tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'staging-4.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

Pull staging driver fixes from Greg KH:
"Here are three small staging driver fixes for 4.18-rc7.

One is a revert of an earlier patch that turned out to be incorrect,
one is a fix for the speakup drivers, and the last a fix for the
ks7010 driver to resolve a regression.

All of these have been in linux-next for a while with no reported
issues"

* tag 'staging-4.18-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
staging: speakup: fix wraparound in uaccess length check
staging: ks7010: call 'hostif_mib_set_request_int' instead of 'hostif_mib_set_request_bool'
Revert "staging:r8188eu: Use lib80211 to support TKIP"

Linus Torvalds fd4f84fa a5f9e5da

+179 -109
+6 -6
drivers/staging/ks7010/ks_hostif.c
··· 1842 1842 memset(set_address, 0, NIC_MAX_MCAST_LIST * ETH_ALEN); 1843 1843 1844 1844 if (dev->flags & IFF_PROMISC) { 1845 - hostif_mib_set_request_bool(priv, LOCAL_MULTICAST_FILTER, 1846 - MCAST_FILTER_PROMISC); 1845 + hostif_mib_set_request_int(priv, LOCAL_MULTICAST_FILTER, 1846 + MCAST_FILTER_PROMISC); 1847 1847 goto spin_unlock; 1848 1848 } 1849 1849 1850 1850 if ((netdev_mc_count(dev) > NIC_MAX_MCAST_LIST) || 1851 1851 (dev->flags & IFF_ALLMULTI)) { 1852 - hostif_mib_set_request_bool(priv, LOCAL_MULTICAST_FILTER, 1853 - MCAST_FILTER_MCASTALL); 1852 + hostif_mib_set_request_int(priv, LOCAL_MULTICAST_FILTER, 1853 + MCAST_FILTER_MCASTALL); 1854 1854 goto spin_unlock; 1855 1855 } 1856 1856 ··· 1866 1866 ETH_ALEN * mc_count); 1867 1867 } else { 1868 1868 priv->sme_i.sme_flag |= SME_MULTICAST; 1869 - hostif_mib_set_request_bool(priv, LOCAL_MULTICAST_FILTER, 1870 - MCAST_FILTER_MCAST); 1869 + hostif_mib_set_request_int(priv, LOCAL_MULTICAST_FILTER, 1870 + MCAST_FILTER_MCAST); 1871 1871 } 1872 1872 1873 1873 spin_unlock:
-1
drivers/staging/rtl8188eu/Kconfig
··· 7 7 select LIB80211 8 8 select LIB80211_CRYPT_WEP 9 9 select LIB80211_CRYPT_CCMP 10 - select LIB80211_CRYPT_TKIP 11 10 ---help--- 12 11 This option adds the Realtek RTL8188EU USB device such as TP-Link TL-WN725N. 13 12 If built as a module, it will be called r8188eu.
+119 -52
drivers/staging/rtl8188eu/core/rtw_recv.c
··· 23 23 #include <mon.h> 24 24 #include <wifi.h> 25 25 #include <linux/vmalloc.h> 26 - #include <net/lib80211.h> 27 26 28 27 #define ETHERNET_HEADER_SIZE 14 /* Ethernet Header Length */ 29 28 #define LLC_HEADER_SIZE 6 /* LLC Header Length */ ··· 220 221 static int recvframe_chkmic(struct adapter *adapter, 221 222 struct recv_frame *precvframe) 222 223 { 223 - int res = _SUCCESS; 224 - struct rx_pkt_attrib *prxattrib = &precvframe->attrib; 225 - struct sta_info *stainfo = rtw_get_stainfo(&adapter->stapriv, prxattrib->ta); 224 + int i, res = _SUCCESS; 225 + u32 datalen; 226 + u8 miccode[8]; 227 + u8 bmic_err = false, brpt_micerror = true; 228 + u8 *pframe, *payload, *pframemic; 229 + u8 *mickey; 230 + struct sta_info *stainfo; 231 + struct rx_pkt_attrib *prxattrib = &precvframe->attrib; 232 + struct security_priv *psecuritypriv = &adapter->securitypriv; 233 + 234 + struct mlme_ext_priv *pmlmeext = &adapter->mlmeextpriv; 235 + struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info); 236 + 237 + stainfo = rtw_get_stainfo(&adapter->stapriv, &prxattrib->ta[0]); 226 238 227 239 if (prxattrib->encrypt == _TKIP_) { 228 - if (stainfo) { 229 - int key_idx; 230 - const int iv_len = 8, icv_len = 4, key_length = 32; 231 - struct sk_buff *skb = precvframe->pkt; 232 - u8 key[32], iv[8], icv[4], *pframe = skb->data; 233 - void *crypto_private = NULL; 234 - struct lib80211_crypto_ops *crypto_ops = try_then_request_module(lib80211_get_crypto_ops("TKIP"), "lib80211_crypt_tkip"); 235 - struct security_priv *psecuritypriv = &adapter->securitypriv; 240 + RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, 241 + ("\n %s: prxattrib->encrypt==_TKIP_\n", __func__)); 242 + RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, 243 + ("\n %s: da=0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x\n", 244 + __func__, prxattrib->ra[0], prxattrib->ra[1], prxattrib->ra[2], 245 + prxattrib->ra[3], prxattrib->ra[4], prxattrib->ra[5])); 236 246 247 + /* calculate mic code */ 248 + if (stainfo) { 237 249 if (IS_MCAST(prxattrib->ra)) { 238 250 if (!psecuritypriv) { 239 251 res = _FAIL; ··· 253 243 DBG_88E("\n %s: didn't install group key!!!!!!!!!!\n", __func__); 254 244 goto exit; 255 245 } 256 - key_idx = prxattrib->key_index; 257 - memcpy(key, psecuritypriv->dot118021XGrpKey[key_idx].skey, 16); 258 - memcpy(key + 16, psecuritypriv->dot118021XGrprxmickey[key_idx].skey, 16); 246 + mickey = &psecuritypriv->dot118021XGrprxmickey[prxattrib->key_index].skey[0]; 247 + 248 + RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, 249 + ("\n %s: bcmc key\n", __func__)); 259 250 } else { 260 - key_idx = 0; 261 - memcpy(key, stainfo->dot118021x_UncstKey.skey, 16); 262 - memcpy(key + 16, stainfo->dot11tkiprxmickey.skey, 16); 251 + mickey = &stainfo->dot11tkiprxmickey.skey[0]; 252 + RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, 253 + ("\n %s: unicast key\n", __func__)); 263 254 } 264 255 265 - if (!crypto_ops) { 256 + /* icv_len included the mic code */ 257 + datalen = precvframe->pkt->len-prxattrib->hdrlen - 258 + prxattrib->iv_len-prxattrib->icv_len-8; 259 + pframe = precvframe->pkt->data; 260 + payload = pframe+prxattrib->hdrlen+prxattrib->iv_len; 261 + 262 + RT_TRACE(_module_rtl871x_recv_c_, _drv_info_, ("\n prxattrib->iv_len=%d prxattrib->icv_len=%d\n", prxattrib->iv_len, prxattrib->icv_len)); 263 + rtw_seccalctkipmic(mickey, pframe, payload, datalen, &miccode[0], 264 + (unsigned char)prxattrib->priority); /* care the length of the data */ 265 + 266 + pframemic = payload+datalen; 267 + 268 + bmic_err = false; 269 + 270 + for (i = 0; i < 8; i++) { 271 + if (miccode[i] != *(pframemic+i)) { 272 + RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, 273 + ("%s: miccode[%d](%02x)!