* [PATCH AUTOSEL 5.10 09/33] staging: rtl8712: Fix return type for implementation of ndo_start_xmit
[not found] <20221013002334.1894749-1-sashal@kernel.org>
@ 2022-10-13 0:23 ` Sasha Levin
2022-10-13 0:23 ` [PATCH AUTOSEL 5.10 10/33] staging: rtl8192e: " Sasha Levin
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Sasha Levin @ 2022-10-13 0:23 UTC (permalink / raw)
To: linux-kernel, stable
Cc: GUO Zihua, Greg Kroah-Hartman, Sasha Levin, Larry.Finger,
florian.c.schilhabel, asif.kgauri, skumark1902, fmdefrancesco,
linux-staging
From: GUO Zihua <guozihua@huawei.com>
[ Upstream commit 307d343620e1fc7a6a2b7a1cdadb705532c9b6a5 ]
CFI (Control Flow Integrity) is a safety feature allowing the system to
detect and react should a potential control flow hijacking occurs. In
particular, the Forward-Edge CFI protects indirect function calls by
ensuring the prototype of function that is actually called matches the
definition of the function hook.
Since Linux now supports CFI, it will be a good idea to fix mismatched
return type for implementation of hooks. Otherwise this would get
cought out by CFI and cause a panic.
Use enums from netdev_tx_t as return value instead, then change return
type to netdev_tx_t.
Signed-off-by: GUO Zihua <guozihua@huawei.com>
Link: https://lore.kernel.org/r/20220905130230.11230-1-guozihua@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8712/xmit_linux.c | 6 +++---
drivers/staging/rtl8712/xmit_osdep.h | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/staging/rtl8712/xmit_linux.c b/drivers/staging/rtl8712/xmit_linux.c
index 1f67d86c606f..8ec8edbb7fd8 100644
--- a/drivers/staging/rtl8712/xmit_linux.c
+++ b/drivers/staging/rtl8712/xmit_linux.c
@@ -147,7 +147,7 @@ void r8712_xmit_complete(struct _adapter *padapter, struct xmit_frame *pxframe)
pxframe->pkt = NULL;
}
-int r8712_xmit_entry(_pkt *pkt, struct net_device *netdev)
+netdev_tx_t r8712_xmit_entry(_pkt *pkt, struct net_device *netdev)
{
struct xmit_frame *xmitframe = NULL;
struct _adapter *adapter = netdev_priv(netdev);
@@ -172,11 +172,11 @@ int r8712_xmit_entry(_pkt *pkt, struct net_device *netdev)
}
xmitpriv->tx_pkts++;
xmitpriv->tx_bytes += xmitframe->attrib.last_txcmdsz;
- return 0;
+ return NETDEV_TX_OK;
_xmit_entry_drop:
if (xmitframe)
r8712_free_xmitframe(xmitpriv, xmitframe);
xmitpriv->tx_drop++;
dev_kfree_skb_any(pkt);
- return 0;
+ return NETDEV_TX_OK;
}
diff --git a/drivers/staging/rtl8712/xmit_osdep.h b/drivers/staging/rtl8712/xmit_osdep.h
index 21f6b31e0f50..3f2f5edd2d91 100644
--- a/drivers/staging/rtl8712/xmit_osdep.h
+++ b/drivers/staging/rtl8712/xmit_osdep.h
@@ -34,7 +34,7 @@ struct sta_xmit_priv;
struct xmit_frame;
struct xmit_buf;
-int r8712_xmit_entry(_pkt *pkt, struct net_device *pnetdev);
+netdev_tx_t r8712_xmit_entry(_pkt *pkt, struct net_device *pnetdev);
void r8712_SetFilter(struct work_struct *work);
int r8712_xmit_resource_alloc(struct _adapter *padapter,
struct xmit_buf *pxmitbuf);
--
2.35.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH AUTOSEL 5.10 10/33] staging: rtl8192e: Fix return type for implementation of ndo_start_xmit
[not found] <20221013002334.1894749-1-sashal@kernel.org>
2022-10-13 0:23 ` [PATCH AUTOSEL 5.10 09/33] staging: rtl8712: Fix return type for implementation of ndo_start_xmit Sasha Levin
@ 2022-10-13 0:23 ` Sasha Levin
2022-10-18 9:48 ` Pavel Machek
2022-10-13 0:23 ` [PATCH AUTOSEL 5.10 12/33] staging: vt6655: fix potential memory leak Sasha Levin
` (3 subsequent siblings)
5 siblings, 1 reply; 7+ messages in thread
From: Sasha Levin @ 2022-10-13 0:23 UTC (permalink / raw)
To: linux-kernel, stable
Cc: GUO Zihua, Greg Kroah-Hartman, Sasha Levin, philipp.g.hortmann,
dave, paskripkin, dan.carpenter, yogi.kernel, yangyingliang,
f3sch.git, linux-staging
From: GUO Zihua <guozihua@huawei.com>
[ Upstream commit 513d9a61156d79dd0979c4ad400c8587f52cbb9d ]
CFI (Control Flow Integrity) is a safety feature allowing the system to
detect and react should a potential control flow hijacking occurs. In
particular, the Forward-Edge CFI protects indirect function calls by
ensuring the prototype of function that is actually called matches the
definition of the function hook.
