qtnfmac: cleanup alignment in firmware communication protocol

Make sure that all elements in QLINK protocol message are aligned to
4 bytes. For this purpose add necessary amount of padding bytes to
each message. Besides, add padding for non-aligned variable length
fields, e.g. SSID, so that the first byte of the next variable length
element is aligned. to 4 bytes. Finally, introduce TLV parsing helpers
to reduce boilerplate TLV parsing code.

Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

diff --git a/drivers/net/wireless/quantenna/qtnfmac/commands.c b/drivers/net/wireless/quantenna/qtnfmac/commands.c
index a4be2aa199973549cb858e3db7c606ba331a8bc6..1271d38e4c7aedc2af40f1e5cd81dd10ba08a248 100644 (file)
--- a/drivers/net/wireless/quantenna/qtnfmac/commands.c
+++ b/drivers/net/wireless/quantenna/qtnfmac/commands.c
@@ -175,7 +175,8 @@ static void qtnf_cmd_tlv_ie_set_add(struct sk_buff *cmd_skb, u8 frame_type,
 {
        struct qlink_tlv_ie_set *tlv;
 
-       tlv = (struct qlink_tlv_ie_set *)skb_put(cmd_skb, sizeof(*tlv) + len);
+       tlv = (struct qlink_tlv_ie_set *)skb_put(cmd_skb, sizeof(*tlv) +
+                                                round_up(len, QLINK_ALIGN));
        tlv->hdr.type = cpu_to_le16(QTN_TLV_ID_IE_SET);
        tlv->hdr.len = cpu_to_le16(len + sizeof(*tlv) - sizeof(tlv->hdr));
        tlv->type = frame_type;
@@ -190,20 +191,24 @@ static bool qtnf_cmd_start_ap_can_fit(const struct qtnf_vif *vif,
 {
        unsigned int len = sizeof(struct qlink_cmd_start_ap);
 
-       len += s->ssid_len;
-       len += s->beacon.head_len;
-       len += s->beacon.tail_len;
-       len += s->beacon.beacon_ies_len;
-       len += s->beacon.proberesp_ies_len;
-       len += s->beacon.assocresp_ies_len;
-       len += s->beacon.probe_resp_len;
+       len += round_up(s->ssid_len, QLINK_ALIGN);
+       len += round_up(s->beacon.head_len, QLINK_ALIGN);
+       len += round_up(s->beacon.tail_len, QLINK_ALIGN);
+       len += round_up(s->beacon.beacon_ies_len, QLINK_ALIGN);
+       len += round_up(s->beacon.proberesp_ies_len, QLINK_ALIGN);
+       len += round_up(s->beacon.assocresp_ies_len, QLINK_ALIGN);
+       len += round_up(s->beacon.probe_resp_len, QLINK_ALIGN);
 
        if (cfg80211_chandef_valid(&s->chandef))
                len += sizeof(struct qlink_tlv_chandef);
 
-       if (s->acl)
+       if (s->acl) {
+               unsigned int acl_len = struct_size(s->acl, mac_addrs,
+                                                  s->acl->n_acl_entries);
+
                len += sizeof(struct qlink_tlv_hdr) +
-                      struct_size(s->acl, mac_addrs, s->acl->n_acl_entries);
+                       round_up(acl_len, QLINK_ALIGN);
+       }
 
        if (len > (sizeof(struct qlink_cmd) + QTNF_MAX_CMD_BUF_SIZE)) {
                pr_err("VIF%u.%u: can not fit AP settings: %u\n",
@@ -315,7 +320,8 @@ int qtnf_cmd_send_start_ap(struct qtnf_vif *vif,
 
        if (s->ht_cap) {
                struct qlink_tlv_hdr *tlv = (struct qlink_tlv_hdr *)
-                       skb_put(cmd_skb, sizeof(*tlv) + sizeof(*s->ht_cap));
+                       skb_put(cmd_skb, sizeof(*tlv) +
+                               round_up(sizeof(*s->ht_cap), QLINK_ALIGN));
 
