<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/drivers/staging/rtl8192e, branch v5.16</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()</title>
<updated>2021-11-17T13:08:57+00:00</updated>
<author>
<name>Dan Carpenter</name>
<email>dan.carpenter@oracle.com</email>
</author>
<published>2021-11-17T07:20:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=b535917c51acc97fb0761b1edec85f1f3d02bda4'/>
<id>b535917c51acc97fb0761b1edec85f1f3d02bda4</id>
<content type='text'>
The free_rtllib() function frees the "dev" pointer so there is use
after free on the next line.  Re-arrange things to avoid that.

Fixes: 66898177e7e5 ("staging: rtl8192e: Fix unload/reload problem")
Cc: stable &lt;stable@vger.kernel.org&gt;
Signed-off-by: Dan Carpenter &lt;dan.carpenter@oracle.com&gt;
Link: https://lore.kernel.org/r/20211117072016.GA5237@kili
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The free_rtllib() function frees the "dev" pointer so there is use
after free on the next line.  Re-arrange things to avoid that.

Fixes: 66898177e7e5 ("staging: rtl8192e: Fix unload/reload problem")
Cc: stable &lt;stable@vger.kernel.org&gt;
Signed-off-by: Dan Carpenter &lt;dan.carpenter@oracle.com&gt;
Link: https://lore.kernel.org/r/20211117072016.GA5237@kili
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl: use eth_hw_addr_set()</title>
<updated>2021-10-20T17:33:59+00:00</updated>
<author>
<name>Jakub Kicinski</name>
<email>kuba@kernel.org</email>
</author>
<published>2021-10-19T17:12:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=e7c636f2bb50367581bec53782fb15ebf8648936'/>
<id>e7c636f2bb50367581bec53782fb15ebf8648936</id>
<content type='text'>
Commit 406f42fa0d3c ("net-next: When a bond have a massive amount
of VLANs...") introduced a rbtree for faster Ethernet address look
up. To maintain netdev-&gt;dev_addr in this tree we need to make all
the writes to it got through appropriate helpers.

Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
Link: https://lore.kernel.org/r/20211019171243.1412240-8-kuba@kernel.org
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Commit 406f42fa0d3c ("net-next: When a bond have a massive amount
of VLANs...") introduced a rbtree for faster Ethernet address look
up. To maintain netdev-&gt;dev_addr in this tree we need to make all
the writes to it got through appropriate helpers.

Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
Link: https://lore.kernel.org/r/20211019171243.1412240-8-kuba@kernel.org
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: use eth_hw_addr_set() instead of ether_addr_copy()</title>
<updated>2021-10-20T17:33:58+00:00</updated>
<author>
<name>Jakub Kicinski</name>
<email>kuba@kernel.org</email>
</author>
<published>2021-10-19T17:12:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=349f631da4e1bdcb1b4a2a3ee630d689bfe6724d'/>
<id>349f631da4e1bdcb1b4a2a3ee630d689bfe6724d</id>
<content type='text'>
Commit 406f42fa0d3c ("net-next: When a bond have a massive amount
of VLANs...") introduced a rbtree for faster Ethernet address look
up. To maintain netdev-&gt;dev_addr in this tree we need to make all
the writes to it got through appropriate helpers.

Convert staging from ether_addr_copy() to eth_hw_addr_set():

  @@
  expression dev, np;
  @@
  - ether_addr_copy(dev-&gt;dev_addr, np)
  + eth_hw_addr_set(dev, np)

Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
Link: https://lore.kernel.org/r/20211019171243.1412240-3-kuba@kernel.org
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Commit 406f42fa0d3c ("net-next: When a bond have a massive amount
of VLANs...") introduced a rbtree for faster Ethernet address look
up. To maintain netdev-&gt;dev_addr in this tree we need to make all
the writes to it got through appropriate helpers.

Convert staging from ether_addr_copy() to eth_hw_addr_set():

  @@
  expression dev, np;
  @@
  - ether_addr_copy(dev-&gt;dev_addr, np)
  + eth_hw_addr_set(dev, np)

Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
Link: https://lore.kernel.org/r/20211019171243.1412240-3-kuba@kernel.org
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl8192e: remove unused variable ieee</title>
<updated>2021-10-05T10:30:50+00:00</updated>
<author>
<name>Saurav Girepunje</name>
<email>saurav.girepunje@gmail.com</email>
</author>
<published>2021-10-03T10:05:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=11dc495619d03798fff18b3257b7379a389d68dd'/>
<id>11dc495619d03798fff18b3257b7379a389d68dd</id>
<content type='text'>
Remove unused local variable ieee from ActivateBAEntry().

Signed-off-by: Saurav Girepunje &lt;saurav.girepunje@gmail.com&gt;
Link: https://lore.kernel.org/r/YVmAhOSRB8yc/iwU@user
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Remove unused local variable ieee from ActivateBAEntry().

Signed-off-by: Saurav Girepunje &lt;saurav.girepunje@gmail.com&gt;
Link: https://lore.kernel.org/r/YVmAhOSRB8yc/iwU@user
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl8192e: rtl_core: Fix possible null-pointer dereference in _rtl92e_pci_disconnect()</title>
<updated>2021-08-11T07:43:44+00:00</updated>
<author>
<name>Tuo Li</name>
<email>islituo@gmail.com</email>
</author>
<published>2021-08-11T03:11:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=25ee7e89d45debc195cc8cec2483e07bbccd1472'/>
<id>25ee7e89d45debc195cc8cec2483e07bbccd1472</id>
<content type='text'>
The variable dev is checked in:
  if (dev)

This indicates that it can be NULL. If so, a null-pointer dereference will
occur:
  priv = rtllib_priv(dev);

However, the value of priv is not used in the remaining part of this
function. Thus the else-branch can be removed to fix this posible
null-pointer dereference.

Reported-by: TOTE Robot &lt;oslab@tsinghua.edu.cn&gt;
Reviewed-by: Dan Carpenter &lt;dan.carpenter@oracle.com&gt;
Signed-off-by: Tuo Li &lt;islituo@gmail.com&gt;
Link: https://lore.kernel.org/r/20210811031135.4110-1-islituo@gmail.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The variable dev is checked in:
  if (dev)

This indicates that it can be NULL. If so, a null-pointer dereference will
occur:
  priv = rtllib_priv(dev);

However, the value of priv is not used in the remaining part of this
function. Thus the else-branch can be removed to fix this posible
null-pointer dereference.

Reported-by: TOTE Robot &lt;oslab@tsinghua.edu.cn&gt;
Reviewed-by: Dan Carpenter &lt;dan.carpenter@oracle.com&gt;
Signed-off-by: Tuo Li &lt;islituo@gmail.com&gt;
Link: https://lore.kernel.org/r/20210811031135.4110-1-islituo@gmail.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl8192e: rtl8192e: rtl_core: remove unused global variable</title>
<updated>2021-08-10T10:15:14+00:00</updated>
<author>
<name>Saurav Girepunje</name>
<email>saurav.girepunje@gmail.com</email>
</author>
<published>2021-08-07T10:22:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=3bb8fa376b8a21ccaf25bf64cc70a6a54cf343f8'/>
<id>3bb8fa376b8a21ccaf25bf64cc70a6a54cf343f8</id>
<content type='text'>
Remove unused global variable channels from rtl_core.c

Signed-off-by: Saurav Girepunje &lt;saurav.girepunje@gmail.com&gt;
Link: https://lore.kernel.org/r/20210807102232.6674-4-saurav.girepunje@gmail.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Remove unused global variable channels from rtl_core.c

Signed-off-by: Saurav Girepunje &lt;saurav.girepunje@gmail.com&gt;
Link: https://lore.kernel.org/r/20210807102232.6674-4-saurav.girepunje@gmail.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl8192e: Avoid field-overflowing memcpy()</title>
<updated>2021-08-10T10:09:32+00:00</updated>
<author>
<name>Kees Cook</name>
<email>keescook@chromium.org</email>
</author>
<published>2021-08-06T20:11:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=ada0e6dbbb098350e0cb7fd32672ba4fd98500fc'/>
<id>ada0e6dbbb098350e0cb7fd32672ba4fd98500fc</id>
<content type='text'>
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally writing across neighboring fields.

Split the 3 addr memcpy() into 3 memcpy() calls so the compiler doesn't
think an overflowing memcpy() happens against the addr1 field (the
neighbors are intended to be copied as well).

rtllib_read_qos_param_element() copies a struct rtllib_info_element
into a struct rtllib_qos_information_element, but is actually wanting to
copy into the larger struct rtllib_qos_parameter_info (the contents of
ac_params_record[] is later examined). Refactor the routine to perform
centralized checks, and copy the entire contents directly (since the id
and len members match the elementID and length members):

struct rtllib_info_element {
        u8 id;
        u8 len;
        u8 data[];
} __packed;

struct rtllib_qos_information_element {
        u8 elementID;
        u8 length;
        u8 qui[QOS_OUI_LEN];
        u8 qui_type;
        u8 qui_subtype;
        u8 version;
        u8 ac_info;
} __packed;

struct rtllib_qos_parameter_info {
        struct rtllib_qos_information_element info_element;
        u8 reserved;
        struct rtllib_qos_ac_parameter ac_params_record[QOS_QUEUE_NUM];
} __packed;

Cc: Darshan D V &lt;darshandv10@gmail.com&gt;
Cc: Aditya Srivastava &lt;yashsri421@gmail.com&gt;
Cc: devel@driverdev.osuosl.org
Cc: Larry Finger &lt;Larry.Finger@lwfinger.net&gt;
Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Link: https://lore.kernel.org/r/20210806201106.2871169-1-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), memmove(), and memset(), avoid
intentionally writing across neighboring fields.

