robot
| Reported-by: Dan Carpenter
| Closes: https://lore.kernel.org/r/202312190038.zuex32pb-...@intel.com/
smatch warnings:
drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c:686
vchiq_initialise() error: we previously assumed 'state' could be null (see line
681)
vim +/state +686
/202309140330.fgoxorhe-...@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot
| Reported-by: Dan Carpenter
| Closes: https://lore.kernel.org/r/202309140330.fgoxorhe
me you don't really have this hardware and you're just modprobing
drivers to as part of testing? If you have this hardware then we can
preserve it. Otherwise we should just delete the whole driver. It's
been 8 years and no one has noticed that it doesn't probe.
regards,
dan carpenter
On Tue, Nov 30, 2021 at 10:51:48AM -0800, Todd Kjos wrote:
> v2:
> - add "binder: fix handling of error during copy" to fix
> bug noticed by Dan Carpenter
> - address Dan Carpenter's comments
Thanks!
regards,
dan carpenter
___
On Fri, Nov 26, 2021 at 10:33:35AM +, Lee Jones wrote:
> Supply additional checks in order to prevent unexpected results.
>
> Fixes: b892bf75b2034 ("ion: Switch ion to use dma-buf")
> Suggested-by: Dan Carpenter
> Signed-off-by: Lee Jones
> ---
> Destine
On Fri, Nov 26, 2021 at 08:56:27AM +, Lee Jones wrote:
> On Fri, 26 Nov 2021, Dan Carpenter wrote:
>
> > On Thu, Nov 25, 2021 at 06:18:22PM +0300, Dan Carpenter wrote:
> > > I had thought that ->kmap_cnt was a regular int and not an unsigned
> > > int, but I
On Thu, Nov 25, 2021 at 06:18:22PM +0300, Dan Carpenter wrote:
> I had thought that ->kmap_cnt was a regular int and not an unsigned
> int, but I would have to pull a stable tree to see where I misread the
> code.
I was looking at (struct ion_buffer)->kmap_cnt but this is
(st
On Thu, Nov 25, 2021 at 03:07:37PM +, Lee Jones wrote:
> On Thu, 25 Nov 2021, Dan Carpenter wrote:
>
> > On Thu, Nov 25, 2021 at 02:20:04PM +, Lee Jones wrote:
> > > Supply additional checks in order to prevent unexpected results.
> > >
> > > Fixes:
gt; +
> handle->kmap_cnt++;
^^^
This will not do what you want at all. It's a double increment on the
success path and it leave handle->kmap_cnt overflowed on failure path.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
t;
> if (ret)
> return ret > 0 ? -EINVAL : ret;
>
> Will fix in next version.
It should really be a separate patch at the start of the series because
it's from the original code and unrelated.
regards,
dan carpenter
___
ror code if binder_translate_fd_array()
succeeds but binder_alloc_copy_to_buffer() fails.
> return_error_line = __LINE__;
> @@ -3028,6 +3060,19 @@ static void binder_transaction(struct binder_proc
> *proc,
> goto err_bad_object_type;
> }
> +
> + list_for_each_safe(entry, tmp, sgc_head) {
^^^
All the list_for_each() loops can be changed to list_for_each_entry().
list_for_each_entry_safe(sgc, tmp, sgc_head, node) {
regards,
dan carpenter
> + size_t bytes_copied = 0;
>
sizeof(user_object.bbo));
> + return_error = BR_FAILED_REPLY;
> + return_error_param = -EINVAL;
> + return_error_line = __LINE__;
> + goto err_bad_p
*/
> + if (!list_empty(pf_head)) {
This condition is not required. If list is empty we add it to the tail,
but when there is only one item on the list, the first and last item are
going to be the same.
> + list_for_each_p
; ---
>
> v2
> - correct mailing list
Are you using the staging-next tree?
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
This is a super awkward way to resend a patch series. Next time, just
start a new thread and put [PATCH RESEND] in the subject.
I am sorry that no one responded to your thread. :/
regards,
dan carpenter
___
devel mailing list
de
s_failure' can be used to accurately detect this case.
