<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/staging, branch v4.4.220</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>IB/hfi1: Call kobject_put() when kobject_init_and_add() fails</title>
<updated>2020-04-13T08:31:33+00:00</updated>
<author>
<name>Kaike Wan</name>
<email>kaike.wan@intel.com</email>
</author>
<published>2020-03-26T16:38:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=2c735183134dde3c483bbab9e22e34f1e03ba696'/>
<id>2c735183134dde3c483bbab9e22e34f1e03ba696</id>
<content type='text'>
commit dfb5394f804ed4fcea1fc925be275a38d66712ab upstream.

When kobject_init_and_add() returns an error in the function
hfi1_create_port_files(), the function kobject_put() is not called for the
corresponding kobject, which potentially leads to memory leak.

This patch fixes the issue by calling kobject_put() even if
kobject_init_and_add() fails.

Cc: &lt;stable@vger.kernel.org&gt;
Link: https://lore.kernel.org/r/20200326163813.21129.44280.stgit@awfm-01.aw.intel.com
Reviewed-by: Mike Marciniszyn &lt;mike.marciniszyn@intel.com&gt;
Signed-off-by: Kaike Wan &lt;kaike.wan@intel.com&gt;
Signed-off-by: Dennis Dalessandro &lt;dennis.dalessandro@intel.com&gt;
Signed-off-by: Jason Gunthorpe &lt;jgg@mellanox.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit dfb5394f804ed4fcea1fc925be275a38d66712ab upstream.

When kobject_init_and_add() returns an error in the function
hfi1_create_port_files(), the function kobject_put() is not called for the
corresponding kobject, which potentially leads to memory leak.

This patch fixes the issue by calling kobject_put() even if
kobject_init_and_add() fails.

Cc: &lt;stable@vger.kernel.org&gt;
Link: https://lore.kernel.org/r/20200326163813.21129.44280.stgit@awfm-01.aw.intel.com
Reviewed-by: Mike Marciniszyn &lt;mike.marciniszyn@intel.com&gt;
Signed-off-by: Kaike Wan &lt;kaike.wan@intel.com&gt;
Signed-off-by: Dennis Dalessandro &lt;dennis.dalessandro@intel.com&gt;
Signed-off-by: Jason Gunthorpe &lt;jgg@mellanox.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback</title>
<updated>2020-04-02T17:02:38+00:00</updated>
<author>
<name>Qiujun Huang</name>
<email>hqjagain@gmail.com</email>
</author>
<published>2020-03-26T13:18:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=1a62a26c4e46c8817a0e60f67c763a72d1bbf9ad'/>
<id>1a62a26c4e46c8817a0e60f67c763a72d1bbf9ad</id>
<content type='text'>
commit 1165dd73e811a07d947aee218510571f516081f6 upstream.

We can't handle the case length &gt; WLAN_DATA_MAXLEN.
Because the size of rxfrm-&gt;data is WLAN_DATA_MAXLEN(2312), and we can't
read more than that.

Thanks-to: Hillf Danton &lt;hdanton@sina.com&gt;
Reported-and-tested-by: syzbot+7d42d68643a35f71ac8a@syzkaller.appspotmail.com
Signed-off-by: Qiujun Huang &lt;hqjagain@gmail.com&gt;
Cc: stable &lt;stable@vger.kernel.org&gt;
Link: https://lore.kernel.org/r/20200326131850.17711-1-hqjagain@gmail.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 1165dd73e811a07d947aee218510571f516081f6 upstream.

We can't handle the case length &gt; WLAN_DATA_MAXLEN.
Because the size of rxfrm-&gt;data is WLAN_DATA_MAXLEN(2312), and we can't
read more than that.

Thanks-to: Hillf Danton &lt;hdanton@sina.com&gt;
Reported-and-tested-by: syzbot+7d42d68643a35f71ac8a@syzkaller.appspotmail.com
Signed-off-by: Qiujun Huang &lt;hqjagain@gmail.com&gt;
Cc: stable &lt;stable@vger.kernel.org&gt;
Link: https://lore.kernel.org/r/20200326131850.17711-1-hqjagain@gmail.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table</title>
<updated>2020-04-02T17:02:38+00:00</updated>
<author>
<name>Larry Finger</name>
<email>Larry.Finger@lwfinger.net</email>
</author>
<published>2020-03-21T18:00:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=32cb9ed16bd776524c64ceadc3528c4918f7bfcf'/>
<id>32cb9ed16bd776524c64ceadc3528c4918f7bfcf</id>
<content type='text'>
commit 38ef48f7d4b7342f145a1b4f96023bde99aeb245 upstream.