                tlv->type = cpu_to_le16(WLAN_EID_HT_CAPABILITY);
                tlv->len = cpu_to_le16(sizeof(*s->ht_cap));
@@ -339,7 +345,8 @@ int qtnf_cmd_send_start_ap(struct qtnf_vif *vif,
                size_t acl_size = struct_size(s->acl, mac_addrs,
                                              s->acl->n_acl_entries);
                struct qlink_tlv_hdr *tlv =
-                       skb_put(cmd_skb, sizeof(*tlv) + acl_size);
+                       skb_put(cmd_skb,
+                               sizeof(*tlv) + round_up(acl_size, QLINK_ALIGN));
 
                tlv->type = cpu_to_le16(QTN_TLV_ID_ACL_DATA);
                tlv->len = cpu_to_le16(acl_size);
@@ -581,10 +588,10 @@ qtnf_sta_info_parse_flags(struct nl80211_sta_flag_update *dst,
 }
 
 static void
-qtnf_cmd_sta_info_parse(struct station_info *sinfo,
-                       const struct qlink_tlv_hdr *tlv,
+qtnf_cmd_sta_info_parse(struct station_info *sinfo, const u8 *data,
                        size_t resp_size)
 {
+       const struct qlink_tlv_hdr *tlv;
        const struct qlink_sta_stats *stats = NULL;
        const u8 *map = NULL;
        unsigned int map_len = 0;
@@ -595,7 +602,7 @@ qtnf_cmd_sta_info_parse(struct station_info *sinfo,
        (qtnf_utils_is_bit_set(map, bitn, map_len) && \
         (offsetofend(struct qlink_sta_stats, stat_name) <= stats_len))
 
-       while (resp_size >= sizeof(*tlv)) {
+       qlink_for_each_tlv(tlv, data, resp_size) {
                tlv_len = le16_to_cpu(tlv->len);
 
                switch (le16_to_cpu(tlv->type)) {
@@ -610,9 +617,11 @@ qtnf_cmd_sta_info_parse(struct station_info *sinfo,
                default:
                        break;
                }
+       }
 
-               resp_size -= tlv_len + sizeof(*tlv);
-               tlv = (const struct qlink_tlv_hdr *)(tlv->val + tlv_len);
+       if (!qlink_tlv_parsing_ok(tlv, data, resp_size)) {
+               pr_err("Malformed TLV buffer\n");
+               return;
        }
 
        if (!map || !stats)
@@ -736,9 +745,7 @@ int qtnf_cmd_get_sta_info(struct qtnf_vif *vif, const u8 *sta_mac,
                goto out;
        }
 
-       qtnf_cmd_sta_info_parse(sinfo,
-                               (const struct qlink_tlv_hdr *)resp->info,
-                               var_resp_len);
+       qtnf_cmd_sta_info_parse(sinfo, resp->info, var_resp_len);
 
 out:
        qtnf_bus_unlock(vif->mac->bus);
@@ -907,18 +914,10 @@ qtnf_cmd_resp_proc_hw_info(struct qtnf_bus *bus,
        plat_id = le32_to_cpu(resp->plat_id);
        hw_ver = le32_to_cpu(resp->hw_ver);
 
-       tlv = (const struct qlink_tlv_hdr *)resp->info;
-
-       while (info_len >= sizeof(*tlv)) {
+       qlink_for_each_tlv(tlv, resp->info, info_len) {
                tlv_type = le16_to_cpu(tlv->type);
                tlv_len = le16_to_cpu(tlv->len);
 
-               if (tlv_len + sizeof(*tlv) > info_len) {
-                       pr_warn("malformed TLV 0x%.2X; LEN: %u\n",
-                               tlv_type, tlv_len);
-                       return -EINVAL;
-               }
-
                switch (tlv_type) {
                case QTN_TLV_ID_BUILD_NAME:
                        bld_name = (const void *)tlv->val;
@@ -948,9 +947,11 @@ qtnf_cmd_resp_proc_hw_info(struct qtnf_bus *bus,
                default:
                        break;
                }
+       }
 