>
It's really hard for me to understand what this bug looks like to the
user? Is it a memory leak or do we free the wrong thing?
regards,
dan carpenter
___
devel mailing
cid(const struct cred *c, u32
> >> *secid)
> >> +{
> >> +}
> > Since security_cred_getsecid() doesn't return an error code we should
> > probably set the secid to 0 in this case, for example:
> >
> > stat
eless WARN_ON() (Dan)
Thanks! Only dropping patch 11 and 33 was really required, but I'm
happy you dropped the WARN_ON() as well.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
On Mon, Sep 13, 2021 at 12:36:25PM +0200, Jérôme Pouiller wrote:
> On Monday 13 September 2021 11:33:28 CEST Dan Carpenter wrote:
> > On Mon, Sep 13, 2021 at 10:30:15AM +0200, Jerome Pouiller wrote:
> > > diff --git a/drivers/staging/wfx/sta.c b/drivers/staging/wfx/sta.c
> &
x_dtim_aid0_set);
>
> #undef PUT_COUNTER
Not related to the patch but the PUT_COUNTER macro should be called
something like PRINT_COUNTER. It's not a get/put API.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
N() will generate a stack trace and also the Oops will generate a
stack trace. It's duplicative.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
_pds(wdev);
> - if (err < 0)
> - goto err0;
> + wfx_send_pdata_pds(wdev);
You revert this change in patch 33 so let's drop this and 33 both.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driver
ame.
> + if (enable_ps)
> + *enable_ps = false;
> + if (wvif->vif->bss_conf.assoc && wvif->vif->bss_conf.ps)
> + dev_info(wvif->wdev->dev, "ignoring request
t; + }
> +
> if (ret < 0) {
> binder_inner_proc_lock(target_proc);
> target_proc->is_frozen = false;
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
It would be better if this had a fixes tag so we knew which is the first
buggy commit.
There was a long Project Zero article about the Bad Binder exploit
because commit f5cb779ba163 ("ANDROID: binder: remove waitqueue when
thread exits.") was marked as # 4.14 but it didn't have a F
release_fw;
}
Now the last thing is pFirmware->fw_buffer_sz. Etc.
Then at the end it's just:
free_fw_buffer:
kfree(pFirmware->fw_buffer_sz);
release_fw:
release_firmware(fw);
free_bt_firmware:
kfree(pBTFirmware);
free_firmware:
kfree(pFirmware);
ng backstory to my commit messages and but this is a bit
much. :P Just say "Use tabs instead of spaces". Add the backstory
under the --- cut off line if necessary.
Also it doesn't just change the Kconfig file. There are a lot of
unrelated changes as well.
et(dev);
> +
> + return 0;
> +
> +err:
> + kfree(ldev);
I'm sorry, in the earlier version I told you to add this kfree() but
this is devm_ allocated so the kfree() is wrong and will lead to a
double free. My bad. That's on me.
> + drm_err(dev, "failed to initialize drm d
loongson_modeset_init(struct loongson_device *ldev)
> +{
> + struct drm_encoder *encoder;
> + struct drm_connector *connector;
> + int i;
> + u32 ret;
Same.
> +
> + ldev->dev->mode_config.allow_fb_modifiers = true;
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
struct loongson_crtc *lcrtc = to_loongson_crtc(crtc);
> + struct loongson_device *ldev = lcrtc->ldev;
> + u32 reg_val;
> +
> + if (lcrtc->crtc_id) {
> + reg_val = ls7a_mm_rreg(ldev, FB_INT_REG);
> + reg_val |= FB_VSYNC1_ENABLE;
> +
diff --git a/drivers/gpu/drm/loongson/loongson_plane.c
> b/drivers/gpu/drm/loongson/loongson_plane.c
> new file mode 100644
> index ..b8c247d1ce09
> --- /dev/null
> +++ b/drivers/gpu/drm/loongson/loongson_plane.c
> @@ -0,0 +1,102 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +
> +#include "loongson_drv.h"
> +
> +static void loongson_plane_atomic_update(struct drm_plane *plane,