=*(pframemic+%d)(%02x) ", 274 + __func__, i, miccode[i], i, *(pframemic + i))); 275 + bmic_err = true; 276 + } 277 + } 278 + 279 + if (bmic_err) { 280 + RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, 281 + ("\n *(pframemic-8)-*(pframemic-1)=0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x\n", 282 + *(pframemic-8), *(pframemic-7), *(pframemic-6), 283 + *(pframemic-5), *(pframemic-4), *(pframemic-3), 284 + *(pframemic-2), *(pframemic-1))); 285 + RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, 286 + ("\n *(pframemic-16)-*(pframemic-9)=0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x\n", 287 + *(pframemic-16), *(pframemic-15), *(pframemic-14), 288 + *(pframemic-13), *(pframemic-12), *(pframemic-11), 289 + *(pframemic-10), *(pframemic-9))); 290 + { 291 + uint i; 292 + 293 + RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, 294 + ("\n ======demp packet (len=%d)======\n", 295 + precvframe->pkt->len)); 296 + for (i = 0; i < precvframe->pkt->len; i += 8) { 297 + RT_TRACE(_module_rtl871x_recv_c_, 298 + _drv_err_, 299 + ("0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x:0x%02x", 300 + *(precvframe->pkt->data+i), 301 + *(precvframe->pkt->data+i+1), 302 + *(precvframe->pkt->data+i+2), 303 + *(precvframe->pkt->data+i+3), 304 + *(precvframe->pkt->data+i+4), 305 + *(precvframe->pkt->data+i+5), 306 + *(precvframe->pkt->data+i+6), 307 + *(precvframe->pkt->data+i+7))); 308 + } 309 + RT_TRACE(_module_rtl871x_recv_c_, 310 + _drv_err_, 311 + ("\n ====== demp packet end [len=%d]======\n", 312 + precvframe->pkt->len)); 313 + RT_TRACE(_module_rtl871x_recv_c_, 314 + _drv_err_, 315 + ("\n hrdlen=%d,\n", 316 + prxattrib->hdrlen)); 317 + } 318 + 319 + RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, 320 + ("ra=0x%.2x 0x%.2x 0x%.2x 0x%.2x 0x%.2x 0x%.2x psecuritypriv->binstallGrpkey=%d ", 321 + prxattrib->ra[0], prxattrib->ra[1], prxattrib->ra[2], 322 + prxattrib->ra[3], prxattrib->ra[4], prxattrib->ra[5], psecuritypriv->binstallGrpkey)); 323 + 324 + /* double check key_index for some timing issue , */ 325 + /* cannot compare with psecuritypriv->dot118021XGrpKeyid also cause timing issue */ 326 + if ((IS_MCAST(prxattrib->ra) == true) && (prxattrib->key_index != pmlmeinfo->key_index)) 327 + brpt_micerror = false; 328 + 329 + if ((prxattrib->bdecrypted) && (brpt_micerror)) { 330 + rtw_handle_tkip_mic_err(adapter, (u8)IS_MCAST(prxattrib->ra)); 331 + RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, (" mic error :prxattrib->bdecrypted=%d ", prxattrib->bdecrypted)); 332 + DBG_88E(" mic error :prxattrib->bdecrypted=%d\n", prxattrib->bdecrypted); 333 + } else { 334 + RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, (" mic error :prxattrib->bdecrypted=%d ", prxattrib->bdecrypted)); 335 + DBG_88E(" mic error :prxattrib->bdecrypted=%d\n", prxattrib->bdecrypted); 336 + } 266 337 res = _FAIL; 267 - goto exit_lib80211_tkip; 338 + } else { 339 + /* mic checked ok */ 340 + if ((!psecuritypriv->bcheck_grpkey) && (IS_MCAST(prxattrib->ra))) { 341 + psecuritypriv->bcheck_grpkey = true; 342 + RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, ("psecuritypriv->bcheck_grpkey = true")); 343 + } 268 344 } 269 - 270 - memcpy(iv, pframe + prxattrib->hdrlen, iv_len); 271 - memcpy(icv, pframe + skb->len - icv_len, icv_len); 272 - memmove(pframe + iv_len, pframe, prxattrib->hdrlen); 273 - 274 - skb_pull(skb, iv_len); 275 - skb_trim(skb, skb->len - icv_len); 