-               info_len -= tlv_len + sizeof(*tlv);
-               tlv = (struct qlink_tlv_hdr *)(tlv->val + tlv_len);
+       if (!qlink_tlv_parsing_ok(tlv, resp->info, info_len)) {
+               pr_err("Malformed TLV buffer\n");
+               return -EINVAL;
        }
 
        pr_info("\nBuild name:            %s\n"
@@ -1019,7 +1020,6 @@ qtnf_parse_variable_mac_info(struct qtnf_wmac *mac,
                             const struct qlink_resp_get_mac_info *resp,
                             size_t tlv_buf_size)
 {
-       const u8 *tlv_buf = resp->var_info;
        struct ieee80211_iface_combination *comb = mac->macinfo.if_comb;
        size_t n_comb = 0;
        struct ieee80211_iface_limit *limits;
@@ -1029,7 +1029,6 @@ qtnf_parse_variable_mac_info(struct qtnf_wmac *mac,
        u16 rec_len;
        u16 tlv_type;
        u16 tlv_value_len;
-       size_t tlv_full_len;
        const struct qlink_tlv_hdr *tlv;
        u8 *ext_capa = NULL;
        u8 *ext_capa_mask = NULL;
@@ -1068,16 +1067,9 @@ qtnf_parse_variable_mac_info(struct qtnf_wmac *mac,
                break;
        }
 
-       tlv = (const struct qlink_tlv_hdr *)tlv_buf;
-       while (tlv_buf_size >= sizeof(struct qlink_tlv_hdr)) {
+       qlink_for_each_tlv(tlv, resp->var_info, tlv_buf_size) {
                tlv_type = le16_to_cpu(tlv->type);
                tlv_value_len = le16_to_cpu(tlv->len);
-               tlv_full_len = tlv_value_len + sizeof(struct qlink_tlv_hdr);
-               if (tlv_full_len > tlv_buf_size) {
-                       pr_warn("MAC%u: malformed TLV 0x%.2X; LEN: %u\n",
-                               mac->macid, tlv_type, tlv_value_len);
-                       return -EINVAL;
-               }
 
                switch (tlv_type) {
                case QTN_TLV_ID_IFACE_LIMIT:
@@ -1183,14 +1175,10 @@ qtnf_parse_variable_mac_info(struct qtnf_wmac *mac,
                                mac->macid, tlv_type);
                        break;
                }
-
-               tlv_buf_size -= tlv_full_len;
-               tlv = (struct qlink_tlv_hdr *)(tlv->val + tlv_value_len);
        }
 
-       if (tlv_buf_size) {
-               pr_warn("MAC%u: malformed TLV buf; bytes left: %zu\n",
-                       mac->macid, tlv_buf_size);
+       if (!qlink_tlv_parsing_ok(tlv, resp->var_info, tlv_buf_size)) {
+               pr_err("Malformed TLV buffer\n");
                return -EINVAL;
        }
 
@@ -1383,7 +1371,6 @@ qtnf_cmd_resp_fill_band_info(struct ieee80211_supported_band *band,
                             size_t payload_len)
 {
        u16 tlv_type;
-       size_t tlv_len;
        size_t tlv_dlen;
        const struct qlink_tlv_hdr *tlv;
        const struct qlink_channel *qchan;
@@ -1418,24 +1405,15 @@ qtnf_cmd_resp_fill_band_info(struct ieee80211_supported_band *band,
                return -ENOMEM;
        }
 
-       tlv = (struct qlink_tlv_hdr *)resp->info;
-
-       while (payload_len >= sizeof(*tlv)) {
+       qlink_for_each_tlv(tlv, resp->info, payload_len) {
                tlv_type = le16_to_cpu(tlv->type);
                tlv_dlen = le16_to_cpu(tlv->len);
-               tlv_len = tlv_dlen + sizeof(*tlv);
-
-               if (tlv_len > payload_len) {
-                       pr_warn("malformed TLV 0x%.2X; LEN: %zu\n",
-                               tlv_type, tlv_len);
-                       goto error_ret;
-               }
 
                switch (tlv_type) {
                case QTN_TLV_ID_CHANNEL:
                        if (unlikely(tlv_dlen != sizeof(*qchan))) {
                                pr_err("invalid channel TLV len %zu\n",
-                                      tlv_len);
+                                      tlv_dlen);
                                goto error_ret;
                        }
 
