<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/staging/rtl8712, branch linux-3.16.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>staging: rtl8712: fix interface sanity check</title>
<updated>2020-04-28T18:02:49+00:00</updated>
<author>
<name>Johan Hovold</name>
<email>johan@kernel.org</email>
</author>
<published>2019-12-10T11:47:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3686b986e6663905e6799e6a5263095307b1e655'/>
<id>3686b986e6663905e6799e6a5263095307b1e655</id>
<content type='text'>
commit c724f776f048538ecfdf53a52b7a522309f5c504 upstream.

Make sure to use the current alternate setting when verifying the
interface descriptors to avoid binding to an invalid interface.

Failing to do so could cause the driver to misbehave or trigger a WARN()
in usb_submit_urb() that kernels with panic_on_warn set would choke on.

Fixes: 2865d42c78a9 ("staging: r8712u: Add the new driver to the mainline kernel")
Signed-off-by: Johan Hovold &lt;johan@kernel.org&gt;
Link: https://lore.kernel.org/r/20191210114751.5119-3-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit c724f776f048538ecfdf53a52b7a522309f5c504 upstream.

Make sure to use the current alternate setting when verifying the
interface descriptors to avoid binding to an invalid interface.

Failing to do so could cause the driver to misbehave or trigger a WARN()
in usb_submit_urb() that kernels with panic_on_warn set would choke on.

Fixes: 2865d42c78a9 ("staging: r8712u: Add the new driver to the mainline kernel")
Signed-off-by: Johan Hovold &lt;johan@kernel.org&gt;
Link: https://lore.kernel.org/r/20191210114751.5119-3-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl8712: uninitialized memory in read_bbreg_hdl()</title>
<updated>2019-08-13T11:38:50+00:00</updated>
<author>
<name>Dan Carpenter</name>
<email>dan.carpenter@oracle.com</email>
</author>
<published>2019-03-21T06:26:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=1d6f09cbd4d7734f4966c7c51d60a28f16b6400f'/>
<id>1d6f09cbd4d7734f4966c7c51d60a28f16b6400f</id>
<content type='text'>
commit 22c971db7dd4b0ad8dd88e99c407f7a1f4231a2e upstream.

Colin King reported a bug in read_bbreg_hdl():

	memcpy(pcmd-&gt;rsp, (u8 *)&amp;val, pcmd-&gt;rspsz);

The problem is that "val" is uninitialized.

This code is obviously not useful, but so far as I can tell
"pcmd-&gt;cmdcode" is never GEN_CMD_CODE(_Read_BBREG) so it's not harmful
either.  For now the easiest fix is to just call r8712_free_cmd_obj()
and return.

Fixes: 2865d42c78a9 ("staging: r8712u: Add the new driver to the mainline kernel")
Reported-by: Colin Ian King &lt;colin.king@canonical.com&gt;
Signed-off-by: Dan Carpenter &lt;dan.carpenter@oracle.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 22c971db7dd4b0ad8dd88e99c407f7a1f4231a2e upstream.

Colin King reported a bug in read_bbreg_hdl():

	memcpy(pcmd-&gt;rsp, (u8 *)&amp;val, pcmd-&gt;rspsz);

The problem is that "val" is uninitialized.

This code is obviously not useful, but so far as I can tell
"pcmd-&gt;cmdcode" is never GEN_CMD_CODE(_Read_BBREG) so it's not harmful
either.  For now the easiest fix is to just call r8712_free_cmd_obj()
and return.

Fixes: 2865d42c78a9 ("staging: r8712u: Add the new driver to the mainline kernel")
Reported-by: Colin Ian King &lt;colin.king@canonical.com&gt;
Signed-off-by: Dan Carpenter &lt;dan.carpenter@oracle.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl8712: Fix possible buffer overrun</title>
<updated>2019-02-11T17:54:19+00:00</updated>
<author>
<name>Young Xiao</name>
<email>YangX92@hotmail.com</email>
</author>
<published>2018-11-28T08:06:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=8677a923cb318d7be7afae7494bb61d8772c6cc1'/>
<id>8677a923cb318d7be7afae7494bb61d8772c6cc1</id>
<content type='text'>
commit 300cd664865bed5d50ae0a42fb4e3a6f415e8a10 upstream.

