Refactor the if condition into nested conditionals to improve clarity.
The condition is currently in the form of (E1 && E2 && E3), where the
variable keyidx is assigned a value in E3.
Signed-off-by: Wang Jinchao <wangjinchao600@gmail.com>
Link: https://lore.kernel.org/r/ZKQ7tYa9I+PHgef/@fedora
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux kernel coding style uses '*/' on a separate line at the end of
multi line comments.
Fix block comments by moving '*/' at the end of block comments on a
separate line as reported by checkpatch.pl script.
Signed-off-by: Khadija Kamran <kamrankhadijadj@gmail.com>
Link: https://lore.kernel.org/r/140e0928531e61dc7396271a5b16a6be17514c76.1679945728.git.kamrankhadijadj@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
clang with W=1 reports
drivers/staging/rtl8192u/ieee80211/ieee80211_rx.c:1961:18: error: unused
function 'ieee80211_SignalStrengthTranslate' [-Werror,-Wunused-function]
static inline u8 ieee80211_SignalStrengthTranslate(
^
This function is not used so remove it.
It may have been used in the past but that has been commented out.
Also remove the comment.
Signed-off-by: Tom Rix <trix@redhat.com>
Link: https://lore.kernel.org/r/20230323165931.2634587-1-trix@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove extra spaces before statements to fix
following indentation warnings reported by checkpatch.pl.
WARNING: Statements should start on a tabstop
+ struct delayed_work start_ibss_wq;
Signed-off-by: Anup Sharma <anupnewsmail@gmail.com>
Link: https://lore.kernel.org/r/Y6215u/jtmcgO6TY@local
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
We cannot dereference the "skb" pointer after calling
ieee80211_monitor_rx(), because it is a use after free.
Fixes: 8fc8598e61 ("Staging: Added Realtek rtl8192u driver to staging")
Signed-off-by: Dan Carpenter <error27@gmail.com>
Link: https://lore.kernel.org/r/Y33BArx3k/aw6yv/@kili
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Several ieee80211_* symbol names are extended with _rsl tag using
macros. This is done to avoid a conflict when a similar symbol is
already in use in another part of kernel and may lead to conflicts.
However, most of these base symbol names are not found to being used
anywhere in the code and hence are not useful today. These symbols
are not used outside of the module and hence can be safely removed.
The code continues to use the original symbol names.
Suggested-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Deepak R Varma <drv@mailo.com>
Link: https://lore.kernel.org/r/17f69a042e215c484931a0327fdf7775eea5f918.1667930292.git.drv@mailo.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This driver is a single standalone driver and does not have any loading
dependencies on another associated drivers. The build results in one
single .ko object. The current implementation of the function
ieee80211_tkip_null simply returns back to the caller without any useful
instruction executions. It does not lead to auto-loading of any other
associated modules as the initial design implementation appears to be.
Hence the call to ieee80211_tkip_null() and its implementation is
unnecessary and should be removed.
Signed-off-by: Deepak R Varma <drv@mailo.com>
Link: https://lore.kernel.org/r/6f5a4313fc21365bf733c25385aef79554ffb253.1667237959.git.drv@mailo.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Provide a TODO file that lists the tasks that should be carried out in
order to move this driver off drivers/staging. It's missing from original
addition of this driver.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Link: https://lore.kernel.org/r/20221016110743.1448067-1-pbrobinson@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
There is a spellig mistake, correct it and fix capital letter on the
proper noun. Also fix the grammar.
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Link: https://lore.kernel.org/r/20221004150944.148157-1-colin.i.king@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The ndo_start_xmit field in net_device_ops is expected to be of type
netdev_tx_t (*ndo_start_xmit)(struct sk_buff *skb, struct net_device *dev).
The mismatched return type breaks forward edge kCFI since the underlying
function definition does not match the function hook definition.
The return type of ieee80211_xmit should be changed from int to
netdev_tx_t.
Link: https://github.com/ClangBuiltLinux/linux/issues/1703
Cc: llvm@lists.linux.dev
Reported-by: Dan Carpenter <error27@gmail.com>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Nathan Huckleberry <nhuck@google.com>
Link: https://lore.kernel.org/r/20220914210750.423048-1-nhuck@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This driver creates 4 debug files under [devname] folder. The devname
could be wlan0 initially, however it could be renamed later to e.g.
enx00e04c00000. This will cause problem during debug file teardown since
it uses netdev->name, which is no longer wlan0. To solve this problem,
add a notifier to handle device renaming. Also note that we cannot
simply do debugfs_lookup to find out old dentry since by the time the
notifier is called, netdev->name is already changed to new name.
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Tested-by: Zheyu Ma <zheyuma97@gmail.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Link: https://lore.kernel.org/r/20220730033335.74153-5-ztong0001@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
There are 4 debug files created under /proc/net/[Devname].
