From: Greg Kroah-Hartman Date: Thu, 1 May 2014 00:26:13 +0000 (-0700) Subject: 3.14-stable patches X-Git-Tag: v3.4.89~42 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6d25890e9309d60c760cd1ac1585e273f676ff31;p=thirdparty%2Fkernel%2Fstable-queue.git 3.14-stable patches added patches: staging-comedi-usbdux-bug-fix-for-accessing-ao_chanlist-in-private-data.patch staging-r8188eu-calling-rtw_get_stainfo-with-a-null-sta_addr-will-return-null.patch staging-r8712u-fix-case-where-ethtype-was-never-obtained-and-always-be-checked-against-0.patch --- diff --git a/queue-3.14/series b/queue-3.14/series index cd4a688325a..088284313e1 100644 --- a/queue-3.14/series +++ b/queue-3.14/series @@ -50,3 +50,6 @@ mfd-kempld-core-fix-potential-hang-up-during-boot.patch mfd-twl-core-fix-accessibility-of-some-twl4030-audio-registers.patch w1-fix-w1_send_slave-dropping-a-slave-id.patch staging-serqt_usb2-fix-sparse-warning-restricted-__le16-degrades-to-integer.patch +staging-r8712u-fix-case-where-ethtype-was-never-obtained-and-always-be-checked-against-0.patch +staging-comedi-usbdux-bug-fix-for-accessing-ao_chanlist-in-private-data.patch +staging-r8188eu-calling-rtw_get_stainfo-with-a-null-sta_addr-will-return-null.patch diff --git a/queue-3.14/staging-comedi-usbdux-bug-fix-for-accessing-ao_chanlist-in-private-data.patch b/queue-3.14/staging-comedi-usbdux-bug-fix-for-accessing-ao_chanlist-in-private-data.patch new file mode 100644 index 00000000000..6c7c511c480 --- /dev/null +++ b/queue-3.14/staging-comedi-usbdux-bug-fix-for-accessing-ao_chanlist-in-private-data.patch @@ -0,0 +1,63 @@ +From 2704f807f9498054b8153002bafa3e818079e9a5 Mon Sep 17 00:00:00 2001 +From: H Hartley Sweeten +Date: Fri, 28 Mar 2014 09:20:58 -0700 +Subject: staging: comedi: usbdux: bug fix for accessing 'ao_chanlist' in private data + +From: H Hartley Sweeten + +commit 2704f807f9498054b8153002bafa3e818079e9a5 upstream. + +In usbdux_ao_cmd(), the channels for the command are transfered from the +cmd->chanlist and stored in the private data 'ao_chanlist'. The channel +numbers are bit-shifted when stored so that they become the "command" +that is transfered to the device. The channel to command conversion +results in the 'ao_chanlist' having these values for the channels: + + channel 0 -> ao_chanlist = 0x00 + channel 1 -> ao_chanlist = 0x40 + channel 2 -> ao_chanlist = 0x80 + channel 3 -> ao_chanlist = 0xc0 + +The problem is, the usbduxsub_ao_isoc_irq() function uses the 'chan' value +from 'ao_chanlist' to access the 'ao_readback' array in the private data. +So instead of accessing the array as 0, 1, 2, 3, it accesses it as 0x00, +0x40, 0x80, 0xc0. + +Fix this by storing the raw channel number in 'ao_chanlist' and doing the +bit-shift when creating the command. + +Fixes: a998a3db530bff80 "staging: comedi: usbdux: cleanup the private data 'outBuffer'" +Signed-off-by: H Hartley Sweeten +Reviewed-by: Ian Abbott +Acked-by: Bernd Porr +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/staging/comedi/drivers/usbdux.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +--- a/drivers/staging/comedi/drivers/usbdux.c ++++ b/drivers/staging/comedi/drivers/usbdux.c +@@ -493,7 +493,7 @@ static void usbduxsub_ao_isoc_irq(struct + /* pointer to the DA */ + *datap++ = val & 0xff; + *datap++ = (val >> 8) & 0xff; +- *datap++ = chan; ++ *datap++ = chan << 6; + devpriv->ao_readback[chan] = val; + + s->async->events |= COMEDI_CB_BLOCK; +@@ -1040,11 +1040,8 @@ static int usbdux_ao_cmd(struct comedi_d + /* set current channel of the running acquisition to zero */ + s->async->cur_chan = 0; + +- for (i = 0; i < cmd->chanlist_len; ++i) { +- unsigned int chan = CR_CHAN(cmd->chanlist[i]); +- +- devpriv->ao_chanlist[i] = chan << 6; +- } ++ for (i = 0; i < cmd->chanlist_len; ++i) ++ devpriv->ao_chanlist[i] = CR_CHAN(cmd->chanlist[i]); + + /* we count in steps of 1ms (125us) */ + /* 125us mode not used yet */ diff --git a/queue-3.14/staging-r8188eu-calling-rtw_get_stainfo-with-a-null-sta_addr-will-return-null.patch b/queue-3.14/staging-r8188eu-calling-rtw_get_stainfo-with-a-null-sta_addr-will-return-null.patch new file mode 100644 index 00000000000..edd52a62e81 --- /dev/null +++ b/queue-3.14/staging-r8188eu-calling-rtw_get_stainfo-with-a-null-sta_addr-will-return-null.patch @@ -0,0 +1,48 @@ +From 9452bf560273e4de2395ffdd79024debfb0c1290 Mon Sep 17 00:00:00 2001 +From: Larry Finger +Date: Wed, 9 Apr 2014 11:12:58 -0500 +Subject: staging: r8188eu: Calling rtw_get_stainfo() with a NULL sta_addr will return NULL + +From: Larry Finger + +commit 9452bf560273e4de2395ffdd79024debfb0c1290 upstream. + +This makes the follow-on check for psta != NULL pointless and makes +the whole exercise rather pointless. This is another case of why +blindly zero-initializing variables when they are declared is bad. + +Reported-by: Jes Sorensen +Signed-off-by: Larry Finger +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/staging/rtl8188eu/core/rtw_recv.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/staging/rtl8188eu/core/rtw_recv.c ++++ b/drivers/staging/rtl8188eu/core/rtw_recv.c +@@ -542,7 +542,7 @@ _func_exit_; + /* set the security information in the recv_frame */ + static union recv_frame *portctrl(struct adapter *adapter, union recv_frame *precv_frame) + { +- u8 *psta_addr = NULL, *ptr; ++ u8 *psta_addr, *ptr; + uint auth_alg; + struct recv_frame_hdr *pfhdr; + struct sta_info *psta; +@@ -556,7 +556,6 @@ static union recv_frame *portctrl(struct + _func_enter_; + + pstapriv = &adapter->stapriv; +- psta = rtw_get_stainfo(pstapriv, psta_addr); + + auth_alg = adapter->securitypriv.dot11AuthAlgrthm; + +@@ -564,6 +563,7 @@ _func_enter_; + pfhdr = &precv_frame->u.hdr; + pattrib = &pfhdr->attrib; + psta_addr = pattrib->ta; ++ psta = rtw_get_stainfo(pstapriv, psta_addr); + + prtnframe = NULL; + diff --git a/queue-3.14/staging-r8712u-fix-case-where-ethtype-was-never-obtained-and-always-be-checked-against-0.patch b/queue-3.14/staging-r8712u-fix-case-where-ethtype-was-never-obtained-and-always-be-checked-against-0.patch new file mode 100644 index 00000000000..95c238d8758 --- /dev/null +++ b/queue-3.14/staging-r8712u-fix-case-where-ethtype-was-never-obtained-and-always-be-checked-against-0.patch @@ -0,0 +1,53 @@ +From f764cd68d9036498f08fe8834deb6a367b5c2542 Mon Sep 17 00:00:00 2001 +From: Larry Finger +Date: Wed, 16 Apr 2014 14:49:33 -0500 +Subject: staging: r8712u: Fix case where ethtype was never obtained and always be checked against 0 + +From: Larry Finger + +commit f764cd68d9036498f08fe8834deb6a367b5c2542 upstream. + +Zero-initializing ether_type masked that the ether type would never be +obtained for 8021x packets and the comparison against eapol_type +would always fail. + +Reported-by: Jes Sorensen +Signed-off-by: Larry Finger +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/staging/rtl8712/rtl871x_recv.c | 13 ++++++------- + 1 file changed, 6 insertions(+), 7 deletions(-) + +--- a/drivers/staging/rtl8712/rtl871x_recv.c ++++ b/drivers/staging/rtl8712/rtl871x_recv.c +@@ -254,7 +254,7 @@ union recv_frame *r8712_portctrl(struct + struct sta_info *psta; + struct sta_priv *pstapriv; + union recv_frame *prtnframe; +- u16 ether_type = 0; ++ u16 ether_type; + + pstapriv = &adapter->stapriv; + ptr = get_recvframe_data(precv_frame); +@@ -263,15 +263,14 @@ union recv_frame *r8712_portctrl(struct + psta = r8712_get_stainfo(pstapriv, psta_addr); + auth_alg = adapter->securitypriv.AuthAlgrthm; + if (auth_alg == 2) { ++ /* get ether_type */ ++ ptr = ptr + pfhdr->attrib.hdrlen + LLC_HEADER_SIZE; ++ memcpy(ðer_type, ptr, 2); ++ ether_type = ntohs((unsigned short)ether_type); ++ + if ((psta != NULL) && (psta->ieee8021x_blocked)) { + /* blocked + * only accept EAPOL frame */ +- prtnframe = precv_frame; +- /*get ether_type */ +- ptr = ptr + pfhdr->attrib.hdrlen + +- pfhdr->attrib.iv_len + LLC_HEADER_SIZE; +- memcpy(ðer_type, ptr, 2); +- ether_type = ntohs((unsigned short)ether_type); + if (ether_type == 0x888e) + prtnframe = precv_frame; + else {