Here's the big set of staging driver updates for 5.17-rc1
Nothing major in here at all, just lots and lots of tiny cleanups.
Overall more code was removed than added, which is always nice, but
not a huge change.
Majority of the work happened in the r8188eu driver, that had hundreds
of cleanups happen on it, but almost all other staging drivers had
cleanups as well. No new functionality was added, cleanups only.
All of these have been in linux-next for a while with no reported
problems.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCYd7SrQ8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ymohwCgi8+FwjSwfzLjOB8ZCtqZu0qs5AwAniCR080V
1MhVDTkreXHR8mM+pz/3
=QJRe
-----END PGP SIGNATURE-----
Merge tag 'staging-5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
Pull staging driver updates from Greg KH:
"Here's the big set of staging driver updates for 5.17-rc1
Nothing major in here at all, just lots and lots of tiny cleanups.
Overall more code was removed than added, which is always nice, but
not a huge change.
Majority of the work happened in the r8188eu driver, that had hundreds
of cleanups happen on it, but almost all other staging drivers had
cleanups as well. No new functionality was added, cleanups only.
All of these have been in linux-next for a while with no reported
problems"
* tag 'staging-5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (308 commits)
staging: r8188eu: rename camelcase variable uintPeerChannel
staging: r8188eu: make BW20_24G_Diff a 1-D array
staging: r8188eu: make OFDM_24G_Diff a 1-D array
staging: r8188eu: BW40_24G_Diff is set but not used
staging: r8188eu: CCK_24G_Diff is set but not used
staging: r8188eu: make Index24G_BW40_Base a 1-D array
staging: r8188eu: make Index24G_CCK_Base a 1-D array
staging: r8188eu: rfPath is always 0
staging: r8188eu: remove unneeded parameter from rtl8188e_SetHalODMVar
staging: pi433: add comment to rx_lock mutex definition
staging: pi433: fix frequency deviation check
staging: vc04_services: rename BM2835 to BCM2835 in headers comments
staging: vc04_services: rename string literal containing bm2835_* to bcm2835*_
staging: vc04_services: rename variables containing bm2835_* to bcm2835_*
staging: vc04_services: rename functions containing bm2835_* to bcm2835_*
staging: vc04_services: rename structures bm2835_mmal_dev and bm2835_mmal_v4l2_ctrl
staging: greybus: audio: Check null pointer
staging: r8188eu: add spaces around P2P_AP_P2P_CH_SWITCH_PROCESS_WK
staging: r8188eu: turbo scan is always off for r8188eu
staging: r8188eu: cmd_issued_cnt is set but not used
...
Some variables are leaked in the error handling in alloc_rtllib(), free
the variables in the error path.
Fixes: 94a799425e ("From: wlanfae <wlanfae@realtek.com>")
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20211202030704.2425621-3-yangyingliang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
If it fails to allocate 'dot11d_info', rtllib_softmac_init()
should return error code. And remove unneccessary error message.
Fixes: 94a799425e ("From: wlanfae <wlanfae@realtek.com>")
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Pavel Skripkin <paskripkin@gmail.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Link: https://lore.kernel.org/r/20211202030704.2425621-2-yangyingliang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In following patches, dev_watchdog() will no longer stop all queues.
It will read queue->trans_start locklessly.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The free_rtllib() function frees the "dev" pointer so there is use
after free on the next line. Re-arrange things to avoid that.
Fixes: 66898177e7 ("staging: rtl8192e: Fix unload/reload problem")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20211117072016.GA5237@kili
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commit 406f42fa0d ("net-next: When a bond have a massive amount
of VLANs...") introduced a rbtree for faster Ethernet address look
up. To maintain netdev->dev_addr in this tree we need to make all
the writes to it got through appropriate helpers.
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Link: https://lore.kernel.org/r/20211019171243.1412240-8-kuba@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commit 406f42fa0d ("net-next: When a bond have a massive amount
of VLANs...") introduced a rbtree for faster Ethernet address look
up. To maintain netdev->dev_addr in this tree we need to make all
the writes to it got through appropriate helpers.
