From: Maya Erez <merez@codeaurora.org>
To: Kalle Valo <kvalo@codeaurora.org>
Cc: Ahmad Masri <amasri@codeaurora.org>,
linux-wireless@vger.kernel.org, wil6210@qti.qualcomm.com,
Maya Erez <merez@codeaurora.org>
Subject: [PATCH 13/21] wil6210: check mid is valid
Date: Fri, 22 Feb 2019 16:21:11 +0200 [thread overview]
Message-ID: <1550845279-16103-14-git-send-email-merez@codeaurora.org> (raw)
In-Reply-To: <1550845279-16103-1-git-send-email-merez@codeaurora.org>
From: Ahmad Masri <amasri@codeaurora.org>
Check that the mid is valid and that it does not exceed the memory
size allocated to vifs array.
Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
---
drivers/net/wireless/ath/wil6210/cfg80211.c | 6 +++---
drivers/net/wireless/ath/wil6210/debugfs.c | 10 +++++-----
drivers/net/wireless/ath/wil6210/main.c | 8 ++++----
drivers/net/wireless/ath/wil6210/netdev.c | 10 +++++-----
drivers/net/wireless/ath/wil6210/pcie_bus.c | 4 ++--
drivers/net/wireless/ath/wil6210/pm.c | 6 +++---
drivers/net/wireless/ath/wil6210/wil6210.h | 1 +
drivers/net/wireless/ath/wil6210/wmi.c | 2 +-
8 files changed, 24 insertions(+), 23 deletions(-)
diff --git a/drivers/net/wireless/ath/wil6210/cfg80211.c b/drivers/net/wireless/ath/wil6210/cfg80211.c
index a1e226652..e8d65dd 100644
--- a/drivers/net/wireless/ath/wil6210/cfg80211.c
+++ b/drivers/net/wireless/ath/wil6210/cfg80211.c
@@ -465,7 +465,7 @@ static int wil_cfg80211_validate_add_iface(struct wil6210_priv *wil,
.num_different_channels = 1,
};
- for (i = 0; i < wil->max_vifs; i++) {
+ for (i = 0; i < GET_MAX_VIFS(wil); i++) {
if (wil->vifs[i]) {
wdev = vif_to_wdev(wil->vifs[i]);
params.iftype_num[wdev->iftype]++;
@@ -486,7 +486,7 @@ static int wil_cfg80211_validate_change_iface(struct wil6210_priv *wil,
};
bool check_combos = false;
- for (i = 0; i < wil->max_vifs; i++) {
+ for (i = 0; i < GET_MAX_VIFS(wil); i++) {
struct wil6210_vif *vif_pos = wil->vifs[i];
if (vif_pos && vif != vif_pos) {
@@ -1806,7 +1806,7 @@ void wil_cfg80211_ap_recovery(struct wil6210_priv *wil)
int rc, i;
struct wiphy *wiphy = wil_to_wiphy(wil);
- for (i = 0; i < wil->max_vifs; i++) {
+ for (i = 0; i < GET_MAX_VIFS(wil); i++) {
struct wil6210_vif *vif = wil->vifs[i];
struct net_device *ndev;
struct cfg80211_beacon_data bcon = {};
diff --git a/drivers/net/wireless/ath/wil6210/debugfs.c b/drivers/net/wireless/ath/wil6210/debugfs.c
index 27cb182..817762f 100644
--- a/drivers/net/wireless/ath/wil6210/debugfs.c
+++ b/drivers/net/wireless/ath/wil6210/debugfs.c
@@ -1381,7 +1381,7 @@ static int link_show(struct seq_file *s, void *data)
if (p->status != wil_sta_connected)
continue;
- vif = (mid < wil->max_vifs) ? wil->vifs[mid] : NULL;
+ vif = (mid < GET_MAX_VIFS(wil)) ? wil->vifs[mid] : NULL;