276 - 277 - crypto_private = crypto_ops->init(key_idx); 278 - if (!crypto_private) { 279 - res = _FAIL; 280 - goto exit_lib80211_tkip; 281 - } 282 - if (crypto_ops->set_key(key, key_length, NULL, crypto_private) < 0) { 283 - res = _FAIL; 284 - goto exit_lib80211_tkip; 285 - } 286 - if (crypto_ops->decrypt_msdu(skb, key_idx, prxattrib->hdrlen, crypto_private)) { 287 - res = _FAIL; 288 - goto exit_lib80211_tkip; 289 - } 290 - 291 - memmove(pframe, pframe + iv_len, prxattrib->hdrlen); 292 - skb_push(skb, iv_len); 293 - skb_put(skb, icv_len); 294 - 295 - memcpy(pframe + prxattrib->hdrlen, iv, iv_len); 296 - memcpy(pframe + skb->len - icv_len, icv, icv_len); 297 - 298 - exit_lib80211_tkip: 299 - if (crypto_ops && crypto_private) 300 - crypto_ops->deinit(crypto_private); 301 345 } else { 302 346 RT_TRACE(_module_rtl871x_recv_c_, _drv_err_, 303 347 ("%s: rtw_get_stainfo==NULL!!!\n", __func__)); 304 348 } 349 + 350 + skb_trim(precvframe->pkt, precvframe->pkt->len - 8); 305 351 } 306 352 307 353 exit: 354 + 308 355 return res; 309 356 } 310 357
+49 -49
drivers/staging/rtl8188eu/core/rtw_security.c
··· 650 650 return res; 651 651 } 652 652 653 + /* The hlen isn't include the IV */ 653 654 u32 rtw_tkip_decrypt(struct adapter *padapter, u8 *precvframe) 654 - { 655 - struct rx_pkt_attrib *prxattrib = &((struct recv_frame *)precvframe)->attrib; 656 - u32 res = _SUCCESS; 655 + { /* exclude ICV */ 656 + u16 pnl; 657 + u32 pnh; 658 + u8 rc4key[16]; 659 + u8 ttkey[16]; 660 + u8 crc[4]; 661 + struct arc4context mycontext; 662 + int length; 663 + 664 + u8 *pframe, *payload, *iv, *prwskey; 665 + union pn48 dot11txpn; 666 + struct sta_info *stainfo; 667 + struct rx_pkt_attrib *prxattrib = &((struct recv_frame *)precvframe)->attrib; 668 + struct security_priv *psecuritypriv = &padapter->securitypriv; 669 + u32 res = _SUCCESS; 670 + 671 + 672 + pframe = (unsigned char *)((struct recv_frame *)precvframe)->pkt->data; 657 673 658 674 /* 4 start to decrypt recvframe */ 659 675 if (prxattrib->encrypt == _TKIP_) { 660 - struct sta_info *stainfo = rtw_get_stainfo(&padapter->stapriv, prxattrib->ta); 661 - 676 + stainfo = rtw_get_stainfo(&padapter->stapriv, &prxattrib->ta[0]); 662 677 if (stainfo) { 663 - int key_idx; 664 - const int iv_len = 8, icv_len = 4, key_length = 32; 665 - void *crypto_private = NULL; 666 - struct sk_buff *skb = ((struct recv_frame *)precvframe)->pkt; 667 - u8 key[32], iv[8], icv[4], *pframe = skb->data; 668 - struct lib80211_crypto_ops *crypto_ops = try_then_request_module(lib80211_get_crypto_ops("TKIP"), "lib80211_crypt_tkip"); 669 - struct security_priv *psecuritypriv = &padapter->securitypriv; 670 - 671 678 if (IS_MCAST(prxattrib->ra)) { 672 679 if (!psecuritypriv->binstallGrpkey) { 673 680 res = _FAIL; 674 681 DBG_88E("%s:rx bc/mc packets, but didn't install group key!!!!!!!!!!\n", __func__); 675 682 goto exit; 676 683 } 677 - key_idx = prxattrib->key_index; 678 - memcpy(key, psecuritypriv->dot118021XGrpKey[key_idx].skey, 16); 679 - memcpy(key + 16, psecuritypriv->dot118021XGrprxmickey[key_idx].skey, 16); 684 + prwskey = psecuritypriv->dot118021XGrpKey[prxattrib->key_index].skey; 680 685 } else { 681 - key_idx = 0; 682 - memcpy(key, stainfo->dot118021x_UncstKey.skey, 16); 683 - memcpy(key + 16, stainfo->dot11tkiprxmickey.skey, 16); 686 + RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("%s: stainfo!