OMAPDSS: VENC: fix NULL pointer dereference in DSS2 VENC sysfs debug attr on OMAP4
[zen-stable.git] / drivers / net / wireless / libertas / rx.c
blobc7366b07b568ab303985c651679b3bcdb409e051
1 /*
2 * This file contains the handling of RX in wlan driver.
3 */
5 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
7 #include <linux/etherdevice.h>
8 #include <linux/hardirq.h>
9 #include <linux/slab.h>
10 #include <linux/types.h>
11 #include <linux/export.h>
12 #include <net/cfg80211.h>
14 #include "defs.h"
15 #include "host.h"
16 #include "radiotap.h"
17 #include "decl.h"
18 #include "dev.h"
19 #include "mesh.h"
21 struct eth803hdr {
22 u8 dest_addr[6];
23 u8 src_addr[6];
24 u16 h803_len;
25 } __packed;
27 struct rfc1042hdr {
28 u8 llc_dsap;
29 u8 llc_ssap;
30 u8 llc_ctrl;
31 u8 snap_oui[3];
32 u16 snap_type;
33 } __packed;
35 struct rxpackethdr {
36 struct eth803hdr eth803_hdr;
37 struct rfc1042hdr rfc1042_hdr;
38 } __packed;
40 struct rx80211packethdr {
41 struct rxpd rx_pd;
42 void *eth80211_hdr;
43 } __packed;
45 static int process_rxed_802_11_packet(struct lbs_private *priv,
46 struct sk_buff *skb);
48 /**
49 * lbs_process_rxed_packet - processes received packet and forwards it
50 * to kernel/upper layer
52 * @priv: A pointer to &struct lbs_private
53 * @skb: A pointer to skb which includes the received packet
54 * returns: 0 or -1
56 int lbs_process_rxed_packet(struct lbs_private *priv, struct sk_buff *skb)
58 int ret = 0;
59 struct net_device *dev = priv->dev;
60 struct rxpackethdr *p_rx_pkt;
61 struct rxpd *p_rx_pd;
62 int hdrchop;
63 struct ethhdr *p_ethhdr;
64 static const u8 rfc1042_eth_hdr[] = {
65 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00
68 lbs_deb_enter(LBS_DEB_RX);
70 BUG_ON(!skb);
72 skb->ip_summed = CHECKSUM_NONE;
74 if (priv->wdev->iftype == NL80211_IFTYPE_MONITOR)
75 return process_rxed_802_11_packet(priv, skb);
77 p_rx_pd = (struct rxpd *) skb->data;
78 p_rx_pkt = (struct rxpackethdr *) ((u8 *)p_rx_pd +
79 le32_to_cpu(p_rx_pd->pkt_ptr));
81 dev = lbs_mesh_set_dev(priv, dev, p_rx_pd);
83 lbs_deb_hex(LBS_DEB_RX, "RX Data: Before chop rxpd", skb->data,
84 min_t(unsigned int, skb->len, 100));
86 if (skb->len < (ETH_HLEN + 8 + sizeof(struct rxpd))) {
87 lbs_deb_rx("rx err: frame received with bad length\n");
88 dev->stats.rx_length_errors++;
89 ret = 0;
90 dev_kfree_skb(skb);
91 goto done;
94 lbs_deb_rx("rx data: skb->len - pkt_ptr = %d-%zd = %zd\n",
95 skb->len, (size_t)le32_to_cpu(p_rx_pd->pkt_ptr),
96 skb->len - (size_t)le32_to_cpu(p_rx_pd->pkt_ptr));
98 lbs_deb_hex(LBS_DEB_RX, "RX Data: Dest", p_rx_pkt->eth803_hdr.dest_addr,
99 sizeof(p_rx_pkt->eth803_hdr.dest_addr));
100 lbs_deb_hex(LBS_DEB_RX, "RX Data: Src", p_rx_pkt->eth803_hdr.src_addr,
101 sizeof(p_rx_pkt->eth803_hdr.src_addr));
103 if (memcmp(&p_rx_pkt->rfc1042_hdr,
104 rfc1042_eth_hdr, sizeof(rfc1042_eth_hdr)) == 0) {
106 * Replace the 803 header and rfc1042 header (llc/snap) with an
107 * EthernetII header, keep the src/dst and snap_type (ethertype)
109 * The firmware only passes up SNAP frames converting
110 * all RX Data from 802.11 to 802.2/LLC/SNAP frames.
112 * To create the Ethernet II, just move the src, dst address right
113 * before the snap_type.