Split the 3 addr memcpy() into 3 memcpy() calls so the compiler doesn't
think an overflowing memcpy() happens against the addr1 field (the
neighbors are intended to be copied as well).

rtllib_read_qos_param_element() copies a struct rtllib_info_element
into a struct rtllib_qos_information_element, but is actually wanting to
copy into the larger struct rtllib_qos_parameter_info (the contents of
ac_params_record[] is later examined). Refactor the routine to perform
centralized checks, and copy the entire contents directly (since the id
and len members match the elementID and length members):

struct rtllib_info_element {
        u8 id;
        u8 len;
        u8 data[];
} __packed;

struct rtllib_qos_information_element {
        u8 elementID;
        u8 length;
        u8 qui[QOS_OUI_LEN];
        u8 qui_type;
        u8 qui_subtype;
        u8 version;
        u8 ac_info;
} __packed;

struct rtllib_qos_parameter_info {
        struct rtllib_qos_information_element info_element;
        u8 reserved;
        struct rtllib_qos_ac_parameter ac_params_record[QOS_QUEUE_NUM];
} __packed;

Cc: Darshan D V &lt;darshandv10@gmail.com&gt;
Cc: Aditya Srivastava &lt;yashsri421@gmail.com&gt;
Cc: devel@driverdev.osuosl.org
Cc: Larry Finger &lt;Larry.Finger@lwfinger.net&gt;
Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
Link: https://lore.kernel.org/r/20210806201106.2871169-1-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging/rtl8192e: Remove all strcpy() uses</title>
<updated>2021-07-27T13:20:56+00:00</updated>
<author>
<name>Len Baker</name>
<email>len.baker@gmx.com</email>
</author>
<published>2021-07-23T17:32:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=cf79ee6eb0d7d5f45ad58c395ee855e2e1bbc9b2'/>
<id>cf79ee6eb0d7d5f45ad58c395ee855e2e1bbc9b2</id>
<content type='text'>
strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors. The safe replacement is strscpy().

It is also dangerous a strcpy() followed by a strcat(). In this case,
refactor the code using scnprintf() and avoid this combination.

Signed-off-by: Len Baker &lt;len.baker@gmx.com&gt;
Link: https://lore.kernel.org/r/20210723173216.12157-1-len.baker@gmx.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors. The safe replacement is strscpy().

It is also dangerous a strcpy() followed by a strcat(). In this case,
refactor the code using scnprintf() and avoid this combination.

Signed-off-by: Len Baker &lt;len.baker@gmx.com&gt;
Link: https://lore.kernel.org/r/20210723173216.12157-1-len.baker@gmx.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl8192e: Fix shadowed variable name</title>
<updated>2021-05-25T16:23:32+00:00</updated>
<author>
<name>Thomas Bracht Laumann Jespersen</name>
<email>t@laumann.xyz</email>
</author>
<published>2021-05-21T19:37:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=6ec070e872a1b2af4d12016d2d404115d9de5c25'/>
<id>6ec070e872a1b2af4d12016d2d404115d9de5c25</id>
<content type='text'>
Fixes the following sparse warning:

drivers/staging/rtl8192e/rtllib_tx.c:884:32: warning: symbol 'tcb_desc' shadows an earlier one
drivers/staging/rtl8192e/rtllib_tx.c:569:24: originally declared here

Signed-off-by: Thomas Bracht Laumann Jespersen &lt;t@laumann.xyz&gt;
Link: https://lore.kernel.org/r/20210521193711.5457-1-t@laumann.xyz
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Fixes the following sparse warning:

drivers/staging/rtl8192e/rtllib_tx.c:884:32: warning: symbol 'tcb_desc' shadows an earlier one
drivers/staging/rtl8192e/rtllib_tx.c:569:24: originally declared here

Signed-off-by: Thomas Bracht Laumann Jespersen &lt;t@laumann.xyz&gt;
Link: https://lore.kernel.org/r/20210521193711.5457-1-t@laumann.xyz
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: rtl8192e: delete extra blank lines</title>
<updated>2021-05-19T15:59:39+00:00</updated>
<author>
<name>Wang Qing</name>
<email>wangqing@vivo.com</email>
</author>
<published>2021-05-19T03:00:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=946c945301db3ca0e48d8ff06aa38d4ff2ba82b2'/>
<id>946c945301db3ca0e48d8ff06aa38d4ff2ba82b2</id>
<content type='text'>
fixing CHECK:Blank lines aren't necessary before a close brace '}'

Signed-off-by: Wang Qing &lt;wangqing@vivo.com&gt;
Link: https://lore.kernel.org/r/1621393219-28665-1-git-send-email-wangqing@vivo.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
fixing CHECK:Blank lines aren't necessary before a close brace '}'

Signed-off-by: Wang Qing &lt;wangqing@vivo.com&gt;
Link: https://lore.kernel.org/r/1621393219-28665-1-git-send-email-wangqing@vivo.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
