Merge "wil6210: potential buffer overflow in wmi_evt_aoa_meas"

};

#endif

static bool ignore_reg_hints = true;

module_param(ignore_reg_hints, bool, 0444);

MODULE_PARM_DESC(ignore_reg_hints, " Ignore OTA regulatory hints (Default: true)");

#define CHAN60G(_channel, _flags) {				\

	.band			= NL80211_BAND_60GHZ,		\

	.center_freq		= 56160 + (2160 * (_channel)),	\

	wiphy->vendor_events = wil_nl80211_vendor_events;

	wiphy->n_vendor_events = ARRAY_SIZE(wil_nl80211_vendor_events);

	if (ignore_reg_hints) {

		wiphy->regulatory_flags |= REGULATORY_DISABLE_BEACON_HINTS;

		wiphy->regulatory_flags |= REGULATORY_COUNTRY_IE_IGNORE;

	}

#ifdef CONFIG_PM

	wiphy->wowlan = &wil_wowlan_support;

#endif

	int data_len = len - offsetof(struct wmi_aoa_meas_event, meas_data);

	struct wil_aoa_meas_result *res;

	if (data_len < 0) {

		wil_err(wil, "AOA event too short (%d)\n", len);

		return;

	}

	data_len = min_t(int, le16_to_cpu(evt->length), data_len);

	res = kmalloc(sizeof(*res) + data_len, GFP_KERNEL);

			break;

		}

		sta->status = wil_sta_unused;

		sta->fst_link_loss = false;

		sta->mid = U8_MAX;

	}

	/* reorder buffers */

static DEVICE_ATTR_RW(thermal_throttling);

static ssize_t

fst_link_loss_show(struct device *dev, struct device_attribute *attr,

		   char *buf)

{

	struct wil6210_priv *wil = dev_get_drvdata(dev);

	ssize_t len = 0;

	int i;

	for (i = 0; i < ARRAY_SIZE(wil->sta); i++)

		if (wil->sta[i].status == wil_sta_connected)

			len += snprintf(buf + len, PAGE_SIZE - len,

					"[%d] %pM %s\n", i, wil->sta[i].addr,

					wil->sta[i].fst_link_loss ?

					"On" : "Off");

	return len;

}

static ssize_t

fst_link_loss_store(struct device *dev, struct device_attribute *attr,

		    const char *buf, size_t count)

{

	struct wil6210_priv *wil = dev_get_drvdata(dev);

	u8 addr[ETH_ALEN];

	char *token, *dupbuf, *tmp;

	int rc = -EINVAL;

	bool fst_link_loss;

	tmp = kmemdup(buf, count + 1, GFP_KERNEL);

	if (!tmp)

		return -ENOMEM;

	tmp[count] = '\0';

	dupbuf = tmp;

	token = strsep(&dupbuf, " ");

	if (!token)

		goto out;

	/* mac address */

	if (sscanf(token, "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx",

		   &addr[0], &addr[1], &addr[2],

		   &addr[3], &addr[4], &addr[5]) != 6)

		goto out;

	/* On/Off */

	if (strtobool(dupbuf, &fst_link_loss))

		goto out;

	wil_dbg_misc(wil, "set [%pM] with %d\n", addr, fst_link_loss);

	rc = wmi_link_maintain_cfg_write(wil, addr, fst_link_loss);

	if (!rc)

		rc = count;

out:

	kfree(tmp);

	return rc;

}

static DEVICE_ATTR_RW(fst_link_loss);

static struct attribute *wil6210_sysfs_entries[] = {

	&dev_attr_ftm_txrx_offset.attr,

	&dev_attr_thermal_throttling.attr,

	&dev_attr_fst_link_loss.attr,

	NULL

};

		return err;

	}

	kobject_uevent(&dev->kobj, KOBJ_CHANGE);

	return 0;

}

	struct device *dev = wil_to_dev(wil);

	sysfs_remove_group(&dev->kobj, &wil6210_attribute_group);

	kobject_uevent(&dev->kobj, KOBJ_CHANGE);

}

	struct wil_tid_crypto_rx tid_crypto_rx[WIL_STA_TID_NUM];

	struct wil_tid_crypto_rx group_crypto_rx;

	u8 aid; /* 1-254; 0 if unknown/not reported */

	u8 fst_link_loss;

};

enum {

void wil_aoa_evt_meas(struct wil6210_vif *vif,

		      struct wmi_aoa_meas_event *evt,

		      int len);

/* link loss */

int wmi_link_maintain_cfg_write(struct wil6210_priv *wil,

				const u8 *addr,

				bool fst_link_loss);

int wmi_start_sched_scan(struct wil6210_priv *wil,

			 struct cfg80211_sched_scan_request *request);