115 p_ethhdr = (struct ethhdr *)
116 ((u8 *) &p_rx_pkt->eth803_hdr
117 + sizeof(p_rx_pkt->eth803_hdr) + sizeof(p_rx_pkt->rfc1042_hdr)
118 - sizeof(p_rx_pkt->eth803_hdr.dest_addr)
119 - sizeof(p_rx_pkt->eth803_hdr.src_addr)
120 - sizeof(p_rx_pkt->rfc1042_hdr.snap_type));
122 memcpy(p_ethhdr->h_source, p_rx_pkt->eth803_hdr.src_addr,
123 sizeof(p_ethhdr->h_source));
124 memcpy(p_ethhdr->h_dest, p_rx_pkt->eth803_hdr.dest_addr,
125 sizeof(p_ethhdr->h_dest));
127 /* Chop off the rxpd + the excess memory from the 802.2/llc/snap header
128 * that was removed
130 hdrchop = (u8 *)p_ethhdr - (u8 *)p_rx_pd;
131 } else {
132 lbs_deb_hex(LBS_DEB_RX, "RX Data: LLC/SNAP",
133 (u8 *) &p_rx_pkt->rfc1042_hdr,
134 sizeof(p_rx_pkt->rfc1042_hdr));
136 /* Chop off the rxpd */
137 hdrchop = (u8 *)&p_rx_pkt->eth803_hdr - (u8 *)p_rx_pd;
140 /* Chop off the leading header bytes so the skb points to the start of
141 * either the reconstructed EthII frame or the 802.2/llc/snap frame
143 skb_pull(skb, hdrchop);
145 priv->cur_rate = lbs_fw_index_to_data_rate(p_rx_pd->rx_rate);
147 lbs_deb_rx("rx data: size of actual packet %d\n", skb->len);
148 dev->stats.rx_bytes += skb->len;
149 dev->stats.rx_packets++;
151 skb->protocol = eth_type_trans(skb, dev);
152 if (in_interrupt())
153 netif_rx(skb);
154 else
155 netif_rx_ni(skb);
157 ret = 0;
158 done:
159 lbs_deb_leave_args(LBS_DEB_RX, "ret %d", ret);
160 return ret;
162 EXPORT_SYMBOL_GPL(lbs_process_rxed_packet);
165 * convert_mv_rate_to_radiotap - converts Tx/Rx rates from Marvell WLAN format
166 * (see Table 2 in Section 3.1) to IEEE80211_RADIOTAP_RATE units (500 Kb/s)
168 * @rate: Input rate
169 * returns: Output Rate (0 if invalid)
171 static u8 convert_mv_rate_to_radiotap(u8 rate)
173 switch (rate) {
174 case 0: /* 1 Mbps */
175 return 2;
176 case 1: /* 2 Mbps */
177 return 4;
178 case 2: /* 5.5 Mbps */
179 return 11;
180 case 3: /* 11 Mbps */
181 return 22;
182 /* case 4: reserved */
183 case 5: /* 6 Mbps */
184 return 12;
185 case 6: /* 9 Mbps */
186 return 18;
187 case 7: /* 12 Mbps */
188 return 24;
189 case 8: /* 18 Mbps */
190 return 36;
191 case 9: /* 24 Mbps */
192 return 48;
193 case 10: /* 36 Mbps */
194 return 72;
195 case 11: /* 48 Mbps */
196 return 96;
197 case 12: /* 54 Mbps */
198 return 108;
200 pr_alert("Invalid Marvell WLAN rate %i\n", rate);
201 return 0;
205 * process_rxed_802_11_packet - processes a received 802.11 packet and forwards
206 * it to kernel/upper layer
208 * @priv: A pointer to &struct lbs_private
209 * @skb: A pointer to skb which includes the received packet
210 * returns: 0 or -1
212 static int process_rxed_802_11_packet(struct lbs_private *priv,
213 struct sk_buff *skb)
215 int ret = 0;
216 struct net_device *dev = priv->dev;
217 struct rx80211packethdr *p_rx_pkt;
218 struct rxpd *prxpd;
219 struct rx_radiotap_hdr radiotap_hdr;
220 struct rx_radiotap_hdr *pradiotap_hdr;
222 lbs_deb_enter(LBS_DEB_RX);
224 p_rx_pkt = (struct rx80211packethdr *) skb->data;
225 prxpd = &p_rx_pkt->rx_pd;
227 /* lbs_deb_hex(LBS_DEB_RX, "RX Data: Before chop rxpd", skb->data, min(skb->len, 100)); */
229 if (skb->len < (ETH_HLEN + 8 + sizeof(struct rxpd))) {
230 lbs_deb_rx("rx err: frame received with bad length\n");
231 dev->stats.rx_length_errors++;
232 ret = -EINVAL;
233 kfree_skb(skb);
234 goto done;
237 lbs_deb_rx("rx data: skb->len-sizeof(RxPd) = %d-%zd = %zd\n",
238 skb->len, sizeof(struct rxpd), skb->len - sizeof(struct rxpd));
240 /* create the exported radio header */
242 /* radiotap header */
243 memset(&radiotap_hdr, 0, sizeof(radiotap_hdr));
244 /* XXX must check radiotap_hdr.hdr.it_pad for pad */
245 radiotap_hdr.hdr.it_len = cpu_to_le16 (sizeof(struct rx_radiotap_hdr));
246 radiotap_hdr.hdr.it_present = cpu_to_le32 (RX_RADIOTAP_PRESENT);
247 radiotap_hdr.rate = convert_mv_rate_to_radiotap(prxpd->rx_rate);
248 /* XXX must check no carryout */
249 radiotap_hdr.antsignal = prxpd->snr + prxpd->nf;
251 /* chop the rxpd */
252 skb_pull(skb, sizeof(struct rxpd));
254 /* add space for the new radio header */
255 if ((skb_headroom(skb) < sizeof(struct rx_radiotap_hdr)) &&
256 pskb_expand_head(skb, sizeof(struct rx_radiotap_hdr), 0, GFP_ATOMIC)) {
257 netdev_alert(dev, "%s: couldn't pskb_expand_head\n", __func__);
258 ret = -ENOMEM;
259 kfree_skb(skb);
260 goto done;
263 pradiotap_hdr = (void *)skb_push(skb, sizeof(struct rx_radiotap_hdr));
264 memcpy(pradiotap_hdr, &radiotap_hdr, sizeof(struct rx_radiotap_hdr));
266 priv->cur_rate = lbs_fw_index_to_data_rate(prxpd->rx_rate);
268 lbs_deb_rx("rx data: size of actual packet %d\n", skb->len);
269 dev->stats.rx_bytes += skb->len;
270 dev->stats.rx_packets++;
272 skb->protocol = eth_type_trans(skb, priv->dev);
274 if (in_interrupt())
275 netif_rx(skb);
276 else
277 netif_rx_ni(skb);
279 ret = 0;
281 done:
282 lbs_deb_leave_args(LBS_DEB_RX, "ret %d", ret);
283 return ret;