Convert staging from ether_addr_copy() to eth_hw_addr_set():
@@
expression dev, np;
@@
- ether_addr_copy(dev->dev_addr, np)
+ eth_hw_addr_set(dev, np)
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Link: https://lore.kernel.org/r/20211019171243.1412240-3-kuba@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The variable dev is checked in:
if (dev)
This indicates that it can be NULL. If so, a null-pointer dereference will
occur:
priv = rtllib_priv(dev);
However, the value of priv is not used in the remaining part of this
function. Thus the else-branch can be removed to fix this posible
null-pointer dereference.
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Tuo Li <islituo@gmail.com>
Link: https://lore.kernel.org/r/20210811031135.4110-1-islituo@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally writing across neighboring fields.
Split the 3 addr memcpy() into 3 memcpy() calls so the compiler doesn't
think an overflowing memcpy() happens against the addr1 field (the
neighbors are intended to be copied as well).
rtllib_read_qos_param_element() copies a struct rtllib_info_element
into a struct rtllib_qos_information_element, but is actually wanting to
copy into the larger struct rtllib_qos_parameter_info (the contents of
ac_params_record[] is later examined). Refactor the routine to perform
centralized checks, and copy the entire contents directly (since the id
and len members match the elementID and length members):
struct rtllib_info_element {
u8 id;
u8 len;
u8 data[];
} __packed;
struct rtllib_qos_information_element {
u8 elementID;
u8 length;
u8 qui[QOS_OUI_LEN];
u8 qui_type;
u8 qui_subtype;
u8 version;
u8 ac_info;
} __packed;
struct rtllib_qos_parameter_info {
struct rtllib_qos_information_element info_element;
u8 reserved;
struct rtllib_qos_ac_parameter ac_params_record[QOS_QUEUE_NUM];
} __packed;
Cc: Darshan D V <darshandv10@gmail.com>
Cc: Aditya Srivastava <yashsri421@gmail.com>
Cc: devel@driverdev.osuosl.org
Cc: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210806201106.2871169-1-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors. The safe replacement is strscpy().
It is also dangerous a strcpy() followed by a strcat(). In this case,
refactor the code using scnprintf() and avoid this combination.
Signed-off-by: Len Baker <len.baker@gmx.com>
Link: https://lore.kernel.org/r/20210723173216.12157-1-len.baker@gmx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixes the following sparse warning:
drivers/staging/rtl8192e/rtllib_tx.c:884:32: warning: symbol 'tcb_desc' shadows an earlier one
drivers/staging/rtl8192e/rtllib_tx.c:569:24: originally declared here
Signed-off-by: Thomas Bracht Laumann Jespersen <t@laumann.xyz>
Link: https://lore.kernel.org/r/20210521193711.5457-1-t@laumann.xyz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The patch fixes the following checkpatch.pl warnings:
- WARNING: function definition argument 'struct net_device *' should also
have an identifier name
FILE: ./rtl8192e/rtl8192e/rtl_core.h:572:
- WARNING: function definition argument 'struct net_device *' should also
have an identifier name
FILE: ./rtl8192e/rtl8192e/rtl_core.h:573:
Signed-off-by: Ojaswin Mujoo <ojaswin98@gmail.com>
Link: https://lore.kernel.org/r/d856d9f22777524f5c10bddb7f7930d97e58c20b.1620642396.git.ojaswin98@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixed Comparison to NULL can be written as '!...' by replacing it with
simpler form i.e boolean expression. This makes code more readable alternative.
Reported by checkpatch.
Signed-off-by: zhaoxiao <zhaoxiao@uniontech.com>
Link: https://lore.kernel.org/r/20210430125657.18264-1-zhaoxiao@uniontech.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixed Check: Remove unnecessary ftrace-like logging by simply deleting
that statement as we have other modes of logging like ftrace.
Reported by checkpatch.
