OMAPDSS: VENC: fix NULL pointer dereference in DSS2 VENC sysfs debug attr on OMAP4
[zen-stable.git] / drivers / net / wireless / mwifiex / sta_rx.c
blob5e1ef7e5da4f3f5b2679c47d012588e642be093f
1 /*
2 * Marvell Wireless LAN device driver: station RX data handling
4 * Copyright (C) 2011, Marvell International Ltd.
6 * This software file (the "File") is distributed by Marvell International
7 * Ltd. under the terms of the GNU General Public License Version 2, June 1991
8 * (the "License"). You may use, redistribute and/or modify this File in
9 * accordance with the terms and conditions of the License, a copy of which
10 * is available by writing to the Free Software Foundation, Inc.,
11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
14 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
16 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about
17 * this warranty disclaimer.
20 #include "decl.h"
21 #include "ioctl.h"
22 #include "util.h"
23 #include "fw.h"
24 #include "main.h"
25 #include "11n_aggr.h"
26 #include "11n_rxreorder.h"
29 * This function processes the received packet and forwards it
30 * to kernel/upper layer.
32 * This function parses through the received packet and determines
33 * if it is a debug packet or normal packet.
35 * For non-debug packets, the function chops off unnecessary leading
36 * header bytes, reconstructs the packet as an ethernet frame or
37 * 802.2/llc/snap frame as required, and sends it to kernel/upper layer.
39 * The completion callback is called after processing in complete.
41 int mwifiex_process_rx_packet(struct mwifiex_adapter *adapter,
42 struct sk_buff *skb)
44 int ret;
45 struct mwifiex_rxinfo *rx_info = MWIFIEX_SKB_RXCB(skb);
46 struct mwifiex_private *priv = adapter->priv[rx_info->bss_index];
47 struct rx_packet_hdr *rx_pkt_hdr;
48 struct rxpd *local_rx_pd;
49 int hdr_chop;
50 struct ethhdr *eth_hdr;
51 u8 rfc1042_eth_hdr[ETH_ALEN] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
53 local_rx_pd = (struct rxpd *) (skb->data);
55 rx_pkt_hdr = (struct rx_packet_hdr *) ((u8 *) local_rx_pd +
56 local_rx_pd->rx_pkt_offset);
58 if (!memcmp(&rx_pkt_hdr->rfc1042_hdr,
59 rfc1042_eth_hdr, sizeof(rfc1042_eth_hdr))) {
61 * Replace the 803 header and rfc1042 header (llc/snap) with an
62 * EthernetII header, keep the src/dst and snap_type
63 * (ethertype).
64 * The firmware only passes up SNAP frames converting
65 * all RX Data from 802.11 to 802.2/LLC/SNAP frames.
66 * To create the Ethernet II, just move the src, dst address
67 * right before the snap_type.
69 eth_hdr = (struct ethhdr *)
70 ((u8 *) &rx_pkt_hdr->eth803_hdr
71 + sizeof(rx_pkt_hdr->eth803_hdr) +
72 sizeof(rx_pkt_hdr->rfc1042_hdr)
73 - sizeof(rx_pkt_hdr->eth803_hdr.h_dest)
74 - sizeof(rx_pkt_hdr->eth803_hdr.h_source)
75 - sizeof(rx_pkt_hdr->rfc1042_hdr.snap_type));
77 memcpy(eth_hdr->h_source, rx_pkt_hdr->eth803_hdr.h_source,
78 sizeof(eth_hdr->h_source));
79 memcpy(eth_hdr->h_dest, rx_pkt_hdr->eth803_hdr.h_dest,
80 sizeof(eth_hdr->h_dest));
82 /* Chop off the rxpd + the excess memory from the 802.2/llc/snap
83 header that was removed. */
84 hdr_chop = (u8 *) eth_hdr - (u8 *) local_rx_pd;
85 } else {
86 /* Chop off the rxpd */
87 hdr_chop = (u8 *) &rx_pkt_hdr->eth803_hdr -
88 (u8 *) local_rx_pd;
91 /* Chop off the leading header bytes so the it points to the start of
92 either the reconstructed EthII frame or the 802.2/llc/snap frame */
93 skb_pull(skb, hdr_chop);
95 priv->rxpd_rate = local_rx_pd->rx_rate;
97 priv->rxpd_htinfo = local_rx_pd->ht_info;
99 ret = mwifiex_recv_packet(adapter, skb);
100 if (ret == -1)
101 dev_err(adapter->dev, "recv packet failed\n");
103 return ret;
107 * This function processes the received buffer.
