Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 11dd6e21 authored by Alexei Avshalom Lazar's avatar Alexei Avshalom Lazar Committed by Maya Erez
Browse files

wil6210: Initialize reply struct of the WMI commands 



WMI command reply saved in uninitialized struct.
In order to avoid accessing unset values from FW initialize
the reply struct.

Change-Id: I4c5b22da327cc7a8c1f64c940247acef518e2ebd
Signed-off-by: default avatarAlexei Avshalom Lazar <ailizaro@codeaurora.org>
Signed-off-by: default avatarMaya Erez <merez@codeaurora.org>
Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
Git-commit: 807b0860
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git
[merez@codeaurora.org: trivial conflict fixes]
parent 3a9333b3

drivers/net/wireless/ath/wil6210/cfg80211.c

+14 −8
Original line number Diff line number Diff line
@@ -353,6 +353,8 @@ int wil_cid_fill_sinfo(struct wil6210_vif *vif, int cid, 
	struct wil_net_stats *stats = &wil->sta[cid].stats;

	int rc;



	memset(&reply, 0, sizeof(reply));



	rc = wmi_call(wil, WMI_NOTIFY_REQ_CMDID, vif->mid, &cmd, sizeof(cmd),

		      WMI_NOTIFY_REQ_DONE_EVENTID, &reply, sizeof(reply), 20);

	if (rc)
@@ -2391,7 +2393,9 @@ static int wil_rf_sector_get_cfg(struct wiphy *wiphy, 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_get_rf_sector_params_done_event evt;

	} __packed reply;

	} __packed reply = {

		.evt = {.status = WMI_RF_SECTOR_STATUS_NOT_SUPPORTED_ERROR},

	};

	struct sk_buff *msg;

	struct nlattr *nl_cfgs, *nl_cfg;

	u32 i;
@@ -2437,7 +2441,6 @@ static int wil_rf_sector_get_cfg(struct wiphy *wiphy, 
	cmd.sector_idx = cpu_to_le16(sector_index);

	cmd.sector_type = sector_type;

	cmd.rf_modules_vec = rf_modules_vec & 0xFF;

	memset(&reply, 0, sizeof(reply));

	rc = wmi_call(wil, WMI_GET_RF_SECTOR_PARAMS_CMDID, vif->mid,

		      &cmd, sizeof(cmd), WMI_GET_RF_SECTOR_PARAMS_DONE_EVENTID,

		      &reply, sizeof(reply),
@@ -2512,7 +2515,9 @@ static int wil_rf_sector_set_cfg(struct wiphy *wiphy, 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_set_rf_sector_params_done_event evt;

	} __packed reply;

	} __packed reply = {

		.evt = {.status = WMI_RF_SECTOR_STATUS_NOT_SUPPORTED_ERROR},

	};

	struct nlattr *nl_cfg;

	struct wmi_rf_sector_info *si;
@@ -2595,7 +2600,6 @@ static int wil_rf_sector_set_cfg(struct wiphy *wiphy, 
	}



	cmd.rf_modules_vec = rf_modules_vec & 0xFF;

	memset(&reply, 0, sizeof(reply));

	rc = wmi_call(wil, WMI_SET_RF_SECTOR_PARAMS_CMDID, vif->mid,

		      &cmd, sizeof(cmd), WMI_SET_RF_SECTOR_PARAMS_DONE_EVENTID,

		      &reply, sizeof(reply),
@@ -2619,7 +2623,9 @@ static int wil_rf_sector_get_selected(struct wiphy *wiphy, 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_get_selected_rf_sector_index_done_event evt;

	} __packed reply;

