search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix a kmap leak in virtio_console
[linux/fpc-iii.git] / drivers / net / wireless / mwifiex / ie.c
blob81ac001ee74187d325f7a7d166666f9ec3c497fa
1 /*
2 * Marvell Wireless LAN device driver: management IE handling- setting and
3 * deleting IE.
4 *
5 * Copyright (C) 2012, Marvell International Ltd.
6 *
7 * This software file (the "File") is distributed by Marvell International
8 * Ltd. under the terms of the GNU General Public License Version 2, June 1991
9 * (the "License"). You may use, redistribute and/or modify this File in
10 * accordance with the terms and conditions of the License, a copy of which
11 * is available by writing to the Free Software Foundation, Inc.,
12 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
13 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
14 *
15 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
17 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about
18 * this warranty disclaimer.
19 */
20
21 #include "main.h"
22
23 /* This function checks if current IE index is used by any on other interface.
24 * Return: -1: yes, current IE index is used by someone else.
25 * 0: no, current IE index is NOT used by other interface.
26 */
27 static int
28 mwifiex_ie_index_used_by_other_intf(struct mwifiex_private *priv, u16 idx)
29 {
30 int i;
31 struct mwifiex_adapter *adapter = priv->adapter;
32 struct mwifiex_ie *ie;
33
34 for (i = 0; i < adapter->priv_num; i++) {
35 if (adapter->priv[i] != priv) {
36 ie = &adapter->priv[i]->mgmt_ie[idx];
37 if (ie->mgmt_subtype_mask && ie->ie_length)
38 return -1;
39 }
40 }
41
42 return 0;
43 }
44
45 /* Get unused IE index. This index will be used for setting new IE */
46 static int
47 mwifiex_ie_get_autoidx(struct mwifiex_private *priv, u16 subtype_mask,
48 struct mwifiex_ie *ie, u16 *index)
49 {
50 u16 mask, len, i;
51
52 for (i = 0; i < priv->adapter->max_mgmt_ie_index; i++) {
53 mask = le16_to_cpu(priv->mgmt_ie[i].mgmt_subtype_mask);
54 len = le16_to_cpu(ie->ie_length);
55
56 if (mask == MWIFIEX_AUTO_IDX_MASK)
57 continue;
58
59 if (mask == subtype_mask) {
60 if (len > IEEE_MAX_IE_SIZE)
61 continue;
62
63 *index = i;
64 return 0;
65 }
66
67 if (!priv->mgmt_ie[i].ie_length) {
68 if (mwifiex_ie_index_used_by_other_intf(priv, i))
69 continue;
70
71 *index = i;
72 return 0;
73 }
74 }
75
76 return -1;
77 }
78
79 /* This function prepares IE data buffer for command to be sent to FW */
80 static int
81 mwifiex_update_autoindex_ies(struct mwifiex_private *priv,
82 struct mwifiex_ie_list *ie_list)
83 {
84 u16 travel_len, index, mask;
85 s16 input_len, tlv_len;
86 struct mwifiex_ie *ie;
87 u8 *tmp;
88
89 input_len = le16_to_cpu(ie_list->len);
90 travel_len = sizeof(struct mwifiex_ie_types_header);
91
92 ie_list->len = 0;
93
94 while (input_len >= sizeof(struct mwifiex_ie_types_header)) {
95 ie = (struct mwifiex_ie *)(((u8 *)ie_list) + travel_len);
96 tlv_len = le16_to_cpu(ie->ie_length);
97 travel_len += tlv_len + MWIFIEX_IE_HDR_SIZE;
98
99 if (input_len < tlv_len + MWIFIEX_IE_HDR_SIZE)
100 return -1;
101 index = le16_to_cpu(ie->ie_index);
102 mask = le16_to_cpu(ie->mgmt_subtype_mask);
103
104 if (index == MWIFIEX_AUTO_IDX_MASK) {
105 /* automatic addition */
106 if (mwifiex_ie_get_autoidx(priv, mask, ie, &index))
107 return -1;
108 if (index == MWIFIEX_AUTO_IDX_MASK)
109 return -1;
110
111 tmp = (u8 *)&priv->mgmt_ie[index].ie_buffer;
112 memcpy(tmp, &ie->ie_buffer, le16_to_cpu(ie->ie_length));
113 priv->mgmt_ie[index].ie_length = ie->ie_length;
114 priv->mgmt_ie[index].ie_index = cpu_to_le16(index);
115 priv->mgmt_ie[index].mgmt_subtype_mask =
116 cpu_to_le16(mask);
117
118 ie->ie_index = cpu_to_le16(index);
119 } else {
120 if (mask != MWIFIEX_DELETE_MASK)
121 return -1;
122 /*
123 * Check if this index is being used on any
124 * other interface.