@@ -1538,13 +1516,10 @@ qtnf_cmd_resp_fill_band_info(struct ieee80211_supported_band *band,
                        pr_warn("unknown TLV type: %#x\n", tlv_type);
                        break;
                }
-
-               payload_len -= tlv_len;
-               tlv = (struct qlink_tlv_hdr *)(tlv->val + tlv_dlen);
        }
 
-       if (payload_len) {
-               pr_err("malformed TLV buf; bytes left: %zu\n", payload_len);
+       if (!qlink_tlv_parsing_ok(tlv, resp->info, payload_len)) {
+               pr_err("Malformed TLV buffer\n");
                goto error_ret;
        }
 
@@ -1689,16 +1664,16 @@ int qtnf_cmd_send_update_phy_params(struct qtnf_wmac *mac, u32 changed)
                qtnf_cmd_skb_put_tlv_u32(cmd_skb, QTN_TLV_ID_RTS_THRESH,
                                         wiphy->rts_threshold);
        if (changed & WIPHY_PARAM_COVERAGE_CLASS)
-               qtnf_cmd_skb_put_tlv_u8(cmd_skb, QTN_TLV_ID_COVERAGE_CLASS,
-                                       wiphy->coverage_class);
+               qtnf_cmd_skb_put_tlv_u32(cmd_skb, QTN_TLV_ID_COVERAGE_CLASS,
+                                        wiphy->coverage_class);
 
        if (changed & WIPHY_PARAM_RETRY_LONG)
-               qtnf_cmd_skb_put_tlv_u8(cmd_skb, QTN_TLV_ID_LRETRY_LIMIT,
-                                       wiphy->retry_long);
+               qtnf_cmd_skb_put_tlv_u32(cmd_skb, QTN_TLV_ID_LRETRY_LIMIT,
+                                        wiphy->retry_long);
 
        if (changed & WIPHY_PARAM_RETRY_SHORT)
-               qtnf_cmd_skb_put_tlv_u8(cmd_skb, QTN_TLV_ID_SRETRY_LIMIT,
-                                       wiphy->retry_short);
+               qtnf_cmd_skb_put_tlv_u32(cmd_skb, QTN_TLV_ID_SRETRY_LIMIT,
+                                        wiphy->retry_short);
 
        ret = qtnf_cmd_send(mac->bus, cmd_skb);
        if (ret)
@@ -2054,13 +2029,13 @@ static void qtnf_cmd_scan_set_dwell(struct qtnf_wmac *mac,
                 scan_req->duration_mandatory ? "mandatory" : "max",
                 dwell_active, dwell_passive, duration);
 
-       qtnf_cmd_skb_put_tlv_u16(cmd_skb,
+       qtnf_cmd_skb_put_tlv_u32(cmd_skb,
                                 QTN_TLV_ID_SCAN_DWELL_ACTIVE,
                                 dwell_active);
-       qtnf_cmd_skb_put_tlv_u16(cmd_skb,
+       qtnf_cmd_skb_put_tlv_u32(cmd_skb,
                                 QTN_TLV_ID_SCAN_DWELL_PASSIVE,
                                 dwell_passive);
-       qtnf_cmd_skb_put_tlv_u16(cmd_skb,
+       qtnf_cmd_skb_put_tlv_u32(cmd_skb,
                                 QTN_TLV_ID_SCAN_SAMPLE_DURATION,
                                 duration);
 }
@@ -2416,25 +2391,15 @@ qtnf_cmd_resp_proc_chan_stat_info(struct survey_info *survey,
 {
        const struct qlink_chan_stats *stats = NULL;
        const struct qlink_tlv_hdr *tlv;
-       size_t tlv_full_len;
        u16 tlv_value_len;
        u16 tlv_type;
        const u8 *map = NULL;
        unsigned int map_len = 0;
        unsigned int stats_len = 0;
 