> + struct drm_atomic_state *state)
> +{
> + struct loongson_crtc *lcrtc;
> + struct loongson_device *ldev;
> + struct drm_plane_state *lstate = plane->state;
> + u32 gpu_addr = 0;
> + u32 fb_addr = 0;
> + u32 reg_val = 0;
> + u32 reg_offset;
> + u32 pitch;
> + u8 depth;
> + u32 x, y;
> +
> + if (!lstate->crtc || !lstate->fb)
> + return;
> +
> + pitch = lstate->fb->pitches[0];
> + lcrtc = to_loongson_crtc(lstate->crtc);
> + ldev = lcrtc->ldev;
> + reg_offset = lcrtc->reg_offset;
> + x = lstate->crtc->x;
> + y = lstate->crtc->y;
> + depth = lstate->fb->format->cpp[0] << 3;
> +
> + gpu_addr = loongson_gpu_offset(lstate);
> + reg_val = (pitch + 255) & ~255;
> + ls7a_mm_wreg(ldev, FB_STRI_REG + reg_offset, reg_val);
> +
> + switch (depth) {
> + case 12 ... 16:
> + fb_addr = gpu_addr + y * pitch + ALIGN(x, 64) * 2;
> + break;
> + case 24 ... 32:
> + default:
> + fb_addr = gpu_addr + y * pitch + ALIGN(x, 64) * 4;
> + break;
> + }
> +
> + ls7a_mm_wreg(ldev, FB_ADDR0_REG + reg_offset, fb_addr);
> + ls7a_mm_wreg(ldev, FB_ADDR1_REG + reg_offset, fb_addr);
> + reg_val = lcrtc->cfg_reg | CFG_ENABLE;
> + ls7a_mm_wreg(ldev, FB_CFG_REG + reg_offset, reg_val);
> +}
> +
> +static const uint32_t loongson_formats[] = {
> + DRM_FORMAT_RGB565,
> + DRM_FORMAT_RGB888,
> + DRM_FORMAT_XRGB,
> + DRM_FORMAT_ARGB,
> +};
> +
> +static const uint64_t loongson_format_modifiers[] = { DRM_FORMAT_MOD_LINEAR,
> + DRM_FORMAT_MOD_INVALID };
> +
> +static const struct drm_plane_funcs loongson_plane_funcs = {
> + .atomic_duplicate_state = drm_atomic_helper_plane_duplicate_state,
> + .atomic_destroy_state = drm_atomic_helper_plane_destroy_state,
> + .destroy = drm_plane_cleanup,
> + .disable_plane = drm_atomic_helper_disable_plane,
> + .reset = drm_atomic_helper_plane_reset,
> + .update_plane = drm_atomic_helper_update_plane,
> +};
> +
> +static const struct drm_plane_helper_funcs loongson_plane_helper_funcs = {
> + .prepare_fb = drm_gem_vram_plane_helper_prepare_fb,
> + .cleanup_fb = drm_gem_vram_plane_helper_cleanup_fb,
> + .atomic_update = loongson_plane_atomic_update,
> +};
> +
> +int loongson_plane_init(struct loongson_crtc *lcrtc)
> +{
> + struct loongson_device *ldev;
> + int crtc_id;
> + int ret;
> +
> + ldev = lcrtc->ldev;
> + crtc_id = lcrtc->crtc_id;
> +
> + lcrtc->plane = devm_kzalloc(ldev->dev->dev, sizeof(*lcrtc->plane),
Why do we use ->dev->dev here and ->dev for drm_universal_plane_init()?
> + GFP_KERNEL);
> + if (!lcrtc->plane)
> + return -ENOMEM;
> +
> + ret = drm_universal_plane_init(ldev->dev, lcrtc->plane, BIT(crtc_id),
> +_plane_funcs, loongson_formats,
> +ARRAY_SIZE(loongson_formats),
> +loongson_format_modifiers,
> +DRM_PLANE_TYPE_PRIMARY, NULL);
> + if (ret) {
> + DRM_ERROR("fail to init planed crtc %d\n", crtc_id);
> + return ret;
> + }
> +
> + drm_plane_helper_add(lcrtc->plane, _plane_helper_funcs);
> +
> + return 0;
> +}
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
+int loongson_dc_gpio_init(struct loongson_device *ldev)
> +{
> + int ret;
> + struct gpio_chip *chip;
struct gpio_chip *chip = >chip;
int ret;
> +
> + chip = >chip;
> + chip->label = "ls7a-dc-gpio";
> + chip->base = LS7A_DC_GPIO_BASE;
&g
g an error and continuing.
> +
> drm_kms_helper_poll_init(dev);
> drm_mode_config_reset(dev);
>
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
On Sun, May 23, 2021 at 10:21:51AM +0900, Donggyu Kim wrote:
> Signed-off-by:Donggyu Kim
The subject needs a subsystem prefix, the subject is too long, and there
is no commit message. Run scripts/checkpatch.pl on your patches.
regards,
dan carpen
l not complain. The problem is that
me->dmem_stats is not a void pointer. Someone should delete that
nonsense comment.
