linux_dsm_epyc7002/drivers/net/wireless/intersil/prism54/oid_mgt.c
Takashi Iwai 1da740e08a prism54: Use scnprintf() for avoiding potential buffer overflow
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Cc: Luis Chamberlain <mcgrof@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2020-03-12 15:43:41 +02:00

890 lines
24 KiB
C

// SPDX-License-Identifier: GPL-2.0-only
/*
* Copyright (C) 2003,2004 Aurelien Alleaume <slts@free.fr>
*/
#include <linux/kernel.h>
#include <linux/slab.h>
#include "prismcompat.h"
#include "islpci_dev.h"
#include "islpci_mgt.h"
#include "isl_oid.h"
#include "oid_mgt.h"
#include "isl_ioctl.h"
/* to convert between channel and freq */
static const int frequency_list_bg[] = { 2412, 2417, 2422, 2427, 2432,
2437, 2442, 2447, 2452, 2457, 2462, 2467, 2472, 2484
};
int
channel_of_freq(int f)
{
int c = 0;
if ((f >= 2412) && (f <= 2484)) {
while ((c < 14) && (f != frequency_list_bg[c]))
c++;
return (c >= 14) ? 0 : ++c;
} else if ((f >= (int) 5000) && (f <= (int) 6000)) {
return ( (f - 5000) / 5 );
} else
return 0;
}
#define OID_STRUCT(name,oid,s,t) [name] = {oid, 0, sizeof(s), t}
#define OID_STRUCT_C(name,oid,s,t) OID_STRUCT(name,oid,s,t | OID_FLAG_CACHED)
#define OID_U32(name,oid) OID_STRUCT(name,oid,u32,OID_TYPE_U32)
#define OID_U32_C(name,oid) OID_STRUCT_C(name,oid,u32,OID_TYPE_U32)
#define OID_STRUCT_MLME(name,oid) OID_STRUCT(name,oid,struct obj_mlme,OID_TYPE_MLME)
#define OID_STRUCT_MLMEEX(name,oid) OID_STRUCT(name,oid,struct obj_mlmeex,OID_TYPE_MLMEEX)
#define OID_UNKNOWN(name,oid) OID_STRUCT(name,oid,0,0)
struct oid_t isl_oid[] = {
OID_STRUCT(GEN_OID_MACADDRESS, 0x00000000, u8[6], OID_TYPE_ADDR),
OID_U32(GEN_OID_LINKSTATE, 0x00000001),
OID_UNKNOWN(GEN_OID_WATCHDOG, 0x00000002),
OID_UNKNOWN(GEN_OID_MIBOP, 0x00000003),
OID_UNKNOWN(GEN_OID_OPTIONS, 0x00000004),
OID_UNKNOWN(GEN_OID_LEDCONFIG, 0x00000005),
/* 802.11 */
OID_U32_C(DOT11_OID_BSSTYPE, 0x10000000),
OID_STRUCT_C(DOT11_OID_BSSID, 0x10000001, u8[6], OID_TYPE_RAW),
OID_STRUCT_C(DOT11_OID_SSID, 0x10000002, struct obj_ssid,
OID_TYPE_SSID),
OID_U32(DOT11_OID_STATE, 0x10000003),
OID_U32(DOT11_OID_AID, 0x10000004),
OID_STRUCT(DOT11_OID_COUNTRYSTRING, 0x10000005, u8[4], OID_TYPE_RAW),
OID_STRUCT_C(DOT11_OID_SSIDOVERRIDE, 0x10000006, struct obj_ssid,
OID_TYPE_SSID),
OID_U32(DOT11_OID_MEDIUMLIMIT, 0x11000000),
OID_U32_C(DOT11_OID_BEACONPERIOD, 0x11000001),
OID_U32(DOT11_OID_DTIMPERIOD, 0x11000002),
OID_U32(DOT11_OID_ATIMWINDOW, 0x11000003),
OID_U32(DOT11_OID_LISTENINTERVAL, 0x11000004),
OID_U32(DOT11_OID_CFPPERIOD, 0x11000005),
OID_U32(DOT11_OID_CFPDURATION, 0x11000006),
OID_U32_C(DOT11_OID_AUTHENABLE, 0x12000000),
OID_U32_C(DOT11_OID_PRIVACYINVOKED, 0x12000001),
OID_U32_C(DOT11_OID_EXUNENCRYPTED, 0x12000002),
