Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 38cb87ee authored by Stanislaw Gruszka's avatar Stanislaw Gruszka Committed by Johannes Berg
Browse files

cfg80211: make wmm_rule part of the reg_rule structure 



Make wmm_rule be part of the reg_rule structure. This simplifies the
code a lot at the cost of having bigger memory usage. However in most
cases we have only few reg_rule's and when we do have many like in
iwlwifi we do not save memory as it allocates a separate wmm_rule for
each channel anyway.

This also fixes a bug reported in various places where somewhere the
pointers were corrupted and we ended up doing a null-dereference.

Fixes: 230ebaa1 ("cfg80211: read wmm rules from regulatory database")
Signed-off-by: default avatarStanislaw Gruszka <sgruszka@redhat.com>
[rephrase commit message slightly]
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent d7c863a2

drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c

+5 −45
Original line number Original line Diff line number Diff line
@@ -877,15 +877,12 @@ iwl_parse_nvm_mcc_info(struct device *dev, const struct iwl_cfg *cfg, 
	const u8 *nvm_chan = cfg->nvm_type == IWL_NVM_EXT ?

	const u8 *nvm_chan = cfg->nvm_type == IWL_NVM_EXT ?

			     iwl_ext_nvm_channels : iwl_nvm_channels;

			     iwl_ext_nvm_channels : iwl_nvm_channels;

	struct ieee80211_regdomain *regd, *copy_rd;

	struct ieee80211_regdomain *regd, *copy_rd;

	int size_of_regd, regd_to_copy, wmms_to_copy;

	int size_of_regd, regd_to_copy;

	int size_of_wmms = 0;

	struct ieee80211_reg_rule *rule;

	struct ieee80211_reg_rule *rule;

	struct ieee80211_wmm_rule *wmm_rule, *d_wmm, *s_wmm;

	struct regdb_ptrs *regdb_ptrs;

	struct regdb_ptrs *regdb_ptrs;

	enum nl80211_band band;

	enum nl80211_band band;

	int center_freq, prev_center_freq = 0;

	int center_freq, prev_center_freq = 0;

	int valid_rules = 0, n_wmms = 0;

	int valid_rules = 0;

	int i;

	bool new_rule;

	bool new_rule;

	int max_num_ch = cfg->nvm_type == IWL_NVM_EXT ?

	int max_num_ch = cfg->nvm_type == IWL_NVM_EXT ?

			 IWL_NVM_NUM_CHANNELS_EXT : IWL_NVM_NUM_CHANNELS;

			 IWL_NVM_NUM_CHANNELS_EXT : IWL_NVM_NUM_CHANNELS;
@@ -904,11 +901,7 @@ iwl_parse_nvm_mcc_info(struct device *dev, const struct iwl_cfg *cfg, 
		sizeof(struct ieee80211_regdomain) +

		sizeof(struct ieee80211_regdomain) +

		num_of_ch * sizeof(struct ieee80211_reg_rule);

		num_of_ch * sizeof(struct ieee80211_reg_rule);





	if (geo_info & GEO_WMM_ETSI_5GHZ_INFO)

	regd = kzalloc(size_of_regd, GFP_KERNEL);

		size_of_wmms =

			num_of_ch * sizeof(struct ieee80211_wmm_rule);



	regd = kzalloc(size_of_regd + size_of_wmms, GFP_KERNEL);

	if (!regd)

	if (!regd)

		return ERR_PTR(-ENOMEM);

		return ERR_PTR(-ENOMEM);
@@ -922,8 +915,6 @@ iwl_parse_nvm_mcc_info(struct device *dev, const struct iwl_cfg *cfg, 
	regd->alpha2[0] = fw_mcc >> 8;

	regd->alpha2[0] = fw_mcc >> 8;

	regd->alpha2[1] = fw_mcc & 0xff;

	regd->alpha2[1] = fw_mcc & 0xff;





	wmm_rule = (struct ieee80211_wmm_rule *)((u8 *)regd + size_of_regd);



	for (ch_idx = 0; ch_idx < num_of_ch; ch_idx++) {

	for (ch_idx = 0; ch_idx < num_of_ch; ch_idx++) {

		ch_flags = (u16)__le32_to_cpup(channels + ch_idx);

		ch_flags = (u16)__le32_to_cpup(channels + ch_idx);

		band = (ch_idx < NUM_2GHZ_CHANNELS) ?