125 */
126 if (mwifiex_ie_index_used_by_other_intf(priv, index))
127 return -1;
128
129 ie->ie_length = 0;
130 memcpy(&priv->mgmt_ie[index], ie,
131 sizeof(struct mwifiex_ie));
132 }
133
134 le16_add_cpu(&ie_list->len,
135 le16_to_cpu(priv->mgmt_ie[index].ie_length) +
136 MWIFIEX_IE_HDR_SIZE);
137 input_len -= tlv_len + MWIFIEX_IE_HDR_SIZE;
138 }
139
140 if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_UAP)
141 return mwifiex_send_cmd_async(priv, HostCmd_CMD_UAP_SYS_CONFIG,
142 HostCmd_ACT_GEN_SET,
143 UAP_CUSTOM_IE_I, ie_list);
144
145 return 0;
146 }
147
148 /* Copy individual custom IEs for beacon, probe response and assoc response
149 * and prepare single structure for IE setting.
150 * This function also updates allocated IE indices from driver.
151 */
152 static int
153 mwifiex_update_uap_custom_ie(struct mwifiex_private *priv,
154 struct mwifiex_ie *beacon_ie, u16 *beacon_idx,
155 struct mwifiex_ie *pr_ie, u16 *probe_idx,
156 struct mwifiex_ie *ar_ie, u16 *assoc_idx)
157 {
158 struct mwifiex_ie_list *ap_custom_ie;
159 u8 *pos;
160 u16 len;
161 int ret;
162
163 ap_custom_ie = kzalloc(sizeof(*ap_custom_ie), GFP_KERNEL);
164 if (!ap_custom_ie)
165 return -ENOMEM;
166
167 ap_custom_ie->type = cpu_to_le16(TLV_TYPE_MGMT_IE);
168 pos = (u8 *)ap_custom_ie->ie_list;
169
170 if (beacon_ie) {
171 len = sizeof(struct mwifiex_ie) - IEEE_MAX_IE_SIZE +
172 le16_to_cpu(beacon_ie->ie_length);
173 memcpy(pos, beacon_ie, len);
174 pos += len;
175 le16_add_cpu(&ap_custom_ie->len, len);
176 }
177 if (pr_ie) {
178 len = sizeof(struct mwifiex_ie) - IEEE_MAX_IE_SIZE +
179 le16_to_cpu(pr_ie->ie_length);
180 memcpy(pos, pr_ie, len);
181 pos += len;
182 le16_add_cpu(&ap_custom_ie->len, len);
183 }
184 if (ar_ie) {
185 len = sizeof(struct mwifiex_ie) - IEEE_MAX_IE_SIZE +
186 le16_to_cpu(ar_ie->ie_length);
187 memcpy(pos, ar_ie, len);
188 pos += len;
189 le16_add_cpu(&ap_custom_ie->len, len);
190 }
191
192 ret = mwifiex_update_autoindex_ies(priv, ap_custom_ie);
193
194 pos = (u8 *)(&ap_custom_ie->ie_list[0].ie_index);
195 if (beacon_ie && *beacon_idx == MWIFIEX_AUTO_IDX_MASK) {