	} __packed reply = {

		.evt = {.status = WMI_RF_SECTOR_STATUS_NOT_SUPPORTED_ERROR},

	};

	struct sk_buff *msg;



	if (!test_bit(WMI_FW_CAPABILITY_RF_SECTORS, wil->fw_capabilities))
@@ -2659,7 +2665,6 @@ static int wil_rf_sector_get_selected(struct wiphy *wiphy, 
	memset(&cmd, 0, sizeof(cmd));

	cmd.cid = (u8)cid;

	cmd.sector_type = sector_type;

	memset(&reply, 0, sizeof(reply));

	rc = wmi_call(wil, WMI_GET_SELECTED_RF_SECTOR_INDEX_CMDID, vif->mid,

		      &cmd, sizeof(cmd),

		      WMI_GET_SELECTED_RF_SECTOR_INDEX_DONE_EVENTID,
@@ -2700,14 +2705,15 @@ static int wil_rf_sector_wmi_set_selected(struct wil6210_priv *wil, 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_set_selected_rf_sector_index_done_event evt;

	} __packed reply;

	} __packed reply = {

		.evt = {.status = WMI_RF_SECTOR_STATUS_NOT_SUPPORTED_ERROR},

	};

	int rc;



	memset(&cmd, 0, sizeof(cmd));

	cmd.sector_idx = cpu_to_le16(sector_index);

	cmd.sector_type = sector_type;

	cmd.cid = (u8)cid;

	memset(&reply, 0, sizeof(reply));

	rc = wmi_call(wil, WMI_SET_SELECTED_RF_SECTOR_INDEX_CMDID, mid,

		      &cmd, sizeof(cmd),

		      WMI_SET_SELECTED_RF_SECTOR_INDEX_DONE_EVENTID,

drivers/net/wireless/ath/wil6210/debugfs.c

+2 −0
Original line number Diff line number Diff line
@@ -1335,6 +1335,8 @@ static int wil_bf_debugfs_show(struct seq_file *s, void *data) 
		struct wmi_notify_req_done_event evt;

	} __packed reply;



	memset(&reply, 0, sizeof(reply));



	for (i = 0; i < ARRAY_SIZE(wil->sta); i++) {

		u32 status;

drivers/net/wireless/ath/wil6210/main.c

+2 −0
Original line number Diff line number Diff line
@@ -397,6 +397,8 @@ void wil_disconnect_worker(struct work_struct *work) 
		/* already disconnected */

		return;



	memset(&reply, 0, sizeof(reply));



	rc = wmi_call(wil, WMI_DISCONNECT_CMDID, vif->mid, NULL, 0,

		      WMI_DISCONNECT_EVENTID, &reply, sizeof(reply),

		      WIL6210_DISCONNECT_TO_MS);

drivers/net/wireless/ath/wil6210/txrx.c

+6 −2
Original line number Diff line number Diff line
@@ -956,7 +956,9 @@ static int wil_vring_init_tx(struct wil6210_vif *vif, int id, int size, 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_vring_cfg_done_event cmd;

	} __packed reply;

	} __packed reply = {

		.cmd = {.status = WMI_FW_STATUS_FAILURE},

	};

	struct wil_ring *vring = &wil->ring_tx[id];

	struct wil_ring_tx_data *txdata = &wil->ring_tx_data[id];
@@ -1039,7 +1041,9 @@ int wil_vring_init_bcast(struct wil6210_vif *vif, int id, int size) 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_vring_cfg_done_event cmd;

	} __packed reply;

	} __packed reply = {

		.cmd = {.status = WMI_FW_STATUS_FAILURE},

	};

	struct wil_ring *vring = &wil->ring_tx[id];

	struct wil_ring_tx_data *txdata = &wil->ring_tx_data[id];

drivers/net/wireless/ath/wil6210/wmi.c

+61 −36
Original line number Diff line number Diff line
@@ -1624,7 +1624,9 @@ int wmi_led_cfg(struct wil6210_priv *wil, bool enable) 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_led_cfg_done_event evt;

	} __packed reply;

	} __packed reply = {

		.evt = {.status = cpu_to_le32(WMI_FW_STATUS_FAILURE)},

	};



	if (led_id == WIL_LED_INVALID_ID)

		goto out;
@@ -1677,7 +1679,9 @@ int wmi_pcp_start(struct wil6210_vif *vif, 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_pcp_started_event evt;

	} __packed reply;