Due to this is purely for debuging as files are created read only,
move this to debugfs like other NIC drivers do instead of using procfs.
The directory structure will be like the following
/sys/kernel/debug/r8192u_usb/wlan0/stats-rx
/sys/kernel/debug/r8192u_usb/wlan0/stats-rx
/sys/kernel/debug/r8192u_usb/wlan0/stats-ap
/sys/kernel/debug/r8192u_usb/wlan0/registers
This is also to prepare for address rmmod warn issue.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Link: https://lore.kernel.org/r/20220730033335.74153-4-ztong0001@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cast is not needed when calling ieee80211_priv, so remove them.
No functional change in this commit.
Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Link: https://lore.kernel.org/r/20220730033335.74153-3-ztong0001@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This is to prepare for moving them to debugfs and fix rmmod warn issue
when wlan0 is renamed to something else.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Link: https://lore.kernel.org/r/20220730033335.74153-2-ztong0001@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
There are sleep in atomic context bugs when dm_fsync_timer_callback is
executing. The root cause is that the memory allocation functions with
GFP_KERNEL or GFP_NOIO parameters are called in dm_fsync_timer_callback
which is a timer handler. The call paths that could trigger bugs are
shown below:
(interrupt context)
dm_fsync_timer_callback
write_nic_byte
kzalloc(sizeof(data), GFP_KERNEL); //may sleep
usb_control_msg
kmalloc(.., GFP_NOIO); //may sleep
write_nic_dword
kzalloc(sizeof(data), GFP_KERNEL); //may sleep
usb_control_msg
kmalloc(.., GFP_NOIO); //may sleep
This patch uses delayed work to replace timer and moves the operations
that may sleep into the delayed work in order to mitigate bugs.
Fixes: 8fc8598e61 ("Staging: Added Realtek rtl8192u driver to staging")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220710103002.63283-1-duoming@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Don't populate the const array queuetopipe on the stack, instead make it
static. Also makes the object code smaller.
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Link: https://lore.kernel.org/r/20220507183414.26633-1-colin.i.king@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The ieee80211_check_auth_response() function has a signedness bug because
it's a declared as a u16 but it return -ENOMEM. When you look at it more
closely it returns a mix of error codes including 0xcafe, -ENOMEM, and
a->status which is WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG. This is a mess.
Clean it up to just return standard kernel error codes. We can print
out the a->status before returning a regular error code. The printks
in the caller need to be adjusted as well.
Signed-off-by: Haowen Bai <baihaowen@meizu.com>
Link: https://lore.kernel.org/r/1650593435-9017-1-git-send-email-baihaowen@meizu.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Currently, these three get_key functions return -1 when the provided len
value is less a specific key length value, which can result in buffer
overflow depending on how the returned value is used. These functions are
used in three places in ieee80211/ieee80211_wx.c:
ieee80211_wx_get_encode() :
The behavior of this function will be unchanged.
ieee80211_wx_get_encode_ext() :
The result of the get_key function is written to ext->key_len,
resulting in a buffer overflow if the result is negative.
ieee80211_wx_set_encode() :
The behavior of this function will change. When len is less than the
key length value, it will set a default key of all 0.
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Rebecca Mckeever <remckee0@gmail.com>
Link: https://lore.kernel.org/r/Yl/7QPKXer7YtXOs@bertie
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
There is a deadlock in ieee80211_beacons_stop(), which is shown below:
(Thread 1) | (Thread 2)
| ieee80211_send_beacon()
ieee80211_beacons_stop() | mod_timer()
spin_lock_irqsave() //(1) | (wait a time)
... | ieee80211_send_beacon_cb()
del_timer_sync() | spin_lock_irqsave() //(2)
(wait timer to stop) | ...
We hold ieee->beacon_lock in position (1) of thread 1 and use
del_timer_sync() to wait timer to stop, but timer handler
also need ieee->beacon_lock in position (2) of thread 2.
As a result, ieee80211_beacons_stop() will block forever.
This patch extracts del_timer_sync() from the protection of
spin_lock_irqsave(), which could let timer handler to obtain
the needed lock.
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220417135407.109536-1-duoming@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add " == 0" to the condition in both else if branches to address a
possible bug. strcmp returns 0 when its arguments are equal, which
evaluates to false, often leading to errors when used in if statements.
Currently, the statement in the first else if branch does not execute
when its arguments are equal, but it does execute when crypt->ops->name
equals any string other than "WEP" or "TKIP".
Similarly, the second else if branch does not execute when its arguments
are equal, and it only executes when crypt->ops->name equals "TKIP".
The else branch never executes.
It is unlikely that this is working as intended.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Rebecca Mckeever <remckee0@gmail.com>
Link: https://lore.kernel.org/r/20220416102434.97567-1-remckee0@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Don't populate the read-only array EWC11NHTCap on the stack but instead
make it static const. Also makes the object code a little smaller.