> me->dmem_stats= (void *)base_ptr;
> me->vmem_stats_hi = (void *)(base_ptr + isp_stats->dmem_size);
> me->vmem_stats_lo = (vo
On Tue, May 18, 2021 at 05:56:47PM +0800, Tang Bin wrote:
> In the function ad7746_probe(), the initialized value of 'ret' is unused,
> because it will be assigned by the function i2c_smbus_write_byte_data(),
> thus remove it.
>
> Signed-off-by: Tang Bin
Thanks!
Reviewed-by
to leaving it as-is.
The unused "int ret = 0;" just introduces a static checker warning about
unused assignments and disables the static checker warning for
uninitialized variables so we want to remove that.
regards,
dan carpenter
___
er != LED_API_NUC6) {
> - ret = nuc_nmi_cmd(dev, LED_VERSION_CONTROL, input, output);
> - ver = output[0] | output[1] << 16;
> - if (!ver)
> - ver = LED_API_REV_0_64;
> - else if (ver == 0x0126
on 0.64 is supported */
> + if (ver != LED_API_REV_0_64)
> + return -ENODEV;
> +
> if (!leds) {
> dev_warn(dev, "No LEDs found\n");
> return -ENODEV;
regards,
dan carpenter
_
get rid of it and just add some giant comments and
defines to do the math.
But changing it to a pointer isn't right.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
There was a Smatch check for these bugs. This was a good source of
recurring Reported-by tags for me. ;) Thanks for doing this.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org
ccasionally asked people if they were trying to do a fast path
optimization but it's always just a typo.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
The commit description is not clear but this patch doesn't change how
the code works, it just silences a static checker false positive.
Just ignore the false positive. Always just ignore static checkers
when they are wrong.
regards,
dan carpenter
Can't you just make these functions static instead?
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
nc__);
> #endif
The #ifdef can go as well.
>
> spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
regads,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
>
> -enum _BAND {
> +enum _band {
_band is a bad name.
> GHZ24_50 = 0,
> GHZ_50,
> GHZ_24,
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
int qlge_adapter_down(struct qlge_adapter *qdev)
> qlge_tx_ring_clean(qdev);
>
> /* Call netif_napi_del() from common point.
> - */
> + */
This has already been fixed upstream. You should be working against
linux-next or staging-next.
https://lore.kernel.org/driverdev-devel/
ommon enough to worry about.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
e copy and pasting "repalce" over and over...
> and the entry in /proc/irq/ will not be created
> since the .name might be used by userspace and we don't want to break
> userspace, so we are changing the parameters passed to request_irq()
> be fixed in different patchsets.
Yep. You maybe went a tad too aggressive in fixing the checkpatch
warnings about parentheses... If you didn't introduce the warning, then
you can just leave it as-is.
Anyway, looks good.
Reviewed-by: Dan Carpent
^^^
The commit message says you're removing lines but you're also adding
them. :P
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
ligned but now the indenting is
whacky. I think you did these patches with a script which is fine, but
always take a look over the over finished patch to double check by hand.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http:
rtl8723bs/hal/HalBtc8723b1Ant.c:154:
+ struct BTC_COEXIST * pBtCoexist, bool bForceExec, u32 disRateMask
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
line so all the patch does is
introduce static checker warnings for no reason.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
0/40 MHz BSS or
> + *- all STAs in the BSS are 20 MHz HT in 20 MHz BSS
> + *Set to 1 (HT non-member protection) if there may be non-HT STAs
> + *in both the primary and the secondary channel
> + *Set to 2 if only HT STAs are associated in BSS,
> + *however and at least one 20 MHz
as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot
Reported-by: Dan Carpenter
smatch warnings:
drivers/char/xillybus/xillybus_class.c:86 xillybus_init_chrdev() warn: ignoring
unreachable code.
drivers/char
that
it's 0-255. I had not marked "msg1.ssid.data.data" as a protected
struct member so it didn't generate a warning.
I think cfg80211_scan_request structs are filled out in a systematic
way in ieee80211_request_ibss_scan() and they're bounds checked properly
so this isn't a bug.