The ASUS USB-N10 Nano B1 has been reported as a new RTL8188EU device.
Add it to the device tables.

Signed-off-by: Larry Finger &lt;Larry.Finger@lwfinger.net&gt;
Reported-by: kovi &lt;zraetn@gmail.com&gt;
Cc: Stable &lt;stable@vger.kernel.org&gt;
Link: https://lore.kernel.org/r/20200321180011.26153-1-Larry.Finger@lwfinger.net
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 38ef48f7d4b7342f145a1b4f96023bde99aeb245 upstream.

The ASUS USB-N10 Nano B1 has been reported as a new RTL8188EU device.
Add it to the device tables.

Signed-off-by: Larry Finger &lt;Larry.Finger@lwfinger.net&gt;
Reported-by: kovi &lt;zraetn@gmail.com&gt;
Cc: Stable &lt;stable@vger.kernel.org&gt;
Link: https://lore.kernel.org/r/20200321180011.26153-1-Larry.Finger@lwfinger.net
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>staging/speakup: fix get_word non-space look-ahead</title>
<updated>2020-04-02T17:02:30+00:00</updated>
<author>
<name>Samuel Thibault</name>
<email>samuel.thibault@ens-lyon.org</email>
</author>
<published>2020-03-06T00:30:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=9ddb6c7ba85b21a6b9961cf22d87b30d4bce0f14'/>
<id>9ddb6c7ba85b21a6b9961cf22d87b30d4bce0f14</id>
<content type='text'>
commit 9d32c0cde4e2d1343dfb88a67b2ec6397705b32b upstream.

get_char was erroneously given the address of the pointer to the text
instead of the address of the text, thus leading to random crashes when
the user requests speaking a word while the current position is on a space
character and say_word_ctl is not enabled.

Reported-on: https://github.com/bytefire/speakup/issues/1
Reported-by: Kirk Reiser &lt;kirk@reisers.ca&gt;
Reported-by: Janina Sajka &lt;janina@rednote.net&gt;
Reported-by: Alexandr Epaneshnikov &lt;aarnaarn2@gmail.com&gt;
Reported-by: Gregory Nowak &lt;greg@gregn.net&gt;
Reported-by: deedra waters &lt;deedra@the-brannons.com&gt;
Signed-off-by: Samuel Thibault &lt;samuel.thibault@ens-lyon.org&gt;
Tested-by: Alexandr Epaneshnikov &lt;aarnaarn2@gmail.com&gt;
Tested-by: Gregory Nowak &lt;greg@gregn.net&gt;
Tested-by: Michael Taboada &lt;michael@michaels.world&gt;
Cc: stable &lt;stable@vger.kernel.org&gt;
Link: https://lore.kernel.org/r/20200306003047.thijtmqrnayd3dmw@function
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 9d32c0cde4e2d1343dfb88a67b2ec6397705b32b upstream.

get_char was erroneously given the address of the pointer to the text
instead of the address of the text, thus leading to random crashes when
the user requests speaking a word while the current position is on a space
character and say_word_ctl is not enabled.

