* [PATCH 0/3 v2] staging: rtl*: Check for NULL header value
@ 2022-01-15 4:24 Kees Cook
2022-01-15 4:24 ` [PATCH 1/3 v2] staging: r8188eu: Drop get_recvframe_data() Kees Cook
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Kees Cook @ 2022-01-15 4:24 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Kees Cook, Larry Finger, Phillip Potter, Michael Straube,
Fabio Aiuto, Florian Schilhabel, Christophe JAILLET,
Zhansaya Bagdauletkyzy, Ivan Safonov, Martin Kaiser, Yang Li,
Nathan Chancellor, Hans de Goede, Dan Carpenter, Marco Cesati,
Joe Perches, Fabio M. De Francesco, linux-kernel, linux-staging,
linux-hardening
Hi,
When building with -Warray-bounds, the following warning is emitted:
In file included from ./include/linux/string.h:253,
from ./arch/x86/include/asm/page_32.h:22,
from ./arch/x86/include/asm/page.h:14,
from ./arch/x86/include/asm/thread_info.h:12,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/rcupdate.h:27,
from ./include/linux/rculist.h:11,
from ./include/linux/sched/signal.h:5,
from ./drivers/staging/rtl8723bs/include/drv_types.h:17,
from drivers/staging/rtl8723bs/core/rtw_recv.c:7:
In function 'memcpy',
inlined from 'wlanhdr_to_ethhdr' at drivers/staging/rtl8723bs/core/rtw_recv.c:1554:2:
./include/linux/fortify-string.h:41:33: warning: '__builtin_memcpy' offset [0, 5] is out of the bounds [0, 0] [-Warray-bounds]
41 | #define __underlying_memcpy __builtin_memcpy
| ^
This is due to various paths to the memcpy() where the compile could
see the destination buffer having a NULL value. This series fixes this
by both eliminating cases where NULL returns were impossible and adding
missing NULL checks where values were possible.
Thanks!
-Kees
v1: https://lore.kernel.org/lkml/20220113002001.3498383-1-keescook@chromium.org/
v2:
- drop get_recvframe_data()
- add missing NULL checks to r8188eu and rtl8723bs (already present in rtl8712)
Kees Cook (3):
staging: r8188eu: Drop get_recvframe_data()
staging: rtl8723bs: Drop get_recvframe_data()
staging: rtl8712: Drop get_recvframe_data()
drivers/staging/r8188eu/core/rtw_recv.c | 6 +++++-
drivers/staging/r8188eu/hal/rtl8188e_rxdesc.c | 4 +---
drivers/staging/r8188eu/include/rtw_recv.h | 9 ---------
drivers/staging/rtl8712/rtl871x_recv.c | 4 ++--
drivers/staging/rtl8712/rtl871x_recv.h | 8 --------
drivers/staging/rtl8723bs/core/rtw_recv.c | 11 ++++++++---
drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c | 3 +--
drivers/staging/rtl8723bs/include/rtw_recv.h | 11 -----------
8 files changed, 17 insertions(+), 39 deletions(-)
--
2.30.2
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/3 v2] staging: r8188eu: Drop get_recvframe_data()
2022-01-15 4:24 [PATCH 0/3 v2] staging: rtl*: Check for NULL header value Kees Cook
@ 2022-01-15 4:24 ` Kees Cook
2022-01-15 4:24 ` [PATCH 2/3 v2] staging: rtl8723bs: " Kees Cook
2022-01-15 4:24 ` [PATCH 3/3 v2] staging: rtl8712: " Kees Cook
2 siblings, 0 replies; 8+ messages in thread
From: Kees Cook @ 2022-01-15 4:24 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Kees Cook, Larry Finger, Phillip Potter, Michael Straube,
Fabio Aiuto, linux-staging, Florian Schilhabel,
Christophe JAILLET, Zhansaya Bagdauletkyzy, Ivan Safonov,
Martin Kaiser, Yang Li, Nathan Chancellor, Hans de Goede,
Dan Carpenter, Marco Cesati, Joe Perches, Fabio M. De Francesco,
linux-kernel, linux-hardening
When building with -Warray-bounds, the following warning is emitted:
In file included from ./include/linux/string.h:253,
from ./arch/x86/include/asm/page_32.h:22,
from ./arch/x86/include/asm/page.h:14,
from ./arch/x86/include/asm/thread_info.h:12,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/rcupdate.h:27,
from ./include/linux/rculist.h:11,
from ./include/linux/sched/signal.h:5,
from ./drivers/staging/rtl8723bs/include/drv_types.h:17,
from drivers/staging/rtl8723bs/core/rtw_recv.c:7:
In function 'memcpy',
inlined from 'wlanhdr_to_ethhdr' at drivers/staging/rtl8723bs/core/rtw_recv.c:1554:2:
./include/linux/fortify-string.h:41:33: warning: '__builtin_memcpy' offset [0, 5] is out of the bounds [0, 0] [-Warray-bounds]
41 | #define __underlying_memcpy __builtin_memcpy
| ^
This is because the compiler sees it is possible for "ptr" to be a NULL
value, and concludes that it has zero size and attempts to copy to it
would overflow. Instead, remove the get_recvframe_data() entirely, as
it's not possible for this to ever be NULL.