-       tlv = (struct qlink_tlv_hdr *)payload;
-
-       while (payload_len >= sizeof(*tlv)) {
+       qlink_for_each_tlv(tlv, payload, payload_len) {
                tlv_type = le16_to_cpu(tlv->type);
                tlv_value_len = le16_to_cpu(tlv->len);
-               tlv_full_len = tlv_value_len + sizeof(*tlv);
-
-               if (tlv_full_len > payload_len) {
-                       pr_warn("malformed TLV 0x%.2X; LEN: %u\n",
-                               tlv_type, tlv_value_len);
-                       return -ENOSPC;
-               }
 
                switch (tlv_type) {
                case QTN_TLV_ID_BITMAP:
@@ -2449,13 +2414,10 @@ qtnf_cmd_resp_proc_chan_stat_info(struct survey_info *survey,
                        pr_info("Unknown TLV type: %#x\n", tlv_type);
                        break;
                }
-
-               payload_len -= tlv_full_len;
-               tlv = (struct qlink_tlv_hdr *)(tlv->val + tlv_value_len);
        }
 
-       if (payload_len) {
-               pr_warn("malformed TLV buf; bytes left: %zu\n", payload_len);
+       if (!qlink_tlv_parsing_ok(tlv, payload, payload_len)) {
+               pr_err("Malformed TLV buffer\n");
                return -EINVAL;
        }
 
@@ -2657,7 +2619,7 @@ int qtnf_cmd_set_mac_acl(const struct qtnf_vif *vif,
        if (!cmd_skb)
                return -ENOMEM;
 
-       tlv = skb_put(cmd_skb, sizeof(*tlv) + acl_size);
+       tlv = skb_put(cmd_skb, sizeof(*tlv) + round_up(acl_size, QLINK_ALIGN));
        tlv->type = cpu_to_le16(QTN_TLV_ID_ACL_DATA);
        tlv->len = cpu_to_le16(acl_size);
        qlink_acl_data_cfg2q(params, (struct qlink_acl_data *)tlv->val);

diff --git a/drivers/net/wireless/quantenna/qtnfmac/event.c b/drivers/net/wireless/quantenna/qtnfmac/event.c
index 51af93bdf06e88ee34c2364cbea886f159959036..9d3849488fc7027631556567bea120577a23cd77 100644 (file)
--- a/drivers/net/wireless/quantenna/qtnfmac/event.c
+++ b/drivers/net/wireless/quantenna/qtnfmac/event.c
@@ -25,7 +25,6 @@ qtnf_event_handle_sta_assoc(struct qtnf_wmac *mac, struct qtnf_vif *vif,
        size_t payload_len;
        u16 tlv_type;
        u16 tlv_value_len;
-       size_t tlv_full_len;
        const struct qlink_tlv_hdr *tlv;
        int ret = 0;
 
@@ -58,23 +57,17 @@ qtnf_event_handle_sta_assoc(struct qtnf_wmac *mac, struct qtnf_vif *vif,
        sinfo->generation = vif->generation;
 
        payload_len = len - sizeof(*sta_assoc);
-       tlv = (const struct qlink_tlv_hdr *)sta_assoc->ies;
 
-       while (payload_len >= sizeof(*tlv)) {
+       qlink_for_each_tlv(tlv, sta_assoc->ies, payload_len) {
                tlv_type = le16_to_cpu(tlv->type);
                tlv_value_len = le16_to_cpu(tlv->len);
-               tlv_full_len = tlv_value_len + sizeof(struct qlink_tlv_hdr);
-
-               if (tlv_full_len > payload_len) {
-                       ret = -EINVAL;
-                       goto out;
-               }
 
                if (tlv_type == QTN_TLV_ID_IE_SET) {
                        const struct qlink_tlv_ie_set *ie_set;
                        unsigned int ie_len;
 
-                       if (payload_len < sizeof(*ie_set)) {
+                       if (tlv_value_len <
+                           (sizeof(*ie_set) - sizeof(ie_set->hdr))) {
                                ret = -EINVAL;
                                goto out;
                        }
@@ -88,12 +81,10 @@ qtnf_event_handle_sta_assoc(struct qtnf_wmac *mac, struct qtnf_vif *vif,
                                sinfo->assoc_req_ies_len = ie_len;
                        }
                }
-
-               payload_len -= tlv_full_len;
-               tlv = (struct qlink_tlv_hdr *)(tlv->val + tlv_value_len);
        }
 