OID_U32_C(DOT11_OID_DEFKEYID, 0x12000003),
[DOT11_OID_DEFKEYX] = {0x12000004, 3, sizeof (struct obj_key),
OID_FLAG_CACHED | OID_TYPE_KEY}, /* DOT11_OID_DEFKEY1,...DOT11_OID_DEFKEY4 */
OID_UNKNOWN(DOT11_OID_STAKEY, 0x12000008),
OID_U32(DOT11_OID_REKEYTHRESHOLD, 0x12000009),
OID_UNKNOWN(DOT11_OID_STASC, 0x1200000a),
OID_U32(DOT11_OID_PRIVTXREJECTED, 0x1a000000),
OID_U32(DOT11_OID_PRIVRXPLAIN, 0x1a000001),
OID_U32(DOT11_OID_PRIVRXFAILED, 0x1a000002),
OID_U32(DOT11_OID_PRIVRXNOKEY, 0x1a000003),
OID_U32_C(DOT11_OID_RTSTHRESH, 0x13000000),
OID_U32_C(DOT11_OID_FRAGTHRESH, 0x13000001),
OID_U32_C(DOT11_OID_SHORTRETRIES, 0x13000002),
OID_U32_C(DOT11_OID_LONGRETRIES, 0x13000003),
OID_U32_C(DOT11_OID_MAXTXLIFETIME, 0x13000004),
OID_U32(DOT11_OID_MAXRXLIFETIME, 0x13000005),
OID_U32(DOT11_OID_AUTHRESPTIMEOUT, 0x13000006),
OID_U32(DOT11_OID_ASSOCRESPTIMEOUT, 0x13000007),
OID_UNKNOWN(DOT11_OID_ALOFT_TABLE, 0x1d000000),
OID_UNKNOWN(DOT11_OID_ALOFT_CTRL_TABLE, 0x1d000001),
OID_UNKNOWN(DOT11_OID_ALOFT_RETREAT, 0x1d000002),
OID_UNKNOWN(DOT11_OID_ALOFT_PROGRESS, 0x1d000003),
OID_U32(DOT11_OID_ALOFT_FIXEDRATE, 0x1d000004),
OID_UNKNOWN(DOT11_OID_ALOFT_RSSIGRAPH, 0x1d000005),
OID_UNKNOWN(DOT11_OID_ALOFT_CONFIG, 0x1d000006),
[DOT11_OID_VDCFX] = {0x1b000000, 7, 0, 0},
OID_U32(DOT11_OID_MAXFRAMEBURST, 0x1b000008),
OID_U32(DOT11_OID_PSM, 0x14000000),
OID_U32(DOT11_OID_CAMTIMEOUT, 0x14000001),
OID_U32(DOT11_OID_RECEIVEDTIMS, 0x14000002),
OID_U32(DOT11_OID_ROAMPREFERENCE, 0x14000003),
OID_U32(DOT11_OID_BRIDGELOCAL, 0x15000000),
OID_U32(DOT11_OID_CLIENTS, 0x15000001),
OID_U32(DOT11_OID_CLIENTSASSOCIATED, 0x15000002),
[DOT11_OID_CLIENTX] = {0x15000003, 2006, 0, 0}, /* DOT11_OID_CLIENTX,...DOT11_OID_CLIENT2007 */
OID_STRUCT(DOT11_OID_CLIENTFIND, 0x150007DB, u8[6], OID_TYPE_ADDR),
OID_STRUCT(DOT11_OID_WDSLINKADD, 0x150007DC, u8[6], OID_TYPE_ADDR),
OID_STRUCT(DOT11_OID_WDSLINKREMOVE, 0x150007DD, u8[6], OID_TYPE_ADDR),
OID_STRUCT(DOT11_OID_EAPAUTHSTA, 0x150007DE, u8[6], OID_TYPE_ADDR),
OID_STRUCT(DOT11_OID_EAPUNAUTHSTA, 0x150007DF, u8[6], OID_TYPE_ADDR),
OID_U32_C(DOT11_OID_DOT1XENABLE, 0x150007E0),
OID_UNKNOWN(DOT11_OID_MICFAILURE, 0x150007E1),
OID_UNKNOWN(DOT11_OID_REKEYINDICATE, 0x150007E2),
OID_U32(DOT11_OID_MPDUTXSUCCESSFUL, 0x16000000),
OID_U32(DOT11_OID_MPDUTXONERETRY, 0x16000001),
OID_U32(DOT11_OID_MPDUTXMULTIPLERETRIES, 0x16000002),
OID_U32(DOT11_OID_MPDUTXFAILED, 0x16000003),
OID_U32(DOT11_OID_MPDURXSUCCESSFUL, 0x16000004),
OID_U32(DOT11_OID_MPDURXDUPS, 0x16000005),
OID_U32(DOT11_OID_RTSSUCCESSFUL, 0x16000006),
OID_U32(DOT11_OID_RTSFAILED, 0x16000007),
OID_U32(DOT11_OID_ACKFAILED, 0x16000008),
OID_U32(DOT11_OID_FRAMERECEIVES, 0x16000009),
OID_U32(DOT11_OID_FRAMEERRORS, 0x1600000A),
OID_U32(DOT11_OID_FRAMEABORTS, 0x1600000B),
OID_U32(DOT11_OID_FRAMEABORTSPHY, 0x1600000C),
OID_U32(DOT11_OID_SLOTTIME, 0x17000000),
OID_U32(DOT11_OID_CWMIN, 0x17000001),
OID_U32(DOT11_OID_CWMAX, 0x17000002),
OID_U32(DOT11_OID_ACKWINDOW, 0x17000003),
OID_U32(DOT11_OID_ANTENNARX, 0x17000004),
OID_U32(DOT11_OID_ANTENNATX, 0x17000005),
OID_U32(DOT11_OID_ANTENNADIVERSITY, 0x17000006),
OID_U32_C(DOT11_OID_CHANNEL, 0x17000007),
OID_U32_C(DOT11_OID_EDTHRESHOLD, 0x17000008),
OID_U32(DOT11_OID_PREAMBLESETTINGS, 0x17000009),
OID_STRUCT(DOT11_OID_RATES, 0x1700000A, u8[IWMAX_BITRATES + 1],
OID_TYPE_RAW),
OID_U32(DOT11_OID_CCAMODESUPPORTED, 0x1700000B),
OID_U32(DOT11_OID_CCAMODE, 0x1700000C),
OID_UNKNOWN(DOT11_OID_RSSIVECTOR, 0x1700000D),
OID_UNKNOWN(DOT11_OID_OUTPUTPOWERTABLE, 0x1700000E),
OID_U32(DOT11_OID_OUTPUTPOWER, 0x1700000F),
OID_STRUCT(DOT11_OID_SUPPORTEDRATES, 0x17000010,
u8[IWMAX_BITRATES + 1], OID_TYPE_RAW),
OID_U32_C(DOT11_OID_FREQUENCY, 0x17000011),
[DOT11_OID_SUPPORTEDFREQUENCIES] =
{0x17000012, 0, sizeof (struct obj_frequencies)
+ sizeof (u16) * IWMAX_FREQ, OID_TYPE_FREQUENCIES},
OID_U32(DOT11_OID_NOISEFLOOR, 0x17000013),
OID_STRUCT(DOT11_OID_FREQUENCYACTIVITY, 0x17000014, u8[IWMAX_FREQ + 1],
OID_TYPE_RAW),
OID_UNKNOWN(DOT11_OID_IQCALIBRATIONTABLE, 0x17000015),
OID_U32(DOT11_OID_NONERPPROTECTION, 0x17000016),
OID_U32(DOT11_OID_SLOTSETTINGS, 0x17000017),
OID_U32(DOT11_OID_NONERPTIMEOUT, 0x17000018),
OID_U32(DOT11_OID_PROFILES, 0x17000019),
OID_STRUCT(DOT11_OID_EXTENDEDRATES, 0x17000020,
u8[IWMAX_BITRATES + 1], OID_TYPE_RAW),
OID_STRUCT_MLME(DOT11_OID_DEAUTHENTICATE, 0x18000000),
OID_STRUCT_MLME(DOT11_OID_AUTHENTICATE, 0x18000001),
OID_STRUCT_MLME(DOT11_OID_DISASSOCIATE, 0x18000002),
OID_STRUCT_MLME(DOT11_OID_ASSOCIATE, 0x18000003),
OID_UNKNOWN(DOT11_OID_SCAN, 0x18000004),
OID_STRUCT_MLMEEX(DOT11_OID_BEACON, 0x18000005),
OID_STRUCT_MLMEEX(DOT11_OID_PROBE, 0x18000006),
OID_STRUCT_MLMEEX(DOT11_OID_DEAUTHENTICATEEX, 0x18000007),
OID_STRUCT_MLMEEX(DOT11_OID_AUTHENTICATEEX, 0x18000008),
OID_STRUCT_MLMEEX(DOT11_OID_DISASSOCIATEEX, 0x18000009),
OID_STRUCT_MLMEEX(DOT11_OID_ASSOCIATEEX, 0x1800000A),
OID_STRUCT_MLMEEX(DOT11_OID_REASSOCIATE, 0x1800000B),
OID_STRUCT_MLMEEX(DOT11_OID_REASSOCIATEEX, 0x1800000C),
OID_U32(DOT11_OID_NONERPSTATUS, 0x1E000000),
OID_U32(DOT11_OID_STATIMEOUT, 0x19000000),
OID_U32_C(DOT11_OID_MLMEAUTOLEVEL, 0x19000001),
OID_U32(DOT11_OID_BSSTIMEOUT, 0x19000002),
[DOT11_OID_ATTACHMENT] = {0x19000003, 0,
sizeof(struct obj_attachment), OID_TYPE_ATTACH},
OID_STRUCT_C(DOT11_OID_PSMBUFFER, 0x19000004, struct obj_buffer,
OID_TYPE_BUFFER),
OID_U32(DOT11_OID_BSSS, 0x1C000000),
[DOT11_OID_BSSX] = {0x1C000001, 63, sizeof (struct obj_bss),
OID_TYPE_BSS}, /*DOT11_OID_BSS1,...,DOT11_OID_BSS64 */
OID_STRUCT(DOT11_OID_BSSFIND, 0x1C000042, struct obj_bss, OID_TYPE_BSS),
[DOT11_OID_BSSLIST] = {0x1C000043, 0, sizeof (struct
obj_bsslist) +
sizeof (struct obj_bss[IWMAX_BSS]),
OID_TYPE_BSSLIST},
OID_UNKNOWN(OID_INL_TUNNEL, 0xFF020000),
OID_UNKNOWN(OID_INL_MEMADDR, 0xFF020001),
OID_UNKNOWN(OID_INL_MEMORY, 0xFF020002),
OID_U32_C(OID_INL_MODE, 0xFF020003),
OID_UNKNOWN(OID_INL_COMPONENT_NR, 0xFF020004),
OID_STRUCT(OID_INL_VERSION, 0xFF020005, u8[8], OID_TYPE_RAW),
OID_UNKNOWN(OID_INL_INTERFACE_ID, 0xFF020006),
OID_UNKNOWN(OID_INL_COMPONENT_ID, 0xFF020007),
OID_U32_C(OID_INL_CONFIG, 0xFF020008),
OID_U32_C(OID_INL_DOT11D_CONFORMANCE, 0xFF02000C),
OID_U32(OID_INL_PHYCAPABILITIES, 0xFF02000D),
OID_U32_C(OID_INL_OUTPUTPOWER, 0xFF02000F),
};
int
mgt_init(islpci_private *priv)
{
int i;
priv->mib = kcalloc(OID_NUM_LAST, sizeof (void *), GFP_KERNEL);
if (!priv->mib)
return -ENOMEM;
/* Alloc the cache */
for (i = 0; i < OID_NUM_LAST; i++) {
if (isl_oid[i].flags & OID_FLAG_CACHED) {
priv->mib[i] = kcalloc(isl_oid[i].size,
(isl_oid[i].range + 1),
GFP_KERNEL);
if (!priv->mib[i])
return -ENOMEM;
} else
priv->mib[i] = NULL;
}
init_rwsem(&priv->mib_sem);
prism54_mib_init(priv);
return 0;
}
void
mgt_clean(islpci_private *priv)
{
int i;
if (!priv->mib)
return;
for (i = 0; i < OID_NUM_LAST; i++) {
kfree(priv->mib[i]);
priv->mib[i] = NULL;
}
kfree(priv->mib);
priv->mib = NULL;
}
void
mgt_le_to_cpu(int type, void *data)
{
switch (type) {
case OID_TYPE_U32:
*(u32 *) data = le32_to_cpu(*(u32 *) data);
break;
case OID_TYPE_BUFFER:{
struct obj_buffer *buff = data;
buff->size = le32_to_cpu(buff->size);
buff->addr = le32_to_cpu(buff->addr);
break;
}
case OID_TYPE_BSS:{
struct obj_bss *bss = data;
bss->age = le16_to_cpu(bss->age);
bss->channel = le16_to_cpu(bss->channel);
bss->capinfo = le16_to_cpu(bss->capinfo);
bss->rates = le16_to_cpu(bss->rates);
bss->basic_rates = le16_to_cpu(bss->basic_rates);
break;
}
case OID_TYPE_BSSLIST:{
struct obj_bsslist *list = data;
int i;
list->nr = le32_to_cpu(list->nr);
for (i = 0; i < list->nr; i++)
mgt_le_to_cpu(OID_TYPE_BSS, &list->bsslist[i]);
break;
}
case OID_TYPE_FREQUENCIES:{
struct obj_frequencies *freq = data;
int i;
freq->nr = le16_to_cpu(freq->nr);
for (i = 0; i < freq->nr; i++)
freq->mhz[i] = le16_to_cpu(freq->mhz[i]);
break;
}
case OID_TYPE_MLME:{
struct obj_mlme *mlme = data;
mlme->id = le16_to_cpu(mlme->id);
mlme->state = le16_to_cpu(mlme->state);
mlme->code = le16_to_cpu(mlme->code);
break;
}
case OID_TYPE_MLMEEX:{
struct obj_mlmeex *mlme = data;
mlme->id = le16_to_cpu(mlme->id);
mlme->state = le16_to_cpu(mlme->state);
mlme->code = le16_to_cpu(mlme->code);
mlme->size = le16_to_cpu(mlme->size);
break;
}
case OID_TYPE_ATTACH:{
struct obj_attachment *attach = data;
attach->id = le16_to_cpu(attach->id);
attach->size = le16_to_cpu(attach->size);
break;
}
case OID_TYPE_SSID:
case OID_TYPE_KEY:
case OID_TYPE_ADDR:
case OID_TYPE_RAW:
break;
default:
BUG();
}
}
static void
mgt_cpu_to_le(int type, void *data)
{
switch (type) {
case OID_TYPE_U32:
*(u32 *) data = cpu_to_le32(*(u32 *) data);
break;
case OID_TYPE_BUFFER:{
struct obj_buffer *buff = data;
buff->size = cpu_to_le32(buff->size);
buff->addr = cpu_to_le32(buff->addr);
break;
}
case OID_TYPE_BSS:{
struct obj_bss *bss = data;
bss->age = cpu_to_le16(bss->age);
bss->channel = cpu_to_le16(bss->channel);
bss->capinfo = cpu_to_le16(bss->capinfo);
bss->rates = cpu_to_le16(bss->rates);
bss->basic_rates = cpu_to_le16(bss->basic_rates);
break;
}
case OID_TYPE_BSSLIST:{
struct obj_bsslist *list = data;
int i;
list->nr = cpu_to_le32(list->nr);
for (i = 0; i < list->nr; i++)
mgt_cpu_to_le(OID_TYPE_BSS, &list->bsslist[i]);
break;
}
case OID_TYPE_FREQUENCIES:{
struct obj_frequencies *freq = data;
int i;
freq->nr = cpu_to_le16(freq->nr);
for (i = 0; i < freq->nr; i++)
freq->mhz[i] = cpu_to_le16(freq->mhz[i]);
break;
}
case OID_TYPE_MLME:{
struct obj_mlme *mlme = data;
mlme->id = cpu_to_le16(mlme->id);
mlme->state = cpu_to_le16(mlme->state);
mlme->code = cpu_to_le16(mlme->code);
break;
}
case OID_TYPE_MLMEEX:{
struct obj_mlmeex *mlme = data;
mlme->id = cpu_to_le16(mlme->id);
mlme->state = cpu_to_le16(mlme->state);
mlme->code = cpu_to_le16(mlme->code);
mlme->size = cpu_to_le16(mlme->size);
break;
}
case OID_TYPE_ATTACH:{
struct obj_attachment *attach = data;
attach->id = cpu_to_le16(attach->id);
attach->size = cpu_to_le16(attach->size);
break;
}
case OID_TYPE_SSID:
case OID_TYPE_KEY:
case OID_TYPE_ADDR:
case OID_TYPE_RAW:
break;
default:
BUG();
}
}
/* Note : data is modified during this function */
int
mgt_set_request(islpci_private *priv, enum oid_num_t n, int extra, void *data)
{
int ret = 0;
struct islpci_mgmtframe *response = NULL;
int response_op = PIMFOR_OP_ERROR;
int dlen;
void *cache, *_data = data;
u32 oid;
BUG_ON(n >= OID_NUM_LAST);
BUG_ON(extra > isl_oid[n].range);
if (!priv->mib)
/* memory has been freed */
return -1;
dlen = isl_oid[n].size;
cache = priv->mib[n];
cache += (cache ? extra * dlen : 0);
oid = isl_oid[n].oid + extra;
if (_data == NULL)
/* we are requested to re-set a cached value */
_data = cache;
else
mgt_cpu_to_le(isl_oid[n].flags & OID_FLAG_TYPE, _data);
/* If we are going to write to the cache, we don't want anyone to read
* it -> acquire write lock.
* Else we could acquire a read lock to be sure we don't bother the
* commit process (which takes a write lock). But I'm not sure if it's
* needed.