if (vif) {
rc = wil_cid_fill_sinfo(vif, i, sinfo);
if (rc)
@@ -1579,7 +1579,7 @@ static int sta_show(struct seq_file *s, void *data)
break;
}
mid = (p->status != wil_sta_unused) ? p->mid : U8_MAX;
- if (mid < wil->max_vifs) {
+ if (mid < GET_MAX_VIFS(wil)) {
struct wil6210_vif *vif = wil->vifs[mid];
if (vif->wdev.iftype == NL80211_IFTYPE_STATION &&
@@ -1645,7 +1645,7 @@ static int mids_show(struct seq_file *s, void *data)
int i;
mutex_lock(&wil->vif_mutex);
- for (i = 0; i < wil->max_vifs; i++) {
+ for (i = 0; i < GET_MAX_VIFS(wil); i++) {
vif = wil->vifs[i];
if (vif) {
@@ -1866,7 +1866,7 @@ static int wil_link_stats_debugfs_show(struct seq_file *s, void *data)
/* iterate over all MIDs and show per-cid statistics. Then show the
* global statistics
*/
- for (i = 0; i < wil->max_vifs; i++) {
+ for (i = 0; i < GET_MAX_VIFS(wil); i++) {
vif = wil->vifs[i];
seq_printf(s, "MID %d ", i);
@@ -1922,7 +1922,7 @@ static ssize_t wil_link_stats_write(struct file *file, const char __user *buf,
if (rc)
return rc;
- for (i = 0; i < wil->max_vifs; i++) {
+ for (i = 0; i < GET_MAX_VIFS(wil); i++) {
vif = wil->vifs[i];
if (!vif)
continue;
diff --git a/drivers/net/wireless/ath/wil6210/main.c b/drivers/net/wireless/ath/wil6210/main.c
index f2432ad..6a6bfb3 100644
--- a/drivers/net/wireless/ath/wil6210/main.c
+++ b/drivers/net/wireless/ath/wil6210/main.c
@@ -685,7 +685,7 @@ void wil_bcast_fini_all(struct wil6210_priv *wil)
int i;
struct wil6210_vif *vif;
- for (i = 0; i < wil->max_vifs; i++) {
+ for (i = 0; i < GET_MAX_VIFS(wil); i++) {
vif = wil->vifs[i];
if (vif)
wil_bcast_fini(vif);
@@ -1483,7 +1483,7 @@ void wil_abort_scan_all_vifs(struct wil6210_priv *wil, bool sync)
lockdep_assert_held(&wil->vif_mutex);
- for (i = 0; i < wil->max_vifs; i++) {
+ for (i = 0; i < GET_MAX_VIFS(wil); i++) {
struct wil6210_vif *vif = wil->vifs[i];
if (vif)
@@ -1551,7 +1551,7 @@ static int wil_restore_vifs(struct wil6210_priv *wil)
struct wireless_dev *wdev;
int i, rc;
- for (i = 0; i < wil->max_vifs; i++) {
+ for (i = 0; i < GET_MAX_VIFS(wil); i++) {
vif = wil->vifs[i];
if (!vif)
continue;
@@ -1627,7 +1627,7 @@ int wil_reset(struct wil6210_priv *wil, bool load_fw)
wil_abort_scan_all_vifs(wil, false);
mutex_unlock(&wil->vif_mutex);
- for (i = 0; i < wil->max_vifs; i++) {
+ for (i = 0; i < GET_MAX_VIFS(wil); i++) {
vif = wil->vifs[i];
if (vif) {
cancel_work_sync(&vif->disconnect_worker);
diff --git a/drivers/net/wireless/ath/wil6210/netdev.c b/drivers/net/wireless/ath/wil6210/netdev.c
index b4e0eb1..59f041d 100644
--- a/drivers/net/wireless/ath/wil6210/netdev.c
+++ b/drivers/net/wireless/ath/wil6210/netdev.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2012-2017 Qualcomm Atheros, Inc.