Additionally add missing NULL checks after recvframe_pull() (which are
present in the rtl8712 driver).
Cc: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Phillip Potter <phil@philpotter.co.uk>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Michael Straube <straube.linux@gmail.com>
Cc: Fabio Aiuto <fabioaiuto83@gmail.com>
Cc: linux-staging@lists.linux.dev
Signed-off-by: Kees Cook <keescook@chromium.org>
---
drivers/staging/r8188eu/core/rtw_recv.c | 6 +++++-
drivers/staging/r8188eu/hal/rtl8188e_rxdesc.c | 4 +---
drivers/staging/r8188eu/include/rtw_recv.h | 9 ---------
3 files changed, 6 insertions(+), 13 deletions(-)
diff --git a/drivers/staging/r8188eu/core/rtw_recv.c b/drivers/staging/r8188eu/core/rtw_recv.c
index 51a13262a226..946e659ae97a 100644
--- a/drivers/staging/r8188eu/core/rtw_recv.c
+++ b/drivers/staging/r8188eu/core/rtw_recv.c
@@ -1188,7 +1188,7 @@ static int wlanhdr_to_ethhdr(struct recv_frame *precvframe)
struct adapter *adapter = precvframe->adapter;
struct mlme_priv *pmlmepriv = &adapter->mlmepriv;
- u8 *ptr = get_recvframe_data(precvframe); /* point to frame_ctrl field */
+ u8 *ptr = precvframe->rx_data; /* point to frame_ctrl field */
struct rx_pkt_attrib *pattrib = &precvframe->attrib;
if (pattrib->encrypt)
@@ -1223,10 +1223,14 @@ static int wlanhdr_to_ethhdr(struct recv_frame *precvframe)
eth_type = 0x8712;
/* append rx status for mp test packets */
ptr = recvframe_pull(precvframe, (rmv_len - sizeof(struct ethhdr) + 2) - 24);
+ if (!ptr)
+ return _FAIL;
memcpy(ptr, get_rxmem(precvframe), 24);
ptr += 24;
} else {
ptr = recvframe_pull(precvframe, (rmv_len - sizeof(struct ethhdr) + (bsnaphdr ? 2 : 0)));
+ if (!ptr)
+ return _FAIL;
}
memcpy(ptr, pattrib->dst, ETH_ALEN);
diff --git a/drivers/staging/r8188eu/hal/rtl8188e_rxdesc.c b/drivers/staging/r8188eu/hal/rtl8188e_rxdesc.c
index 90d426199f52..bf93ff3af140 100644
--- a/drivers/staging/r8188eu/hal/rtl8188e_rxdesc.c
+++ b/drivers/staging/r8188eu/hal/rtl8188e_rxdesc.c
@@ -128,7 +128,7 @@ void update_recvframe_phyinfo_88e(struct recv_frame *precvframe, struct phy_stat
struct rx_pkt_attrib *pattrib = &precvframe->attrib;
struct hal_data_8188e *pHalData = &padapter->haldata;
struct phy_info *pPHYInfo = &pattrib->phy_info;
- u8 *wlanhdr;
+ u8 *wlanhdr = precvframe->rx_data;
struct odm_per_pkt_info pkt_info;
u8 *sa = NULL;
struct sta_priv *pstapriv;
@@ -138,8 +138,6 @@ void update_recvframe_phyinfo_88e(struct recv_frame *precvframe, struct phy_stat
pkt_info.bPacketToSelf = false;
pkt_info.bPacketBeacon = false;
- wlanhdr = get_recvframe_data(precvframe);
-
pkt_info.bPacketMatchBSSID = ((!IsFrameTypeCtrl(wlanhdr)) &&
!pattrib->icv_err && !pattrib->crc_err &&
!memcmp(get_hdr_bssid(wlanhdr),
diff --git a/drivers/staging/r8188eu/include/rtw_recv.h b/drivers/staging/r8188eu/include/rtw_recv.h
index b43a46887343..920f33235e00 100644
--- a/drivers/staging/r8188eu/include/rtw_recv.h
+++ b/drivers/staging/r8188eu/include/rtw_recv.h
@@ -296,15 +296,6 @@ static inline u8 *get_rx_status(struct recv_frame *precvframe)
return get_rxmem(precvframe);
}
-static inline u8 *get_recvframe_data(struct recv_frame *precvframe)
-{
- /* always return rx_data */
- if (precvframe == NULL)
- return NULL;
-
- return precvframe->rx_data;
-}
-
static inline u8 *recvframe_push(struct recv_frame *precvframe, int sz)
{
/* append data before rx_data */
--
2.30.2
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/3 v2] staging: rtl8723bs: Drop get_recvframe_data()
2022-01-15 4:24 [PATCH 0/3 v2] staging: rtl*: Check for NULL header value Kees Cook
2022-01-15 4:24 ` [PATCH 1/3 v2] staging: r8188eu: Drop get_recvframe_data() Kees Cook
@ 2022-01-15 4:24 ` Kees Cook
2022-01-15 9:12 ` kernel test robot
2022-01-15 4:24 ` [PATCH 3/3 v2] staging: rtl8712: " Kees Cook
2 siblings, 1 reply; 8+ messages in thread
From: Kees Cook @ 2022-01-15 4:24 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Kees Cook, Larry Finger, Phillip Potter, Michael Straube,
Fabio Aiuto, linux-staging, Florian Schilhabel,
Christophe JAILLET, Zhansaya Bagdauletkyzy, Ivan Safonov,
Martin Kaiser, Yang Li, Nathan Chancellor, Hans de Goede,
Dan Carpenter, Marco Cesati, Joe Perches, Fabio M. De Francesco,
linux-kernel, linux-hardening
When building with -Warray-bounds, the following warning is emitted:
In file included from ./include/linux/string.h:253,
from ./arch/x86/include/asm/page_32.h:22,
from ./arch/x86/include/asm/page.h:14,
from ./arch/x86/include/asm/thread_info.h:12,
from ./include/linux/thread_info.h:60,
from ./arch/x86/include/asm/preempt.h:7,
from ./include/linux/preempt.h:78,
from ./include/linux/rcupdate.h:27,
from ./include/linux/rculist.h:11,
from ./include/linux/sched/signal.h:5,
from ./drivers/staging/rtl8723bs/include/drv_types.h:17,
from drivers/staging/rtl8723bs/core/rtw_recv.c:7:
In function 'memcpy',
inlined from 'wlanhdr_to_ethhdr' at drivers/staging/rtl8723bs/core/rtw_recv.c:1554:2:
./include/linux/fortify-string.h:41:33: warning: '__builtin_memcpy' offset [0, 5] is out of the bounds [0, 0] [-Warray-bounds]
41 | #define __underlying_memcpy __builtin_memcpy
| ^
This is because the compiler sees it is possible for "ptr" to be a NULL
value, and concludes that it has zero size and attempts to copy to it
would overflow. Instead, remove the get_recvframe_data() entirely, as
it's not possible for this to ever be NULL.
Additionally add missing NULL checks after recvframe_pull() (which are
present in the rtl8712 driver).
Cc: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Phillip Potter <phil@philpotter.co.uk>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Michael Straube <straube.linux@gmail.com>
Cc: Fabio Aiuto <fabioaiuto83@gmail.com>
Cc: linux-staging@lists.linux.dev
Signed-off-by: Kees Cook <keescook@chromium.org>
---
drivers/staging/rtl8723bs/core/rtw_recv.c | 11 ++++++++---
drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c | 3 +--
drivers/staging/rtl8723bs/include/rtw_recv.h | 11 -----------
3 files changed, 9 insertions(+), 16 deletions(-)
diff --git a/drivers/staging/rtl8723bs/core/rtw_recv.c b/drivers/staging/rtl8723bs/core/rtw_recv.c
index 41bfca549c64..ffb455688a7d 100644
--- a/drivers/staging/rtl8723bs/core/rtw_recv.c
+++ b/drivers/staging/rtl8723bs/core/rtw_recv.c
@@ -465,7 +465,7 @@ static union recv_frame *portctrl(struct adapter *adapter, union recv_frame *pre
auth_alg = adapter->securitypriv.dot11AuthAlgrthm;
- ptr = get_recvframe_data(precv_frame);
+ ptr = precvframe->u.hdr.rx_data;
pfhdr = &precv_frame->u.hdr;
pattrib = &pfhdr->attrib;
psta_addr = pattrib->ta;
@@ -1510,7 +1510,7 @@ static signed int wlanhdr_to_ethhdr(union recv_frame *precvframe)
__be16 be_tmp;
struct adapter *adapter = precvframe->u.hdr.adapter;
struct mlme_priv *pmlmepriv = &adapter->mlmepriv;