In commit 8b7a13c3f404 ("staging: r8712u: Fix possible buffer
overrun") we fix a potential off by one by making the limit smaller.
The better fix is to make the buffer larger.  This makes it match up
with the similar code in other drivers.

Fixes: 8b7a13c3f404 ("staging: r8712u: Fix possible buffer overrun")
Signed-off-by: Young Xiao &lt;YangX92@hotmail.com&gt;
Reviewed-by: Dan Carpenter &lt;dan.carpenter@oracle.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 300cd664865bed5d50ae0a42fb4e3a6f415e8a10 upstream.

In commit 8b7a13c3f404 ("staging: r8712u: Fix possible buffer
overrun") we fix a potential off by one by making the limit smaller.
The better fix is to make the buffer larger.  This makes it match up
with the similar code in other drivers.

Fixes: 8b7a13c3f404 ("staging: r8712u: Fix possible buffer overrun")
Signed-off-by: Young Xiao &lt;YangX92@hotmail.com&gt;
Reviewed-by: Dan Carpenter &lt;dan.carpenter@oracle.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl: fix possible NULL pointer dereference</title>
<updated>2017-06-05T20:16:54+00:00</updated>
<author>
<name>Arnd Bergmann</name>
<email>arnd@arndb.de</email>
</author>
<published>2017-01-11T14:53:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=71ea64ad6469ab2148a964eaa83d39e0a0e661ef'/>
<id>71ea64ad6469ab2148a964eaa83d39e0a0e661ef</id>
<content type='text'>
commit 6e017006022abfea5d2466cad936065f45763ad1 upstream.

gcc-7 detects that wlanhdr_to_ethhdr() in two drivers calls memcpy() with
a destination argument that an earlier function call may have set to NULL:

staging/rtl8188eu/core/rtw_recv.c: In function 'wlanhdr_to_ethhdr':
staging/rtl8188eu/core/rtw_recv.c:1318:2: warning: argument 1 null where non-null expected [-Wnonnull]
staging/rtl8712/rtl871x_recv.c: In function 'r8712_wlanhdr_to_ethhdr':
staging/rtl8712/rtl871x_recv.c:649:2: warning: argument 1 null where non-null expected [-Wnonnull]

I'm fixing this by adding a NULL pointer check and returning failure
from the function, which is hopefully already handled properly.

This seems to date back to when the drivers were originally added,
so backporting the fix to stable seems appropriate. There are other
related realtek drivers in the kernel, but none of them contain a
function with a similar name or produce this warning.

Fixes: 1cc18a22b96b ("staging: r8188eu: Add files for new driver - part 5")
Fixes: 2865d42c78a9 ("staging: r8712u: Add the new driver to the mainline kernel")
Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 6e017006022abfea5d2466cad936065f45763ad1 upstream.

gcc-7 detects that wlanhdr_to_ethhdr() in two drivers calls memcpy() with
a destination argument that an earlier function call may have set to NULL:

staging/rtl8188eu/core/rtw_recv.c: In function 'wlanhdr_to_ethhdr':
staging/rtl8188eu/core/rtw_recv.c:1318:2: warning: argument 1 null where non-null expected [-Wnonnull]
staging/rtl8712/rtl871x_recv.c: In function 'r8712_wlanhdr_to_ethhdr':
staging/rtl8712/rtl871x_recv.c:649:2: warning: argument 1 null where non-null expected [-Wnonnull]

I'm fixing this by adding a NULL pointer check and returning failure
from the function, which is hopefully already handled properly.

This seems to date back to when the drivers were originally added,
so backporting the fix to stable seems appropriate. There are other
related realtek drivers in the kernel, but none of them contain a
function with a similar name or produce this warning.

Fixes: 1cc18a22b96b ("staging: r8188eu: Add files for new driver - part 5")
Fixes: 2865d42c78a9 ("staging: r8712u: Add the new driver to the mainline kernel")
Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl8712: Add device ID for Sitecom WLA2100</title>
<updated>2015-12-13T17:48:54+00:00</updated>
<author>
<name>Larry Finger</name>
<email>Larry.Finger@lwfinger.net</email>
</author>
<published>2015-10-19T03:14:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=9bd08031ccfd4028d2df1c7ce6aa993ce003027b'/>
<id>9bd08031ccfd4028d2df1c7ce6aa993ce003027b</id>
<content type='text'>
commit 1e6e63283691a2a9048a35d9c6c59cf0abd342e4 upstream.