>
On Fri, Mar 05, 2021 at 10:58:17AM -0600, Edmundo Carmona Antoranz wrote:
> On Fri, Mar 5, 2021 at 2:59 AM Dan Carpenter wrote:
> > - if (sec_len > 0 && sec_len <= len) {
> > +
This code has a check to prevent read overflow but it needs another
check to prevent writing beyond the end of the ->ssid[] array.
Fixes: a2c60d42d97c ("staging: r8188eu: Add files for new driver - part 16")
Signed-off-by: Dan Carpenter
---
drivers/staging/rtl8188eu/os_dep/ioct
The "ie_len" is a value in the 1-255 range that comes from the user. We
have to cap it to ensure that it's not too large or it could lead to
memory corruption.
Fixes: 9a7fe54ddc3a ("staging: r8188eu: Add source files for new driver - part
1")
Signed-off-by: Dan Carpenter
has problems.
I really want Smatch to be able to figure the netlink stuff... That
should be doable.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
We need to cap len at IW_ESSID_MAX_SIZE (32) to avoid memory corruption.
This can be controlled by the user via the ioctl.
Fixes: 5f53d8ca3d5d ("Staging: add rtl8192SU wireless usb driver")
Signed-off-by: Dan Carpenter
---
drivers/staging/rtl8192u/r8192U_wx.c | 6 --
1 file
ry. The patch introduces a bug. You need to
be careful following checkpatch's advice because it's just a simple
Perl script.
> }
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
The user can specify a "req->essid_len" of up to 255 but if it's
over IW_ESSID_MAX_SIZE (32) that can lead to memory corruption.
Fixes: 13a9930d15b4 ("staging: ks7010: add driver from Nanonote
extra-repository")
Signed-off-by: Dan Carpenter
---
drivers/staging/k
once
> (it's not being used to concatenate strings) so there is no need to keep
> the pointer "p", remove it.
>
> Signed-off-by: Candy Febriyanto
> ---
Looks good. TBH, v1 was also fine. I should have just acked it instead
of commenting...
Reviewed-by: D
tput);
> if ((output_len + len + 1) > 4096) {
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
On Fri, Feb 26, 2021 at 05:05:26PM +0300, Dan Carpenter wrote:
> Here is a v2 of my check. I've changed it to mark all "->ssid" and
> everything in "(struct ieee80211_network)" as protected. I'm just
> playing around with it at this point to explore what works
;
> u8 len;
> - u8 data[];
> + u8 data[0];
Nah... Just ignore Sparse on this.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
This indenting style is wrong. There should be a spaces around the '*'
character:
/*
* Result:
* 0x00: success
* 0x01: sucess, and check Response.
* 0x02: cmd ignored due to duplicated sequcne number
* 0x03: cmd dropped due to invalid cmd code
* 0x04: reserved.
*/
regards,
dan carpenter
___
On Fri, Feb 26, 2021 at 02:51:57PM +, Lee Gibson wrote:
> Function _rtl92e_wx_set_scan calls memcpy without checking the length.
> A user could control that length and trigger a buffer overflow.
> Fix by checking the length is within the maximum allowed size.
>
> Reviewed-by
Here is a v2 of my check. I've changed it to mark all "->ssid" and
everything in "(struct ieee80211_network)" as protected. I'm just
playing around with it at this point to explore what works best. It's
impossible to know until after some results come back.
regards,
; Changes in v2:
> Changed to use min_t as per useful suggestions
This kind of information is supposed to go below the --- cut off line
>
> Signed-off-by: Lee Gibson
> ---
^^^
here.
regards,
dan carpenter
___
devel mailing list
de...@
req->essid,
> req->essid_len);
> --
Well done. You can add a Reviewed-by: Dan Carpenter
to your final patch. How did you spot this bug? It's so ancient that
the Fixes tag would look messed up.
commit 94a799425eee8225a1e3fbe5f473d2ef04002577
Author: Larry F
_SIZE;
> > +
>
> How about using the "pattern" the other wireless drivers use of:
>
> int len = min((int)req->essid_len, IW_ESSID_MAX_SIZE);
I bet checkpatch complains that we should use min_t() instead (but I'm
too lazy to verify).
int len = min_t(
Looks good.
Reviewed-by: Dan Carpenter
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
t; >
> > drivers/staging/wimax/i2400m/fw.c| 2 +-
> > drivers/staging/wimax/i2400m/op-rfkill.c | 2 +-
> > 2 files changed, 2 insertions(+), 2 deletions(-)
> >
> > --
> > 2.30.1
> >
> ping?