-       if (payload_len) {
+       if (!qlink_tlv_parsing_ok(tlv, sta_assoc->ies, payload_len)) {
+               pr_err("Malformed TLV buffer\n");
                ret = -EINVAL;
                goto out;
        }
@@ -153,7 +144,6 @@ qtnf_event_handle_bss_join(struct qtnf_vif *vif,
        size_t payload_len;
        u16 tlv_type;
        u16 tlv_value_len;
-       size_t tlv_full_len;
        const struct qlink_tlv_hdr *tlv;
        const u8 *rsp_ies = NULL;
        size_t rsp_ies_len = 0;
@@ -235,24 +225,17 @@ qtnf_event_handle_bss_join(struct qtnf_vif *vif,
        }
 
        payload_len = len - sizeof(*join_info);
-       tlv = (struct qlink_tlv_hdr *)join_info->ies;
 
-       while (payload_len >= sizeof(struct qlink_tlv_hdr)) {
+       qlink_for_each_tlv(tlv, join_info->ies, payload_len) {
                tlv_type = le16_to_cpu(tlv->type);
                tlv_value_len = le16_to_cpu(tlv->len);
-               tlv_full_len = tlv_value_len + sizeof(struct qlink_tlv_hdr);
-
-               if (payload_len < tlv_full_len) {
-                       pr_warn("invalid %u TLV\n", tlv_type);
-                       status = WLAN_STATUS_UNSPECIFIED_FAILURE;
-                       goto done;
-               }
 
                if (tlv_type == QTN_TLV_ID_IE_SET) {
                        const struct qlink_tlv_ie_set *ie_set;
                        unsigned int ie_len;
 
-                       if (payload_len < sizeof(*ie_set)) {
+                       if (tlv_value_len <
+                           (sizeof(*ie_set) - sizeof(ie_set->hdr))) {
                                pr_warn("invalid IE_SET TLV\n");
                                status = WLAN_STATUS_UNSPECIFIED_FAILURE;
                                goto done;
@@ -275,15 +258,10 @@ qtnf_event_handle_bss_join(struct qtnf_vif *vif,
                                break;
                        }
                }
-
-               payload_len -= tlv_full_len;
-               tlv = (struct qlink_tlv_hdr *)(tlv->val + tlv_value_len);
        }
 
-       if (payload_len)
-               pr_warn("VIF%u.%u: unexpected remaining payload: %zu\n",
-                       vif->mac->macid, vif->vifid, payload_len);
-
+       if (!qlink_tlv_parsing_ok(tlv, join_info->ies, payload_len))
+               pr_warn("Malformed TLV buffer\n");
 done:
        cfg80211_connect_result(vif->netdev, join_info->bssid, NULL, 0, rsp_ies,
                                rsp_ies_len, status, GFP_KERNEL);
@@ -368,7 +346,6 @@ qtnf_event_handle_scan_results(struct qtnf_vif *vif,
        size_t payload_len;
        u16 tlv_type;
        u16 tlv_value_len;
-       size_t tlv_full_len;
        const struct qlink_tlv_hdr *tlv;
        const u8 *ies = NULL;
        size_t ies_len = 0;
@@ -387,21 +364,17 @@ qtnf_event_handle_scan_results(struct qtnf_vif *vif,
        }
 
        payload_len = len - sizeof(*sr);
-       tlv = (struct qlink_tlv_hdr *)sr->payload;
 
-       while (payload_len >= sizeof(struct qlink_tlv_hdr)) {
+       qlink_for_each_tlv(tlv, sr->payload, payload_len) {
                tlv_type = le16_to_cpu(tlv->type);
                tlv_value_len = le16_to_cpu(tlv->len);
-               tlv_full_len = tlv_value_len + sizeof(struct qlink_tlv_hdr);
-
-               if (tlv_full_len > payload_len)
-                       return -EINVAL;
 
                if (tlv_type == QTN_TLV_ID_IE_SET) {
                        const struct qlink_tlv_ie_set *ie_set;
                        unsigned int ie_len;
 