196 /* save beacon ie index after auto-indexing */
197 *beacon_idx = le16_to_cpu(ap_custom_ie->ie_list[0].ie_index);
198 len = sizeof(*beacon_ie) - IEEE_MAX_IE_SIZE +
199 le16_to_cpu(beacon_ie->ie_length);
200 pos += len;
201 }
202 if (pr_ie && le16_to_cpu(pr_ie->ie_index) == MWIFIEX_AUTO_IDX_MASK) {
203 /* save probe resp ie index after auto-indexing */
204 *probe_idx = *((u16 *)pos);
205 len = sizeof(*pr_ie) - IEEE_MAX_IE_SIZE +
206 le16_to_cpu(pr_ie->ie_length);
207 pos += len;
208 }
209 if (ar_ie && le16_to_cpu(ar_ie->ie_index) == MWIFIEX_AUTO_IDX_MASK)
210 /* save assoc resp ie index after auto-indexing */
211 *assoc_idx = *((u16 *)pos);
212
213 kfree(ap_custom_ie);
214 return ret;
215 }
216
217 /* This function checks if the vendor specified IE is present in passed buffer
218 * and copies it to mwifiex_ie structure.
219 * Function takes pointer to struct mwifiex_ie pointer as argument.
220 * If the vendor specified IE is present then memory is allocated for
221 * mwifiex_ie pointer and filled in with IE. Caller should take care of freeing
222 * this memory.
223 */
224 static int mwifiex_update_vs_ie(const u8 *ies, int ies_len,
225 struct mwifiex_ie **ie_ptr, u16 mask,
226 unsigned int oui, u8 oui_type)
227 {
228 struct ieee_types_header *vs_ie;
229 struct mwifiex_ie *ie = *ie_ptr;
230 const u8 *vendor_ie;
231
232 vendor_ie = cfg80211_find_vendor_ie(oui, oui_type, ies, ies_len);
233 if (vendor_ie) {
234 if (!*ie_ptr) {
235 *ie_ptr = kzalloc(sizeof(struct mwifiex_ie),
236 GFP_KERNEL);
237 if (!*ie_ptr)
238 return -ENOMEM;
239 ie = *ie_ptr;
240 }
241
242 vs_ie = (struct ieee_types_header *)vendor_ie;
243 memcpy(ie->ie_buffer + le16_to_cpu(ie->ie_length),
244 vs_ie, vs_ie->len + 2);
245 le16_add_cpu(&ie->ie_length, vs_ie->len + 2);
246 ie->mgmt_subtype_mask = cpu_to_le16(mask);
247 ie->ie_index = cpu_to_le16(MWIFIEX_AUTO_IDX_MASK);
248 }
249
250 *ie_ptr = ie;
251 return 0;
252 }
253
254 /* This function parses beacon IEs, probe response IEs, association response IEs
255 * from cfg80211_ap_settings->beacon and sets these IE to FW.