Since Linux now supports CFI, it will be a good idea to fix mismatched
return type for implementation of hooks. Otherwise this would get
cought out by CFI and cause a panic.
Use enums from netdev_tx_t as return value instead, then change return
type to netdev_tx_t. Note that rtllib_xmit_inter() would return 1 only
on allocation failure and the queue is stopped if that happens, meeting
the documented requirement if NETDEV_TX_BUSY should be returned by
ndo_start_xmit.
Signed-off-by: GUO Zihua <guozihua@huawei.com>
Link: https://lore.kernel.org/r/20220905130053.10731-1-guozihua@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8192e/rtllib.h | 2 +-
drivers/staging/rtl8192e/rtllib_tx.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/rtl8192e/rtllib.h b/drivers/staging/rtl8192e/rtllib.h
index 367db4acc785..f7c590bbcd7f 100644
--- a/drivers/staging/rtl8192e/rtllib.h
+++ b/drivers/staging/rtl8192e/rtllib.h
@@ -1938,7 +1938,7 @@ int rtllib_encrypt_fragment(
struct sk_buff *frag,
int hdr_len);
-int rtllib_xmit(struct sk_buff *skb, struct net_device *dev);
+netdev_tx_t rtllib_xmit(struct sk_buff *skb, struct net_device *dev);
void rtllib_txb_free(struct rtllib_txb *txb);
/* rtllib_rx.c */
diff --git a/drivers/staging/rtl8192e/rtllib_tx.c b/drivers/staging/rtl8192e/rtllib_tx.c
index e0d79daca24a..e5207891bf79 100644
--- a/drivers/staging/rtl8192e/rtllib_tx.c
+++ b/drivers/staging/rtl8192e/rtllib_tx.c
@@ -964,9 +964,9 @@ static int rtllib_xmit_inter(struct sk_buff *skb, struct net_device *dev)
}
-int rtllib_xmit(struct sk_buff *skb, struct net_device *dev)
+netdev_tx_t rtllib_xmit(struct sk_buff *skb, struct net_device *dev)
{
memset(skb->cb, 0, sizeof(skb->cb));
- return rtllib_xmit_inter(skb, dev);
+ return rtllib_xmit_inter(skb, dev) ? NETDEV_TX_BUSY : NETDEV_TX_OK;
}
EXPORT_SYMBOL(rtllib_xmit);
--
2.35.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH AUTOSEL 5.10 12/33] staging: vt6655: fix potential memory leak
[not found] <20221013002334.1894749-1-sashal@kernel.org>
2022-10-13 0:23 ` [PATCH AUTOSEL 5.10 09/33] staging: rtl8712: Fix return type for implementation of ndo_start_xmit Sasha Levin
2022-10-13 0:23 ` [PATCH AUTOSEL 5.10 10/33] staging: rtl8192e: " Sasha Levin
@ 2022-10-13 0:23 ` Sasha Levin
2022-10-13 0:23 ` [PATCH AUTOSEL 5.10 25/33] staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() Sasha Levin
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Sasha Levin @ 2022-10-13 0:23 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Nam Cao, Philipp Hortmann, Greg Kroah-Hartman, Sasha Levin,
forest, tomm.merciai, linux-staging
From: Nam Cao <namcaov@gmail.com>
[ Upstream commit c8ff91535880d41b49699b3829fb6151942de29e ]
In function device_init_td0_ring, memory is allocated for member
td_info of priv->apTD0Rings[i], with i increasing from 0. In case of
allocation failure, the memory is freed in reversed order, with i
decreasing to 0. However, the case i=0 is left out and thus memory is
leaked.