*/
if (cache)
down_write(&priv->mib_sem);
if (islpci_get_state(priv) >= PRV_STATE_READY) {
ret = islpci_mgt_transaction(priv->ndev, PIMFOR_OP_SET, oid,
_data, dlen, &response);
if (!ret) {
response_op = response->header->operation;
islpci_mgt_release(response);
}
if (ret || response_op == PIMFOR_OP_ERROR)
ret = -EIO;
} else if (!cache)
ret = -EIO;
if (cache) {
if (!ret && data)
memcpy(cache, _data, dlen);
up_write(&priv->mib_sem);
}
/* re-set given data to what it was */
if (data)
mgt_le_to_cpu(isl_oid[n].flags & OID_FLAG_TYPE, data);
return ret;
}
/* None of these are cached */
int
mgt_set_varlen(islpci_private *priv, enum oid_num_t n, void *data, int extra_len)
{
int ret = 0;
struct islpci_mgmtframe *response;
int response_op = PIMFOR_OP_ERROR;
int dlen;
u32 oid;
BUG_ON(n >= OID_NUM_LAST);
dlen = isl_oid[n].size;
oid = isl_oid[n].oid;
mgt_cpu_to_le(isl_oid[n].flags & OID_FLAG_TYPE, data);
if (islpci_get_state(priv) >= PRV_STATE_READY) {
ret = islpci_mgt_transaction(priv->ndev, PIMFOR_OP_SET, oid,
data, dlen + extra_len, &response);
if (!ret) {
response_op = response->header->operation;
islpci_mgt_release(response);
}
if (ret || response_op == PIMFOR_OP_ERROR)
ret = -EIO;
} else
ret = -EIO;
/* re-set given data to what it was */
if (data)
mgt_le_to_cpu(isl_oid[n].flags & OID_FLAG_TYPE, data);
return ret;
}
int
mgt_get_request(islpci_private *priv, enum oid_num_t n, int extra, void *data,
union oid_res_t *res)
{
int ret = -EIO;
int reslen = 0;
struct islpci_mgmtframe *response = NULL;
int dlen;
void *cache, *_res = NULL;
u32 oid;
BUG_ON(n >= OID_NUM_LAST);
BUG_ON(extra > isl_oid[n].range);
res->ptr = NULL;
if (!priv->mib)
/* memory has been freed */
return -1;
dlen = isl_oid[n].size;
cache = priv->mib[n];
cache += cache ? extra * dlen : 0;
oid = isl_oid[n].oid + extra;
reslen = dlen;
if (cache)
down_read(&priv->mib_sem);
if (islpci_get_state(priv) >= PRV_STATE_READY) {
ret = islpci_mgt_transaction(priv->ndev, PIMFOR_OP_GET,
oid, data, dlen, &response);
if (ret || !response ||
response->header->operation == PIMFOR_OP_ERROR) {
if (response)
islpci_mgt_release(response);
ret = -EIO;
}
if (!ret) {
_res = response->data;
reslen = response->header->length;
}
} else if (cache) {
_res = cache;
ret = 0;
}
if ((isl_oid[n].flags & OID_FLAG_TYPE) == OID_TYPE_U32)
res->u = ret ? 0 : le32_to_cpu(*(u32 *) _res);
else {
res->ptr = kmalloc(reslen, GFP_KERNEL);
BUG_ON(res->ptr == NULL);
if (ret)
memset(res->ptr, 0, reslen);
else {
memcpy(res->ptr, _res, reslen);
mgt_le_to_cpu(isl_oid[n].flags & OID_FLAG_TYPE,
res->ptr);
}
}
if (cache)
up_read(&priv->mib_sem);
if (response && !ret)
islpci_mgt_release(response);
if (reslen > isl_oid[n].size)
printk(KERN_DEBUG
"mgt_get_request(0x%x): received data length was bigger "
"than expected (%d > %d). Memory is probably corrupted...",
oid, reslen, isl_oid[n].size);
return ret;
}
/* lock outside */
int
mgt_commit_list(islpci_private *priv, enum oid_num_t *l, int n)
{
int i, ret = 0;
struct islpci_mgmtframe *response;
for (i = 0; i < n; i++) {
struct oid_t *t = &(isl_oid[l[i]]);
void *data = priv->mib[l[i]];
int j = 0;
u32 oid = t->oid;
BUG_ON(data == NULL);
while (j <= t->range) {
int r = islpci_mgt_transaction(priv->ndev, PIMFOR_OP_SET,
oid, data, t->size,
&response);
if (response) {
r |= (response->header->operation == PIMFOR_OP_ERROR);
islpci_mgt_release(response);
}
if (r)
