lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 2 Feb 2014 11:05:12 -0500
From:	Dave Jones <davej@...hat.com>
To:	gregkh@...uxfoundation.org
Cc:	Linux Kernel <linux-kernel@...r.kernel.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: rtl8821ae.

On Sun, Feb 02, 2014 at 03:41:27AM -0800, scan-admin@...erity.com wrote:
 > 
 > Please find the latest report on new defect(s) introduced to Linux found with Coverity Scan.
 > 
 > Defect(s) Reported-by: Coverity Scan
 > Showing 20 of 83 defect(s)

Ugh, this is even worse than the usual realtek drivers. (With the exception of rtl8188eu)
All 83 of those new defects came from this new driver, and while there's
a bunch of "who cares" type things in there, there's a load of stuff that
needs fixing a lot more urgently than CodingStyle issues or anything else in the TODO
for that driver.

A bigger problem though, is what is the plan for these realtek drivers ?
They've been in staging forever. rtl8187se has been there for _five_ years with
no indication it's ever getting promoted to first class status.

The git logs are littered mostly with CodingStyle cleanups, sparse cleanups and such,
meanwhile for five years they've had out of bounds reads, overflows, and such 
for this whole time.  Even worse, when one of the drivers gets fixes for actual
problems like this, they never make it back to Realtek, who clone the same
old shitty driver they shipped last time, and reintroduce new variants of the
same damn bugs, and then we import the new turd into staging and start all over again.

I get the whole "a shit driver is better than no driver", but there's no discernable
effort to ever improve this pile, just to keep adding to it.

	Dave

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