- * Copyright (c) 2018, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -27,7 +27,7 @@ bool wil_has_other_active_ifaces(struct wil6210_priv *wil,
struct wil6210_vif *vif;
struct net_device *ndev_i;
- for (i = 0; i < wil->max_vifs; i++) {
+ for (i = 0; i < GET_MAX_VIFS(wil); i++) {
vif = wil->vifs[i];
if (vif) {
ndev_i = vif_to_ndev(vif);
@@ -155,7 +155,7 @@ static int wil6210_netdev_poll_tx(struct napi_struct *napi, int budget)
struct wil6210_vif *vif;
if (!ring->va || !txdata->enabled ||
- txdata->mid >= wil->max_vifs)
+ txdata->mid >= GET_MAX_VIFS(wil))
continue;
vif = wil->vifs[txdata->mid];
@@ -294,7 +294,7 @@ static u8 wil_vif_find_free_mid(struct wil6210_priv *wil)
{
u8 i;
- for (i = 0; i < wil->max_vifs; i++) {
+ for (i = 0; i < GET_MAX_VIFS(wil); i++) {
if (!wil->vifs[i])
return i;
}
@@ -500,7 +500,7 @@ void wil_vif_remove(struct wil6210_priv *wil, u8 mid)
bool any_active = wil_has_active_ifaces(wil, true, false);
ASSERT_RTNL();
- if (mid >= wil->max_vifs) {
+ if (mid >= GET_MAX_VIFS(wil)) {
wil_err(wil, "invalid MID: %d\n", mid);
return;
}
diff --git a/drivers/net/wireless/ath/wil6210/pcie_bus.c b/drivers/net/wireless/ath/wil6210/pcie_bus.c
index c8c6613..3b82d6c 100644
--- a/drivers/net/wireless/ath/wil6210/pcie_bus.c
+++ b/drivers/net/wireless/ath/wil6210/pcie_bus.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2012-2017 Qualcomm Atheros, Inc.
- * Copyright (c) 2018, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -176,7 +176,7 @@ static void wil_remove_all_additional_vifs(struct wil6210_priv *wil)
struct wil6210_vif *vif;
int i;
- for (i = 1; i < wil->max_vifs; i++) {
+ for (i = 1; i < GET_MAX_VIFS(wil); i++) {
vif = wil->vifs[i];
if (vif) {
wil_vif_prepare_stop(vif);
diff --git a/drivers/net/wireless/ath/wil6210/pm.c b/drivers/net/wireless/ath/wil6210/pm.c
index f307522..56143e7 100644
--- a/drivers/net/wireless/ath/wil6210/pm.c
+++ b/drivers/net/wireless/ath/wil6210/pm.c
@@ -26,7 +26,7 @@ static void wil_pm_wake_connected_net_queues(struct wil6210_priv *wil)
int i;
mutex_lock(&wil->vif_mutex);
- for (i = 0; i < wil->max_vifs; i++) {
+ for (i = 0; i < GET_MAX_VIFS(wil); i++) {
struct wil6210_vif *vif = wil->vifs[i];
if (vif && test_bit(wil_vif_fwconnected, vif->status))
@@ -40,7 +40,7 @@ static void wil_pm_stop_all_net_queues(struct wil6210_priv *wil)
int i;
mutex_lock(&wil->vif_mutex);
- for (i = 0; i < wil->max_vifs; i++) {
+ for (i = 0; i < GET_MAX_VIFS(wil); i++) {
struct wil6210_vif *vif = wil->vifs[i];
if (vif)
@@ -123,7 +123,7 @@ int wil_can_suspend(struct wil6210_priv *wil, bool is_runtime)
/* interface is running */
mutex_lock(&wil->vif_mutex);
- for (i = 0; i < wil->max_vifs; i++) {
+ for (i = 0; i < GET_MAX_VIFS(wil); i++) {
struct wil6210_vif *vif = wil->vifs[i];
if (!vif)
diff --git a/drivers/net/wireless/ath/wil6210/wil6210.h b/drivers/net/wireless/ath/wil6210/wil6210.h
index 1b81f3f..de72466 100644
--- a/drivers/net/wireless/ath/wil6210/wil6210.h
+++ b/drivers/net/wireless/ath/wil6210/wil6210.h
@@ -1061,6 +1061,7 @@ struct wil6210_priv {
#define vif_to_wil(v) (v->wil)
#define vif_to_ndev(v) (v->ndev)
#define vif_to_wdev(v) (&v->wdev)
+#define GET_MAX_VIFS(wil) min_t(int, (wil)->max_vifs, WIL_MAX_VIFS)