Modify the memory freeing loop to include the case i=0.
Tested-by: Philipp Hortmann <philipp.g.hortmann@gmail.com>
Signed-off-by: Nam Cao <namcaov@gmail.com>
Link: https://lore.kernel.org/r/20220909141338.19343-1-namcaov@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/vt6655/device_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/vt6655/device_main.c b/drivers/staging/vt6655/device_main.c
index 09ab6d6f2429..d66dd5289a7c 100644
--- a/drivers/staging/vt6655/device_main.c
+++ b/drivers/staging/vt6655/device_main.c
@@ -675,7 +675,7 @@ static int device_init_td0_ring(struct vnt_private *priv)
return 0;
err_free_desc:
- while (--i) {
+ while (i--) {
desc = &priv->apTD0Rings[i];
kfree(desc->td_info);
}
--
2.35.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH AUTOSEL 5.10 25/33] staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv()
[not found] <20221013002334.1894749-1-sashal@kernel.org>
` (2 preceding siblings ...)
2022-10-13 0:23 ` [PATCH AUTOSEL 5.10 12/33] staging: vt6655: fix potential memory leak Sasha Levin
@ 2022-10-13 0:23 ` Sasha Levin
2022-10-13 0:23 ` [PATCH AUTOSEL 5.10 26/33] staging: rtl8192u: Fix return type of ieee80211_xmit Sasha Levin
2022-10-13 0:23 ` [PATCH AUTOSEL 5.10 27/33] staging: octeon: Fix return type of cvm_oct_xmit and cvm_oct_xmit_pow Sasha Levin
5 siblings, 0 replies; 7+ messages in thread
From: Sasha Levin @ 2022-10-13 0:23 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Xiaoke Wang, Greg Kroah-Hartman, Sasha Levin, kushalkothari285,
namcaov, remckee0, saurav.girepunje, eng.alaamohamedsoliman.am,
jagathjog1996, linux-staging
From: Xiaoke Wang <xkernel.wang@foxmail.com>
[ Upstream commit 708056fba733a73d926772ea4ce9a42d240345da ]
In rtw_init_cmd_priv(), if `pcmdpriv->rsp_allocated_buf` is allocated
in failure, then `pcmdpriv->cmd_allocated_buf` will be not properly
released. Besides, considering there are only two error paths and the
first one can directly return, so we do not need implicitly jump to the
`exit` tag to execute the error handler.
So this patch added `kfree(pcmdpriv->cmd_allocated_buf);` on the error
path to release the resource and simplified the return logic of
rtw_init_cmd_priv(). As there is no proper device to test with, no runtime
testing was performed.
Signed-off-by: Xiaoke Wang <xkernel.wang@foxmail.com>
Link: https://lore.kernel.org/r/tencent_2B7931B79BA38E22205C5A09EFDF11E48805@qq.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8723bs/core/rtw_cmd.c | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
diff --git a/drivers/staging/rtl8723bs/core/rtw_cmd.c b/drivers/staging/rtl8723bs/core/rtw_cmd.c
index 2abe205e3453..cee05385f872 100644
--- a/drivers/staging/rtl8723bs/core/rtw_cmd.c
+++ b/drivers/staging/rtl8723bs/core/rtw_cmd.c
@@ -165,8 +165,6 @@ No irqsave is necessary.
