Age | Commit message (Collapse) | Author |
|
commit 4ddf8ab8d15ddbc52eefb44eb64e38466ce1f70f upstream.
In routine wpa_supplicant_ioctl(), the user-controlled p->length is
checked to be at least the size of struct ieee_param size, but the code
does not detect the case where p->length is greater than the size
of the struct, thus a malicious user could be wasting kernel memory.
Fixes commit a2c60d42d97c ("Add files for new driver - part 16").
Reported by: Pietro Oliva <pietroliva@gmail.com>
Cc: Pietro Oliva <pietroliva@gmail.com>
Cc: Stable <stable@vger.kernel.org>
Fixes commit a2c60d42d97c ("Add files for new driver - part 16").
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Link: https://lore.kernel.org/r/20200210180235.21691-4-Larry.Finger@lwfinger.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
|
|
commit 499c405b2b80bb3a04425ba3541d20305e014d3e upstream.
In routine rtw_hostapd_ioctl(), the user-controlled p->length is assumed
to be at least the size of struct ieee_param size, but this assumption is
never checked. This could result in out-of-bounds read/write on kernel
heap in case a p->length less than the size of struct ieee_param is
specified by the user. If p->length is allowed to be greater than the size
of the struct, then a malicious user could be wasting kernel memory.
Fixes commit a2c60d42d97c ("Add files for new driver - part 16").
Reported by: Pietro Oliva <pietroliva@gmail.com>
Cc: Pietro Oliva <pietroliva@gmail.com>
Cc: Stable <stable@vger.kernel.org>
Fixes: a2c60d42d97c ("staging: r8188eu: Add files for new driver - part 16")
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Link: https://lore.kernel.org/r/20200210180235.21691-2-Larry.Finger@lwfinger.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
|
|
commit c497ae2077c055b85c1bf04f3d182a84bd8f365b upstream.
The rtl8188 copy of the os_dep support code causes a
warning about a very significant stack usage in the translate_scan()
function:
drivers/staging/rtl8188eu/os_dep/ioctl_linux.c: In function 'translate_scan':
drivers/staging/rtl8188eu/os_dep/ioctl_linux.c:306:1: error: the frame size of 1560 bytes is larger than 1400 bytes [-Werror=frame-larger-than=]
Use the same trick as in the rtl8723bs copy of the same function, and
allocate it dynamically.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20200104214832.558198-1-arnd@arndb.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
|
|
correct code style.
rtl8188eu uses CamelCase for many struct members.
Refactors the ndis_802_11_ssid members Ssid and SsidLength to keep correct code style.
Issue found by checkpatch.
Signed-off-by: Florian Büstgens <flbue@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Cleanup remaining comparsions to true.
if (x == true) -> if (x)
if (x != true) -> if (!x)
if (!x == true) -> if (!x)
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Cleanup remaining comparsions to false.
if(x == false) -> if(!x)
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Cleanup all inconsistent indenting reported by smatch.
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This patch removed unneeded variable named ret because this variable is
used only to return 0.
Signed-off-by: Bhaskar Singh <bhaskar.kernel@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
In the header rtw_iol.h there is only one function declared.
Remove the include of rtw_iol.h from files that do not use
this function.
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Fix indentation to clear checkpatch warnings.
WARNING: suspect code indent for conditional statements
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Use is_broadcast_ether_addr instead of checking each byte of the
address array for 0xff. Shortens the code and improves readability.
As required by is_broadcast_ether_addr, the address array sta_addr
is properly aligned in all uses. Thanks to Joe Perches.
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Use if(x) instead of if(x == true).
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Remove unrequired blank lines reported by checkpatch.
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Use strlcpy instead of strncpy to avoid gcc 8 warning:
warning: '__builtin_strncpy' specified bound 16 equals destination size [-Wstringop-truncation]
The maximum length of the source string including terminating null is 5.
Hence it always fits in the destination buffer of length 16.
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This satisfies a checkpatch warning and is the preferred
method for notating the license.
The SPDX identifier is a legally binding shorthand, which
can be used instead of the full boiler plate text.
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This patch is created to solve the CamelCase issue. The members 'IEs'
and 'IELength' of struct wlan_bssid_ex are being modified to 'ie' and
'ie_length' to solve the issue. And the places where these variables
are referenced inside rtl8188eu driver are also changed.
Signed-off-by: Janani Sankara Babu <jananis37@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
When not associated with an AP, wifi device drivers should respond to the
SIOCGIWESSID ioctl with a zero-length string for the SSID, which is the
behavior expected by dhcpcd.
