This patch fixes a use-after-free bug that causes a null pointer
dereference in slic_entry_halt.
Since unregister_netdev() will ultimately call slic_entry_halt (the
net_device ndo_stop() virtual function for this device), we should
call it before freeing the memory used by slic_entry_halt.
Signed-off-by: David Matlack <dmatlack@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch fixes a bug that only manifests when the physical address of
the interrupt status register is >4GB. Specifically, the driver was only
telling the device about the lower 32 bits of the ISR. This patch adds
the upper 32 bits.
Signed-off-by: David Matlack <dmatlack@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch fixes a memory leak in slic_card_init. If the driver fails
to poll for an interrupt after requesting config data from the device
the dma memory is never freed.
Signed-off-by: David Matlack <dmatlack@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
As per the TODO file, this patch removes the gratuitous debug
infrastructure. As an extra incentive for removing this code,
the debugfs files are not cleaned up properly. For example, if
register_netdev() fails in slic_entry_probe() then all debugfs
files get left behind, even after the driver module is unloaded.
Touching these files quickly leads to an oops.
Signed-off-by: David Matlack <dmatlack@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch removes two fields from the private "struct adapter".
Specifically,
memorybase duplicate of slic_regs
memorylength written once and never read. This field is trivially
computed with pci_resource_len if it's ever needed in
the future.
Signed-off-by: David Matlack <dmatlack@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch fixes two free-after-free bugs in slic_entry_remove.
Specifically, slic_unmap_mmio_space() iounmaps adapter->slic_regs,
which is the same region of memory as dev->base_addr (iounmap-ed
a few lines later).
Next, both release_mem_region() and pci_release_regions() are called
on the same pci_dev struct.
Signed-off-by: David Matlack <dmatlack@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch fixes a use-after-free bug that can cause a kernel
oops. If slic_card_init fails then slic_entry_probe (the pci
probe() function for this device) will return error without
cleaning up memory.
Signed-off-by: David Matlack <dmatlack@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This issue was reported by coccicheck using the semantic patch
at scripts/coccinelle/api/memdup.cocci, and tested by compilation.
Signed-off-by: Benoit Taine <benoit.taine@lip6.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This should fix a few sparse warnings like the following:
CHECK drivers/staging/rtl8723au/core/rtw_ap.c
drivers/staging/rtl8723au/core/rtw_ap.c:1054:45: warning: incorrect type in argument 3 (different base types)
drivers/staging/rtl8723au/core/rtw_ap.c:1054:45: expected int [signed] gfp
drivers/staging/rtl8723au/core/rtw_ap.c:1054:45: got restricted gfp_t
Signed-off-by: Karim Raslan <karim.allah.ahmed@gmail.com>
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In addition get rid of a couple of empty *_event_callback() handlers
and use dummy_event_callback() instead.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fixup #ifdefs to not build issue_assocrsp() and OnAuth23a() when
CONFIG_8723AU_AP_MODE is not set.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
These are all just used locally, no point cluttering the kernel
namespace with them.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This is all defined nicely in ieee80211.h, this was all duplication
serving no other purpose than to obfuscate the code.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
There really is no need to print this message for anyone not trying to
debug the driver:
rtl8723a_update_ramask => mac_id:0, networkType:0x0b, mask:0x000fffff
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In every last use case, the header was just cleared with memset() so
there is no need to use the complex SetSeqNum() macro when
cpu_to_le16(IEEE80211_SN_TO_SEQ()) output will do just fine.
In addition, get rid of __le16 *fctrl usage when there is no need for
it.
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