Signed-off-by: zhaoxiao <zhaoxiao@uniontech.com>
Link: https://lore.kernel.org/r/20210430122826.9899-1-zhaoxiao@uniontech.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In commit 92172da23c ("staging: rtl8192e: replace comparison to NULL
by bool") a check was changed from looking at the data to the pointer,
which was incorrect, so revert that portion of the commit to have the
proper logic restored.
Reported-by: Julia Lawall <julia.lawall@inria.fr>
Signed-off-by: Mitali Borkar <mitaliborkar810@gmail.com>
Fixes: 92172da23c ("staging: rtl8192e: replace comparison to NULL by bool")
Link: https://lore.kernel.org/r/YHG8qARLUX2KPWwI@kali
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixed Check: Remove unnecessary f-trace like logging by simply deleting
that statement as we have other modes of logging like ftrace.
Reported by checkpatch.
Signed-off-by: Mitali Borkar <mitaliborkar810@gmail.com>
Link: https://lore.kernel.org/r/YHDtWizzh5EVLL4/@kali
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixed Comparison to NULL can be written as '!...' by replacing it with
simpler form i.e boolean expression. This makes code more readable alternative.
Reported by checkpatch.
Signed-off-by: Mitali Borkar <mitaliborkar810@gmail.com>
Link: https://lore.kernel.org/r/YHDnWpWztxeZospi@kali
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fix the following gcc warning:
drivers/staging/rtl8192e/rtl8192e/r8192E_dev.c:693:15: warning: variable
‘tmpRegC’ set but not used [-Wunused-but-set-variable].
Reported-by: Abaci Robot <abaci@linux.alibaba.com>
Signed-off-by: Jiapeng Chong <jiapeng.chong@linux.alibaba.com>
Link: https://lore.kernel.org/r/1617767558-114050-1-git-send-email-jiapeng.chong@linux.alibaba.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Move the const after static to conform with kernel preference for
static const <type> declaration style instead of static <type> const.
Identified by checkpatch: WARNING: Move const after static - use 'static
const char'.
Signed-off-by: Deborah Brouwer <deborahbrouwer3563@gmail.com>
Link: https://lore.kernel.org/r/20210404222349.7218-1-deborahbrouwer3563@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The "u16 CcxRmState[2];" array field in struct "rtllib_network" has 4
bytes in total while the operations performed on this array through-out
the code base are only 2 bytes.
The "CcxRmState" field is fed only 2 bytes of data using memcpy():
(In rtllib_rx.c:1972)
memcpy(network->CcxRmState, &info_element->data[4], 2)
With "info_element->data[]" being a u8 array, if 2 bytes are written
into "CcxRmState" (whose one element is u16 size), then the 2 u8
elements from "data[]" gets squashed and written into the first element
("CcxRmState[0]") while the second element ("CcxRmState[1]") is never
fed with any data.
Same in file rtllib_rx.c:2522:
memcpy(dst->CcxRmState, src->CcxRmState, 2);
The above line duplicates "src" data to "dst" but only writes 2 bytes
(and not 4, which is the actual size). Again, only 1st element gets the
value while the 2nd element remains uninitialized.
This later makes operations done with CcxRmState unpredictable in the
following lines as the 1st element is having a squashed number while the
2nd element is having an uninitialized random number.
rtllib_rx.c:1973: if (network->CcxRmState[0] != 0)
rtllib_rx.c:1977: network->MBssidMask = network->CcxRmState[1] & 0x07;
network->MBssidMask is also of type u8 and not u16.
Fix this by changing the type of "CcxRmState" from u16 to u8 so that the
data written into this array and read from it make sense and are not
random values.
NOTE: The wrong initialization of "CcxRmState" can be seen in the
following commit:
commit ecdfa44610 ("Staging: add Realtek 8192 PCI wireless driver")
The above commit created a file `rtl8192e/ieee80211.h` which used to
have the faulty line. The file has been deleted (or possibly renamed)
with the contents copied in to a new file `rtl8192e/rtllib.h` along with
additional code in the commit 94a799425e (tagged in Fixes).