printk(KERN_ERR "%s: mgt_commit_list: failure. "
"oid=%08x err=%d\n",
priv->ndev->name, oid, r);
ret |= r;
j++;
oid++;
data += t->size;
}
}
return ret;
}
/* Lock outside */
void
mgt_set(islpci_private *priv, enum oid_num_t n, void *data)
{
BUG_ON(n >= OID_NUM_LAST);
BUG_ON(priv->mib[n] == NULL);
memcpy(priv->mib[n], data, isl_oid[n].size);
mgt_cpu_to_le(isl_oid[n].flags & OID_FLAG_TYPE, priv->mib[n]);
}
void
mgt_get(islpci_private *priv, enum oid_num_t n, void *res)
{
BUG_ON(n >= OID_NUM_LAST);
BUG_ON(priv->mib[n] == NULL);
BUG_ON(res == NULL);
memcpy(res, priv->mib[n], isl_oid[n].size);
mgt_le_to_cpu(isl_oid[n].flags & OID_FLAG_TYPE, res);
}
/* Commits the cache. Lock outside. */
static enum oid_num_t commit_part1[] = {
OID_INL_CONFIG,
OID_INL_MODE,
DOT11_OID_BSSTYPE,
DOT11_OID_CHANNEL,
DOT11_OID_MLMEAUTOLEVEL
};
static enum oid_num_t commit_part2[] = {
DOT11_OID_SSID,
DOT11_OID_PSMBUFFER,
DOT11_OID_AUTHENABLE,
DOT11_OID_PRIVACYINVOKED,
DOT11_OID_EXUNENCRYPTED,
DOT11_OID_DEFKEYX, /* MULTIPLE */
DOT11_OID_DEFKEYID,
DOT11_OID_DOT1XENABLE,
OID_INL_DOT11D_CONFORMANCE,
/* Do not initialize this - fw < 1.0.4.3 rejects it
OID_INL_OUTPUTPOWER,
*/
};
/* update the MAC addr. */
static int
mgt_update_addr(islpci_private *priv)
{
struct islpci_mgmtframe *res;
int ret;
ret = islpci_mgt_transaction(priv->ndev, PIMFOR_OP_GET,
isl_oid[GEN_OID_MACADDRESS].oid, NULL,
isl_oid[GEN_OID_MACADDRESS].size, &res);
if ((ret == 0) && res && (res->header->operation != PIMFOR_OP_ERROR))
memcpy(priv->ndev->dev_addr, res->data, ETH_ALEN);
else
ret = -EIO;
if (res)
islpci_mgt_release(res);
if (ret)
printk(KERN_ERR "%s: mgt_update_addr: failure\n", priv->ndev->name);
return ret;
}
int
mgt_commit(islpci_private *priv)
{
int rvalue;
enum oid_num_t u;
if (islpci_get_state(priv) < PRV_STATE_INIT)
return 0;
rvalue = mgt_commit_list(priv, commit_part1, ARRAY_SIZE(commit_part1));
if (priv->iw_mode != IW_MODE_MONITOR)
rvalue |= mgt_commit_list(priv, commit_part2, ARRAY_SIZE(commit_part2));
u = OID_INL_MODE;
rvalue |= mgt_commit_list(priv, &u, 1);
rvalue |= mgt_update_addr(priv);
if (rvalue) {
/* some request have failed. The device might be in an
incoherent state. We should reset it ! */
printk(KERN_DEBUG "%s: mgt_commit: failure\n", priv->ndev->name);
}
return rvalue;
}
/* The following OIDs need to be "unlatched":
*
* MEDIUMLIMIT,BEACONPERIOD,DTIMPERIOD,ATIMWINDOW,LISTENINTERVAL
* FREQUENCY,EXTENDEDRATES.
*
* The way to do this is to set ESSID. Note though that they may get
* unlatch before though by setting another OID. */
#if 0
void
mgt_unlatch_all(islpci_private *priv)
{
u32 u;
int rvalue = 0;
if (islpci_get_state(priv) < PRV_STATE_INIT)
return;
u = DOT11_OID_SSID;
rvalue = mgt_commit_list(priv, &u, 1);
/* Necessary if in MANUAL RUN mode? */
#if 0
u = OID_INL_MODE;
rvalue |= mgt_commit_list(priv, &u, 1);
u = DOT11_OID_MLMEAUTOLEVEL;
rvalue |= mgt_commit_list(priv, &u, 1);
u = OID_INL_MODE;
rvalue |= mgt_commit_list(priv, &u, 1);
#endif
if (rvalue)
printk(KERN_DEBUG "%s: Unlatching OIDs failed\n", priv->ndev->name);
}
#endif
/* This will tell you if you are allowed to answer a mlme(ex) request .*/
int
mgt_mlme_answer(islpci_private *priv)
{
u32 mlmeautolevel;
/* Acquire a read lock because if we are in a mode change, it's
* possible to answer true, while the card is leaving master to managed
* mode. Answering to a mlme in this situation could hang the card.