Currently, this driver returns an error code (-1) from the ioctl call,
which causes dhcpcd to assume that the device is not a wireless interface
and therefore it fails to work correctly with it thereafter.
This problem was reported and tested at
https://github.com/lwfinger/rtl8188eu/issues/234.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
call to memset to assign 0 value immediately after allocating
memory with kzalloc is unnecesaary as kzalloc allocates the memory
filled with 0 value.
Signed-off-by: Himanshu Jha <himanshujha199640@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
fw_state member of struct mlme_priv never obtain WIFI_MP_STATE value,
so code only for (fw_state == WIFI_MP_STATE) is dead.
Remove it, WIFI_MP_*STATE and WIFI_MP_CTX* definitions.
Signed-off-by: Ivan Safonov <insafonov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Fixed checkpatch.pl 'Missing a blank line after declarations' in
rtl8188eu module.
Signed-off-by: Yamanappagouda Patil <goudapatilk@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Clean some all functions to return NULL on failure.
Used !x instead of x==NULL.
Signed-off-by: Amit Ghadge <amitg.b14@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
sizeof(struct ieee80211_ht_cap)
Values of this expressions are equal, but ieee80211_ht_cap is library type.
Signed-off-by: Ivan Safonov <insafonov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
translate_scan function
rtw_ieee80211_ht_cap is reimplementation of the ieee80211_ht_cap.
Signed-off-by: Ivan Safonov <insafonov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
failure
Some functions like kmalloc/kzalloc return NULL on failure.
When NULL represents failure, !x is commonly used.
This was done using Coccinelle:
@@
expression *e;
identifier l1;
@@
e = \(kmalloc\|kzalloc\|kcalloc\|devm_kzalloc\)(...);
...
- e == NULL
+ !e
Signed-off-by: Bhaktipriya Shridhar <bhaktipriya96@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This fixes the issue reported by checkpatch.pl:
"Do not include the paragraph about writing to the Free Software
Foundation's mailing address from the sample GPL notice. The FSF
has changed addresses in the past, and may do so again. Linux
already includes a copy of the GPL."
in all files for the rtl8188eu driver.
Signed-off-by: Kyle Kuffermann <kyle.kuffermann@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
FIELD_OFFSET and offsetof macro are equal
Signed-off-by: Ivan Safonov <insafonov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Remove duplicate include file. Found using includecheck.
Signed-off-by: Amitoj Kaur Chawla <amitoj1606@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Replace the memset of array to broadcast address 0xFF by using the
eth_broadcast_addr() API
Signed-off-by: Hari Prasath Gujulan Elango <hgujulan@visteon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
min_t macro better conveys the meaning of the code.
Signed-off-by: Ivan Safonov <insafonov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
min_t macro better conveys the meaning of the code.
Signed-off-by: Ivan Safonov <insafonov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
min (or max) kernel macro better conveys the meaning of the code.
Signed-off-by: Ivan Safonov <insafonov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
ARRAY_SIZE shorter and more difficult to create bugs.
Signed-off-by: Ivan Safonov <insafonov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This patch compresses two lines into a single line if immediate return is
found. Also remove variable ret as it is no longer needed.
Semantic patch used for this is as follows:
@@
type T;
identifier i,f;
constant C;
@@
- T i;
...when != i
when strict
(
return -C;
|
- i =
+ return
f(...);
- return i;
)
Signed-off-by: Shraddha Barke <shraddha.6596@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Signed-off-by: Jakub Sitnicki <jsitnicki@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
linux/ieee80211.h already defines constants for information element IDs.
Resolve discrepancies in naming and remove the duplicated definitions.
Signed-off-by: Jakub Sitnicki <jsitnicki@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Refactored rtw_free_assoc_resources to avoid sparse warnings about
different contexts for basic lock
Signed-off-by: Buţiu Alexandru Octavian <predator5047@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
linux/ieee80211.h already defines constants for capability bits.
Include it where needed, resolve discrepancies in naming, and remove the
duplicated definitions.
Also, make use of WLAN_CAPABILITY_IS_STA_BSS() macro to check if neither
ESS nor IBSS capability bits are set.
Signed-off-by: Jakub Sitnicki <jsitnicki@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
These are all defined as a part of the standard and should not be
duplicated on a per-driver basis. Use the global ones and delete the
local ones.
Note that a couple of them had slight wording differences, things like
INVALID vs. NOT_VALID or similar, so they are aligned with the global
naming conventions here, as dictated by compile testing.
This isn't the totality of duplicated data removed, but it is a start.