- u8 *ptr = get_recvframe_data(precvframe) ; /* point to frame_ctrl field */
+ u8 *ptr = precvframe->u.hdr.rx_data; /* point to frame_ctrl field */
struct rx_pkt_attrib *pattrib = &precvframe->u.hdr.attrib;
if (pattrib->encrypt)
@@ -1546,10 +1546,15 @@ static signed int wlanhdr_to_ethhdr(union recv_frame *precvframe)
eth_type = 0x8712;
/* append rx status for mp test packets */
ptr = recvframe_pull(precvframe, (rmv_len-sizeof(struct ethhdr)+2)-24);
+ if (!ptr)
+ return _FAIL;
memcpy(ptr, get_rxmem(precvframe), 24);
ptr += 24;
- } else
+ } else {
ptr = recvframe_pull(precvframe, (rmv_len-sizeof(struct ethhdr) + (bsnaphdr?2:0)));
+ if (!ptr)
+ return _FAIL;
+ }
memcpy(ptr, pattrib->dst, ETH_ALEN);
memcpy(ptr+ETH_ALEN, pattrib->src, ETH_ALEN);
diff --git a/drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c b/drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c
index c0a1a6fbeb91..74e75dc970f7 100644
--- a/drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c
+++ b/drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c
@@ -81,7 +81,7 @@ static void update_recvframe_phyinfo(union recv_frame *precvframe,
struct odm_phy_info *p_phy_info =
(struct odm_phy_info *)(&pattrib->phy_info);
- u8 *wlanhdr;
+ u8 *wlanhdr = precvframe->u.hdr.rx_data;
u8 *my_bssid;
u8 *rx_bssid;
u8 *rx_ra;
@@ -100,7 +100,6 @@ static void update_recvframe_phyinfo(union recv_frame *precvframe,
struct sta_priv *pstapriv;
struct sta_info *psta;
- wlanhdr = get_recvframe_data(precvframe);
my_bssid = get_bssid(&padapter->mlmepriv);
rx_bssid = get_hdr_bssid(wlanhdr);
pkt_info.bssid_match = ((!IsFrameTypeCtrl(wlanhdr)) &&
diff --git a/drivers/staging/rtl8723bs/include/rtw_recv.h b/drivers/staging/rtl8723bs/include/rtw_recv.h
index a88b7c088a86..44f67103503a 100644
--- a/drivers/staging/rtl8723bs/include/rtw_recv.h
+++ b/drivers/staging/rtl8723bs/include/rtw_recv.h
@@ -385,17 +385,6 @@ static inline u8 *get_rxmem(union recv_frame *precvframe)
return precvframe->u.hdr.rx_head;
}
-static inline u8 *get_recvframe_data(union recv_frame *precvframe)
-{
-
- /* alwasy return rx_data */
- if (precvframe == NULL)
- return NULL;
-
- return precvframe->u.hdr.rx_data;
-
-}
-
static inline u8 *recvframe_pull(union recv_frame *precvframe, signed int sz)
{
/* rx_data += sz; move rx_data sz bytes hereafter */
--
2.30.2
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 3/3 v2] staging: rtl8712: Drop get_recvframe_data()
2022-01-15 4:24 [PATCH 0/3 v2] staging: rtl*: Check for NULL header value Kees Cook
2022-01-15 4:24 ` [PATCH 1/3 v2] staging: r8188eu: Drop get_recvframe_data() Kees Cook
2022-01-15 4:24 ` [PATCH 2/3 v2] staging: rtl8723bs: " Kees Cook
@ 2022-01-15 4:24 ` Kees Cook
2022-01-15 7:00 ` kernel test robot
2 siblings, 1 reply; 8+ messages in thread
From: Kees Cook @ 2022-01-15 4:24 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Kees Cook, Larry Finger, Florian Schilhabel, Christophe JAILLET,
Zhansaya Bagdauletkyzy, Ivan Safonov, linux-staging,
Phillip Potter, Michael Straube, Fabio Aiuto, Martin Kaiser,
Yang Li, Nathan Chancellor, Hans de Goede, Dan Carpenter,
Marco Cesati, Joe Perches, Fabio M. De Francesco, linux-kernel,
linux-hardening
As done for rtl8723bs and r8188eu, drop get_recvframe_data(), as it
introduces an impossible value (NULL) for the compiler to check code
paths against which could result in nonsensical warnings.