The merge window is open so no one is merging
The memdup_user() function does not necessarily return a NUL terminated
string so this can lead to a read overflow. Switch from memdup_user()
to strndup_user() to fix this bug.
Fixes: c6dc001f2add ("staging: r8712u: Merging Realtek's latest (v2.6.6).
Various fixes.")
Signed-o
arning about a blank line after an open curly brace.
Rename FooBar to foo_bar to silence a checkpatch warning about
CamelCase.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/li
I have added the Driver Devel list to the CC list. Adding linux-kernel
is sort of useless. The correct people who are interested in this patch
are all on the Driver Devel list.
On Mon, Feb 22, 2021 at 07:12:22PM +0530, karthek wrote:
> On Mon, Feb 22, 2021 at 04:21:33PM +0300, Dan Carpen
On Mon, Feb 22, 2021 at 11:31:48AM +0530, karthek wrote:
> On Mon, Feb 22, 2021 at 11:10 AM Dan Carpenter
> wrote:
> >
> > On Sat, Feb 20, 2021 at 05:04:00PM +0530, karthik alapati wrote:
> > > fix sparse warning by casting to explicit user address-space
> > >
ulkarni
This breaks the build.
Also just ignore this checkpatch warning. The original defines are
fine.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
> - * close to where the data is generated.
> */
> -/*
> -static const struct nla_policy wimax_gnl_re_status_change[WIMAX_GNL_ATTR_MAX
> + 1] = {
> - [WIMAX_GNL_STCH_STATE_OLD] = { .type = NLA_U8 },
> - [WIMAX_GNL_STCH_STATE_NEW]
On Sat, Feb 20, 2021 at 05:56:47PM +0530, karthik alapati wrote:
> fix sparse byte-order warnings by converting host byte-order
> types to le32 types
>
> Signed-off-by: karthik alapati
This is a v2 patch...
regards,
dan carpenter
___
d
h doesn't also fix
the buffer overflows when we pass:
result = p80211req_dorequest(wlandev, msgbuf);
How do we know that "msgbuf" is large enough?
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
t; ---
Looks okay to me. Thanks!
Reviewed-by: Dan Carpenter
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
ap around even make sense?
I hope that if you review the code a bit I think you will find that the
wrap around is impossible? Just fix the two callers and delete this
macro.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
ested
Heh. Nope.
This breaks the build.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
It's against the rules to send two patches with the same subject. Also
both subjects are too vague.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
!test_bit(IN_TX,
>flags),
10);
[tab x6][space x7]!test_bit(IN_TX, >flags)
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
On Fri, Feb 19, 2021 at 12:03:18PM +0300, Nikolay Kyx wrote:
> This patch fixes the following checkpatch.pl check:
>
> CHECK: Alignment should match open parenthesis
>
> in file fwserial.c
>
> Additionally some style warnings remain valid here and could be fixed by
> another patch.
>
Don't
part of the
user space API so it's not possible.
The best we can do is adding some more comments so people know why we
are doing the scary casts.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
On Fri, Feb 19, 2021 at 05:51:59AM +0530, karthik alapati wrote:
> convert le32 types to host byte-order types before
> comparison
>
Already fixed. Please work against staging-next or linux-next.
regards,
dan carpenter
___
devel mailin
g.
>
> thank you mr. dan carpenter
You're welcome. (These sorts of comments do go below the --- cut off
line so that's fine.)
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/ma
e and it has to go above the Signed-off-by
line.
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
No problem. These days I have fibre to my house, but I still remember
trying to clone the kernel when I could only buy 20MB of data at a
time. :P
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http
* the MSD state is set to HWPRESENT because we
regards,
dan carpenter
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
riv = >securitypriv;
>
> memset(pcur_dot11txpn, 0, 8);
> - if (NULL == StaAddr)
> + if (StaAddr == NULL)
The prefered format for this is actually:
if (!StaAddr)
return;
regards,
dan carpenter
__
itting these sorts of patches. However, to
> finish my 10th challenge I was tasked to do exactly that. So I ask you
> kindly to pull this patch if possible.
>
> Thank you for your time,
These patches are fine in staging.
regards,
dan carpenter
___
1 - 100 of 5776 matches
Mail list logo