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The comment "/* open system */" is repeated verbatim in several places where
dot11AuthAlgrthm_Open is referenced, but not where it is declared.
Move it to be only at its declaration.
This also fixes some "line over 80 characters" checkpatch warnings.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
eth_zero_addr() is a wrapper function for memset if 0 is going to
be assigned to a mac address. The aforementioned function replaces
memset. In addition, linux/etherdevice.h was included as a header
since it is the file that define the inline function eth_zero_addr().
The changes were carried out using the following coccinelle script:
@header@
@@
#include <linux/etherdevice.h>
@eth_zero_addr@
expression e;
@@
-memset(e,0,ETH_ALEN);
+eth_zero_addr(e);
@eth_broadcast_addr@
identifier e;
@@
-memset(e,\(0xff\|0xFF\|255\),ETH_ALEN);
+eth_broadcast_addr(e);
@linux_header depends on !header && (eth_zero_addr || eth_broadcast_addr) @
@@
+ #include <linux/etherdevice.h>
+
@special_header depends on !header && !linux_header && (eth_zero_addr || eth_broadcast_addr) @
@@
+
+ #include <linux/etherdevice.h>
+
@custom_header depends on !header && !linux_header && !special_header && (eth_zero_addr || eth_broadcast_addr) @
@@
+
+ #include <linux/etherdevice.h>
Signed-off-by: Aya Mahfouz <mahfouz.saif.elyazal@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This patch removes a variable that was simply used to
store the return value of a function call before
returning it.
The issue was detected and resolved using the following
coccinelle script:
@@
identifier len,f;
@@
-int len;
... when != len
when strict
-len =
+return
f(...);
-return len;
Signed-off-by: Aya Mahfouz <mahfouz.saif.elyazal@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
a variable is declared and initialized and then never updated in the
function.This default value is then used as the return from the
function.
So removed that unneeded return variable and returning that default
initial value directly.
Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This fixes space related ERROR reports by checkpatch.pl
Generated by $ git ls-files "drivers/staging/rtl8188eu/*.[ch]" | \
xargs ./scripts/checkpatch.pl -f --fix-inplace --strict --types=SPACING
Already checked by text comparasion
$git diff -w
and binary comparasion of r8188eu.ko
$objdiff diff <old_commit> <new_commit>
Signed-off-by: Jia He <hejianet@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This patch fixes this checkpatch.pl warning:
WARNING: min() should probably be min_t(int, req->essid_len,
IW_ESSID_MAX_SIZE)
by using this coccinelle script:
@r@
identifier i;
expression e1, e2;
type t1, t2;
@@
t1 i =
- min((t2)e1, e2);
+ min_t(t2, e1, e2);
Signed-off-by: Gulsah Kose <gulsah.1004@gmail.com>
Reviewed-by: Daniel Baluta <daniel.baluta@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This patch is generated by the following semantic patch
// <smpl>
@@ expression E; @@
- if (E != NULL) { kfree(E); }
+ kfree(E);
@@ expression E; @@
- if (E != NULL) { kfree(E); E = NULL; }
+ kfree(E);
+ E = NULL;
// </smpl>
Signed-off-by: Tapasweni Pathak <tapaswenipathak@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Replaced calls to kzalloc followed by memcpy with a single call to
kmemdup.
Patch found using coccicheck.
Signed-off-by: Tapasweni Pathak <tapaswenipathak@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Fix sparse warnings:
drivers/staging/rtl8188eu/core/rtw_cmd.c:52:5: warning:
symbol '_rtw_enqueue_cmd' was not declared. Should it be static?
drivers/staging/rtl8188eu/core/rtw_wlan_util.c:1225:5: warning:
symbol 'wifirate2_ratetbl_inx' was not declared. Should it be static?
drivers/staging/rtl8188eu/hal/HalPhyRf_8188e.c:25:4: warning:
symbol 'ODM_GetRightChnlPlaceforIQK' was not declared. Should it be static?
drivers/staging/rtl8188eu/os_dep/ioctl_linux.c:3109:5: warning:
symbol 'rtw_ioctl' was not declared. Should it be static?
Signed-off-by: Jeff Oczek <jeffoczek@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
rtw_setdatarate_cmd() enqueue _SetDataRate command but there is not
handler mapped in wlancmds[] to handle this command.
Signed-off-by: navin patidar <navin.patidar@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
We've already removed non-standard ioctl handlers used by driver
to support P2P mode.
Signed-off-by: navin patidar <navin.patidar@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
We've already removed non-standard ioctl handlers, used by driver
to support mp mode.
Signed-off-by: navin patidar <navin.patidar@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|