Cc: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Florian Schilhabel <florian.c.schilhabel@googlemail.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Cc: Zhansaya Bagdauletkyzy <zhansayabagdaulet@gmail.com>
Cc: Ivan Safonov <insafonov@gmail.com>
Cc: linux-staging@lists.linux.dev
Signed-off-by: Kees Cook <keescook@chromium.org>
---
drivers/staging/rtl8712/rtl871x_recv.c | 4 ++--
drivers/staging/rtl8712/rtl871x_recv.h | 8 --------
2 files changed, 2 insertions(+), 10 deletions(-)
diff --git a/drivers/staging/rtl8712/rtl871x_recv.c b/drivers/staging/rtl8712/rtl871x_recv.c
index c23f6b376111..a069e4d98eef 100644
--- a/drivers/staging/rtl8712/rtl871x_recv.c
+++ b/drivers/staging/rtl8712/rtl871x_recv.c
@@ -234,7 +234,7 @@ union recv_frame *r8712_portctrl(struct _adapter *adapter,
u16 ether_type;
pstapriv = &adapter->stapriv;
- ptr = get_recvframe_data(precv_frame);
+ ptr = precvframe->u.hdr.rx_data;
pfhdr = &precv_frame->u.hdr;
psta_addr = pfhdr->attrib.ta;
psta = r8712_get_stainfo(pstapriv, psta_addr);
@@ -593,7 +593,7 @@ int r8712_wlanhdr_to_ethhdr(union recv_frame *precvframe)
struct _adapter *adapter = precvframe->u.hdr.adapter;
struct mlme_priv *pmlmepriv = &adapter->mlmepriv;
- u8 *ptr = get_recvframe_data(precvframe); /*point to frame_ctrl field*/
+ u8 *ptr = precvframe->u.hdr.rx_data; /*point to frame_ctrl field*/
struct rx_pkt_attrib *pattrib = &precvframe->u.hdr.attrib;
if (pattrib->encrypt)
diff --git a/drivers/staging/rtl8712/rtl871x_recv.h b/drivers/staging/rtl8712/rtl871x_recv.h
index 1c8298bde033..0760bccbf389 100644
--- a/drivers/staging/rtl8712/rtl871x_recv.h
+++ b/drivers/staging/rtl8712/rtl871x_recv.h
@@ -139,14 +139,6 @@ static inline u8 *get_rxmem(union recv_frame *precvframe)
return precvframe->u.hdr.rx_head;
}
-static inline u8 *get_recvframe_data(union recv_frame *precvframe)
-{
- /* always return rx_data */
- if (!precvframe)
- return NULL;
- return precvframe->u.hdr.rx_data;
-}
-
static inline u8 *recvframe_pull(union recv_frame *precvframe, sint sz)
{
/* used for extract sz bytes from rx_data, update rx_data and return
--
2.30.2
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 3/3 v2] staging: rtl8712: Drop get_recvframe_data()
2022-01-15 4:24 ` [PATCH 3/3 v2] staging: rtl8712: " Kees Cook
@ 2022-01-15 7:00 ` kernel test robot
0 siblings, 0 replies; 8+ messages in thread
From: kernel test robot @ 2022-01-15 7:00 UTC (permalink / raw)
To: Kees Cook, Greg Kroah-Hartman
Cc: kbuild-all, Kees Cook, Larry Finger, Florian Schilhabel,
Christophe JAILLET, Zhansaya Bagdauletkyzy, Ivan Safonov,
linux-staging, Phillip Potter, Michael Straube
Hi Kees,
I love your patch! Yet something to improve:
[auto build test ERROR on staging/staging-testing]
url: https://github.com/0day-ci/linux/commits/Kees-Cook/staging-rtl-Check-for-NULL-header-value/20220115-122817
base: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git fa783154524a71ab74e293cd8251155e5971952b
config: x86_64-allyesconfig (https://download.01.org/0day-ci/archive/20220115/202201151447.WZ02BFf7-lkp@intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce (this is a W=1 build):
# https://github.com/0day-ci/linux/commit/190b2c80a0e1844b5e38a9311830227d27533471
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Kees-Cook/staging-rtl-Check-for-NULL-header-value/20220115-122817
git checkout 190b2c80a0e1844b5e38a9311830227d27533471
# save the config file to linux build tree
mkdir build_dir
make W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash drivers/staging/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
drivers/staging/rtl8712/rtl871x_recv.c: In function 'r8712_portctrl':
>> drivers/staging/rtl8712/rtl871x_recv.c:237:8: error: 'precvframe' undeclared (first use in this function); did you mean 'precv_frame'?