256 */
257 static int mwifiex_set_mgmt_beacon_data_ies(struct mwifiex_private *priv,
258 struct cfg80211_beacon_data *data)
259 {
260 struct mwifiex_ie *beacon_ie = NULL, *pr_ie = NULL, *ar_ie = NULL;
261 u16 beacon_idx = MWIFIEX_AUTO_IDX_MASK, pr_idx = MWIFIEX_AUTO_IDX_MASK;
262 u16 ar_idx = MWIFIEX_AUTO_IDX_MASK;
263 int ret = 0;
264
265 if (data->beacon_ies && data->beacon_ies_len) {
266 mwifiex_update_vs_ie(data->beacon_ies, data->beacon_ies_len,
267 &beacon_ie, MGMT_MASK_BEACON,
268 WLAN_OUI_MICROSOFT,
269 WLAN_OUI_TYPE_MICROSOFT_WPS);
270 mwifiex_update_vs_ie(data->beacon_ies, data->beacon_ies_len,
271 &beacon_ie, MGMT_MASK_BEACON,
272 WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P);
273 }
274
275 if (data->proberesp_ies && data->proberesp_ies_len) {
276 mwifiex_update_vs_ie(data->proberesp_ies,
277 data->proberesp_ies_len, &pr_ie,
278 MGMT_MASK_PROBE_RESP, WLAN_OUI_MICROSOFT,
279 WLAN_OUI_TYPE_MICROSOFT_WPS);
280 mwifiex_update_vs_ie(data->proberesp_ies,
281 data->proberesp_ies_len, &pr_ie,
282 MGMT_MASK_PROBE_RESP,
283 WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P);
284 }
285
286 if (data->assocresp_ies && data->assocresp_ies_len) {
287 mwifiex_update_vs_ie(data->assocresp_ies,
288 data->assocresp_ies_len, &ar_ie,
289 MGMT_MASK_ASSOC_RESP |
290 MGMT_MASK_REASSOC_RESP,
291 WLAN_OUI_MICROSOFT,
292 WLAN_OUI_TYPE_MICROSOFT_WPS);
293 mwifiex_update_vs_ie(data->assocresp_ies,
294 data->assocresp_ies_len, &ar_ie,
295 MGMT_MASK_ASSOC_RESP |
296 MGMT_MASK_REASSOC_RESP, WLAN_OUI_WFA,
297 WLAN_OUI_TYPE_WFA_P2P);
298 }
299
300 if (beacon_ie || pr_ie || ar_ie) {
301 ret = mwifiex_update_uap_custom_ie(priv, beacon_ie,
302 &beacon_idx, pr_ie,
303 &pr_idx, ar_ie, &ar_idx);
304 if (ret)
305 goto done;
306 }
307
308 priv->beacon_idx = beacon_idx;
309 priv->proberesp_idx = pr_idx;
310 priv->assocresp_idx = ar_idx;
311
312 done:
313 kfree(beacon_ie);
314 kfree(pr_ie);
315 kfree(ar_ie);
316
317 return ret;
318 }
319
320 /* This function parses different IEs-tail IEs, beacon IEs, probe response IEs,
321 * association response IEs from cfg80211_ap_settings function and sets these IE
322 * to FW.
323 */
324 int mwifiex_set_mgmt_ies(struct mwifiex_private *priv,
325 struct cfg80211_beacon_data *info)
326 {
327 struct mwifiex_ie *gen_ie;
328 struct ieee_types_header *rsn_ie, *wpa_ie = NULL;
329 u16 rsn_idx = MWIFIEX_AUTO_IDX_MASK, ie_len = 0;
330 const u8 *vendor_ie;
331
332 if (info->tail && info->tail_len) {
333 gen_ie = kzalloc(sizeof(struct mwifiex_ie), GFP_KERNEL);
334 if (!gen_ie)
335 return -ENOMEM;
336 gen_ie->ie_index = cpu_to_le16(rsn_idx);
337 gen_ie->mgmt_subtype_mask = cpu_to_le16(MGMT_MASK_BEACON |
338 MGMT_MASK_PROBE_RESP |
339 MGMT_MASK_ASSOC_RESP);
340
341 rsn_ie = (void *)cfg80211_find_ie(WLAN_EID_RSN,
342 info->tail, info->tail_len);
343 if (rsn_ie) {
344 memcpy(gen_ie->ie_buffer, rsn_ie, rsn_ie->len + 2);