		band = (ch_idx < NUM_2GHZ_CHANNELS) ?
@@ -977,26 +968,10 @@ iwl_parse_nvm_mcc_info(struct device *dev, const struct iwl_cfg *cfg, 
		    band == NL80211_BAND_2GHZ)

		    band == NL80211_BAND_2GHZ)

			continue;

			continue;





		if (!reg_query_regdb_wmm(regd->alpha2, center_freq,

		reg_query_regdb_wmm(regd->alpha2, center_freq, rule);

					 &regdb_ptrs[n_wmms].token, wmm_rule)) {

			/* Add only new rules */

			for (i = 0; i < n_wmms; i++) {

				if (regdb_ptrs[i].token ==

				    regdb_ptrs[n_wmms].token) {

					rule->wmm_rule = regdb_ptrs[i].rule;

					break;

				}

			}

			if (i == n_wmms) {

				rule->wmm_rule = wmm_rule;

				regdb_ptrs[n_wmms++].rule = wmm_rule;

				wmm_rule++;

			}

		}

	}

	}





	regd->n_reg_rules = valid_rules;

	regd->n_reg_rules = valid_rules;

	regd->n_wmm_rules = n_wmms;





	/*

	/*

	 * Narrow down regdom for unused regulatory rules to prevent hole

	 * Narrow down regdom for unused regulatory rules to prevent hole
@@ -1005,28 +980,13 @@ iwl_parse_nvm_mcc_info(struct device *dev, const struct iwl_cfg *cfg, 
	regd_to_copy = sizeof(struct ieee80211_regdomain) +

	regd_to_copy = sizeof(struct ieee80211_regdomain) +

		valid_rules * sizeof(struct ieee80211_reg_rule);

		valid_rules * sizeof(struct ieee80211_reg_rule);





	wmms_to_copy = sizeof(struct ieee80211_wmm_rule) * n_wmms;

	copy_rd = kzalloc(regd_to_copy, GFP_KERNEL);



	copy_rd = kzalloc(regd_to_copy + wmms_to_copy, GFP_KERNEL);

	if (!copy_rd) {

	if (!copy_rd) {

		copy_rd = ERR_PTR(-ENOMEM);

		copy_rd = ERR_PTR(-ENOMEM);

		goto out;

		goto out;

	}

	}





	memcpy(copy_rd, regd, regd_to_copy);

	memcpy(copy_rd, regd, regd_to_copy);

	memcpy((u8 *)copy_rd + regd_to_copy, (u8 *)regd + size_of_regd,

	       wmms_to_copy);



	d_wmm = (struct ieee80211_wmm_rule *)((u8 *)copy_rd + regd_to_copy);

	s_wmm = (struct ieee80211_wmm_rule *)((u8 *)regd + size_of_regd);



	for (i = 0; i < regd->n_reg_rules; i++) {

		if (!regd->reg_rules[i].wmm_rule)

			continue;



		copy_rd->reg_rules[i].wmm_rule = d_wmm +

			(regd->reg_rules[i].wmm_rule - s_wmm);

	}





out:

out:

	kfree(regdb_ptrs);

	kfree(regdb_ptrs);

include/net/cfg80211.h

+2 −2
Original line number Original line Diff line number Diff line
@@ -4763,8 +4763,8 @@ const char *reg_initiator_name(enum nl80211_reg_initiator initiator); 
 *

 *

 * Return: 0 on success. -ENODATA.

 * Return: 0 on success. -ENODATA.

 */

 */

int reg_query_regdb_wmm(char *alpha2, int freq, u32 *ptr,

int reg_query_regdb_wmm(char *alpha2, int freq,

			struct ieee80211_wmm_rule *rule);

			struct ieee80211_reg_rule *rule);





/*

/*

 * callbacks for asynchronous cfg80211 methods, notification

 * callbacks for asynchronous cfg80211 methods, notification

include/net/regulatory.h

+2 −2
Original line number Original line Diff line number Diff line
@@ -217,15 +217,15 @@ struct ieee80211_wmm_rule { 
struct ieee80211_reg_rule {

struct ieee80211_reg_rule {

	struct ieee80211_freq_range freq_range;

	struct ieee80211_freq_range freq_range;

	struct ieee80211_power_rule power_rule;

	struct ieee80211_power_rule power_rule;

	struct ieee80211_wmm_rule *wmm_rule;

	struct ieee80211_wmm_rule wmm_rule;

	u32 flags;

	u32 flags;

	u32 dfs_cac_ms;

	u32 dfs_cac_ms;

	bool has_wmm;

};