Reported-on: https://github.com/bytefire/speakup/issues/1
Reported-by: Kirk Reiser &lt;kirk@reisers.ca&gt;
Reported-by: Janina Sajka &lt;janina@rednote.net&gt;
Reported-by: Alexandr Epaneshnikov &lt;aarnaarn2@gmail.com&gt;
Reported-by: Gregory Nowak &lt;greg@gregn.net&gt;
Reported-by: deedra waters &lt;deedra@the-brannons.com&gt;
Signed-off-by: Samuel Thibault &lt;samuel.thibault@ens-lyon.org&gt;
Tested-by: Alexandr Epaneshnikov &lt;aarnaarn2@gmail.com&gt;
Tested-by: Gregory Nowak &lt;greg@gregn.net&gt;
Tested-by: Michael Taboada &lt;michael@michaels.world&gt;
Cc: stable &lt;stable@vger.kernel.org&gt;
Link: https://lore.kernel.org/r/20200306003047.thijtmqrnayd3dmw@function
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl8188eu: Add device id for MERCUSYS MW150US v2</title>
<updated>2020-04-02T17:02:30+00:00</updated>
<author>
<name>Michael Straube</name>
<email>straube.linux@gmail.com</email>
</author>
<published>2020-03-12T09:36:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3ec889644d3f468d148fba584209cd67187e762b'/>
<id>3ec889644d3f468d148fba584209cd67187e762b</id>
<content type='text'>
commit bb5786b9286c253557a0115bc8d21879e61b7b94 upstream.

This device was added to the stand-alone driver on github.
Add it to the staging driver as well.

Link: https://github.com/lwfinger/rtl8188eu/commit/2141f244c3e7
Signed-off-by: Michael Straube &lt;straube.linux@gmail.com&gt;
Cc: stable &lt;stable@vger.kernel.org&gt;
Link: https://lore.kernel.org/r/20200312093652.13918-1-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit bb5786b9286c253557a0115bc8d21879e61b7b94 upstream.

This device was added to the stand-alone driver on github.
Add it to the staging driver as well.

Link: https://github.com/lwfinger/rtl8188eu/commit/2141f244c3e7
Signed-off-by: Michael Straube &lt;straube.linux@gmail.com&gt;
Cc: stable &lt;stable@vger.kernel.org&gt;
Link: https://lore.kernel.org/r/20200312093652.13918-1-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl8188eu: Fix potential overuse of kernel memory</title>
<updated>2020-02-28T14:39:13+00:00</updated>
<author>
<name>Larry Finger</name>
<email>Larry.Finger@lwfinger.net</email>
</author>
<published>2020-02-10T18:02:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=2d2c1006e191825acb29d0b6c35b5c6a48b4c6ec'/>
<id>2d2c1006e191825acb29d0b6c35b5c6a48b4c6ec</id>
<content type='text'>
commit 4ddf8ab8d15ddbc52eefb44eb64e38466ce1f70f upstream.

In routine wpa_supplicant_ioctl(), the user-controlled p-&gt;length is
checked to be at least the size of struct ieee_param size, but the code
does not detect the case where p-&gt;length is greater than the size
of the struct, thus a malicious user could be wasting kernel memory.
Fixes commit a2c60d42d97c ("Add files for new driver - part 16").

Reported by: Pietro Oliva &lt;pietroliva@gmail.com&gt;
Cc: Pietro Oliva &lt;pietroliva@gmail.com&gt;
Cc: Stable &lt;stable@vger.kernel.org&gt;
Fixes commit a2c60d42d97c ("Add files for new driver - part 16").
Signed-off-by: Larry Finger &lt;Larry.Finger@lwfinger.net&gt;
Link: https://lore.kernel.org/r/20200210180235.21691-4-Larry.Finger@lwfinger.net
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 4ddf8ab8d15ddbc52eefb44eb64e38466ce1f70f upstream.

In routine wpa_supplicant_ioctl(), the user-controlled p-&gt;length is
checked to be at least the size of struct ieee_param size, but the code
does not detect the case where p-&gt;length is greater than the size
of the struct, thus a malicious user could be wasting kernel memory.
Fixes commit a2c60d42d97c ("Add files for new driver - part 16").

Reported by: Pietro Oliva &lt;pietroliva@gmail.com&gt;
Cc: Pietro Oliva &lt;pietroliva@gmail.com&gt;
Cc: Stable &lt;stable@vger.kernel.org&gt;
Fixes commit a2c60d42d97c ("Add files for new driver - part 16").
Signed-off-by: Larry Finger &lt;Larry.Finger@lwfinger.net&gt;
Link: https://lore.kernel.org/r/20200210180235.21691-4-Larry.Finger@lwfinger.net
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl8188eu: Fix potential security hole</title>
<updated>2020-02-28T14:39:12+00:00</updated>
<author>
<name>Larry Finger</name>
<email>Larry.Finger@lwfinger.net</email>
</author>
<published>2020-02-10T18:02:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a3e4e606957918fed0bb80b71d92f3aa9b86009e'/>
<id>a3e4e606957918fed0bb80b71d92f3aa9b86009e</id>
<content type='text'>
commit 499c405b2b80bb3a04425ba3541d20305e014d3e upstream.