int rtw_init_cmd_priv(struct cmd_priv *pcmdpriv)
{
- int res = 0;
-
init_completion(&pcmdpriv->cmd_queue_comp);
init_completion(&pcmdpriv->terminate_cmdthread_comp);
@@ -178,18 +176,16 @@ int rtw_init_cmd_priv(struct cmd_priv *pcmdpriv)
pcmdpriv->cmd_allocated_buf = rtw_zmalloc(MAX_CMDSZ + CMDBUFF_ALIGN_SZ);
- if (!pcmdpriv->cmd_allocated_buf) {
- res = -ENOMEM;
- goto exit;
- }
+ if (!pcmdpriv->cmd_allocated_buf)
+ return -ENOMEM;
pcmdpriv->cmd_buf = pcmdpriv->cmd_allocated_buf + CMDBUFF_ALIGN_SZ - ((SIZE_PTR)(pcmdpriv->cmd_allocated_buf) & (CMDBUFF_ALIGN_SZ-1));
pcmdpriv->rsp_allocated_buf = rtw_zmalloc(MAX_RSPSZ + 4);
if (!pcmdpriv->rsp_allocated_buf) {
- res = -ENOMEM;
- goto exit;
+ kfree(pcmdpriv->cmd_allocated_buf);
+ return -ENOMEM;
}
pcmdpriv->rsp_buf = pcmdpriv->rsp_allocated_buf + 4 - ((SIZE_PTR)(pcmdpriv->rsp_allocated_buf) & 3);
@@ -199,8 +195,8 @@ int rtw_init_cmd_priv(struct cmd_priv *pcmdpriv)
pcmdpriv->rsp_cnt = 0;
mutex_init(&pcmdpriv->sctx_mutex);
-exit:
- return res;
+
+ return 0;
}
static void c2h_wk_callback(_workitem * work);
--
2.35.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH AUTOSEL 5.10 26/33] staging: rtl8192u: Fix return type of ieee80211_xmit
[not found] <20221013002334.1894749-1-sashal@kernel.org>
` (3 preceding siblings ...)
2022-10-13 0:23 ` [PATCH AUTOSEL 5.10 25/33] staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() Sasha Levin
@ 2022-10-13 0:23 ` Sasha Levin
2022-10-13 0:23 ` [PATCH AUTOSEL 5.10 27/33] staging: octeon: Fix return type of cvm_oct_xmit and cvm_oct_xmit_pow Sasha Levin
5 siblings, 0 replies; 7+ messages in thread
From: Sasha Levin @ 2022-10-13 0:23 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Nathan Huckleberry, llvm, Dan Carpenter, Nathan Chancellor,
Greg Kroah-Hartman, Sasha Levin, ndesaulniers, ztong0001, dave,
linux-staging
From: Nathan Huckleberry <nhuck@google.com>
[ Upstream commit 2851349ac351010a2649e0ff86a1e3d68fe5d683 ]
The ndo_start_xmit field in net_device_ops is expected to be of type
netdev_tx_t (*ndo_start_xmit)(struct sk_buff *skb, struct net_device *dev).
The mismatched return type breaks forward edge kCFI since the underlying
function definition does not match the function hook definition.
The return type of ieee80211_xmit should be changed from int to
netdev_tx_t.
Link: https://github.com/ClangBuiltLinux/linux/issues/1703
Cc: llvm@lists.linux.dev
Reported-by: Dan Carpenter <error27@gmail.com>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Nathan Huckleberry <nhuck@google.com>
Link: https://lore.kernel.org/r/20220914210750.423048-1-nhuck@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/rtl8192u/ieee80211/ieee80211.h | 2 +-
drivers/staging/rtl8192u/ieee80211/ieee80211_tx.c | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211.h b/drivers/staging/rtl8192u/ieee80211/ieee80211.h
index 39f4ddd86796..4658e79d50f7 100644
--- a/drivers/staging/rtl8192u/ieee80211/ieee80211.h
+++ b/drivers/staging/rtl8192u/ieee80211/ieee80211.h
@@ -2178,7 +2178,7 @@ int ieee80211_set_encryption(struct ieee80211_device *ieee);
int ieee80211_encrypt_fragment(struct ieee80211_device *ieee,
struct sk_buff *frag, int hdr_len);
-int ieee80211_xmit(struct sk_buff *skb, struct net_device *dev);
+netdev_tx_t ieee80211_xmit(struct sk_buff *skb, struct net_device *dev);
void ieee80211_txb_free(struct ieee80211_txb *txb);
diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_tx.c b/drivers/staging/rtl8192u/ieee80211/ieee80211_tx.c
index 63a561ab4a76..50d536a4c382 100644
--- a/drivers/staging/rtl8192u/ieee80211/ieee80211_tx.c
+++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_tx.c
@@ -526,7 +526,7 @@ static void ieee80211_query_seqnum(struct ieee80211_device *ieee,
}
}
-int ieee80211_xmit(struct sk_buff *skb, struct net_device *dev)
+netdev_tx_t ieee80211_xmit(struct sk_buff *skb, struct net_device *dev)
{
struct ieee80211_device *ieee = netdev_priv(dev);
struct ieee80211_txb *txb = NULL;
@@ -822,13 +822,13 @@ int ieee80211_xmit(struct sk_buff *skb, struct net_device *dev)
if ((*ieee->hard_start_xmit)(txb, dev) == 0) {
stats->tx_packets++;
stats->tx_bytes += __le16_to_cpu(txb->payload_size);
- return 0;
+ return NETDEV_TX_OK;
}
ieee80211_txb_free(txb);
}
}
- return 0;
+ return NETDEV_TX_OK;
failed:
spin_unlock_irqrestore(&ieee->lock, flags);
--
2.35.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH AUTOSEL 5.10 27/33] staging: octeon: Fix return type of cvm_oct_xmit and cvm_oct_xmit_pow
[not found] <20221013002334.1894749-1-sashal@kernel.org>
` (4 preceding siblings ...)