	} __packed reply = {

		.evt = {.status = WMI_FW_STATUS_FAILURE},

	};



	if (!vif->privacy)

		cmd.disable_sec = 1;
@@ -1754,6 +1758,8 @@ int wmi_get_ssid(struct wil6210_vif *vif, u8 *ssid_len, void *ssid) 
	} __packed reply;

	int len; /* reply.cmd.ssid_len in CPU order */



	memset(&reply, 0, sizeof(reply));



	rc = wmi_call(wil, WMI_GET_SSID_CMDID, vif->mid, NULL, 0,

		      WMI_GET_SSID_EVENTID, &reply, sizeof(reply), 20);

	if (rc)
@@ -1789,6 +1795,8 @@ int wmi_get_channel(struct wil6210_priv *wil, int *channel) 
		struct wmi_set_pcp_channel_cmd cmd;

	} __packed reply;



	memset(&reply, 0, sizeof(reply));



	rc = wmi_call(wil, WMI_GET_PCP_CHANNEL_CMDID, vif->mid, NULL, 0,

		      WMI_GET_PCP_CHANNEL_EVENTID, &reply, sizeof(reply), 20);

	if (rc)
@@ -1814,7 +1822,9 @@ int wmi_p2p_cfg(struct wil6210_vif *vif, int channel, int bi) 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_p2p_cfg_done_event evt;

	} __packed reply;

	} __packed reply = {

		.evt = {.status = WMI_FW_STATUS_FAILURE},

	};



	wil_dbg_wmi(wil, "sending WMI_P2P_CFG_CMDID\n");
@@ -1835,7 +1845,9 @@ int wmi_start_listen(struct wil6210_vif *vif) 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_listen_started_event evt;

	} __packed reply;

	} __packed reply = {

		.evt = {.status = WMI_FW_STATUS_FAILURE},

	};



	wil_dbg_wmi(wil, "sending WMI_START_LISTEN_CMDID\n");
@@ -1857,7 +1869,9 @@ int wmi_start_search(struct wil6210_vif *vif) 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_search_started_event evt;

	} __packed reply;

	} __packed reply = {

		.evt = {.status = WMI_FW_STATUS_FAILURE},

	};



	wil_dbg_wmi(wil, "sending WMI_START_SEARCH_CMDID\n");
@@ -1983,7 +1997,9 @@ int wmi_rxon(struct wil6210_priv *wil, bool on) 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_listen_started_event evt;

	} __packed reply;

	} __packed reply = {

		.evt = {.status = WMI_FW_STATUS_FAILURE},

	};



	wil_info(wil, "(%s)\n", on ? "on" : "off");
@@ -2025,6 +2041,8 @@ int wmi_rx_chain_add(struct wil6210_priv *wil, struct wil_ring *vring) 
	} __packed evt;

	int rc;



	memset(&evt, 0, sizeof(evt));



	if (wdev->iftype == NL80211_IFTYPE_MONITOR) {

		struct ieee80211_channel *ch = wil->monitor_chandef.chan;
@@ -2054,14 +2072,14 @@ int wmi_rx_chain_add(struct wil6210_priv *wil, struct wil_ring *vring) 
	if (rc)

		return rc;



	if (le32_to_cpu(evt.evt.status) != WMI_CFG_RX_CHAIN_SUCCESS)

		rc = -EINVAL;



	vring->hwtail = le32_to_cpu(evt.evt.rx_ring_tail_ptr);



	wil_dbg_misc(wil, "Rx init: status %d tail 0x%08x\n",

		     le32_to_cpu(evt.evt.status), vring->hwtail);



	if (le32_to_cpu(evt.evt.status) != WMI_CFG_RX_CHAIN_SUCCESS)

		rc = -EINVAL;



	return rc;

}
@@ -2079,6 +2097,8 @@ int wmi_get_temperature(struct wil6210_priv *wil, u32 *t_bb, u32 *t_rf) 
		struct wmi_temp_sense_done_event evt;

