Unlike mlme_sta_tbl, OnAction_tbl is an array of structs.
OnAction iterates over the array to find the entry for a specific action
category. No action is performed if a category has no entry.
We can remove the entries that point to the dummy function DoReserved.
These were the last users of DoReserved, the function itself can be
removed as well.
Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Link: https://lore.kernel.org/r/20220421200805.192083-2-martin@kaiser.cx
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The rtllib_rx_assoc_resp() function has a signedness bug because it's
a declared as a u16 but it return -ENOMEM. When you look at it more
closely it returns a mix of error codes including 0xcafe, -ENOMEM, and
a->status which is WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG. This is a mess.
Clean it up to just return standard kernel error codes. We can print
out the a->status before returning a regular error code. The printks
in the caller need to be adjusted as well.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Haowen Bai <baihaowen@meizu.com>
Link: https://lore.kernel.org/r/1650529277-7893-1-git-send-email-baihaowen@meizu.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Currently, these three get_key functions return -1 when the provided len
value is less a specific key length value, which can result in buffer
overflow depending on how the returned value is used. These functions are
used in three places in ieee80211/ieee80211_wx.c:
ieee80211_wx_get_encode() :
The behavior of this function will be unchanged.
ieee80211_wx_get_encode_ext() :
The result of the get_key function is written to ext->key_len,
resulting in a buffer overflow if the result is negative.
ieee80211_wx_set_encode() :
The behavior of this function will change. When len is less than the
key length value, it will set a default key of all 0.
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Rebecca Mckeever <remckee0@gmail.com>
Link: https://lore.kernel.org/r/Yl/7QPKXer7YtXOs@bertie
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
There is a deadlock in rtllib_beacons_stop(), which is shown
below:
(Thread 1) | (Thread 2)
| rtllib_send_beacon()
rtllib_beacons_stop() | mod_timer()
spin_lock_irqsave() //(1) | (wait a time)
... | rtllib_send_beacon_cb()
del_timer_sync() | spin_lock_irqsave() //(2)
(wait timer to stop) | ...
We hold ieee->beacon_lock in position (1) of thread 1 and
use del_timer_sync() to wait timer to stop, but timer handler
also need ieee->beacon_lock in position (2) of thread 2.
As a result, rtllib_beacons_stop() will block forever.
This patch extracts del_timer_sync() from the protection of
spin_lock_irqsave(), which could let timer handler to obtain
the needed lock.
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220417141641.124388-1-duoming@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
There is a deadlock in ieee80211_beacons_stop(), which is shown below:
(Thread 1) | (Thread 2)
| ieee80211_send_beacon()
ieee80211_beacons_stop() | mod_timer()
spin_lock_irqsave() //(1) | (wait a time)
... | ieee80211_send_beacon_cb()
del_timer_sync() | spin_lock_irqsave() //(2)
(wait timer to stop) | ...
We hold ieee->beacon_lock in position (1) of thread 1 and use
del_timer_sync() to wait timer to stop, but timer handler
also need ieee->beacon_lock in position (2) of thread 2.
As a result, ieee80211_beacons_stop() will block forever.
This patch extracts del_timer_sync() from the protection of
spin_lock_irqsave(), which could let timer handler to obtain
the needed lock.
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://lore.kernel.org/r/20220417135407.109536-1-duoming@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add " == 0" to the condition in both else if branches to address a
possible bug. strcmp returns 0 when its arguments are equal, which
evaluates to false, often leading to errors when used in if statements.
Currently, the statement in the first else if branch does not execute
when its arguments are equal, but it does execute when crypt->ops->name
equals any string other than "WEP" or "TKIP".
Similarly, the second else if branch does not execute when its arguments
are equal, and it only executes when crypt->ops->name equals "TKIP".
The else branch never executes.
It is unlikely that this is working as intended.
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Rebecca Mckeever <remckee0@gmail.com>
Link: https://lore.kernel.org/r/20220416102434.97567-1-remckee0@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Variable negative is being assigned a value that is never read, it is
being re-assigned later. The assignment is redundant and can be removed.
Cleans up clang scan build warning:
drivers/staging/iio/resolver/ad2s1210.c:502:3: warning: Value stored
to 'negative' is never read [deadcode.DeadStores]
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Link: https://lore.kernel.org/r/20220418134603.81336-1-colin.i.king@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The Unisys sub-tree of drivers/staging contains three drivers for the
"Unisys Secure Partition" (s-Par(R)): visorhba, visorinput, visornic.
They have no maintainers, in fact the only one that is listed in
MAINTAINERS has an unreacheable email address. During 2021 and 2022
several patches have been submitted to these drivers but nobody at
Unisys cared of reviewing the changes. Probably, also the
"sparmaintainer" internal list of unisys.com is not anymore read by
interested Unisys' engineers.
Therefore, remove the drivers/staging/unisys directory and delete the
relevant entries in the MAINTAINERS, Kconfig, Makefile files, then
remove also the drivers/visorbus directory which is not anymore needed
(it contained the driver for the virtualized bus for the Unisys s-Par
firmware).
Cc: David Kershner <david.kershner@unisys.com>
Cc: <sparmaintainer@unisys.com>
Cc: Ken Cox <jkc@redhat.com>
Suggested-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Link: https://lore.kernel.org/r/20220414103217.32058-1-fmdefrancesco@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The structures
rtw_ieee80211_hdr
rtw_ieee80211_hdr_3addr
rtw_ieee80211_hdr_3addr_qos
in drivers/staging/r8188eu/include/ieee80211.h just duplicate the
in-kernel structures from include/linux/ieee80211.h.
ieee80211_hdr
ieee80211_hdr_3addr
ieee80211_qos_hdr
Remove the rtw_ prefixed structures and use the in-kernel versions.
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20220418180916.11311-1-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
mlme_sta_tbl is an array of struct mlme_handler. mlme_handler's num and
str components are not used. The code in mgt_dispatcher uses the subtype
number of the incoming frame to select the array entry for compiling the
repsonse.
We can remove struct mlme_handler and make mlme_sta_tbl an array of
function pointers.
Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Link: https://lore.kernel.org/r/20220417102221.466524-5-martin@kaiser.cx
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The driver's local GetFrameSubType macro returns both frame type and
subtype.
Use the ieee80211 framework to extract the two fields. This shows more
clearly that both type and subtype are read.
Convert everything to host endianness before we use bit operations.
Signed-off-by: Martin Kaiser <martin@kaiser.cx>
Link: https://lore.kernel.org/r/20220417102221.466524-3-martin@kaiser.cx
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