static inline struct wil6210_vif *wdev_to_vif(struct wil6210_priv *wil,
struct wireless_dev *wdev)
diff --git a/drivers/net/wireless/ath/wil6210/wmi.c b/drivers/net/wireless/ath/wil6210/wmi.c
index 19247c5..c5bcb8d 100644
--- a/drivers/net/wireless/ath/wil6210/wmi.c
+++ b/drivers/net/wireless/ath/wil6210/wmi.c
@@ -3205,7 +3205,7 @@ static void wmi_event_handle(struct wil6210_priv *wil,
if (mid == MID_BROADCAST)
mid = 0;
- if (mid >= ARRAY_SIZE(wil->vifs) || mid >= wil->max_vifs) {
+ if (mid >= GET_MAX_VIFS(wil)) {
wil_dbg_wmi(wil, "invalid mid %d, event skipped\n",
mid);
return;
--
1.9.1
next prev parent reply other threads:[~2019-02-22 14:21 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-22 14:20 [PATCH 00/21] wil6210 patches Maya Erez
2019-02-22 14:20 ` [PATCH 01/21] wil6210: remove rtap_include_phy_info module param Maya Erez
2019-02-28 9:25 ` Kalle Valo
2019-02-22 14:21 ` [PATCH 02/21] wil6210: add option to drop Tx packets when Tx ring is full Maya Erez
2019-02-22 14:21 ` [PATCH 03/21] wil6210: support up to 20 stations in AP mode Maya Erez
2019-02-28 9:17 ` Kalle Valo
2019-02-28 10:36 ` merez
2019-02-22 14:21 ` [PATCH 04/21] wil6210: accessing 802.3 addresses via utility functions Maya Erez
2019-02-22 14:21 ` [PATCH 05/21] wil6210: fix invalid sta statistics update Maya Erez
2019-02-22 14:21 ` [PATCH 06/21] wil6210: ignore HALP ICR if already handled Maya Erez
2019-02-22 14:21 ` [PATCH 07/21] wil6210: check null pointer in _wil_cfg80211_merge_extra_ies Maya Erez
2019-02-22 14:21 ` [PATCH 08/21] wil6210: align to latest auto generated wmi.h Maya Erez
2019-04-03 12:43 ` Kalle Valo
2019-02-22 14:21 ` [PATCH 09/21] wil6210: prevent device memory access while in reset or suspend Maya Erez
2019-02-22 14:21 ` [PATCH 10/21] wil6210: increase PCP stop command timeout Maya Erez
2019-02-22 14:21 ` [PATCH 11/21] wil6210: do not set BIT_USER_SUPPORT_T_POWER_ON_0 in Talyn-MB Maya Erez
2019-02-22 14:21 ` [PATCH 12/21] wil6210: update WIL_MCS_MAX to 15 Maya Erez
2019-02-22 14:21 ` Maya Erez [this message]
2019-02-22 14:21 ` [PATCH 14/21] wil6210: use OEM MAC address from OTP Maya Erez
2019-02-22 14:21 ` [PATCH 15/21] wil6210: free edma_rx_swtail upon reset Maya Erez
2019-02-22 14:21 ` [PATCH 16/21] wil6210: fix report of rx packet checksum in edma mode Maya Erez
2019-04-03 12:46 ` Kalle Valo
2019-02-22 14:21 ` [PATCH 17/21] wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext Maya Erez
2019-02-22 14:21 ` [PATCH 18/21] wil6210: prevent access to RGF_CAF_ICR in Talyn Maya Erez
2019-02-22 14:21 ` [PATCH 19/21] wil6210: add support for ucode tracing Maya Erez
2019-02-22 14:21 ` [PATCH 20/21] wil6210: reset buff id in status message after completion Maya Erez
2019-02-22 14:21 ` [PATCH 21/21] wil6210: print error in FW and board files load failures Maya Erez
2019-02-28 9:05 ` [PATCH 00/21] wil6210 patches Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1550845279-16103-14-git-send-email-merez@codeaurora.org \
--to=merez@codeaurora.org \
--cc=amasri@codeaurora.org \
--cc=kvalo@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
--cc=wil6210@qti.qualcomm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).