Fixes: 94a799425e ("From: wlanfae <wlanfae@realtek.com> [PATCH 1/8] rtl8192e: Import new version of driver from realtek")
Cc: stable@vger.kernel.org
Signed-off-by: Atul Gopinathan <atulgopinathan@gmail.com>
Link: https://lore.kernel.org/r/20210323113413.29179-2-atulgopinathan@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The variable "info_element" is of the following type:
struct rtllib_info_element *info_element
defined in drivers/staging/rtl8192e/rtllib.h:
struct rtllib_info_element {
u8 id;
u8 len;
u8 data[];
} __packed;
The "len" field defines the size of the "data[]" array. The code is
supposed to check if "info_element->len" is greater than 4 and later
equal to 6. If this is satisfied then, the last two bytes (the 4th and
5th element of u8 "data[]" array) are copied into "network->CcxRmState".
Right now the code uses "memcpy()" with the source as "&info_element[4]"
which would copy in wrong and unintended information. The struct
"rtllib_info_element" has a size of 2 bytes for "id" and "len",
therefore indexing will be done in interval of 2 bytes. So,
"info_element[4]" would point to data which is beyond the memory
allocated for this pointer (that is, at x+8, while "info_element" has
been allocated only from x to x+7 (2 + 6 => 8 bytes)).
This patch rectifies this error by using "&info_element->data[4]" which
correctly copies the last two bytes of "data[]".
NOTE: The faulty line of code came from the following commit:
commit ecdfa44610 ("Staging: add Realtek 8192 PCI wireless driver")
The above commit created the file `rtl8192e/ieee80211/ieee80211_rx.c`
which had the faulty line of code. This file has been deleted (or
possibly renamed) with the contents copied in to a new file
`rtl8192e/rtllib_rx.c` along with additional code in the commit
94a799425e (tagged in Fixes).
Fixes: 94a799425e ("From: wlanfae <wlanfae@realtek.com> [PATCH 1/8] rtl8192e: Import new version of driver from realtek")
Cc: stable@vger.kernel.org
Signed-off-by: Atul Gopinathan <atulgopinathan@gmail.com>
Link: https://lore.kernel.org/r/20210323113413.29179-1-atulgopinathan@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In function rtl92e_start_adapter() automatic variable 'i' referenced only
within certain loops, used as iteration counter. Control flow can't get
into such loop w/o 'i = 0' assignment.
It's redundant to shadow this variable by creating scope around loop.
This patch fixes the following sparse warning:
warning: symbol 'i' shadows an earlier one
Signed-off-by: Nikolay Kyx <knv418@gmail.com>
Link: https://lore.kernel.org/r/20210302133217.145994-1-knv418@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This change uses a space instead of tabs between the type and name of
each member of the struct.
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210301215335.767-10-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename RxLastFragNum to rx_last_frag_num to silence a checkpatch warning
about CamelCase.
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210301215335.767-9-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename RxLastSeqNum to rx_last_seq_num to silence a checkpatch warning
about CamelCase.
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210301215335.767-8-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename RxAdmittedBARecord to rx_admitted_ba_record to silence a
checkpatch warning about CamelCase.
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210301215335.767-7-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename RxPktPendingTimer to rx_pkt_pending_timer to silence a checkpatch
warning about CamelCase.
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210301215335.767-6-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename RxPendingPktList to rx_pending_pkt_list to silence a checkpatch
warning about CamelCase.
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210301215335.767-5-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename RxTimeoutIndicateSeq to rx_timeout_indicate_seq to silence a
checkpatch warning about CamelCase.
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210301215335.767-4-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename RxIndicateSeq to rx_indicate_seq to silence a checkpatch warning
about CamelCase.
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210301215335.767-3-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename TsCommonInfo to ts_common_info to silence a checkpatch warning
about CamelCase.
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210301215335.767-2-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This change uses a space instead of tabs between the type and name of
each member of the struct.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210220172909.15812-14-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename bdHT1R to bd_ht_1r to silence a checkpatch warning about
CamelCase.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210220172909.15812-13-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename RT2RT_HT_Mode to rt2rt_ht_mode to silence a checkpatch warning
about CamelCase.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210220172909.15812-12-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>