Smatch complains:
drivers/staging/wfx/hif_rx.c:26 hif_generic_confirm() warn: negative user subtract: 0-u16max - 4
20 static int hif_generic_confirm(struct wfx_dev *wdev,
21 const struct hif_msg *hif, const void *buf)
22 {
23 // All confirm messages start with status
24 int status = le32_to_cpup((__le32 *)buf);
25 int cmd = hif->id;
26 int len = le16_to_cpu(hif->len) - 4; // drop header
^^^^^
27
28 WARN(!mutex_is_locked(&wdev->hif_cmd.lock), "data locking error");
In fact, rx_helper() already make the necessary checks on the value of
hif->len. Never mind, add an explicit check to make Smatch happy.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jérôme Pouiller <jerome.pouiller@silabs.com>
Link: https://lore.kernel.org/r/20201009171307.864608-6-Jerome.Pouiller@silabs.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Smatch complains:
bus_spi.c:228 wfx_spi_probe() warn: 'bus->core' could be an error pointer
bus_sdio.c:221 wfx_sdio_probe() warn: 'bus->core' could be an error pointer
bus->core contains the result of wfx_init_common(). With this patch,
wfx_init_common() returns a valid pointer or NULL.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jérôme Pouiller <jerome.pouiller@silabs.com>
Link: https://lore.kernel.org/r/20201009171307.864608-5-Jerome.Pouiller@silabs.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Smatch complains:
drivers/staging/wfx/hif_rx.c:177 hif_scan_complete_indication() warn: potential NULL parameter dereference 'wvif'
drivers/staging/wfx/data_tx.c:576 wfx_flush() warn: potential NULL parameter dereference 'wvif'
Indeed, if the vif id returned by the device does not exist anymore,
wdev_to_wvif() could return NULL.
In add, the error is not handled uniformly in the code, sometime a
WARN() is displayed but code continue, sometime a dev_warn() is
displayed, sometime it is just not tested, ...
This patch standardize that.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jérôme Pouiller <jerome.pouiller@silabs.com>
Link: https://lore.kernel.org/r/20201009171307.864608-4-Jerome.Pouiller@silabs.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Some static functions in the dpaa2-switch driver don't have a distinct
prefix and this is becoming an inconvenience when looking at, for
example, a perf top output and trying to determine easily which entries
are dpaa2 switch related. Ammend this by adding the prefix to all the
functions.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Link: https://lore.kernel.org/r/20201009153000.14550-3-ioana.ciornei@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Some static functions in the dpaa2-switch driver don't have a distinct
prefix and this is becoming an inconvenience when looking at, for
example, a perf top output and trying to determine easily which entries
are dpaa2 switch related. Ammend this by adding the prefix to all the
functions.
Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Link: https://lore.kernel.org/r/20201009153000.14550-2-ioana.ciornei@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The device can be connected on SPI or on SDIO. The original file
described the two options separately. So, most of the file had to be
rewritten in order to match with the Yaml requirements.
Some device requirements are still written in the comments since they
cannot been expressed with the current scheme (e.g. reg must be set to 1
with SDIO, interrupt is mandatory with SPI, reset-gpio in SPI is
replaced by mmc-pwrseq in SDIO, etc...).
The examples provided have also been reworked in order to make
dt_binding_check happy.
Finally, also fix typo in the name of the file (siliabs instead of
silabs)
Signed-off-by: Jérôme Pouiller <jerome.pouiller@silabs.com>
Link: https://lore.kernel.org/r/20201007101943.749898-7-Jerome.Pouiller@silabs.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The device is in charge of respecting the QoS constraints. The driver
have to ensure that all the queues contain data and the device choose
the right queue to send.
The things starts to be more difficult when the bandwidth of the bus is
lower than the bandwidth of the WiFi. The device quickly sends the
frames of the highest priority queue. Then, it starts to send frames
from a lower priority queue. Though, there are still some high priority
frames waiting in the driver.
To work around this problem, this patch add some priorities to each
queue. The weigh of the queue was (roughly) calculated experimentally by
checking the speed ratio of each queue when the bus does not limit the
traffic:
- Be/Bk -> 20Mbps/10Mbps
- Vi/Be -> 36Mbps/180Kbps
- Vo/Be -> 35Mbps/600Kbps
- Vi/Vo -> 24Mbps/12Mbps
So, if we fix the weigh of the Background to 1, the weight of Best
Effort should be 2. The weight of Video should be 116. However, since
there is only 32 queues, it make no sense to use a value greater than
64[1]. And finally, the weight of the Voice is set to 128.
[1] Because of this approximation, with very slow bus, we can still
observe frame starvation when we measure the speed ratio of Vi/Be. It is
around 35Mbps/1Mbps (instead of 36Mbps/180Kbps). However, it is still in
accepted error range.