109 * The function looks into the RxPD and performs sanity tests on the
110 * received buffer to ensure its a valid packet, before processing it
111 * further. If the packet is determined to be aggregated, it is
112 * de-aggregated accordingly. Non-unicast packets are sent directly to
113 * the kernel/upper layers. Unicast packets are handed over to the
114 * Rx reordering routine if 11n is enabled.
116 * The completion callback is called after processing in complete.
118 int mwifiex_process_sta_rx_packet(struct mwifiex_adapter *adapter,
119 struct sk_buff *skb)
121 int ret = 0;
122 struct rxpd *local_rx_pd;
123 struct mwifiex_rxinfo *rx_info = MWIFIEX_SKB_RXCB(skb);
124 struct rx_packet_hdr *rx_pkt_hdr;
125 u8 ta[ETH_ALEN];
126 u16 rx_pkt_type;
127 struct mwifiex_private *priv = adapter->priv[rx_info->bss_index];
129 if (!priv)
130 return -1;
132 local_rx_pd = (struct rxpd *) (skb->data);
133 rx_pkt_type = local_rx_pd->rx_pkt_type;
135 rx_pkt_hdr = (struct rx_packet_hdr *) ((u8 *) local_rx_pd +
136 local_rx_pd->rx_pkt_offset);
138 if ((local_rx_pd->rx_pkt_offset + local_rx_pd->rx_pkt_length) >
139 (u16) skb->len) {
140 dev_err(adapter->dev, "wrong rx packet: len=%d,"
141 " rx_pkt_offset=%d, rx_pkt_length=%d\n", skb->len,
142 local_rx_pd->rx_pkt_offset, local_rx_pd->rx_pkt_length);
143 priv->stats.rx_dropped++;
144 dev_kfree_skb_any(skb);
145 return ret;
148 if (local_rx_pd->rx_pkt_type == PKT_TYPE_AMSDU) {
149 struct sk_buff_head list;
150 struct sk_buff *rx_skb;
152 __skb_queue_head_init(&list);
154 skb_pull(skb, local_rx_pd->rx_pkt_offset);
155 skb_trim(skb, local_rx_pd->rx_pkt_length);
157 ieee80211_amsdu_to_8023s(skb, &list, priv->curr_addr,
158 priv->wdev->iftype, 0, false);
160 while (!skb_queue_empty(&list)) {
161 rx_skb = __skb_dequeue(&list);
162 ret = mwifiex_recv_packet(adapter, rx_skb);
163 if (ret == -1)
164 dev_err(adapter->dev, "Rx of A-MSDU failed");
166 return 0;
170 * If the packet is not an unicast packet then send the packet
171 * directly to os. Don't pass thru rx reordering
173 if (!IS_11N_ENABLED(priv) ||
174 memcmp(priv->curr_addr, rx_pkt_hdr->eth803_hdr.h_dest, ETH_ALEN)) {
175 mwifiex_process_rx_packet(adapter, skb);
176 return ret;
179 if (mwifiex_queuing_ra_based(priv)) {
180 memcpy(ta, rx_pkt_hdr->eth803_hdr.h_source, ETH_ALEN);
181 } else {
182 if (rx_pkt_type != PKT_TYPE_BAR)
183 priv->rx_seq[local_rx_pd->priority] =
184 local_rx_pd->seq_num;
185 memcpy(ta, priv->curr_bss_params.bss_descriptor.mac_address,
186 ETH_ALEN);
189 /* Reorder and send to OS */
190 ret = mwifiex_11n_rx_reorder_pkt(priv, local_rx_pd->seq_num,
191 local_rx_pd->priority, ta,
192 (u8) local_rx_pd->rx_pkt_type,
193 skb);
195 if (ret || (rx_pkt_type == PKT_TYPE_BAR))
196 dev_kfree_skb_any(skb);
198 if (ret)
199 priv->stats.rx_dropped++;
201 return ret;