lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sun, 2 Feb 2014 19:01:04 +0100
From:	Greg KH <gregkh@...uxfoundation.org>
To:	Dave Jones <davej@...hat.com>,
	Linux Kernel <linux-kernel@...r.kernel.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Larry Finger <Larry.Finger@...inger.net>
Subject: Re: rtl8821ae.

On Sun, Feb 02, 2014 at 11:05:12AM -0500, Dave Jones wrote:
> On Sun, Feb 02, 2014 at 03:41:27AM -0800, scan-admin@...erity.com wrote:
>  > 
>  > Please find the latest report on new defect(s) introduced to Linux found with Coverity Scan.
>  > 
>  > Defect(s) Reported-by: Coverity Scan
>  > Showing 20 of 83 defect(s)
> 
> Ugh, this is even worse than the usual realtek drivers. (With the exception of rtl8188eu)
> All 83 of those new defects came from this new driver, and while there's
> a bunch of "who cares" type things in there, there's a load of stuff that
> needs fixing a lot more urgently than CodingStyle issues or anything else in the TODO
> for that driver.
> 
> A bigger problem though, is what is the plan for these realtek drivers ?
> They've been in staging forever. rtl8187se has been there for _five_ years with
> no indication it's ever getting promoted to first class status.

This new driver will be moved to drivers/net/wireless for 3.15, Larry
has a real port of it to the proper apis and the like, cleaning up these
types of issues already.  It didn't make 3.14, which is why I added the
staging version for now (i.e. I want the hardware I have to work...)

> The git logs are littered mostly with CodingStyle cleanups, sparse cleanups and such,
> meanwhile for five years they've had out of bounds reads, overflows, and such 
> for this whole time.  Even worse, when one of the drivers gets fixes for actual
> problems like this, they never make it back to Realtek, who clone the same
> old shitty driver they shipped last time, and reintroduce new variants of the
> same damn bugs, and then we import the new turd into staging and start all over again.
> 
> I get the whole "a shit driver is better than no driver", but there's no discernable
> effort to ever improve this pile, just to keep adding to it.

Larry is the one who could answer for the remaining realtek drivers, and
the "changes don't flow back" issues.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists