As noted in the "Deprecated Interfaces, Language Features, Attributes,
and Conventions" documentation [1], size calculations (especially
multiplication) should not be performed in memory allocator (or similar)
function arguments due to the risk of them overflowing. This could lead
to values wrapping around and a smaller allocation being made than the
caller was expecting. Using those allocations could lead to linear
overflows of heap memory and other misbehaviors.
In this case these aren't actually dynamic sizes: both sides of the
multiplication are constant values. However it is best to refactor these
anyway, just to keep the open-coded math idiom out of code.
So, use the purpose specific kcalloc() function instead of the argument
size * count in the kzalloc() function.
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#open-coded-arithmetic-in-allocator-arguments
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Len Baker <len.baker@gmx.com>
Link: https://lore.kernel.org/r/20210824090039.GA7999@titan
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Initialize the pre_cmd_cnt, post_cmd_cnt and rf_cmd_cnt variables in the
definition block as it is not necessary to do this in the middle of the
function.
Signed-off-by: Len Baker <len.baker@gmx.com>
Link: https://lore.kernel.org/r/20210824073643.GA7396@titan
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Avoid CameCase in the names of all local variables inside the function
rtl8192_phy_SwChnlStepByStep().
Signed-off-by: Len Baker <len.baker@gmx.com>
Link: https://lore.kernel.org/r/20210824072545.7321-2-len.baker@gmx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
clang warns:
drivers/staging/rtl8192u/r8192U_core.c:4268:20: warning: bitwise and of
boolean expressions; did you mean logical and? [-Wbool-operation-and]
bpacket_toself = bpacket_match_bssid &
^~~~~~~~~~~~~~~~~~~~~
&&
1 warning generated.
Replace the bitwise AND with a logical one to clear up the warning, as
that is clearly what was intended.
Fixes: 8fc8598e61 ("Staging: Added Realtek rtl8192u driver to staging")
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Link: https://lore.kernel.org/r/20210814235625.1780033-1-nathan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally writing across neighboring fields.
Split the 3 addr memcpy() into 3 memcpy() calls so the compiler doesn't
think an overflowing memcpy() happens against the addr1 field (the
neighbors are intended to be copied as well).
ieee80211_read_qos_param_element() copies a struct ieee80211_info_element
into a struct ieee80211_qos_information_element, but is actually wanting to
copy into the larger struct ieee80211_qos_parameter_info (the contents of
ac_params_record[] is later examined). Refactor the routine to perform
centralized checks, and copy the entire contents directly (since the id
and len members match the elementID and length members):
struct ieee80211_info_element {
u8 id;
u8 len;
u8 data[];
} __packed;
struct ieee80211_qos_information_element {
u8 elementID;
u8 length;
u8 qui[QOS_OUI_LEN];
u8 qui_type;
u8 qui_subtype;
u8 version;
u8 ac_info;
} __packed;
struct ieee80211_qos_parameter_info {
struct ieee80211_qos_information_element info_element;
u8 reserved;
struct ieee80211_qos_ac_parameter ac_params_record[QOS_QUEUE_NUM];
} __packed;
Additionally replace old-style zero-element arrays with flexible arrays.
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Pascal Terjan <pterjan@google.com>
Cc: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Cc: devel@driverdev.osuosl.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210806201208.2871467-1-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors. The safe replacement is strscpy().
Signed-off-by: Len Baker <len.baker@gmx.com>
Link: https://lore.kernel.org/r/20210718113207.10045-1-len.baker@gmx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Functions 'ieee80211_stop_send_beacons' and 'notify_wx_assoc_event'
are declared twice in their header file, so remove the repeated
declaration.
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Shaokun Zhang <zhangshaokun@hisilicon.com>
Link: https://lore.kernel.org/r/1622446678-52652-1-git-send-email-zhangshaokun@hisilicon.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixes the following sparse warning:
drivers/staging/rtl8192u/ieee80211/ieee80211_tx.c:798:32: warning: symbol 'tcb_desc' shadows an earlier one
drivers/staging/rtl8192u/ieee80211/ieee80211_tx.c:550:24: originally declared here
Signed-off-by: Thomas Bracht Laumann Jespersen <t@laumann.xyz>
Link: https://lore.kernel.org/r/20210527192149.29686-1-t@laumann.xyz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixes the following sparse warnings:
drivers/staging/rtl8192u/r8192U_core.c:2306:21: warning: symbol 'i' shadows an earlier one
drivers/staging/rtl8192u/r8192U_core.c:2254:13: originally declared here
drivers/staging/rtl8192u/r8192U_core.c:2371:29: warning: symbol 'i' shadows an earlier one
drivers/staging/rtl8192u/r8192U_core.c:2254:13: originally declared here
Signed-off-by: Cláudio Maia <clrrm@isep.ipp.pt>
Link: https://lore.kernel.org/r/20210514230459.15752-1-clrrm@isep.ipp.pt
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixes the following W=1 kernel build warning(s):
drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c: In function ‘ieee80211_rx_frame_softmac’:
drivers/staging/rtl8192u/ieee80211/ieee80211_softmac.c:2009:1: warning: the frame size of 1152 bytes is larger than 1024 bytes [-Wframe-larger-than=]
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Romain Perier <romain.perier@gmail.com>
Cc: Allen Pais <apais@linux.microsoft.com>
Cc: Andrea Merello <andrea.merello@gmail.com>
Cc: linux-staging@lists.linux.dev
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Link: https://lore.kernel.org/r/20210414181129.1628598-29-lee.jones@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixes the following W=1 kernel build warning(s):
drivers/staging/rtl8192u/r819xU_cmdpkt.c: In function ‘cmpk_handle_query_config_rx’:
drivers/staging/rtl8192u/r819xU_cmdpkt.c:274:24: warning: variable ‘rx_query_cfg’ set but not used [-Wunused-but-set-variable]
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Michael Straube <straube.linux@gmail.com>
Cc: linux-staging@lists.linux.dev
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Link: https://lore.kernel.org/r/20210414181129.1628598-7-lee.jones@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixes the following W=1 kernel build warning(s):
drivers/staging/rtl8192u/r819xU_phy.c: In function ‘rtl8192_phy_SwChnlStepByStep’:
drivers/staging/rtl8192u/r819xU_phy.c:1328:1: warning: the frame size of 1096 bytes is larger than 1024 bytes [-Wframe-larger-than=]
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Michael Straube <straube.linux@gmail.com>
Cc: linux-staging@lists.linux.dev
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Link: https://lore.kernel.org/r/20210414181129.1628598-6-lee.jones@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixes the following W=1 kernel build warning(s):
drivers/staging/rtl8192u/r8192U_core.c:3714: warning: Function parameter or member 'dev' not described in 'UpdateRxPktTimeStamp8190'
drivers/staging/rtl8192u/r8192U_core.c:3714: warning: Function parameter or member 'stats' not described in 'UpdateRxPktTimeStamp8190'
drivers/staging/rtl8192u/r8192U_core.c:3714: warning: expecting prototype for Function(). Prototype was for UpdateRxPktTimeStamp8190() instead
drivers/staging/rtl8192u/r8192U_core.c:4314: warning: Function parameter or member 'dev' not described in 'UpdateReceivedRateHistogramStatistics8190'
drivers/staging/rtl8192u/r8192U_core.c:4314: warning: Function parameter or member 'stats' not described in 'UpdateReceivedRateHistogramStatistics8190'
drivers/staging/rtl8192u/r8192U_core.c:4314: warning: expecting prototype for Function(). Prototype was for UpdateReceivedRateHistogramStatistics8190() instead
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Andrea Merello <andrea.merello@gmail.com>
Cc: Jerry chuang <wlanfae@realtek.com>
Cc: linux-staging@lists.linux.dev
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Link: https://lore.kernel.org/r/20210414181129.1628598-5-lee.jones@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixes the following W=1 kernel build warning(s):
drivers/staging/rtl8192u/r8192U_core.c: In function ‘rtl8192_hard_data_xmit’:
drivers/staging/rtl8192u/r8192U_core.c:905:6: warning: variable ‘ret’ set but not used [-Wunused-but-set-variable]
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Andrea Merello <andrea.merello@gmail.com>
Cc: Jerry chuang <wlanfae@realtek.com>
Cc: linux-staging@lists.linux.dev
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Link: https://lore.kernel.org/r/20210414181129.1628598-2-lee.jones@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The for-loop iterates with a u8 loop counter i and compares this
with the loop upper limit of riv->ieee80211->LinkDetectInfo.SlotNum
that is a u16 type. There is a potential infinite loop if SlotNum
is larger than the u8 loop counter. Fix this by making the loop
counter the same type as SlotNum.