-                       if (payload_len < sizeof(*ie_set))
+                       if (tlv_value_len <
+                           (sizeof(*ie_set) - sizeof(ie_set->hdr)))
                                return -EINVAL;
 
                        ie_set = (const struct qlink_tlv_ie_set *)tlv;
@@ -424,12 +397,9 @@ qtnf_event_handle_scan_results(struct qtnf_vif *vif,
                                ies_len = ie_len;
                        }
                }
-
-               payload_len -= tlv_full_len;
-               tlv = (struct qlink_tlv_hdr *)(tlv->val + tlv_value_len);
        }
 
-       if (payload_len)
+       if (!qlink_tlv_parsing_ok(tlv, sr->payload, payload_len))
                return -EINVAL;
 
        bss = cfg80211_inform_bss(wiphy, channel, frame_type,

diff --git a/drivers/net/wireless/quantenna/qtnfmac/qlink.h b/drivers/net/wireless/quantenna/qtnfmac/qlink.h
index 16acb10386ad9740b142454064a6339308c928ac..3577482c507654628d072cfb558064ccb58a99c1 100644 (file)
--- a/drivers/net/wireless/quantenna/qtnfmac/qlink.h
+++ b/drivers/net/wireless/quantenna/qtnfmac/qlink.h
@@ -19,6 +19,8 @@
 #define QLINK_PROTO_VER                \
        QLINK_VER(QLINK_PROTO_VER_MAJOR, QLINK_PROTO_VER_MINOR)
 
+#define QLINK_ALIGN    4
+
 #define QLINK_MACID_RSVD               0xFF
 #define QLINK_VIFID_RSVD               0xFF
 
@@ -184,7 +186,7 @@ struct qlink_chandef {
        __le16 center_freq1;
        __le16 center_freq2;
        u8 width;
-       u8 rsvd;
+       u8 rsvd[3];
 } __packed;
 
 #define QLINK_MAX_NR_CIPHER_SUITES            5
@@ -340,9 +342,9 @@ struct qlink_cmd {
        struct qlink_msg_header mhdr;
        __le16 cmd_id;
        __le16 seq_num;
-       u8 rsvd[2];
        u8 macid;
        u8 vifid;
+       u8 rsvd[2];
 } __packed;
 
 /**
@@ -404,6 +406,7 @@ struct qlink_cmd_mgmt_frame_register {
        struct qlink_cmd chdr;
        __le16 frame_type;
        u8 do_register;
+       u8 rsvd[1];
 } __packed;
 
 /**
@@ -441,6 +444,7 @@ struct qlink_cmd_frame_tx {
 struct qlink_cmd_get_sta_info {
        struct qlink_cmd chdr;
        u8 sta_addr[ETH_ALEN];
+       u8 rsvd[2];
 } __packed;
 
 /**
@@ -460,6 +464,7 @@ struct qlink_cmd_add_key {
        u8 addr[ETH_ALEN];
        __le32 cipher;
        __le16 vlanid;
+       u8 rsvd[2];
        u8 key_data[0];
 } __packed;
 
@@ -489,6 +494,7 @@ struct qlink_cmd_set_def_key {
        u8 key_index;
        u8 unicast;
        u8 multicast;
+       u8 rsvd[1];
 } __packed;
 
 /**
@@ -499,6 +505,7 @@ struct qlink_cmd_set_def_key {
 struct qlink_cmd_set_def_mgmt_key {
        struct qlink_cmd chdr;
        u8 key_index;
+       u8 rsvd[3];
 } __packed;
 
 /**
@@ -515,6 +522,7 @@ struct qlink_cmd_change_sta {
        __le16 if_type;
        __le16 vlanid;
        u8 sta_addr[ETH_ALEN];
+       u8 rsvd[2];
 } __packed;
 