In routine rtw_hostapd_ioctl(), the user-controlled p-&gt;length is assumed
to be at least the size of struct ieee_param size, but this assumption is
never checked. This could result in out-of-bounds read/write on kernel
heap in case a p-&gt;length less than the size of struct ieee_param is
specified by the user. If p-&gt;length is allowed to be greater than the size
of the struct, then a malicious user could be wasting kernel memory.
Fixes commit a2c60d42d97c ("Add files for new driver - part 16").

Reported by: Pietro Oliva &lt;pietroliva@gmail.com&gt;
Cc: Pietro Oliva &lt;pietroliva@gmail.com&gt;
Cc: Stable &lt;stable@vger.kernel.org&gt;
Fixes: a2c60d42d97c ("staging: r8188eu: Add files for new driver - part 16")
Signed-off-by: Larry Finger &lt;Larry.Finger@lwfinger.net&gt;
Link: https://lore.kernel.org/r/20200210180235.21691-2-Larry.Finger@lwfinger.net
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 499c405b2b80bb3a04425ba3541d20305e014d3e upstream.

In routine rtw_hostapd_ioctl(), the user-controlled p-&gt;length is assumed
to be at least the size of struct ieee_param size, but this assumption is
never checked. This could result in out-of-bounds read/write on kernel
heap in case a p-&gt;length less than the size of struct ieee_param is
specified by the user. If p-&gt;length is allowed to be greater than the size
of the struct, then a malicious user could be wasting kernel memory.
Fixes commit a2c60d42d97c ("Add files for new driver - part 16").

Reported by: Pietro Oliva &lt;pietroliva@gmail.com&gt;
Cc: Pietro Oliva &lt;pietroliva@gmail.com&gt;
Cc: Stable &lt;stable@vger.kernel.org&gt;
Fixes: a2c60d42d97c ("staging: r8188eu: Add files for new driver - part 16")
Signed-off-by: Larry Finger &lt;Larry.Finger@lwfinger.net&gt;
Link: https://lore.kernel.org/r/20200210180235.21691-2-Larry.Finger@lwfinger.net
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi.</title>
<updated>2020-02-28T14:39:11+00:00</updated>
<author>
<name>Malcolm Priestley</name>
<email>tvboxspy@gmail.com</email>
</author>
<published>2020-02-04T19:34:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=d8d7c3f6c88cf1cf674e39d16205576a4ab5b6de'/>
<id>d8d7c3f6c88cf1cf674e39d16205576a4ab5b6de</id>
<content type='text'>
commit 93134df520f23f4e9998c425b8987edca7016817 upstream.

bb_pre_ed_rssi is an u8 rx_dm always returns negative signed
values add minus operator to always yield positive.

fixes issue where rx sensitivity is always set to maximum because
the unsigned numbers were always greater then 100.

Fixes: 63b9907f58f1 ("staging: vt6656: mac80211 conversion: create rx function.")
Cc: stable &lt;stable@vger.kernel.org&gt;
Signed-off-by: Malcolm Priestley &lt;tvboxspy@gmail.com&gt;
Link: https://lore.kernel.org/r/aceac98c-6e69-3ce1-dfec-2bf27b980221@gmail.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 93134df520f23f4e9998c425b8987edca7016817 upstream.

bb_pre_ed_rssi is an u8 rx_dm always returns negative signed
values add minus operator to always yield positive.

fixes issue where rx sensitivity is always set to maximum because
the unsigned numbers were always greater then 100.

