The variable dev is checked in:
if (dev)
This indicates that it can be NULL. If so, a null-pointer dereference will
occur:
priv = rtllib_priv(dev);
However, the value of priv is not used in the remaining part of this
function. Thus the else-branch can be removed to fix this posible
null-pointer dereference.
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Tuo Li <islituo@gmail.com>
Link: https://lore.kernel.org/r/20210811031135.4110-1-islituo@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally writing across neighboring fields.
Split the 3 addr memcpy() into 3 memcpy() calls so the compiler doesn't
think an overflowing memcpy() happens against the addr1 field (the
neighbors are intended to be copied as well).
rtllib_read_qos_param_element() copies a struct rtllib_info_element
into a struct rtllib_qos_information_element, but is actually wanting to
copy into the larger struct rtllib_qos_parameter_info (the contents of
ac_params_record[] is later examined). Refactor the routine to perform
centralized checks, and copy the entire contents directly (since the id
and len members match the elementID and length members):
struct rtllib_info_element {
u8 id;
u8 len;
u8 data[];
} __packed;
struct rtllib_qos_information_element {
u8 elementID;
u8 length;
u8 qui[QOS_OUI_LEN];
u8 qui_type;
u8 qui_subtype;
u8 version;
u8 ac_info;
} __packed;
struct rtllib_qos_parameter_info {
struct rtllib_qos_information_element info_element;
u8 reserved;
struct rtllib_qos_ac_parameter ac_params_record[QOS_QUEUE_NUM];
} __packed;
Cc: Darshan D V <darshandv10@gmail.com>
Cc: Aditya Srivastava <yashsri421@gmail.com>
Cc: devel@driverdev.osuosl.org
Cc: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210806201106.2871169-1-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors. The safe replacement is strscpy().
It is also dangerous a strcpy() followed by a strcat(). In this case,
refactor the code using scnprintf() and avoid this combination.
Signed-off-by: Len Baker <len.baker@gmx.com>
Link: https://lore.kernel.org/r/20210723173216.12157-1-len.baker@gmx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixes the following sparse warning:
drivers/staging/rtl8192e/rtllib_tx.c:884:32: warning: symbol 'tcb_desc' shadows an earlier one
drivers/staging/rtl8192e/rtllib_tx.c:569:24: originally declared here
Signed-off-by: Thomas Bracht Laumann Jespersen <t@laumann.xyz>
Link: https://lore.kernel.org/r/20210521193711.5457-1-t@laumann.xyz
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The patch fixes the following checkpatch.pl warnings:
- WARNING: function definition argument 'struct net_device *' should also
have an identifier name
FILE: ./rtl8192e/rtl8192e/rtl_core.h:572:
- WARNING: function definition argument 'struct net_device *' should also
have an identifier name
FILE: ./rtl8192e/rtl8192e/rtl_core.h:573:
Signed-off-by: Ojaswin Mujoo <ojaswin98@gmail.com>
Link: https://lore.kernel.org/r/d856d9f22777524f5c10bddb7f7930d97e58c20b.1620642396.git.ojaswin98@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixed Comparison to NULL can be written as '!...' by replacing it with
simpler form i.e boolean expression. This makes code more readable alternative.
Reported by checkpatch.
Signed-off-by: zhaoxiao <zhaoxiao@uniontech.com>
Link: https://lore.kernel.org/r/20210430125657.18264-1-zhaoxiao@uniontech.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixed Check: Remove unnecessary ftrace-like logging by simply deleting
that statement as we have other modes of logging like ftrace.
Reported by checkpatch.
Signed-off-by: zhaoxiao <zhaoxiao@uniontech.com>
Link: https://lore.kernel.org/r/20210430122826.9899-1-zhaoxiao@uniontech.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In commit 92172da23c ("staging: rtl8192e: replace comparison to NULL
by bool") a check was changed from looking at the data to the pointer,
which was incorrect, so revert that portion of the commit to have the
proper logic restored.
Reported-by: Julia Lawall <julia.lawall@inria.fr>
Signed-off-by: Mitali Borkar <mitaliborkar810@gmail.com>
Fixes: 92172da23c ("staging: rtl8192e: replace comparison to NULL by bool")
Link: https://lore.kernel.org/r/YHG8qARLUX2KPWwI@kali
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixed Check: Remove unnecessary f-trace like logging by simply deleting
that statement as we have other modes of logging like ftrace.
Reported by checkpatch.