Remove comment.
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Link: https://lore.kernel.org/r/20220414103650.297396-1-colin.i.king@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tasklets have long been deprecated as being too heavy on the system
by running in irq context - and this is not a performance critical
path. If a higher priority process wants to run, it must wait for
the tasklet to finish before doing so.
rtllib_sta_ps() and ieee80211_sta_ps() will now run in process context
and have further concurrency (tasklets being serialized among themselves),
but this is done holding the ieee->lock, so it should be fine.
Signed-off-by: Davidlohr Bueso <dave@stgolabs.net>
Link: https://lore.kernel.org/r/20220411151620.129178-7-dave@stgolabs.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Replace if else statement with min_t or max_t macros to increase
readability and conform to Linux kernel coding style. The _t versions
of the macros must be used to avoid applying typeof to the bit fields
pPeerHTCap->MaxRxAMPDUFactor, and pPeerHTCap->MPDUDensity.
Using u32 assures the reader that the value with not be truncated
without having to look up the types of the variables involved.
Found with minmax coccinelle script.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Rebecca Mckeever <remckee0@gmail.com>
Link: https://lore.kernel.org/r/65518c0b366bf199903c6c530774c61ba6087165.1649378587.git.remckee0@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Replace ternary statement with an if statement followed by an assignment
to increase readability and make error handling more obvious.
Found with minmax coccinelle script.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Rebecca Mckeever <remckee0@gmail.com>
Link: https://lore.kernel.org/r/36059ec66a2f3d58a8e339aa4f262772eabd3ef0.1649378587.git.remckee0@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The init and exit functions are not releasing resource properly. An error
can be observed when we load/unload/load r8192u_usb module due to this
issue. This patch rework init and exit functions to do proper resource
release on init error and module unload.
The __exit attribute is stripped from some functions since they are now
being used by module init functions.
[ 493.068012] proc_dir_entry 'net/ieee80211' already registered
[ 493.271973] proc_mkdir+0x18/0x20
[ 493.272136] ieee80211_debug_init+0x28/0xde8 [r8192u_usb]
[ 493.272404] rtl8192_usb_module_init+0x10/0x161 [r8192u_usb]
[ 13.910616] proc_dir_entry 'net/rtl819xU' already registered
[ 13.918931] proc_mkdir+0x18/0x20
[ 13.919098] rtl8192_usb_module_init+0x142/0x16d [r8192u_usb]
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Link: https://lore.kernel.org/r/20220224064033.1530924-3-ztong0001@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add two empty functions to handle the case when CONFIG_IEEE80211_DEBUG
is turned off. These two functions will be used by module init() and
and exit().
Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Link: https://lore.kernel.org/r/20220224064033.1530924-2-ztong0001@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
There is an extra space in the debug macro, when CONFIG_IEEE80211_DEBUG
is switched off, compiler will complain.
drivers/staging/rtl8192u/ieee80211/ieee80211.h:470:42: error: expected ‘)’ before ‘...’ token
470 | #define IEEE80211_DEBUG (level, fmt, args...) do {} while (0)
drivers/staging/rtl8192u/ieee80211/ieee80211.h:470:47: error: expected ‘;’ before ‘do’
470 | #define IEEE80211_DEBUG (level, fmt, args...) do {} while (0)
Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Link: https://lore.kernel.org/r/20220224064033.1530924-1-ztong0001@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The double `new' in the comment in line 1349 and `to' in the comment in
line 2030 are repeated. Remove the repeated words from these comments.
Signed-off-by: Jason Wang <wangborong@cdjrlc.com>
Link: https://lore.kernel.org/r/20211211091422.260442-1-wangborong@cdjrlc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Don't populate the array queuetopipe on the stack but instead make it
static const. Also makes the object code smaller by ~50 bytes.
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Link: https://lore.kernel.org/r/20211129225013.524016-1-colin.i.king@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In function rtl8192_adapter_start priv->pFirmware->firmware_status
is assign to FW_STATUS_0_INIT just after assignment variable is
again get check for same value. Therefore if condition will be
always be true. So remove the if condition ,else if section and
else section which will never get execute.
Signed-off-by: Saurav Girepunje <saurav.girepunje@gmail.com>
Link: https://lore.kernel.org/r/YYijapuGOmObwM3S@Sauravs-MacBook-Air.local
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
USB control-message timeouts are specified in milliseconds and should
specifically not vary with CONFIG_HZ.
Fixes: 8fc8598e61 ("Staging: Added Realtek rtl8192u driver to staging")
Cc: stable@vger.kernel.org # 2.6.33
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20211025120910.6339-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commit 406f42fa0d ("net-next: When a bond have a massive amount
of VLANs...") introduced a rbtree for faster Ethernet address look
up. To maintain netdev->dev_addr in this tree we need to make all
the writes to it got through appropriate helpers.