Addresses-Coverity: ("Infinite loop")
Fixes: 8fc8598e61 ("Staging: Added Realtek rtl8192u driver to staging")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Link: https://lore.kernel.org/r/20210407150308.496623-1-colin.king@canonical.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
When comparing a constant with variable, it is recommeneded
to have the constant on the right side of the test.
This patch silences the following checkpatch.pl warning:
"Comparisons should place the constant on the right side of the test"
Signed-off-by: Vardhan H G <crazylonestar7@gmail.com>
Link: https://lore.kernel.org/r/20210407061749.13460-1-crazylonestar7@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fix the following gcc warning:
drivers/staging/rtl8192u/r8192U_core.c:3419:6: warning: variable
‘reset_status’ set but not used [-Wunused-but-set-variable].
Reported-by: Abaci Robot <abaci@linux.alibaba.com>
Signed-off-by: Jiapeng Chong <jiapeng.chong@linux.alibaba.com>
Link: https://lore.kernel.org/r/1617775650-42645-1-git-send-email-jiapeng.chong@linux.alibaba.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This driver has a few disabled diagnostics, which can probably
just get removed, or might still be helpful:
drivers/staging/rtl8192u/r8192U_core.c: In function 'rtl8192_set_rxconf':
drivers/staging/rtl8192u/r8192U_core.c:767:45: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body]
767 | DMESG("NIC in promisc mode");
| ^
drivers/staging/rtl8192u/r8192U_core.c: In function 'rtl819xusb_rx_command_packet':
drivers/staging/rtl8192u/r8192U_core.c:883:80: error: suggest braces around empty body in an 'if' statement [-Werror=empty-body]
883 | DMESG("rxcommandpackethandle819xusb: It is a command packet\n");
| ^
Changing the empty macro to no_printk() to shut up the compiler warnings
and add format string checking.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20210322103545.704121-1-arnd@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove braces around those `if` and `for` blocks which contain a
single line and therefore fix the Checkpatch warning of the
following type:
"WARNING: braces {} are not necessary for single statement blocks"
Signed-off-by: Atul Gopinathan <atulgopinathan@gmail.com>
Link: https://lore.kernel.org/r/20210310104353.14531-1-atulgopinathan@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixes checkpatch warning:
WARNING: Comparisons should place the constant on the right side of the test
Signed-off-by: Simone Serra <serrazimone@gmail.com>
Link: https://lore.kernel.org/r/20210223234102.15784-1-serrazimone@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
remove the unnecessary return at the end of function
phy_set_rf8256_ofdm_tx_power(), reported by scripts/checkpatch.pl.
Signed-off-by: Du Cheng <ducheng2@gmail.com>
Link: https://lore.kernel.org/r/20210219150527.8358-2-ducheng2@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
use MACRO __func__ instead of the literal names for RT_TRACE()
in phy_set_rf8256_bandwidth() and phy_rf8256_config_para_file(),
as reported by scripts/checkpatch.pl.
Signed-off-by: Du Cheng <ducheng2@gmail.com>
Link: https://lore.kernel.org/r/20210219150527.8358-1-ducheng2@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
We need to cap len at IW_ESSID_MAX_SIZE (32) to avoid memory corruption.
This can be controlled by the user via the ioctl.
Fixes: 5f53d8ca3d ("Staging: add rtl8192SU wireless usb driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/YEHoAWMOSZBUw91F@mwanda
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
strlcpy is marked as deprecated in Documentation/process/deprecated.rst,
and there is no functional difference when the caller expects truncation
(when not checking the return value). strscpy is relatively better as it
also avoids scanning the whole source string.
This silences the related checkpatch warnings from:
5dbdb2d87c ("checkpatch: prefer strscpy to strlcpy")
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20210131172838.146706-11-memxor@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Make switch and case to be at the same indent. This fixes the
checkpatch error "switch and case should be at the same indent".