Signed-off-by: Jérôme Pouiller <jerome.pouiller@silabs.com>
Link: https://lore.kernel.org/r/20201007101943.749898-5-Jerome.Pouiller@silabs.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Firmwares with API < 3.6 do not forward DELBA requests. Thus, when a
Block Ack session is restarted, the reordering buffer is not flushed and
the received sequence number is not contiguous. Therefore, mac80211
starts to wait some missing frames that it will never receive.
This patch disables the reordering buffer for old firmware. It is
harmless when the network is unencrypted. When the network is encrypted,
the non-contiguous frames will be thrown away by the TKIP/CCMP replay
protection. So, the user will observe some packet loss with UDP and
performance drop with TCP.
Fixes: e5da5fbd77 ("staging: wfx: fix CCMP/TKIP replay protection")
Signed-off-by: Jérôme Pouiller <jerome.pouiller@silabs.com>
Link: https://lore.kernel.org/r/20201007101943.749898-4-Jerome.Pouiller@silabs.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commit e8d607ce0c ("staging: wfx: drop 'secure link' feature") had
removed the 'secure link' feature. However, a few lines of codes were
yet here.
Fixes: e8d607ce0c ("staging: wfx: drop 'secure link' feature")
Signed-off-by: Jérôme Pouiller <jerome.pouiller@silabs.com>
Link: https://lore.kernel.org/r/20201007101943.749898-3-Jerome.Pouiller@silabs.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
As expected, when the device detect a MMIC error, it returns a specific
status. However, it also strip IV from the frame (don't ask me why).
So, with the current code, mac80211 detects a corrupted frame and it
drops it before it handle the MMIC error. The expected behavior would be
to detect MMIC error then to renegotiate the EAP session.
So, this patch correctly informs mac80211 that IV is not available. So,
mac80211 correctly takes into account the MMIC error.
Signed-off-by: Jérôme Pouiller <jerome.pouiller@silabs.com>
Link: https://lore.kernel.org/r/20201007101943.749898-2-Jerome.Pouiller@silabs.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
After a list_for_each_entry() loop, the list iterator is always non-NULL
so these conditions don't work. If the "waiter" is not found then this
results in an out of bounds access.
I have fixed it by introducing a new "found" variable. In one case, I
used an else statement for readability.
Fixes: 46e4b9ec4f ("staging: vchiq_arm: use list_for_each_entry when accessing bulk_waiter_list")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20201006134748.GA2076872@mwanda
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(struct gb_audio_ctl_elem_info*)->type has the type of __u8 so there is no
concern about the byte order. __force is safe to use.
Found by sparse,
$ make C=2 drivers/staging/greybus/
drivers/staging/greybus/audio_topology.c:185:24: warning: cast to restricted snd_ctl_elem_type_t
Suggested-by: Alex Elder <elder@linaro.org>
Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
Link: https://lore.kernel.org/r/20201002233057.74462-3-coiby.xu@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
snd_soc_pcm_stream.formats should use the bitmask SNDRV_PCM_FMTBIT_*
instead of the sequential integers SNDRV_PCM_FORMAT_* as explained by
commit e712bfca1a
("ASoC: codecs: use SNDRV_PCM_FMTBIT_* for format bitmask").