2022-10-13 0:23 ` [PATCH AUTOSEL 5.10 26/33] staging: rtl8192u: Fix return type of ieee80211_xmit Sasha Levin
@ 2022-10-13 0:23 ` Sasha Levin
5 siblings, 0 replies; 7+ messages in thread
From: Sasha Levin @ 2022-10-13 0:23 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Nathan Huckleberry, llvm, Dan Carpenter, Nathan Chancellor,
Arnd Bergmann, Greg Kroah-Hartman, Sasha Levin, ndesaulniers,
linux-staging
From: Nathan Huckleberry <nhuck@google.com>
[ Upstream commit b77599043f00fce9253d0f22522c5d5b521555ce ]
The ndo_start_xmit field in net_device_ops is expected to be of type
netdev_tx_t (*ndo_start_xmit)(struct sk_buff *skb, struct net_device *dev).
The mismatched return type breaks forward edge kCFI since the underlying
function definition does not match the function hook definition.
The return type of cvm_oct_xmit and cvm_oct_xmit_pow should be changed
from int to netdev_tx_t.
Link: https://github.com/ClangBuiltLinux/linux/issues/1703
Cc: llvm@lists.linux.dev
Reported-by: Dan Carpenter <error27@gmail.com>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Nathan Huckleberry <nhuck@google.com>
Link: https://lore.kernel.org/r/20220914211057.423617-1-nhuck@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/octeon/ethernet-tx.c | 4 ++--
drivers/staging/octeon/ethernet-tx.h | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/staging/octeon/ethernet-tx.c b/drivers/staging/octeon/ethernet-tx.c
index 9c71ad5af7b9..17ee9163ddbd 100644
--- a/drivers/staging/octeon/ethernet-tx.c
+++ b/drivers/staging/octeon/ethernet-tx.c
@@ -125,7 +125,7 @@ static void cvm_oct_free_tx_skbs(struct net_device *dev)
*
* Returns Always returns NETDEV_TX_OK
*/
-int cvm_oct_xmit(struct sk_buff *skb, struct net_device *dev)
+netdev_tx_t cvm_oct_xmit(struct sk_buff *skb, struct net_device *dev)
{
union cvmx_pko_command_word0 pko_command;
union cvmx_buf_ptr hw_buffer;
@@ -507,7 +507,7 @@ int cvm_oct_xmit(struct sk_buff *skb, struct net_device *dev)
* Returns Always returns zero
*/
-int cvm_oct_xmit_pow(struct sk_buff *skb, struct net_device *dev)
+netdev_tx_t cvm_oct_xmit_pow(struct sk_buff *skb, struct net_device *dev)
{
struct octeon_ethernet *priv = netdev_priv(dev);
void *packet_buffer;
diff --git a/drivers/staging/octeon/ethernet-tx.h b/drivers/staging/octeon/ethernet-tx.h
index 78936e9b33b0..6c524668f65a 100644
--- a/drivers/staging/octeon/ethernet-tx.h
+++ b/drivers/staging/octeon/ethernet-tx.h
@@ -5,8 +5,8 @@
* Copyright (c) 2003-2007 Cavium Networks
*/
-int cvm_oct_xmit(struct sk_buff *skb, struct net_device *dev);
-int cvm_oct_xmit_pow(struct sk_buff *skb, struct net_device *dev);
+netdev_tx_t cvm_oct_xmit(struct sk_buff *skb, struct net_device *dev);
+netdev_tx_t cvm_oct_xmit_pow(struct sk_buff *skb, struct net_device *dev);
int cvm_oct_transmit_qos(struct net_device *dev, void *work_queue_entry,
int do_free, int qos);
void cvm_oct_tx_initialize(void);
--
2.35.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH AUTOSEL 5.10 10/33] staging: rtl8192e: Fix return type for implementation of ndo_start_xmit
2022-10-13 0:23 ` [PATCH AUTOSEL 5.10 10/33] staging: rtl8192e: " Sasha Levin
@ 2022-10-18 9:48 ` Pavel Machek
0 siblings, 0 replies; 7+ messages in thread
From: Pavel Machek @ 2022-10-18 9:48 UTC (permalink / raw)
To: Sasha Levin
Cc: linux-kernel, stable, GUO Zihua, Greg Kroah-Hartman,
philipp.g.hortmann, dave, paskripkin, dan.carpenter, yogi.kernel,
yangyingliang, f3sch.git, linux-staging
[-- Attachment #1: Type: text/plain, Size: 2013 bytes --]
Hi!