This adds the USB ID for the Sitecom WLA2100. The Windows 10 inf file
was checked to verify that the addition is correct.

Reported-by: Frans van de Wiel &lt;fvdw@fvdw.eu&gt;
Signed-off-by: Larry Finger &lt;Larry.Finger@lwfinger.net&gt;
Cc: Frans van de Wiel &lt;fvdw@fvdw.eu&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 1e6e63283691a2a9048a35d9c6c59cf0abd342e4 upstream.

This adds the USB ID for the Sitecom WLA2100. The Windows 10 inf file
was checked to verify that the addition is correct.

Reported-by: Frans van de Wiel &lt;fvdw@fvdw.eu&gt;
Signed-off-by: Larry Finger &lt;Larry.Finger@lwfinger.net&gt;
Cc: Frans van de Wiel &lt;fvdw@fvdw.eu&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl8712: prevent buffer overrun in recvbuf2recvframe</title>
<updated>2015-07-15T09:00:14+00:00</updated>
<author>
<name>Haggai Eran</name>
<email>haggai.eran@gmail.com</email>
</author>
<published>2015-05-23T20:13:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f5970a2a70160b51442d525c88076702c56bbf17'/>
<id>f5970a2a70160b51442d525c88076702c56bbf17</id>
<content type='text'>
commit cab462140f8a183e3cca0b51c8b59ef715cb6148 upstream.

With an RTL8191SU USB adaptor, sometimes the hints for a fragmented
packet are set, but the packet length is too large. Allocate enough
space to prevent memory corruption and a resulting kernel panic [1].

[1] http://www.spinics.net/lists/linux-wireless/msg136546.html

Signed-off-by: Haggai Eran &lt;haggai.eran@gmail.com&gt;
ACKed-by: Larry Finger &lt;Larry.Finger@lwfinger.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit cab462140f8a183e3cca0b51c8b59ef715cb6148 upstream.

With an RTL8191SU USB adaptor, sometimes the hints for a fragmented
packet are set, but the packet length is too large. Allocate enough
space to prevent memory corruption and a resulting kernel panic [1].

[1] http://www.spinics.net/lists/linux-wireless/msg136546.html

Signed-off-by: Haggai Eran &lt;haggai.eran@gmail.com&gt;
ACKed-by: Larry Finger &lt;Larry.Finger@lwfinger.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl8712, rtl8712: avoid lots of build warnings</title>
<updated>2015-05-28T10:21:06+00:00</updated>
<author>
<name>Arnd Bergmann</name>
<email>arnd@arndb.de</email>
</author>
<published>2014-06-05T20:48:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=b2fc9e15c7953fb00106644d3167a70832d4edb2'/>
<id>b2fc9e15c7953fb00106644d3167a70832d4edb2</id>
<content type='text'>
commit 0c9f3a65c5eb7fe1fc611a22eb8a8b71ea865998 upstream.

The rtl8712 driver has an 'extern inline' function that contains an
'if', which causes lots of warnings with CONFIG_PROFILE_ALL_BRANCHES
overriding the definition of 'if':

drivers/staging/rtl8712/ieee80211.h:759:229: warning: '______f' is static but declared in inline function 'ieee80211_get_hdrlen' which is not static [enabled by default]

This changes the driver to use 'static inline' instead, which happens
to be the correct annotation anyway.

Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Cc: Larry Finger &lt;Larry.Finger@lwfinger.net&gt;
Cc: Florian Schilhabel &lt;florian.c.schilhabel@googlemail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
Cc: Philip Müller &lt;philm@manjaro.org&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 0c9f3a65c5eb7fe1fc611a22eb8a8b71ea865998 upstream.

The rtl8712 driver has an 'extern inline' function that contains an
'if', which causes lots of warnings with CONFIG_PROFILE_ALL_BRANCHES
overriding the definition of 'if':

drivers/staging/rtl8712/ieee80211.h:759:229: warning: '______f' is static but declared in inline function 'ieee80211_get_hdrlen' which is not static [enabled by default]

This changes the driver to use 'static inline' instead, which happens
to be the correct annotation anyway.

Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Cc: Larry Finger &lt;Larry.Finger@lwfinger.net&gt;
Cc: Florian Schilhabel &lt;florian.c.schilhabel@googlemail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
Cc: Philip Müller &lt;philm@manjaro.org&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl8712: return -ENOMEM instead of -1</title>
<updated>2014-05-27T18:55:29+00:00</updated>
<author>
<name>Vitaly Osipov</name>
<email>vitaly.osipov@gmail.com</email>
</author>
<published>2014-05-27T12:27:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=735e33fa32d56e58dccb8406281efb2fff419f23'/>
<id>735e33fa32d56e58dccb8406281efb2fff419f23</id>
<content type='text'>
After the commit 91d435f replaced _malloc with kmalloc, smatch picked up a
couple of new warnings. This fixes the warning:

warn: returning -1 instead of -ENOMEM is sloppy

Signed-off-by: Vitaly Osipov &lt;vitaly.osipov@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
After the commit 91d435f replaced _malloc with kmalloc, smatch picked up a
couple of new warnings. This fixes the warning:

warn: returning -1 instead of -ENOMEM is sloppy

Signed-off-by: Vitaly Osipov &lt;vitaly.osipov@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl8712: fix kmalloc parameters</title>
<updated>2014-05-27T18:55:29+00:00</updated>
<author>
<name>Vitaly Osipov</name>
<email>vitaly.osipov@gmail.com</email>
</author>
<published>2014-05-27T12:26:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=efc273ce344eb6984d16964201617f4720beb2dd'/>
<id>efc273ce344eb6984d16964201617f4720beb2dd</id>
<content type='text'>
After the commit 91d435f replaced _malloc with kmalloc, smatch picked up a
couple of new warnings. This fixes warnings:

warn: struct type mismatch 'writePTM_parm vs setdig_parm'
warn: struct type mismatch 'writePTM_parm vs setra_parm'

The difference is u8 vs unsigned char.

Signed-off-by: Vitaly Osipov &lt;vitaly.osipov@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
After the commit 91d435f replaced _malloc with kmalloc, smatch picked up a
couple of new warnings. This fixes warnings:

warn: struct type mismatch 'writePTM_parm vs setdig_parm'
warn: struct type mismatch 'writePTM_parm vs setra_parm'

The difference is u8 vs unsigned char.

Signed-off-by: Vitaly Osipov &lt;vitaly.osipov@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl8712: remove _malloc()</title>
<updated>2014-05-25T18:04:44+00:00</updated>
<author>
<name>Vitaly Osipov</name>
<email>vitaly.osipov@gmail.com</email>
</author>
<published>2014-05-24T08:19:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=91d435fe368ab30702d7bcd50f680e7185899295'/>
<id>91d435fe368ab30702d7bcd50f680e7185899295</id>
<content type='text'>
This patch removes all usage of _malloc() and the function itself. Most
uses are straightforward replacements by kmalloc(..., GFP_ATOMIC),
because this was the definition of _malloc(). In a few places it
was possible to use kzalloc() or memdup_user.

A further improvement would be to replace GFP_ATOMIC with GFP_KERNEL
where possible.

Verified by compilation only.

Initial replacement done by running a Coccinelle script along the lines
of:

@@
type T;
expression E;
identifier V;
@@
- V = (T) _malloc(E);
+ V = kmalloc(E, GFP_ATOMIC);

@@
expression E, E1;
@@
- E1 = _malloc(E);
+ E1 = kmalloc(E, GFP_ATOMIC);

Signed-off-by: Vitaly Osipov &lt;vitaly.osipov@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This patch removes all usage of _malloc() and the function itself. Most
uses are straightforward replacements by kmalloc(..., GFP_ATOMIC),
because this was the definition of _malloc(). In a few places it
was possible to use kzalloc() or memdup_user.

A further improvement would be to replace GFP_ATOMIC with GFP_KERNEL
where possible.

Verified by compilation only.

Initial replacement done by running a Coccinelle script along the lines
of:

@@
type T;
expression E;
identifier V;
@@
- V = (T) _malloc(E);
+ V = kmalloc(E, GFP_ATOMIC);

@@
expression E, E1;
@@
- E1 = _malloc(E);
+ E1 = kmalloc(E, GFP_ATOMIC);

Signed-off-by: Vitaly Osipov &lt;vitaly.osipov@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