Fixes: 63b9907f58f1 ("staging: vt6656: mac80211 conversion: create rx function.")
Cc: stable &lt;stable@vger.kernel.org&gt;
Signed-off-by: Malcolm Priestley &lt;tvboxspy@gmail.com&gt;
Link: https://lore.kernel.org/r/aceac98c-6e69-3ce1-dfec-2bf27b980221@gmail.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>staging: android: ashmem: Disallow ashmem memory from being remapped</title>
<updated>2020-02-28T14:39:11+00:00</updated>
<author>
<name>Suren Baghdasaryan</name>
<email>surenb@google.com</email>
</author>
<published>2020-01-27T23:56:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a349db843c640ad1fbab6625a7a4e9d4dd45f26a'/>
<id>a349db843c640ad1fbab6625a7a4e9d4dd45f26a</id>
<content type='text'>
commit 6d67b0290b4b84c477e6a2fc6e005e174d3c7786 upstream.

When ashmem file is mmapped, the resulting vma-&gt;vm_file points to the
backing shmem file with the generic fops that do not check ashmem
permissions like fops of ashmem do. If an mremap is done on the ashmem
region, then the permission checks will be skipped. Fix that by disallowing
mapping operation on the backing shmem file.

Reported-by: Jann Horn &lt;jannh@google.com&gt;
Signed-off-by: Suren Baghdasaryan &lt;surenb@google.com&gt;
Cc: stable &lt;stable@vger.kernel.org&gt; # 4.4,4.9,4.14,4.18,5.4
Signed-off-by: Todd Kjos &lt;tkjos@google.com&gt;
Reviewed-by: Joel Fernandes (Google) &lt;joel@joelfernandes.org&gt;
Link: https://lore.kernel.org/r/20200127235616.48920-1-tkjos@google.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 6d67b0290b4b84c477e6a2fc6e005e174d3c7786 upstream.

When ashmem file is mmapped, the resulting vma-&gt;vm_file points to the
backing shmem file with the generic fops that do not check ashmem
permissions like fops of ashmem do. If an mremap is done on the ashmem
region, then the permission checks will be skipped. Fix that by disallowing
mapping operation on the backing shmem file.

Reported-by: Jann Horn &lt;jannh@google.com&gt;
Signed-off-by: Suren Baghdasaryan &lt;surenb@google.com&gt;
Cc: stable &lt;stable@vger.kernel.org&gt; # 4.4,4.9,4.14,4.18,5.4
Signed-off-by: Todd Kjos &lt;tkjos@google.com&gt;
Reviewed-by: Joel Fernandes (Google) &lt;joel@joelfernandes.org&gt;
Link: https://lore.kernel.org/r/20200127235616.48920-1-tkjos@google.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>staging: vt6656: Fix false Tx excessive retries reporting.</title>
<updated>2020-02-05T13:03:33+00:00</updated>
<author>
<name>Malcolm Priestley</name>
<email>tvboxspy@gmail.com</email>
</author>
<published>2020-01-08T21:41:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=b9e9c736dea99c6b1b8771a27ddd813e48a7f275'/>
<id>b9e9c736dea99c6b1b8771a27ddd813e48a7f275</id>
<content type='text'>
commit 9dd631fa99dc0a0dfbd191173bf355ba30ea786a upstream.

The driver reporting  IEEE80211_TX_STAT_ACK is not being handled
correctly. The driver should only report on TSR_TMO flag is not
set indicating no transmission errors and when not IEEE80211_TX_CTL_NO_ACK
is being requested.

Cc: stable &lt;stable@vger.kernel.org&gt;
Signed-off-by: Malcolm Priestley &lt;tvboxspy@gmail.com&gt;
Link: https://lore.kernel.org/r/340f1f7f-c310-dca5-476f-abc059b9cd97@gmail.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 9dd631fa99dc0a0dfbd191173bf355ba30ea786a upstream.

The driver reporting  IEEE80211_TX_STAT_ACK is not being handled
correctly. The driver should only report on TSR_TMO flag is not
set indicating no transmission errors and when not IEEE80211_TX_CTL_NO_ACK
is being requested.

Cc: stable &lt;stable@vger.kernel.org&gt;
Signed-off-by: Malcolm Priestley &lt;tvboxspy@gmail.com&gt;
Link: https://lore.kernel.org/r/340f1f7f-c310-dca5-476f-abc059b9cd97@gmail.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
</feed>