Found by sparse,
$ make C=2 drivers/staging/greybus/
drivers/staging/greybus/audio_codec.c:691:36: warning: incorrect type in initializer (different base types)
drivers/staging/greybus/audio_codec.c:691:36: expected unsigned long long [usertype] formats
drivers/staging/greybus/audio_codec.c:691:36: got restricted snd_pcm_format_t [usertype]
drivers/staging/greybus/audio_codec.c:701:36: warning: incorrect type in initializer (different base types)
drivers/staging/greybus/audio_codec.c:701:36: expected unsigned long long [usertype] formats
drivers/staging/greybus/audio_codec.c:701:36: got restricted snd_pcm_format_t [usertype]
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
Link: https://lore.kernel.org/r/20201002233057.74462-2-coiby.xu@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch fix the following warnings from sparse,
$ make C=2 drivers/staging/greybus/
drivers/staging/greybus/audio_module.c:222:25: warning: incorrect type in assignment (different base types)
drivers/staging/greybus/audio_module.c:222:25: expected restricted __le16 [usertype] data_cport
drivers/staging/greybus/audio_module.c:222:25: got unsigned short [usertype] intf_cport_id
drivers/staging/greybus/audio_topology.c:460:40: warning: restricted __le32 degrades to integer
drivers/staging/greybus/audio_topology.c:691:41: warning: incorrect type in assignment (different base types)
drivers/staging/greybus/audio_topology.c:691:41: expected unsigned int access
drivers/staging/greybus/audio_topology.c:691:41: got restricted __le32 [usertype] access
drivers/staging/greybus/audio_topology.c:746:44: warning: incorrect type in assignment (different base types)
drivers/staging/greybus/audio_topology.c:746:44: expected unsigned int
drivers/staging/greybus/audio_topology.c:746:44: got restricted __le32
drivers/staging/greybus/audio_topology.c:748:52: warning: incorrect type in assignment (different base types)
drivers/staging/greybus/audio_topology.c:748:52: expected unsigned int
drivers/staging/greybus/audio_topology.c:748:52: got restricted __le32
drivers/staging/greybus/audio_topology.c:802:42: warning: restricted __le32 degrades to integer
drivers/staging/greybus/audio_topology.c:805:50: warning: incorrect type in assignment (different base types)
drivers/staging/greybus/audio_topology.c:805:50: expected restricted __le32
drivers/staging/greybus/audio_topology.c:805:50: got unsigned int
drivers/staging/greybus/audio_topology.c:814:50: warning: restricted __le32 degrades to integer
drivers/staging/greybus/audio_topology.c:817:58: warning: incorrect type in assignment (different base types)
drivers/staging/greybus/audio_topology.c:817:58: expected restricted __le32
drivers/staging/greybus/audio_topology.c:817:58: got unsigned int
drivers/staging/greybus/audio_topology.c:889:25: warning: incorrect type in assignment (different base types)
drivers/staging/greybus/audio_topology.c:889:25: expected unsigned int access
drivers/staging/greybus/audio_topology.c:889:25: got restricted __le32 [usertype] access
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Alex Elder <elder@linaro.org>
Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
Link: https://lore.kernel.org/r/20201002233057.74462-1-coiby.xu@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Replace _cancel_timer with API function del_timer_sync.
One instance of del_timer_sync is moved and an unnecessary pair of spin
locks are removed.
Signed-off-by: Ross Schmidt <ross.schm.dev@gmail.com>
Link: https://lore.kernel.org/r/20201004011743.10750-8-ross.schm.dev@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This fixes commit 0107635e15
("staging: qlge: replace pr_err with netdev_err") which introduced an
build breakage of missing `struct ql_adapter *qdev` for some functions
and a warning of type mismatch with dumping enabled, i.e.,
$ make CFLAGS_MODULE="-DQL_ALL_DUMP -DQL_OB_DUMP -DQL_CB_DUMP \
-DQL_IB_DUMP -DQL_REG_DUMP -DQL_DEV_DUMP" M=drivers/staging/qlge
qlge_dbg.c: In function ‘ql_dump_ob_mac_rsp’:
qlge_dbg.c:2051:13: error: ‘qdev’ undeclared (first use in this function); did you mean ‘cdev’?
2051 | netdev_err(qdev->ndev, "%s\n", __func__);
| ^~~~
qlge_dbg.c: In function ‘ql_dump_routing_entries’:
qlge_dbg.c:1435:10: warning: format ‘%s’ expects argument of type ‘char *’, but argument 3 has type ‘int’ [-Wformat=]
1435 | "%s: Routing Mask %d = 0x%.08x\n",
| ~^
| |
| char *
| %d
1436 | i, value);
| ~
| |
| int
qlge_dbg.c:1435:37: warning: format ‘%x’ expects a matching ‘unsigned int’ argument [-Wformat=]
1435 | "%s: Routing Mask %d = 0x%.08x\n",
| ~~~~^
| |
| unsigned int
Note that now ql_dump_rx_ring/ql_dump_tx_ring won't check if the passed
parameter is a null pointer.
Fixes: 0107635e15 ("staging: qlge: replace pr_err with netdev_err")
Reported-by: Benjamin Poirier <benjamin.poirier@gmail.com>
Suggested-by: Benjamin Poirier <benjamin.poirier@gmail.com>
Reviewed-by: Benjamin Poirier <benjamin.poirier@gmail.com>
Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
Link: https://lore.kernel.org/r/20201002235941.77062-1-coiby.xu@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Replace spaces with tab to clear checkpatch error.
ERROR: code indent should use tabs where possible
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20200929062847.23985-8-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
After the removal of cckrates_included() and cckrates_only_included()
from rtw_wlan_util.c the variable/parameter 'ratelen' is unused now.
Remove it from update_wireless_mode() and judge_network_type().
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20200929062847.23985-7-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In rtw_ieee80211.c there are rtw_is_cckrates_included() and
rtw_is_cckratesonly_included() which have the same functionality as
cckrates_included() and cckrates_only_included() defined in
rtw_wlan_util.c. Remove the functions from rtw_wlan_util.c and use
those from rtw_ieee80211.c.