Signed-off-by: Mitali Borkar <mitaliborkar810@gmail.com>
Link: https://lore.kernel.org/r/YHDtWizzh5EVLL4/@kali
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixed Comparison to NULL can be written as '!...' by replacing it with
simpler form i.e boolean expression. This makes code more readable alternative.
Reported by checkpatch.
Signed-off-by: Mitali Borkar <mitaliborkar810@gmail.com>
Link: https://lore.kernel.org/r/YHDnWpWztxeZospi@kali
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fix the following gcc warning:
drivers/staging/rtl8192e/rtl8192e/r8192E_dev.c:693:15: warning: variable
‘tmpRegC’ set but not used [-Wunused-but-set-variable].
Reported-by: Abaci Robot <abaci@linux.alibaba.com>
Signed-off-by: Jiapeng Chong <jiapeng.chong@linux.alibaba.com>
Link: https://lore.kernel.org/r/1617767558-114050-1-git-send-email-jiapeng.chong@linux.alibaba.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Move the const after static to conform with kernel preference for
static const <type> declaration style instead of static <type> const.
Identified by checkpatch: WARNING: Move const after static - use 'static
const char'.
Signed-off-by: Deborah Brouwer <deborahbrouwer3563@gmail.com>
Link: https://lore.kernel.org/r/20210404222349.7218-1-deborahbrouwer3563@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The "u16 CcxRmState[2];" array field in struct "rtllib_network" has 4
bytes in total while the operations performed on this array through-out
the code base are only 2 bytes.
The "CcxRmState" field is fed only 2 bytes of data using memcpy():
(In rtllib_rx.c:1972)
memcpy(network->CcxRmState, &info_element->data[4], 2)
With "info_element->data[]" being a u8 array, if 2 bytes are written
into "CcxRmState" (whose one element is u16 size), then the 2 u8
elements from "data[]" gets squashed and written into the first element
("CcxRmState[0]") while the second element ("CcxRmState[1]") is never
fed with any data.
Same in file rtllib_rx.c:2522:
memcpy(dst->CcxRmState, src->CcxRmState, 2);
The above line duplicates "src" data to "dst" but only writes 2 bytes
(and not 4, which is the actual size). Again, only 1st element gets the
value while the 2nd element remains uninitialized.
This later makes operations done with CcxRmState unpredictable in the
following lines as the 1st element is having a squashed number while the
2nd element is having an uninitialized random number.
rtllib_rx.c:1973: if (network->CcxRmState[0] != 0)
rtllib_rx.c:1977: network->MBssidMask = network->CcxRmState[1] & 0x07;
network->MBssidMask is also of type u8 and not u16.
Fix this by changing the type of "CcxRmState" from u16 to u8 so that the
data written into this array and read from it make sense and are not
random values.
NOTE: The wrong initialization of "CcxRmState" can be seen in the
following commit:
commit ecdfa44610 ("Staging: add Realtek 8192 PCI wireless driver")
The above commit created a file `rtl8192e/ieee80211.h` which used to
have the faulty line. The file has been deleted (or possibly renamed)
with the contents copied in to a new file `rtl8192e/rtllib.h` along with
additional code in the commit 94a799425e (tagged in Fixes).
Fixes: 94a799425e ("From: wlanfae <wlanfae@realtek.com> [PATCH 1/8] rtl8192e: Import new version of driver from realtek")
Cc: stable@vger.kernel.org
Signed-off-by: Atul Gopinathan <atulgopinathan@gmail.com>
Link: https://lore.kernel.org/r/20210323113413.29179-2-atulgopinathan@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The variable "info_element" is of the following type:
struct rtllib_info_element *info_element
defined in drivers/staging/rtl8192e/rtllib.h:
struct rtllib_info_element {
u8 id;
u8 len;
u8 data[];
} __packed;
The "len" field defines the size of the "data[]" array. The code is
supposed to check if "info_element->len" is greater than 4 and later
equal to 6. If this is satisfied then, the last two bytes (the 4th and
5th element of u8 "data[]" array) are copied into "network->CcxRmState".
Right now the code uses "memcpy()" with the source as "&info_element[4]"
which would copy in wrong and unintended information. The struct
"rtllib_info_element" has a size of 2 bytes for "id" and "len",
therefore indexing will be done in interval of 2 bytes. So,
"info_element[4]" would point to data which is beyond the memory
allocated for this pointer (that is, at x+8, while "info_element" has
been allocated only from x to x+7 (2 + 6 => 8 bytes)).