237 | ptr = precvframe->u.hdr.rx_data;
| ^~~~~~~~~~
| precv_frame
drivers/staging/rtl8712/rtl871x_recv.c:237:8: note: each undeclared identifier is reported only once for each function it appears in
vim +237 drivers/staging/rtl8712/rtl871x_recv.c
223
224 /*###set the security information in the recv_frame */
225 union recv_frame *r8712_portctrl(struct _adapter *adapter,
226 union recv_frame *precv_frame)
227 {
228 u8 *psta_addr, *ptr;
229 uint auth_alg;
230 struct recv_frame_hdr *pfhdr;
231 struct sta_info *psta;
232 struct sta_priv *pstapriv;
233 union recv_frame *prtnframe;
234 u16 ether_type;
235
236 pstapriv = &adapter->stapriv;
> 237 ptr = precvframe->u.hdr.rx_data;
238 pfhdr = &precv_frame->u.hdr;
239 psta_addr = pfhdr->attrib.ta;
240 psta = r8712_get_stainfo(pstapriv, psta_addr);
241 auth_alg = adapter->securitypriv.AuthAlgrthm;
242 if (auth_alg == 2) {
243 /* get ether_type */
244 ptr = ptr + pfhdr->attrib.hdrlen + LLC_HEADER_SIZE;
245 ether_type = get_unaligned_be16(ptr);
246
247 if (psta && psta->ieee8021x_blocked) {
248 /* blocked
249 * only accept EAPOL frame
250 */
251 if (ether_type == 0x888e) {
252 prtnframe = precv_frame;
253 } else {
254 /*free this frame*/
255 r8712_free_recvframe(precv_frame,
256 &adapter->recvpriv.free_recv_queue);
257 prtnframe = NULL;
258 }
259 } else {
260 /* allowed
261 * check decryption status, and decrypt the
262 * frame if needed
263 */
264 prtnframe = precv_frame;
265 /* check is the EAPOL frame or not (Rekey) */
266 if (ether_type == 0x888e) {
267 /* check Rekey */
268 prtnframe = precv_frame;
269 }
270 }
271 } else {
272 prtnframe = precv_frame;
273 }
274 return prtnframe;
275 }
276
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 3/3 v2] staging: rtl8712: Drop get_recvframe_data()
@ 2022-01-15 7:00 ` kernel test robot
0 siblings, 0 replies; 8+ messages in thread
From: kernel test robot @ 2022-01-15 7:00 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 3565 bytes --]
Hi Kees,
I love your patch! Yet something to improve:
[auto build test ERROR on staging/staging-testing]
url: https://github.com/0day-ci/linux/commits/Kees-Cook/staging-rtl-Check-for-NULL-header-value/20220115-122817
base: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git fa783154524a71ab74e293cd8251155e5971952b
config: x86_64-allyesconfig (https://download.01.org/0day-ci/archive/20220115/202201151447.WZ02BFf7-lkp(a)intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce (this is a W=1 build):
# https://github.com/0day-ci/linux/commit/190b2c80a0e1844b5e38a9311830227d27533471
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Kees-Cook/staging-rtl-Check-for-NULL-header-value/20220115-122817
git checkout 190b2c80a0e1844b5e38a9311830227d27533471
# save the config file to linux build tree
mkdir build_dir
make W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash drivers/staging/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
drivers/staging/rtl8712/rtl871x_recv.c: In function 'r8712_portctrl':
>> drivers/staging/rtl8712/rtl871x_recv.c:237:8: error: 'precvframe' undeclared (first use in this function); did you mean 'precv_frame'?
237 | ptr = precvframe->u.hdr.rx_data;
| ^~~~~~~~~~
| precv_frame
drivers/staging/rtl8712/rtl871x_recv.c:237:8: note: each undeclared identifier is reported only once for each function it appears in
vim +237 drivers/staging/rtl8712/rtl871x_recv.c
223
224 /*###set the security information in the recv_frame */
225 union recv_frame *r8712_portctrl(struct _adapter *adapter,
226 union recv_frame *precv_frame)
227 {
228 u8 *psta_addr, *ptr;
229 uint auth_alg;
230 struct recv_frame_hdr *pfhdr;
231 struct sta_info *psta;
232 struct sta_priv *pstapriv;
233 union recv_frame *prtnframe;
234 u16 ether_type;
235
236 pstapriv = &adapter->stapriv;
> 237 ptr = precvframe->u.hdr.rx_data;
238 pfhdr = &precv_frame->u.hdr;
239 psta_addr = pfhdr->attrib.ta;
240 psta = r8712_get_stainfo(pstapriv, psta_addr);
241 auth_alg = adapter->securitypriv.AuthAlgrthm;
242 if (auth_alg == 2) {
243 /* get ether_type */
244 ptr = ptr + pfhdr->attrib.hdrlen + LLC_HEADER_SIZE;
245 ether_type = get_unaligned_be16(ptr);
246
247 if (psta && psta->ieee8021x_blocked) {
248 /* blocked
249 * only accept EAPOL frame
250 */
251 if (ether_type == 0x888e) {
252 prtnframe = precv_frame;
253 } else {
254 /*free this frame*/
255 r8712_free_recvframe(precv_frame,
256 &adapter->recvpriv.free_recv_queue);
257 prtnframe = NULL;
258 }
259 } else {
260 /* allowed
261 * check decryption status, and decrypt the
262 * frame if needed
263 */
264 prtnframe = precv_frame;
265 /* check is the EAPOL frame or not (Rekey) */
266 if (ether_type == 0x888e) {
267 /* check Rekey */
268 prtnframe = precv_frame;
269 }
270 }
271 } else {
272 prtnframe = precv_frame;
273 }
274 return prtnframe;
275 }
276
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/3 v2] staging: rtl8723bs: Drop get_recvframe_data()
2022-01-15 4:24 ` [PATCH 2/3 v2] staging: rtl8723bs: " Kees Cook