345 ie_len = rsn_ie->len + 2;
346 gen_ie->ie_length = cpu_to_le16(ie_len);
347 }
348
349 vendor_ie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
350 WLAN_OUI_TYPE_MICROSOFT_WPA,
351 info->tail,
352 info->tail_len);
353 if (vendor_ie) {
354 wpa_ie = (struct ieee_types_header *)vendor_ie;
355 memcpy(gen_ie->ie_buffer + ie_len,
356 wpa_ie, wpa_ie->len + 2);
357 ie_len += wpa_ie->len + 2;
358 gen_ie->ie_length = cpu_to_le16(ie_len);
359 }
360
361 if (rsn_ie || wpa_ie) {
362 if (mwifiex_update_uap_custom_ie(priv, gen_ie, &rsn_idx,
363 NULL, NULL,
364 NULL, NULL)) {
365 kfree(gen_ie);
366 return -1;
367 }
368 priv->rsn_idx = rsn_idx;
369 }
370
371 kfree(gen_ie);
372 }
373
374 return mwifiex_set_mgmt_beacon_data_ies(priv, info);
375 }
376
377 /* This function removes management IE set */
378 int mwifiex_del_mgmt_ies(struct mwifiex_private *priv)
379 {
380 struct mwifiex_ie *beacon_ie = NULL, *pr_ie = NULL;
381 struct mwifiex_ie *ar_ie = NULL, *rsn_ie = NULL;
382 int ret = 0;
383
384 if (priv->rsn_idx != MWIFIEX_AUTO_IDX_MASK) {
385 rsn_ie = kmalloc(sizeof(struct mwifiex_ie), GFP_KERNEL);
386 if (!rsn_ie)
387 return -ENOMEM;
388
389 rsn_ie->ie_index = cpu_to_le16(priv->rsn_idx);
390 rsn_ie->mgmt_subtype_mask = cpu_to_le16(MWIFIEX_DELETE_MASK);
391 rsn_ie->ie_length = 0;
392 if (mwifiex_update_uap_custom_ie(priv, rsn_ie, &priv->rsn_idx,
393 NULL, &priv->proberesp_idx,
394 NULL, &priv->assocresp_idx)) {
395 ret = -1;
396 goto done;
397 }
398
399 priv->rsn_idx = MWIFIEX_AUTO_IDX_MASK;
400 }
401
402 if (priv->beacon_idx != MWIFIEX_AUTO_IDX_MASK) {
403 beacon_ie = kmalloc(sizeof(struct mwifiex_ie), GFP_KERNEL);
404 if (!beacon_ie) {
405 ret = -ENOMEM;
406 goto done;
407 }
408 beacon_ie->ie_index = cpu_to_le16(priv->beacon_idx);
409 beacon_ie->mgmt_subtype_mask = cpu_to_le16(MWIFIEX_DELETE_MASK);
410 beacon_ie->ie_length = 0;
411 }
412 if (priv->proberesp_idx != MWIFIEX_AUTO_IDX_MASK) {
413 pr_ie = kmalloc(sizeof(struct mwifiex_ie), GFP_KERNEL);
414 if (!pr_ie) {
415 ret = -ENOMEM;
416 goto done;
417 }
418 pr_ie->ie_index = cpu_to_le16(priv->proberesp_idx);
419 pr_ie->mgmt_subtype_mask = cpu_to_le16(MWIFIEX_DELETE_MASK);
420 pr_ie->ie_length = 0;
421 }
422 if (priv->assocresp_idx != MWIFIEX_AUTO_IDX_MASK) {
423 ar_ie = kmalloc(sizeof(struct mwifiex_ie), GFP_KERNEL);
424 if (!ar_ie) {
425 ret = -ENOMEM;
426 goto done;
427 }
428 ar_ie->ie_index = cpu_to_le16(priv->assocresp_idx);
429 ar_ie->mgmt_subtype_mask = cpu_to_le16(MWIFIEX_DELETE_MASK);
430 ar_ie->ie_length = 0;
431 }
432
433 if (beacon_ie || pr_ie || ar_ie)
434 ret = mwifiex_update_uap_custom_ie(priv,
435 beacon_ie, &priv->beacon_idx,
436 pr_ie, &priv->proberesp_idx,
437 ar_ie, &priv->assocresp_idx);
438
439 done:
440 kfree(beacon_ie);
441 kfree(pr_ie);
442 kfree(ar_ie);
443 kfree(rsn_ie);
444
445 return ret;
446 }
Linux with added FPC-III support