This patch rectifies this error by using "&info_element->data[4]" which
correctly copies the last two bytes of "data[]".
NOTE: The faulty line of code came from the following commit:
commit ecdfa44610 ("Staging: add Realtek 8192 PCI wireless driver")
The above commit created the file `rtl8192e/ieee80211/ieee80211_rx.c`
which had the faulty line of code. This file has been deleted (or
possibly renamed) with the contents copied in to a new file
`rtl8192e/rtllib_rx.c` along with additional code in the commit
94a799425e (tagged in Fixes).
Fixes: 94a799425e ("From: wlanfae <wlanfae@realtek.com> [PATCH 1/8] rtl8192e: Import new version of driver from realtek")
Cc: stable@vger.kernel.org
Signed-off-by: Atul Gopinathan <atulgopinathan@gmail.com>
Link: https://lore.kernel.org/r/20210323113413.29179-1-atulgopinathan@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In function rtl92e_start_adapter() automatic variable 'i' referenced only
within certain loops, used as iteration counter. Control flow can't get
into such loop w/o 'i = 0' assignment.
It's redundant to shadow this variable by creating scope around loop.
This patch fixes the following sparse warning:
warning: symbol 'i' shadows an earlier one
Signed-off-by: Nikolay Kyx <knv418@gmail.com>
Link: https://lore.kernel.org/r/20210302133217.145994-1-knv418@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This change uses a space instead of tabs between the type and name of
each member of the struct.
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210301215335.767-10-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename RxLastFragNum to rx_last_frag_num to silence a checkpatch warning
about CamelCase.
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210301215335.767-9-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename RxLastSeqNum to rx_last_seq_num to silence a checkpatch warning
about CamelCase.
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210301215335.767-8-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename RxAdmittedBARecord to rx_admitted_ba_record to silence a
checkpatch warning about CamelCase.
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210301215335.767-7-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename RxPktPendingTimer to rx_pkt_pending_timer to silence a checkpatch
warning about CamelCase.
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210301215335.767-6-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename RxPendingPktList to rx_pending_pkt_list to silence a checkpatch
warning about CamelCase.
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210301215335.767-5-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename RxTimeoutIndicateSeq to rx_timeout_indicate_seq to silence a
checkpatch warning about CamelCase.
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210301215335.767-4-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename RxIndicateSeq to rx_indicate_seq to silence a checkpatch warning
about CamelCase.
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210301215335.767-3-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename TsCommonInfo to ts_common_info to silence a checkpatch warning
about CamelCase.
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210301215335.767-2-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This change uses a space instead of tabs between the type and name of
each member of the struct.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210220172909.15812-14-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename bdHT1R to bd_ht_1r to silence a checkpatch warning about
CamelCase.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210220172909.15812-13-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename RT2RT_HT_Mode to rt2rt_ht_mode to silence a checkpatch warning
about CamelCase.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210220172909.15812-12-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename bdRT2RTLongSlotTime to bd_rt2rt_long_slot_time to silence a
checkpatch warning about CamelCase.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210220172909.15812-11-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename bdRT2RTAggregation to bd_rt2rt_aggregation to silence a
checkpatch warning about CamelCase.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210220172909.15812-10-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename bdBandWidth to bd_bandwidth to silence a checkpatch warning about
CamelCase.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210220172909.15812-9-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename bdHTSpecVer to bd_ht_spec_ver to silence a checkpatch warning
about CamelCase.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210220172909.15812-8-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename bdHTInfoLen to bd_ht_info_len to silence a checkpatch warning
about CamelCase.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210220172909.15812-7-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename bdHTInfoBuf to bd_ht_info_buf to silence a checkpatch warning
about CamelCase.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210220172909.15812-6-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename bdHTCapLen to bd_ht_cap_len to silence a checkpatch warning about
CamelCase.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210220172909.15812-5-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename bdHTCapBuf to bd_ht_cap_buf to silence a checkpatch warning about
CamelCase.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210220172909.15812-4-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rename bdSupportHT to bd_support_ht to silence a checkpatch warning
about CamelCase.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210220172909.15812-3-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fix a checkpatch warning about a blank line after an open curly brace.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: William Durand <will+git@drnd.me>
Link: https://lore.kernel.org/r/20210220172909.15812-2-will+git@drnd.me
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>