};





struct ieee80211_regdomain {

struct ieee80211_regdomain {

	struct rcu_head rcu_head;

	struct rcu_head rcu_head;

	u32 n_reg_rules;

	u32 n_reg_rules;

	u32 n_wmm_rules;

	char alpha2[3];

	char alpha2[3];

	enum nl80211_dfs_regions dfs_region;

	enum nl80211_dfs_regions dfs_region;

	struct ieee80211_reg_rule reg_rules[];

	struct ieee80211_reg_rule reg_rules[];

net/mac80211/util.c

+4 −4
Original line number Original line Diff line number Diff line
@@ -1120,7 +1120,7 @@ void ieee80211_regulatory_limit_wmm_params(struct ieee80211_sub_if_data *sdata, 
{

{

	struct ieee80211_chanctx_conf *chanctx_conf;

	struct ieee80211_chanctx_conf *chanctx_conf;

	const struct ieee80211_reg_rule *rrule;

	const struct ieee80211_reg_rule *rrule;

	struct ieee80211_wmm_ac *wmm_ac;

	const struct ieee80211_wmm_ac *wmm_ac;

	u16 center_freq = 0;

	u16 center_freq = 0;





	if (sdata->vif.type != NL80211_IFTYPE_AP &&

	if (sdata->vif.type != NL80211_IFTYPE_AP &&
@@ -1139,15 +1139,15 @@ void ieee80211_regulatory_limit_wmm_params(struct ieee80211_sub_if_data *sdata, 




	rrule = freq_reg_info(sdata->wdev.wiphy, MHZ_TO_KHZ(center_freq));

	rrule = freq_reg_info(sdata->wdev.wiphy, MHZ_TO_KHZ(center_freq));





	if (IS_ERR_OR_NULL(rrule) || !rrule->wmm_rule) {

	if (IS_ERR_OR_NULL(rrule) || !rrule->has_wmm) {

		rcu_read_unlock();

		rcu_read_unlock();

		return;

		return;

	}

	}





	if (sdata->vif.type == NL80211_IFTYPE_AP)

	if (sdata->vif.type == NL80211_IFTYPE_AP)

		wmm_ac = &rrule->wmm_rule->ap[ac];

		wmm_ac = &rrule->wmm_rule.ap[ac];

	else

	else

		wmm_ac = &rrule->wmm_rule->client[ac];

		wmm_ac = &rrule->wmm_rule.client[ac];

	qparam->cw_min = max_t(u16, qparam->cw_min, wmm_ac->cw_min);

	qparam->cw_min = max_t(u16, qparam->cw_min, wmm_ac->cw_min);

	qparam->cw_max = max_t(u16, qparam->cw_max, wmm_ac->cw_max);

	qparam->cw_max = max_t(u16, qparam->cw_max, wmm_ac->cw_max);

	qparam->aifs = max_t(u8, qparam->aifs, wmm_ac->aifsn);

	qparam->aifs = max_t(u8, qparam->aifs, wmm_ac->aifsn);

net/wireless/nl80211.c

+5 −5
Original line number Original line Diff line number Diff line
@@ -667,13 +667,13 @@ static int nl80211_msg_put_wmm_rules(struct sk_buff *msg, 
			goto nla_put_failure;

			goto nla_put_failure;





		if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,

		if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,

				rule->wmm_rule->client[j].cw_min) ||

				rule->wmm_rule.client[j].cw_min) ||

		    nla_put_u16(msg, NL80211_WMMR_CW_MAX,

		    nla_put_u16(msg, NL80211_WMMR_CW_MAX,

				rule->wmm_rule->client[j].cw_max) ||

				rule->wmm_rule.client[j].cw_max) ||

		    nla_put_u8(msg, NL80211_WMMR_AIFSN,

		    nla_put_u8(msg, NL80211_WMMR_AIFSN,

			       rule->wmm_rule->client[j].aifsn) ||

			       rule->wmm_rule.client[j].aifsn) ||

		    nla_put_u8(msg, NL80211_WMMR_TXOP,

		    nla_put_u8(msg, NL80211_WMMR_TXOP,

			       rule->wmm_rule->client[j].cot))

			       rule->wmm_rule.client[j].cot))

			goto nla_put_failure;

			goto nla_put_failure;





		nla_nest_end(msg, nl_wmm_rule);

		nla_nest_end(msg, nl_wmm_rule);
@@ -766,7 +766,7 @@ static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy, 
		const struct ieee80211_reg_rule *rule =

		const struct ieee80211_reg_rule *rule =

			freq_reg_info(wiphy, chan->center_freq);

			freq_reg_info(wiphy, chan->center_freq);





		if (!IS_ERR(rule) && rule->wmm_rule) {

		if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {

			if (nl80211_msg_put_wmm_rules(msg, rule))

			if (nl80211_msg_put_wmm_rules(msg, rule))

				goto nla_put_failure;

				goto nla_put_failure;

		}

		}