@ 2022-01-15 9:12 ` kernel test robot
0 siblings, 0 replies; 8+ messages in thread
From: kernel test robot @ 2022-01-15 9:12 UTC (permalink / raw)
To: Kees Cook, Greg Kroah-Hartman
Cc: kbuild-all, Kees Cook, Larry Finger, Phillip Potter,
Michael Straube, Fabio Aiuto, linux-staging, Florian Schilhabel,
Christophe JAILLET, Zhansaya Bagdauletkyzy
Hi Kees,
I love your patch! Yet something to improve:
[auto build test ERROR on staging/staging-testing]
url: https://github.com/0day-ci/linux/commits/Kees-Cook/staging-rtl-Check-for-NULL-header-value/20220115-122817
base: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git fa783154524a71ab74e293cd8251155e5971952b
config: riscv-allyesconfig (https://download.01.org/0day-ci/archive/20220115/202201151724.U21w0KEg-lkp@intel.com/config)
compiler: riscv64-linux-gcc (GCC) 11.2.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/0day-ci/linux/commit/0ee2a9ea6309b9087293fe3b38a76421998bff7d
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Kees-Cook/staging-rtl-Check-for-NULL-header-value/20220115-122817
git checkout 0ee2a9ea6309b9087293fe3b38a76421998bff7d
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross O=build_dir ARCH=riscv SHELL=/bin/bash drivers/staging/rtl8723bs/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
drivers/staging/rtl8723bs/core/rtw_recv.c: In function 'portctrl':
>> drivers/staging/rtl8723bs/core/rtw_recv.c:468:15: error: 'precvframe' undeclared (first use in this function); did you mean 'precv_frame'?
468 | ptr = precvframe->u.hdr.rx_data;
| ^~~~~~~~~~
| precv_frame
drivers/staging/rtl8723bs/core/rtw_recv.c:468:15: note: each undeclared identifier is reported only once for each function it appears in
vim +468 drivers/staging/rtl8723bs/core/rtw_recv.c
449
450 /* set the security information in the recv_frame */
451 static union recv_frame *portctrl(struct adapter *adapter, union recv_frame *precv_frame)
452 {
453 u8 *psta_addr = NULL;
454 u8 *ptr;
455 uint auth_alg;
456 struct recv_frame_hdr *pfhdr;
457 struct sta_info *psta;
458 struct sta_priv *pstapriv;
459 union recv_frame *prtnframe;
460 u16 ether_type = 0;
461 u16 eapol_type = 0x888e;/* for Funia BD's WPA issue */
462 struct rx_pkt_attrib *pattrib;
463
464 pstapriv = &adapter->stapriv;
465
466 auth_alg = adapter->securitypriv.dot11AuthAlgrthm;
467
> 468 ptr = precvframe->u.hdr.rx_data;
469 pfhdr = &precv_frame->u.hdr;
470 pattrib = &pfhdr->attrib;
471 psta_addr = pattrib->ta;
472
473 prtnframe = NULL;
474
475 psta = rtw_get_stainfo(pstapriv, psta_addr);
476
477 if (auth_alg == 2) {
478 if ((psta) && (psta->ieee8021x_blocked)) {
479 __be16 be_tmp;
480
481 /* blocked */
482 /* only accept EAPOL frame */
483
484 prtnframe = precv_frame;
485
486 /* get ether_type */
487 ptr = ptr + pfhdr->attrib.hdrlen + pfhdr->attrib.iv_len + LLC_HEADER_LENGTH;
488 memcpy(&be_tmp, ptr, 2);
489 ether_type = ntohs(be_tmp);
490
491 if (ether_type == eapol_type)
492 prtnframe = precv_frame;
493 else {
494 /* free this frame */
495 rtw_free_recvframe(precv_frame, &adapter->recvpriv.free_recv_queue);
496 prtnframe = NULL;
497 }
498 } else {
499 /* allowed */
500 /* check decryption status, and decrypt the frame if needed */
501
502 prtnframe = precv_frame;
503 /* check is the EAPOL frame or not (Rekey) */
504 /* if (ether_type == eapol_type) { */
505 /* check Rekey */
506
507 /* prtnframe =precv_frame; */
508 /* */
509 /* else { */
510 /* */
511 }
512 } else
513 prtnframe = precv_frame;
514
515 return prtnframe;
516 }
517
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/3 v2] staging: rtl8723bs: Drop get_recvframe_data()
@ 2022-01-15 9:12 ` kernel test robot
0 siblings, 0 replies; 8+ messages in thread
From: kernel test robot @ 2022-01-15 9:12 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 4190 bytes --]
Hi Kees,
I love your patch! Yet something to improve:
[auto build test ERROR on staging/staging-testing]
url: https://github.com/0day-ci/linux/commits/Kees-Cook/staging-rtl-Check-for-NULL-header-value/20220115-122817
base: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git fa783154524a71ab74e293cd8251155e5971952b
config: riscv-allyesconfig (https://download.01.org/0day-ci/archive/20220115/202201151724.U21w0KEg-lkp(a)intel.com/config)
compiler: riscv64-linux-gcc (GCC) 11.2.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/0day-ci/linux/commit/0ee2a9ea6309b9087293fe3b38a76421998bff7d
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Kees-Cook/staging-rtl-Check-for-NULL-header-value/20220115-122817
git checkout 0ee2a9ea6309b9087293fe3b38a76421998bff7d
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross O=build_dir ARCH=riscv SHELL=/bin/bash drivers/staging/rtl8723bs/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
drivers/staging/rtl8723bs/core/rtw_recv.c: In function 'portctrl':
>> drivers/staging/rtl8723bs/core/rtw_recv.c:468:15: error: 'precvframe' undeclared (first use in this function); did you mean 'precv_frame'?