= NULL!!!\n", __func__)); 687 + prwskey = &stainfo->dot118021x_UncstKey.skey[0]; 684 688 } 685 689 686 - if (!crypto_ops) { 690 + iv = pframe+prxattrib->hdrlen; 691 + payload = pframe+prxattrib->iv_len+prxattrib->hdrlen; 692 + length = ((struct recv_frame *)precvframe)->pkt->len-prxattrib->hdrlen-prxattrib->iv_len; 693 + 694 + GET_TKIP_PN(iv, dot11txpn); 695 + 696 + pnl = (u16)(dot11txpn.val); 697 + pnh = (u32)(dot11txpn.val>>16); 698 + 699 + phase1((u16 *)&ttkey[0], prwskey, &prxattrib->ta[0], pnh); 700 + phase2(&rc4key[0], prwskey, (unsigned short *)&ttkey[0], pnl); 701 + 702 + /* 4 decrypt payload include icv */ 703 + 704 + arcfour_init(&mycontext, rc4key, 16); 705 + arcfour_encrypt(&mycontext, payload, payload, length); 706 + 707 + *((__le32 *)crc) = getcrc32(payload, length-4); 708 + 709 + if (crc[3] != payload[length-1] || 710 + crc[2] != payload[length-2] || 711 + crc[1] != payload[length-3] || 712 + crc[0] != payload[length-4]) { 713 + RT_TRACE(_module_rtl871x_security_c_, _drv_err_, 714 + ("rtw_wep_decrypt:icv error crc (%4ph)!=payload (%4ph)\n", 715 + &crc, &payload[length-4])); 687 716 res = _FAIL; 688 - goto exit_lib80211_tkip; 689 717 } 690 - 691 - memcpy(iv, pframe + prxattrib->hdrlen, iv_len); 692 - memcpy(icv, pframe + skb->len - icv_len, icv_len); 693 - 694 - crypto_private = crypto_ops->init(key_idx); 695 - if (!crypto_private) { 696 - res = _FAIL; 697 - goto exit_lib80211_tkip; 698 - } 699 - if (crypto_ops->set_key(key, key_length, NULL, crypto_private) < 0) { 700 - res = _FAIL; 701 - goto exit_lib80211_tkip; 702 - } 703 - if (crypto_ops->decrypt_mpdu(skb, prxattrib->hdrlen, crypto_private)) { 704 - res = _FAIL; 705 - goto exit_lib80211_tkip; 706 - } 707 - 708 - memmove(pframe, pframe + iv_len, prxattrib->hdrlen); 709 - skb_push(skb, iv_len); 710 - skb_put(skb, icv_len); 711 - 712 - memcpy(pframe + prxattrib->hdrlen, iv, iv_len); 713 - memcpy(pframe + skb->len - icv_len, icv, icv_len); 714 - 715 - exit_lib80211_tkip: 716 - if (crypto_ops && crypto_private) 717 - crypto_ops->deinit(crypto_private); 718 718 } else { 719 719 RT_TRACE(_module_rtl871x_security_c_, _drv_err_, ("rtw_tkip_decrypt: stainfo==NULL!!!\n")); 720 720 res = _FAIL;
+5 -1
drivers/staging/speakup/speakup_soft.c
··· 198 198 int chars_sent = 0; 199 199 char __user *cp; 200 200 char *init; 201 + size_t bytes_per_ch = unicode ? 3 : 1; 201 202 u16 ch; 202 203 int empty; 203 204 unsigned long flags; 204 205 DEFINE_WAIT(wait); 206 + 207 + if (count < bytes_per_ch) 208 + return -EINVAL; 205 209 206 210 spin_lock_irqsave(&speakup_info.spinlock, flags); 207 211 while (1) { ··· 232 228 init = get_initstring(); 233 229 234 230 /* Keep 3 bytes available for a 16bit UTF-8-encoded character */ 235 - while (chars_sent <= count - 3) { 231 + while (chars_sent <= count - bytes_per_ch) { 236 232 if (speakup_info.flushing) { 237 233 speakup_info.flushing = 0; 238 234 ch = '\x18';