Signed-off-by: Anirudh Rayabharam <mail@anirudhrb.com>
Link: https://lore.kernel.org/r/20210131131226.16917-1-mail@anirudhrb.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
There is an allocation for priv->rx_urb[16] has no null check,
which may lead to a null pointer dereference.
Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
Link: https://lore.kernel.org/r/20201226080258.6576-1-dinghao.liu@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The 'EPERM' cannot appear in the previous path, we
should use '-EPERM' to check it. For example:
Call trace:
->rtl8192_rx_isr
->usb_submit_urb
->usb_hcd_submit_urb
->rh_urb_enqueue
->rh_queue_status
->usb_hcd_link_urb_to_ep
Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
Link: https://lore.kernel.org/r/20201028122648.47959-1-zhangqilong3@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Replace function names with __func__ macro.
Remove unnecessary characters in error messages.
Reported by checkpatch.pl.
Signed-off-by: Elena Afanasova <eafanasova@gmail.com>
Link: https://lore.kernel.org/r/20201020150823.35734-1-eafanasova@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commit 453431a549 ("mm, treewide: rename kzfree() to
kfree_sensitive()") renamed kzfree() to kfree_sensitive(),
but it left a compatibility definition of kzfree() to avoid
being too disruptive.
Since then a few more instances of kzfree() have slipped in.
Just get rid of them and remove the compatibility definition
once and for all.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Here is the large set of staging and IIO driver updates for 5.10-rc1.
Included in here are:
- new IIO drivers
- new IIO driver frameworks
- various IIO driver fixes and updates
- IIO device tree conversions to yaml
- so many minor staging driver coding style cleanups
- most cdev driver moved out of staging
- no new drivers added or removed
Full details are in the shortlog.
All of these have been in linux-next for a while with no reported
issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCX4g+oQ8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ymAyQCghI58tN/Np3itPlZuc+HYFN7OHH8An1TKzCm1
bwkfw5qAcHab+R7KQZOA
=BaXS
-----END PGP SIGNATURE-----
Merge tag 'staging-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
Pull staging / IIO driver updates from Greg KH:
"Here is the large set of staging and IIO driver updates for 5.10-rc1.
Included in here are:
- new IIO drivers
- new IIO driver frameworks
- various IIO driver fixes and updates
- IIO device tree conversions to yaml
- so many minor staging driver coding style cleanups
- most cdev driver moved out of staging
- no staging drivers added or removed
Full details are in the shortlog.
All of these have been in linux-next for a while with no reported
issues"
* tag 'staging-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (476 commits)
staging: comedi: check validity of wMaxPacketSize of usb endpoints found
staging: wfx: improve robustness of wfx_get_hw_rate()
staging: wfx: drop unicode characters from strings
staging: wfx: gpiod_get_value() can return an error
staging: wfx: increase robustness of hif_generic_confirm()
staging: wfx: wfx_init_common() returns NULL on error
staging: wfx: standardize the error when vif does not exist
staging: wfx: check memory allocation
staging: wfx: improve error handling of hif_join()
staging: dpaa2-switch: add a dpaa2_switch prefix to all functions in ethsw.c
staging: dpaa2-switch: add a dpaa2_switch_ prefix to all functions in ethsw-ethtool.c
staging: rtl8188eu: Fix long lines
dt-bindings: staging: wfx: silabs,wfx yaml conversion
staging: wfx: update copyrights dates
staging: wfx: fix QoS priority for slow buses
staging: wfx: fix BA sessions for older firmwares
staging: wfx: remove remaining code of 'secure link' feature
staging: wfx: fix handling of MMIC error
staging: vchiq: Fix list_for_each exit tests
staging: greybus: use __force when assigning __u8 value to snd_ctl_elem_type_t
...
Clean up comparsions to NULL reported by checkpatch.
if (x == NULL) -> if (!x)
if (x != NULL) -> if (x)
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20200919150823.16923-3-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Move 'else if' to the same line as the closing brace of the
corresponding 'if' to follow kernel coding style.
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20200919150823.16923-2-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add missing and remove unnecessary blank lines to clear checkpatch
issues.
CHECK: Please use a blank line after function/struct/union/enum declarations
CHECK: Blank lines aren't necessary before a close brace '}'
CHECK: Please don't use multiple blank lines
CHECK: Blank lines aren't necessary after an open brace '{'
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20200919150823.16923-1-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Len Baker