From bianpan2016 at 163.com Sat Dec 3 02:27:37 2016 From: bianpan2016 at 163.com (Pan Bian) Date: Sat, 3 Dec 2016 18:27:37 +0800 Subject: [PATCH 1/1] net: wireless: marvell: fix improper return value Message-ID: <1480760857-4549-1-git-send-email-bianpan2016@163.com> Function lbs_cmd_802_11_sleep_params() always return 0, even if the call to lbs_cmd_with_response() fails. In this case, the parameter @sp will keep uninitialized. Because the return value is 0, its caller (say lbs_sleepparams_read()) will not detect the error, and will copy the uninitialized stack memory to user sapce, resulting in stack information leak. To avoid the bug, this patch returns variable ret (which takes the return value of lbs_cmd_with_response()) instead of 0. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188451 Signed-off-by: Pan Bian --- drivers/net/wireless/marvell/libertas/cmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/marvell/libertas/cmd.c b/drivers/net/wireless/marvell/libertas/cmd.c index 301170c..033ff88 100644 --- a/drivers/net/wireless/marvell/libertas/cmd.c +++ b/drivers/net/wireless/marvell/libertas/cmd.c @@ -305,7 +305,7 @@ int lbs_cmd_802_11_sleep_params(struct lbs_private *priv, uint16_t cmd_action, } lbs_deb_leave_args(LBS_DEB_CMD, "ret %d", ret); - return 0; + return ret; } static int lbs_wait_for_ds_awake(struct lbs_private *priv) -- 1.9.1 From bhumirks at gmail.com Sat Dec 17 14:57:24 2016 From: bhumirks at gmail.com (Bhumika Goyal) Date: Sun, 18 Dec 2016 04:27:24 +0530 Subject: [PATCH] net: wireless: marvell: libertas: constify cfg80211_ops structures Message-ID: <1482015444-28899-1-git-send-email-bhumirks@gmail.com> cfg80211_ops structures are only passed as an argument to the function wiphy_new. This argument is of type const, so cfg80211_ops strutures having this property can be declared as const. Done using Coccinelle @r1 disable optional_qualifier @ identifier i; position p; @@ static struct cfg80211_ops i at p = {...}; @ok1@ identifier r1.i; position p; @@ wiphy_new(&i at p,...) @bad@ position p!={r1.p,ok1.p}; identifier r1.i; @@ i at p @depends on !bad disable optional_qualifier@ identifier r1.i; @@ +const struct cfg80211_ops i; File size before: text data bss dec hex filename 21225 1954 16 23195 5a9b wireless/marvell/libertas/cfg.o File size after: text data bss dec hex filename 22041 1154 16 23211 5aab wireless/marvell/libertas/cfg.o Signed-off-by: Bhumika Goyal --- drivers/net/wireless/marvell/libertas/cfg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/marvell/libertas/cfg.c b/drivers/net/wireless/marvell/libertas/cfg.c index 7ff2efa..3f97acb 100644 --- a/drivers/net/wireless/marvell/libertas/cfg.c +++ b/drivers/net/wireless/marvell/libertas/cfg.c @@ -2086,7 +2086,7 @@ static int lbs_set_power_mgmt(struct wiphy *wiphy, struct net_device *dev, * Initialization */ -static struct cfg80211_ops lbs_cfg80211_ops = { +static const struct cfg80211_ops lbs_cfg80211_ops = { .set_monitor_channel = lbs_cfg_set_monitor_channel, .libertas_set_mesh_channel = lbs_cfg_set_mesh_channel, .scan = lbs_cfg_scan, -- 1.9.1 From kvalo at codeaurora.org Fri Dec 30 05:02:43 2016 From: kvalo at codeaurora.org (Kalle Valo) Date: Fri, 30 Dec 2016 13:02:43 +0000 (UTC) Subject: net: wireless: marvell: libertas: constify cfg80211_ops structures In-Reply-To: <1482015444-28899-1-git-send-email-bhumirks@gmail.com> References: <1482015444-28899-1-git-send-email-bhumirks@gmail.com> Message-ID: <20161230130243.3241161469@smtp.codeaurora.org> Bhumika Goyal wrote: > cfg80211_ops structures are only passed as an argument to the function > wiphy_new. This argument is of type const, so cfg80211_ops strutures > having this property can be declared as const. > Done using Coccinelle > > @r1 disable optional_qualifier @ > identifier i; > position p; > @@ > static struct cfg80211_ops i at p = {...}; > > @ok1@ > identifier r1.i; > position p; > @@ > wiphy_new(&i at p,...) > > @bad@ > position p!={r1.p,ok1.p}; > identifier r1.i; > @@ > i at p > > @depends on !bad disable optional_qualifier@ > identifier r1.i; > @@ > +const > struct cfg80211_ops i; > > File size before: > text data bss dec hex filename > 21225 1954 16 23195 5a9b wireless/marvell/libertas/cfg.o > > File size after: > text data bss dec hex filename > 22041 1154 16 23211 5aab wireless/marvell/libertas/cfg.o > > Signed-off-by: Bhumika Goyal The prefix should be "libertas:", I can fix that before I commit. -- https://patchwork.kernel.org/patch/9479131/ Documentation about submitting wireless patches and checking status from patchwork: https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches From kvalo at codeaurora.org Fri Dec 30 05:56:27 2016 From: kvalo at codeaurora.org (Kalle Valo) Date: Fri, 30 Dec 2016 13:56:27 +0000 (UTC) Subject: libertas: constify cfg80211_ops structures In-Reply-To: <1482015444-28899-1-git-send-email-bhumirks@gmail.com> References: <1482015444-28899-1-git-send-email-bhumirks@gmail.com> Message-ID: <20161230135627.2DCDD61381@smtp.codeaurora.org> Bhumika Goyal wrote: > cfg80211_ops structures are only passed as an argument to the function > wiphy_new. This argument is of type const, so cfg80211_ops strutures > having this property can be declared as const. > Done using Coccinelle > > @r1 disable optional_qualifier @ > identifier i; > position p; > @@ > static struct cfg80211_ops i at p = {...}; > > @ok1@ > identifier r1.i; > position p; > @@ > wiphy_new(&i at p,...) > > @bad@ > position p!={r1.p,ok1.p}; > identifier r1.i; > @@ > i at p > > @depends on !bad disable optional_qualifier@ > identifier r1.i; > @@ > +const > struct cfg80211_ops i; > > File size before: > text data bss dec hex filename > 21225 1954 16 23195 5a9b wireless/marvell/libertas/cfg.o > > File size after: > text data bss dec hex filename > 22041 1154 16 23211 5aab wireless/marvell/libertas/cfg.o > > Signed-off-by: Bhumika Goyal Patch applied to wireless-drivers-next.git, thanks. 26eb994d5239 libertas: constify cfg80211_ops structures -- https://patchwork.kernel.org/patch/9479131/ Documentation about submitting wireless patches and checking status from patchwork: https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches