any)
during probing.
Nam Cao [Tue, 25 Oct 2022 09:12:24 +0000 (11:12 +0200)]
staging: rtl8712: check for alloc fail in _r8712_init_recv_priv()
The function _r8712_init_recv_priv() and also r8712_init_recv_priv()
just returns silently if they fail to allocate memory. Change their
return type to int and add necessary checks and handling if they return
-ENOMEM
This commit annotated false positive for kmemleak. The reasoning is that
the buffers are freed when the driver is unloaded. However, there is
actually potential memory leak when probe fails.
Aaron Lawrence [Wed, 26 Oct 2022 12:43:51 +0000 (19:43 +0700)]
staging: rtl8192e: rtllib_crypt_tkip: rewritten comparison to NULL
Rewritten a comparison to NULL with a negation operator in
accordance with the Linux kernel coding-style regulations. The fix
was directly recommended by the checkpatch script.
Split a multiple assignments statement to individual assignments
on different lines in accordance with the Linux kernel coding-style
regulations. Also repositioned comments on it and the statement
before for increased legibility. The multiple assignments issue
was found by the checkpatch script, with the comments legibility
issue were through direct observation.
projects / thirdparty / kernel / linux.git / log