*/
down_read(&priv->mib_sem);
mlmeautolevel =
le32_to_cpu(*(u32 *) priv->mib[DOT11_OID_MLMEAUTOLEVEL]);
up_read(&priv->mib_sem);
return ((priv->iw_mode == IW_MODE_MASTER) &&
(mlmeautolevel >= DOT11_MLME_INTERMEDIATE));
}
enum oid_num_t
mgt_oidtonum(u32 oid)
{
int i;
for (i = 0; i < OID_NUM_LAST; i++)
if (isl_oid[i].oid == oid)
return i;
printk(KERN_DEBUG "looking for an unknown oid 0x%x", oid);
return OID_NUM_LAST;
}
int
mgt_response_to_str(enum oid_num_t n, union oid_res_t *r, char *str)
{
switch (isl_oid[n].flags & OID_FLAG_TYPE) {
case OID_TYPE_U32:
return scnprintf(str, PRIV_STR_SIZE, "%u\n", r->u);
case OID_TYPE_BUFFER:{
struct obj_buffer *buff = r->ptr;
return scnprintf(str, PRIV_STR_SIZE,
"size=%u\naddr=0x%X\n", buff->size,
buff->addr);
}
break;
case OID_TYPE_BSS:{
struct obj_bss *bss = r->ptr;
return scnprintf(str, PRIV_STR_SIZE,
"age=%u\nchannel=%u\n"
"capinfo=0x%X\nrates=0x%X\n"
"basic_rates=0x%X\n", bss->age,
bss->channel, bss->capinfo,
bss->rates, bss->basic_rates);
}
break;
case OID_TYPE_BSSLIST:{
struct obj_bsslist *list = r->ptr;
int i, k;
k = scnprintf(str, PRIV_STR_SIZE, "nr=%u\n", list->nr);
for (i = 0; i < list->nr; i++)
k += scnprintf(str + k, PRIV_STR_SIZE - k,
"bss[%u] :\nage=%u\nchannel=%u\n"
"capinfo=0x%X\nrates=0x%X\n"
"basic_rates=0x%X\n",
i, list->bsslist[i].age,
list->bsslist[i].channel,
list->bsslist[i].capinfo,
list->bsslist[i].rates,
list->bsslist[i].basic_rates);
return k;
}
break;
case OID_TYPE_FREQUENCIES:{
struct obj_frequencies *freq = r->ptr;
int i, t;
printk("nr : %u\n", freq->nr);
t = scnprintf(str, PRIV_STR_SIZE, "nr=%u\n", freq->nr);
for (i = 0; i < freq->nr; i++)
t += scnprintf(str + t, PRIV_STR_SIZE - t,
"mhz[%u]=%u\n", i, freq->mhz[i]);
return t;
}
break;
case OID_TYPE_MLME:{
struct obj_mlme *mlme = r->ptr;
return scnprintf(str, PRIV_STR_SIZE,
"id=0x%X\nstate=0x%X\ncode=0x%X\n",
mlme->id, mlme->state, mlme->code);
}
break;
case OID_TYPE_MLMEEX:{
struct obj_mlmeex *mlme = r->ptr;
return scnprintf(str, PRIV_STR_SIZE,
"id=0x%X\nstate=0x%X\n"
"code=0x%X\nsize=0x%X\n", mlme->id,
mlme->state, mlme->code, mlme->size);
}
break;
case OID_TYPE_ATTACH:{
struct obj_attachment *attach = r->ptr;
return scnprintf(str, PRIV_STR_SIZE,
"id=%d\nsize=%d\n",
attach->id,
attach->size);
}
break;
case OID_TYPE_SSID:{
struct obj_ssid *ssid = r->ptr;
return scnprintf(str, PRIV_STR_SIZE,
"length=%u\noctets=%.*s\n",
ssid->length, ssid->length,
ssid->octets);
}
break;
case OID_TYPE_KEY:{
struct obj_key *key = r->ptr;
int t, i;
t = scnprintf(str, PRIV_STR_SIZE,
"type=0x%X\nlength=0x%X\nkey=0x",
key->type, key->length);
for (i = 0; i < key->length; i++)
t += scnprintf(str + t, PRIV_STR_SIZE - t,
"%02X:", key->key[i]);
t += scnprintf(str + t, PRIV_STR_SIZE - t, "\n");
return t;
}
break;
case OID_TYPE_RAW:
case OID_TYPE_ADDR:{
unsigned char *buff = r->ptr;
int t, i;
t = scnprintf(str, PRIV_STR_SIZE, "hex data=");
for (i = 0; i < isl_oid[n].size; i++)
t += scnprintf(str + t, PRIV_STR_SIZE - t,
"%02X:", buff[i]);
t += scnprintf(str + t, PRIV_STR_SIZE - t, "\n");
return t;
}
break;
default:
BUG();
}
return 0;
}