	} __packed reply;



	memset(&reply, 0, sizeof(reply));



	rc = wmi_call(wil, WMI_TEMP_SENSE_CMDID, vif->mid, &cmd, sizeof(cmd),

		      WMI_TEMP_SENSE_DONE_EVENTID, &reply, sizeof(reply), 100);

	if (rc)
@@ -2111,6 +2131,7 @@ int wmi_disconnect_sta(struct wil6210_vif *vif, const u8 *mac, 


	wil_dbg_wmi(wil, "disconnect_sta: (%pM, reason %d)\n", mac, reason);



	memset(&reply, 0, sizeof(reply));

	vif->locally_generated_disc = true;

	if (del_sta) {

		ether_addr_copy(del_sta_cmd.dst_mac, mac);
@@ -2212,7 +2233,9 @@ int wmi_addba_rx_resp(struct wil6210_priv *wil, 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_rcp_addba_resp_sent_event evt;

	} __packed reply;

	} __packed reply = {

		.evt = {.status = cpu_to_le16(WMI_FW_STATUS_FAILURE)},

	};



	wil_dbg_wmi(wil,

		    "ADDBA response for MID %d CID %d TID %d size %d timeout %d status %d AMSDU%s\n",
@@ -2293,13 +2316,13 @@ int wmi_ps_dev_profile_cfg(struct wil6210_priv *wil, 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_ps_dev_profile_cfg_event evt;

	} __packed reply;

	} __packed reply = {

		.evt = {.status = cpu_to_le32(WMI_PS_CFG_CMD_STATUS_ERROR)},

	};

	u32 status;



	wil_dbg_wmi(wil, "Setting ps dev profile %d\n", ps_profile);



	reply.evt.status = cpu_to_le32(WMI_PS_CFG_CMD_STATUS_ERROR);



	rc = wmi_call(wil, WMI_PS_DEV_PROFILE_CFG_CMDID, vif->mid,

		      &cmd, sizeof(cmd),

		      WMI_PS_DEV_PROFILE_CFG_EVENTID, &reply, sizeof(reply),
@@ -2328,15 +2351,15 @@ int wmi_set_mgmt_retry(struct wil6210_priv *wil, u8 retry_short) 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_set_mgmt_retry_limit_event evt;

	} __packed reply;

	} __packed reply = {

		.evt = {.status = WMI_FW_STATUS_FAILURE},

	};



	wil_dbg_wmi(wil, "Setting mgmt retry short %d\n", retry_short);



	if (!test_bit(WMI_FW_CAPABILITY_MGMT_RETRY_LIMIT, wil->fw_capabilities))

		return -ENOTSUPP;



	reply.evt.status = WMI_FW_STATUS_FAILURE;



	rc = wmi_call(wil, WMI_SET_MGMT_RETRY_LIMIT_CMDID, vif->mid,

		      &cmd, sizeof(cmd),

		      WMI_SET_MGMT_RETRY_LIMIT_EVENTID, &reply, sizeof(reply),
@@ -2367,7 +2390,7 @@ int wmi_get_mgmt_retry(struct wil6210_priv *wil, u8 *retry_short) 
	if (!test_bit(WMI_FW_CAPABILITY_MGMT_RETRY_LIMIT, wil->fw_capabilities))

		return -ENOTSUPP;



	reply.evt.mgmt_retry_limit = 0;

	memset(&reply, 0, sizeof(reply));

	rc = wmi_call(wil, WMI_GET_MGMT_RETRY_LIMIT_CMDID, vif->mid, NULL, 0,

		      WMI_GET_MGMT_RETRY_LIMIT_EVENTID, &reply, sizeof(reply),

		      100);
@@ -2515,14 +2538,15 @@ int wmi_suspend(struct wil6210_priv *wil) 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_traffic_suspend_event evt;

	} __packed reply;

	} __packed reply = {

		.evt = {.status = WMI_TRAFFIC_SUSPEND_REJECTED_LINK_NOT_IDLE},

	};



	u32 suspend_to = WIL_WAIT_FOR_SUSPEND_RESUME_COMP;



	wil->suspend_resp_rcvd = false;

	wil->suspend_resp_comp = false;



	reply.evt.status = WMI_TRAFFIC_SUSPEND_REJECTED_LINK_NOT_IDLE;



	rc = wmi_call(wil, WMI_TRAFFIC_SUSPEND_CMDID, vif->mid,

		      &cmd, sizeof(cmd),

		      WMI_TRAFFIC_SUSPEND_EVENTID, &reply, sizeof(reply),
@@ -2598,10 +2622,11 @@ int wmi_resume(struct wil6210_priv *wil) 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_traffic_resume_event evt;