> [ Upstream commit 513d9a61156d79dd0979c4ad400c8587f52cbb9d ]
>
> CFI (Control Flow Integrity) is a safety feature allowing the system to
> detect and react should a potential control flow hijacking occurs. In
> particular, the Forward-Edge CFI protects indirect function calls by
> ensuring the prototype of function that is actually called matches the
> definition of the function hook.
>
> Since Linux now supports CFI, it will be a good idea to fix mismatched
> return type for implementation of hooks. Otherwise this would get
> cought out by CFI and cause a panic.
>
> Use enums from netdev_tx_t as return value instead, then change return
> type to netdev_tx_t. Note that rtllib_xmit_inter() would return 1 only
> on allocation failure and the queue is stopped if that happens, meeting
> the documented requirement if NETDEV_TX_BUSY should be returned by
> ndo_start_xmit.
>
> +++ b/drivers/staging/rtl8192e/rtllib_tx.c
> @@ -964,9 +964,9 @@ static int rtllib_xmit_inter(struct sk_buff *skb, struct net_device *dev)
>
> }
>
> -int rtllib_xmit(struct sk_buff *skb, struct net_device *dev)
> +netdev_tx_t rtllib_xmit(struct sk_buff *skb, struct net_device *dev)
> {
> memset(skb->cb, 0, sizeof(skb->cb));
> - return rtllib_xmit_inter(skb, dev);
> + return rtllib_xmit_inter(skb, dev) ? NETDEV_TX_BUSY : NETDEV_TX_OK;
> }
> EXPORT_SYMBOL(rtllib_xmit);
First, rtllib_xmit_inter() should be fixed to return the enum, too.
Second, we really should not take this to stable, as CFI is not
available there. We should drop these patches:
4.19 14/19] staging: rtl8192u: Fix return type of ieee80211_xmit
5.10 09/33] staging: rtl8712: Fix return type for implementation of ndo_start_xmit
5.10 10/33] staging: rtl8192e: Fix return type for implementation of ndo_start_xmit
Thank you,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-10-18 9:48 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20221013002334.1894749-1-sashal@kernel.org>
2022-10-13 0:23 ` [PATCH AUTOSEL 5.10 09/33] staging: rtl8712: Fix return type for implementation of ndo_start_xmit Sasha Levin
2022-10-13 0:23 ` [PATCH AUTOSEL 5.10 10/33] staging: rtl8192e: " Sasha Levin
2022-10-18 9:48 ` Pavel Machek
2022-10-13 0:23 ` [PATCH AUTOSEL 5.10 12/33] staging: vt6655: fix potential memory leak Sasha Levin
2022-10-13 0:23 ` [PATCH AUTOSEL 5.10 25/33] staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() Sasha Levin
2022-10-13 0:23 ` [PATCH AUTOSEL 5.10 26/33] staging: rtl8192u: Fix return type of ieee80211_xmit Sasha Levin
2022-10-13 0:23 ` [PATCH AUTOSEL 5.10 27/33] staging: octeon: Fix return type of cvm_oct_xmit and cvm_oct_xmit_pow Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).