468 | ptr = precvframe->u.hdr.rx_data;
| ^~~~~~~~~~
| precv_frame
drivers/staging/rtl8723bs/core/rtw_recv.c:468:15: note: each undeclared identifier is reported only once for each function it appears in
vim +468 drivers/staging/rtl8723bs/core/rtw_recv.c
449
450 /* set the security information in the recv_frame */
451 static union recv_frame *portctrl(struct adapter *adapter, union recv_frame *precv_frame)
452 {
453 u8 *psta_addr = NULL;
454 u8 *ptr;
455 uint auth_alg;
456 struct recv_frame_hdr *pfhdr;
457 struct sta_info *psta;
458 struct sta_priv *pstapriv;
459 union recv_frame *prtnframe;
460 u16 ether_type = 0;
461 u16 eapol_type = 0x888e;/* for Funia BD's WPA issue */
462 struct rx_pkt_attrib *pattrib;
463
464 pstapriv = &adapter->stapriv;
465
466 auth_alg = adapter->securitypriv.dot11AuthAlgrthm;
467
> 468 ptr = precvframe->u.hdr.rx_data;
469 pfhdr = &precv_frame->u.hdr;
470 pattrib = &pfhdr->attrib;
471 psta_addr = pattrib->ta;
472
473 prtnframe = NULL;
474
475 psta = rtw_get_stainfo(pstapriv, psta_addr);
476
477 if (auth_alg == 2) {
478 if ((psta) && (psta->ieee8021x_blocked)) {
479 __be16 be_tmp;
480
481 /* blocked */
482 /* only accept EAPOL frame */
483
484 prtnframe = precv_frame;
485
486 /* get ether_type */
487 ptr = ptr + pfhdr->attrib.hdrlen + pfhdr->attrib.iv_len + LLC_HEADER_LENGTH;
488 memcpy(&be_tmp, ptr, 2);
489 ether_type = ntohs(be_tmp);
490
491 if (ether_type == eapol_type)
492 prtnframe = precv_frame;
493 else {
494 /* free this frame */
495 rtw_free_recvframe(precv_frame, &adapter->recvpriv.free_recv_queue);
496 prtnframe = NULL;
497 }
498 } else {
499 /* allowed */
500 /* check decryption status, and decrypt the frame if needed */
501
502 prtnframe = precv_frame;
503 /* check is the EAPOL frame or not (Rekey) */
504 /* if (ether_type == eapol_type) { */
505 /* check Rekey */
506
507 /* prtnframe =precv_frame; */
508 /* */
509 /* else { */
510 /* */
511 }
512 } else
513 prtnframe = precv_frame;
514
515 return prtnframe;
516 }
517
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-01-15 9:12 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-15 4:24 [PATCH 0/3 v2] staging: rtl*: Check for NULL header value Kees Cook
2022-01-15 4:24 ` [PATCH 1/3 v2] staging: r8188eu: Drop get_recvframe_data() Kees Cook
2022-01-15 4:24 ` [PATCH 2/3 v2] staging: rtl8723bs: " Kees Cook
2022-01-15 9:12 ` kernel test robot
2022-01-15 9:12 ` kernel test robot
2022-01-15 4:24 ` [PATCH 3/3 v2] staging: rtl8712: " Kees Cook
2022-01-15 7:00 ` kernel test robot
2022-01-15 7:00 ` kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.