	} __packed reply;



	reply.evt.status = WMI_TRAFFIC_RESUME_FAILED;

	reply.evt.resume_triggers = WMI_RESUME_TRIGGER_UNKNOWN;

	} __packed reply = {

		.evt = {.status = WMI_TRAFFIC_RESUME_FAILED,

			.resume_triggers =

				cpu_to_le32(WMI_RESUME_TRIGGER_UNKNOWN)},

	};



	rc = wmi_call(wil, WMI_TRAFFIC_RESUME_CMDID, vif->mid, NULL, 0,

		      WMI_TRAFFIC_RESUME_EVENTID, &reply, sizeof(reply),
@@ -2686,7 +2711,9 @@ int wmi_port_allocate(struct wil6210_priv *wil, u8 mid, 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_port_allocated_event evt;

	} __packed reply;

	} __packed reply = {

		.evt = {.status = WMI_FW_STATUS_FAILURE},

	};



	wil_dbg_misc(wil, "port allocate, mid %d iftype %d, mac %pM\n",

		     mid, iftype, mac);
@@ -2711,8 +2738,6 @@ int wmi_port_allocate(struct wil6210_priv *wil, u8 mid, 
		return -EINVAL;

	}



	reply.evt.status = WMI_FW_STATUS_FAILURE;



	rc = wmi_call(wil, WMI_PORT_ALLOCATE_CMDID, mid,

		      &cmd, sizeof(cmd),

		      WMI_PORT_ALLOCATED_EVENTID, &reply,
@@ -2739,12 +2764,12 @@ int wmi_port_delete(struct wil6210_priv *wil, u8 mid) 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_port_deleted_event evt;

	} __packed reply;

	} __packed reply = {

		.evt = {.status = WMI_FW_STATUS_FAILURE},

	};



	wil_dbg_misc(wil, "port delete, mid %d\n", mid);



	reply.evt.status = WMI_FW_STATUS_FAILURE;



	rc = wmi_call(wil, WMI_PORT_DELETE_CMDID, mid,

		      &cmd, sizeof(cmd),

		      WMI_PORT_DELETED_EVENTID, &reply,
@@ -3032,7 +3057,9 @@ int wmi_start_sched_scan(struct wil6210_priv *wil, 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_start_sched_scan_event evt;

	} __packed reply;

	} __packed reply = {

		.evt = {.result = WMI_PNO_REJECT},

	};



	if (!test_bit(WMI_FW_CAPABILITY_PNO, wil->fw_capabilities))

		return -ENOTSUPP;
@@ -3048,8 +3075,6 @@ int wmi_start_sched_scan(struct wil6210_priv *wil, 
	wmi_sched_scan_set_plans(wil, &cmd,

				 request->scan_plans, request->n_scan_plans);



	reply.evt.result = WMI_PNO_REJECT;



	rc = wmi_call(wil, WMI_START_SCHED_SCAN_CMDID, vif->mid,

		      &cmd, sizeof(cmd),

		      WMI_START_SCHED_SCAN_EVENTID, &reply, sizeof(reply),
@@ -3073,13 +3098,13 @@ int wmi_stop_sched_scan(struct wil6210_priv *wil) 
	struct {

		struct wmi_cmd_hdr wmi;

		struct wmi_stop_sched_scan_event evt;

	} __packed reply;

	} __packed reply = {

		.evt = {.result = WMI_PNO_REJECT},

	};



	if (!test_bit(WMI_FW_CAPABILITY_PNO, wil->fw_capabilities))

		return -ENOTSUPP;



	reply.evt.result = WMI_PNO_REJECT;



	rc = wmi_call(wil, WMI_STOP_SCHED_SCAN_CMDID, vif->mid, NULL, 0,

		      WMI_STOP_SCHED_SCAN_EVENTID, &reply, sizeof(reply),

		      WIL_WMI_CALL_GENERAL_TO_MS);