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20200929062847.23985-6-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Clean up remaining comparsions to NULL reported by checkpatch.
x == NULL -> !x
x != NULL -> x
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20200929062847.23985-2-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Smatch complains that "userdata" can be passed to vchiq_bulk_transfer()
without being initialized. This leads to a potential information leak
later on.
Fixes: a4367cd2b2 ("staging: vchiq: convert compat bulk transfer")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20200930123036.GC4282@kadam
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The logic of this function was accidentally broken by a checkpatch
inspired cleanup. I've modified the code to restore the original
behavior and also make checkpatch happy.
Fixes: 98fe05e21a ("staging: rtl8712: Remove unnecesary else after return statement.")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/20200929103548.GA493135@mwanda
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commit 515ce733e8 ("staging:r8188eu: Use lib80211 to encrypt (CCMP) tx frames")
was reverted because it caused scheduling while atomic bugs and hard
freezes. Experimentation showed that there were no freezes and no BUG
messages logged when lib80211_get_crypto_ops() was called directly
rather than indirectly through try_then_request_module().
Reapply "staging:r8188eu: Use lib80211 to encrypt (CCMP) tx frames"
with resolved revert conflicts and replace try_then_request_module()
with direct call to lib80211_get_crypto_ops().
Original commit message:
Put data to skb, decrypt with lib80211_crypt_ccmp, and place back to tx buffer.
Cc: Ivan Safonov <insafonov@gmail.com>
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20200927083535.2895-1-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
As found earlier, there is a problem in the create_pagelist() function
that takes a pointer argument that either points into vmalloc space or
into user space, with the pointer value controlled by user space allowing
a malicious user to trick the driver into accessing the kernel instead.
Avoid this problem by adding another function argument and passing
kernel pointers separately from user pointers. This makes it possible
to rely on sparse to point out invalid conversions, and it prevents
user space from faking a kernel pointer.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20200925114424.2647144-2-arnd@arndb.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
My earlier patches caused some new sparse warnings, but it turns out
that a number of those are actual bugs, or at least suspicous code.
Adding __user annotations to the data structures that are defined in
uapi headers helps avoid the new warnings, but that causes a different
set of warnings to show up, as some of these structures are used both
inside of the kernel and at the user interface but storing pointers to
different things there.
Duplicating the vchiq_service_params and vchiq_completion_data structures
in turn takes care of most of those, and then it turns out that there
is a 'data' pointer that can be any of a __user address, a dmd_addr_t
and a kernel pointer in vmalloc space at times.
I'm trying to annotate these as best I can without changing behavior,
but there still seems to be a serious bug when user space passes
a valid vmalloc space address instead of a user pointer. Adding
comments in the code there, and leaving the warnings in place that
seem to correspond to actual bugs.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20200925114424.2647144-1-arnd@arndb.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In hi3670_phy_probe(), when reading property tx-vboost-lvl fails, its
default value is assigned to priv->eye_diagram_param, rather than to
priv->tx_vboost_lvl. Fix this.
Fixes: 8971a3b880 ("staging: hikey9xx: add USB physical layer for Kirin 3670")
Addresses-Coverity: CID 1497107: Incorrect expression (COPY_PASTE_ERROR)
Signed-off-by: Alex Dewar <alex.dewar90@gmail.com>
Link: https://lore.kernel.org/r/20200921212146.34662-1-alex.dewar90@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Clean up comparsions to NULL reported by checkpatch.
if (x == NULL) -> if (!x)
if (x != NULL) -> if (x)
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20200919150823.16923-3-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Move 'else if' to the same line as the closing brace of the
corresponding 'if' to follow kernel coding style.
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20200919150823.16923-2-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add missing and remove unnecessary blank lines to clear checkpatch
issues.
CHECK: Please use a blank line after function/struct/union/enum declarations
CHECK: Blank lines aren't necessary before a close brace '}'
CHECK: Please don't use multiple blank lines
CHECK: Blank lines aren't necessary after an open brace '{'
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20200919150823.16923-1-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Clean up alignment style issues to follow kernel coding style
and clear checkpatch issues.
CHECK: Alignment should match open parenthesis
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20200919090040.9613-2-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Clean up block comment style issues to follow kernel coding style
and clear checkpatch warnings.
WARNING: Block comments should align the * on each line
WARNING: Block comments use a trailing */ on a separate line
WARNING: Block comments use * on subsequent lines
Signed-off-by: Michael Straube <straube.linux@gmail.com>
Link: https://lore.kernel.org/r/20200919090040.9613-1-straube.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