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Link: https://lore.kernel.org/r/20211019171243.1412240-8-kuba@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commit 406f42fa0d ("net-next: When a bond have a massive amount
of VLANs...") introduced a rbtree for faster Ethernet address look
up. To maintain netdev->dev_addr in this tree we need to make all
the writes to it got through appropriate helpers.
Convert staging from ether_addr_copy() to eth_hw_addr_set():
@@
expression dev, np;
@@
- ether_addr_copy(dev->dev_addr, np)
+ eth_hw_addr_set(dev, np)
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Link: https://lore.kernel.org/r/20211019171243.1412240-3-kuba@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commit 406f42fa0d ("net-next: When a bond have a massive amount
of VLANs...") introduced a rbtree for faster Ethernet address look
up. To maintain netdev->dev_addr in this tree we need to make all
the writes to it got through appropriate helpers.
Convert staging drivers from memcpy(... ETH_ADDR) to eth_hw_addr_set():
@@
expression dev, np;
@@
- memcpy(dev->dev_addr, np, ETH_ALEN)
+ eth_hw_addr_set(dev, np)
@@
- memcpy(dev->dev_addr, np, 6)
+ eth_hw_addr_set(dev, np)
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Link: https://lore.kernel.org/r/20211019171243.1412240-2-kuba@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
As noted in the "Deprecated Interfaces, Language Features, Attributes,
and Conventions" documentation [1], size calculations (especially
multiplication) should not be performed in memory allocator (or similar)
function arguments due to the risk of them overflowing. This could lead
to values wrapping around and a smaller allocation being made than the
caller was expecting. Using those allocations could lead to linear
overflows of heap memory and other misbehaviors.
In this case these aren't actually dynamic sizes: both sides of the
multiplication are constant values. However it is best to refactor these
anyway, just to keep the open-coded math idiom out of code.
So, use the purpose specific kcalloc() function instead of the argument
size * count in the kzalloc() function.
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Len Baker <len.baker@gmx.com>
Link: https://lore.kernel.org/r/20210824090039.GA7999@titan
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Initialize the pre_cmd_cnt, post_cmd_cnt and rf_cmd_cnt variables in the
definition block as it is not necessary to do this in the middle of the
function.
Signed-off-by: Len Baker <len.baker@gmx.com>
Link: https://lore.kernel.org/r/20210824073643.GA7396@titan
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Avoid CameCase in the names of all local variables inside the function
rtl8192_phy_SwChnlStepByStep().
Signed-off-by: Len Baker <len.baker@gmx.com>
Link: https://lore.kernel.org/r/20210824072545.7321-2-len.baker@gmx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
clang warns:
drivers/staging/rtl8192u/r8192U_core.c:4268:20: warning: bitwise and of
boolean expressions; did you mean logical and? [-Wbool-operation-and]
bpacket_toself = bpacket_match_bssid &
^~~~~~~~~~~~~~~~~~~~~
&&
1 warning generated.
Replace the bitwise AND with a logical one to clear up the warning, as
that is clearly what was intended.
Fixes: 8fc8598e61 ("Staging: Added Realtek rtl8192u driver to staging")
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Link: https://lore.kernel.org/r/20210814235625.1780033-1-nathan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally writing across neighboring fields.
Split the 3 addr memcpy() into 3 memcpy() calls so the compiler doesn't
think an overflowing memcpy() happens against the addr1 field (the
neighbors are intended to be copied as well).
ieee80211_read_qos_param_element() copies a struct ieee80211_info_element
into a struct ieee80211_qos_information_element, but is actually wanting to
copy into the larger struct ieee80211_qos_parameter_info (the contents of
ac_params_record[] is later examined). Refactor the routine to perform
centralized checks, and copy the entire contents directly (since the id
and len members match the elementID and length members):
struct ieee80211_info_element {
u8 id;
u8 len;
u8 data[];
} __packed;
struct ieee80211_qos_information_element {
u8 elementID;
u8 length;
u8 qui[QOS_OUI_LEN];
u8 qui_type;
u8 qui_subtype;
u8 version;
u8 ac_info;
} __packed;
struct ieee80211_qos_parameter_info {
struct ieee80211_qos_information_element info_element;
u8 reserved;
struct ieee80211_qos_ac_parameter ac_params_record[QOS_QUEUE_NUM];
} __packed;
Additionally replace old-style zero-element arrays with flexible arrays.
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Pascal Terjan <pterjan@google.com>
Cc: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Cc: devel@driverdev.osuosl.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210806201208.2871467-1-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors. The safe replacement is strscpy().
Signed-off-by: Len Baker <len.baker@gmx.com>
Link: https://lore.kernel.org/r/20210718113207.10045-1-len.baker@gmx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>