 /**
@@ -525,8 +533,9 @@ struct qlink_cmd_change_sta {
 struct qlink_cmd_del_sta {
        struct qlink_cmd chdr;
        __le16 reason_code;
-       u8 subtype;
        u8 sta_addr[ETH_ALEN];
+       u8 subtype;
+       u8 rsvd[3];
 } __packed;
 
 enum qlink_sta_connect_flags {
@@ -593,6 +602,7 @@ struct qlink_cmd_external_auth {
 struct qlink_cmd_disconnect {
        struct qlink_cmd chdr;
        __le16 reason;
+       u8 rsvd[2];
 } __packed;
 
 /**
@@ -604,6 +614,7 @@ struct qlink_cmd_disconnect {
 struct qlink_cmd_updown {
        struct qlink_cmd chdr;
        u8 if_up;
+       u8 rsvd[3];
 } __packed;
 
 /**
@@ -627,6 +638,7 @@ enum qlink_band {
 struct qlink_cmd_band_info_get {
        struct qlink_cmd chdr;
        u8 band;
+       u8 rsvd[3];
 } __packed;
 
 /**
@@ -702,6 +714,7 @@ struct qlink_cmd_chan_switch {
        u8 radar_required;
        u8 block_tx;
        u8 beacon_count;
+       u8 rsvd[3];
 } __packed;
 
 /**
@@ -805,6 +818,7 @@ struct qlink_cmd_pm_set {
        struct qlink_cmd chdr;
        __le32 pm_standby_timer;
        u8 pm_mode;
+       u8 rsvd[3];
 } __packed;
 
 /**
@@ -1225,6 +1239,7 @@ struct qlink_event_bss_join {
 struct qlink_event_bss_leave {
        struct qlink_event ehdr;
        __le16 reason;
+       u8 rsvd[2];
 } __packed;
 
 /**
@@ -1341,10 +1356,10 @@ struct qlink_event_radar {
  */
 struct qlink_event_external_auth {
        struct qlink_event ehdr;
+       __le32 akm_suite;
        u8 ssid[IEEE80211_MAX_SSID_LEN];
-       u8 ssid_len;
        u8 bssid[ETH_ALEN];
-       __le32 akm_suite;
+       u8 ssid_len;
        u8 action;
 } __packed;
 
@@ -1560,6 +1575,7 @@ struct qlink_tlv_ie_set {
        struct qlink_tlv_hdr hdr;
        u8 type;
        u8 flags;
+       u8 rsvd[2];
        u8 ie_data[0];
 } __packed;
 
@@ -1572,6 +1588,7 @@ struct qlink_tlv_ie_set {
 struct qlink_tlv_ext_ie {
        struct qlink_tlv_hdr hdr;
        u8 eid_ext;
+       u8 rsvd[3];
        u8 ie_data[0];
 } __packed;
 

diff --git a/drivers/net/wireless/quantenna/qtnfmac/qlink_util.h b/drivers/net/wireless/quantenna/qtnfmac/qlink_util.h
index f873beed2ae75b34539d50a1ef190c03dcb4c160..9164b750396c0fd9014fd9217eab6820019b4253 100644 (file)
--- a/drivers/net/wireless/quantenna/qtnfmac/qlink_util.h
+++ b/drivers/net/wireless/quantenna/qtnfmac/qlink_util.h
@@ -20,8 +20,9 @@ static inline void qtnf_cmd_skb_put_tlv_arr(struct sk_buff *skb,
                                            u16 tlv_id, const u8 arr[],
                                            size_t arr_len)
 {
-       struct qlink_tlv_hdr *hdr = skb_put(skb, sizeof(*hdr) + arr_len);
+       struct qlink_tlv_hdr *hdr;
 
+       hdr = skb_put(skb, sizeof(*hdr) + round_up(arr_len, QLINK_ALIGN));
        hdr->type = cpu_to_le16(tlv_id);
        hdr->len = cpu_to_le16(arr_len);
        memcpy(hdr->val, arr, arr_len);
@@ -35,27 +36,6 @@ static inline void qtnf_cmd_skb_put_tlv_tag(struct sk_buff *skb, u16 tlv_id)
        hdr->len = cpu_to_le16(0);
 }
 
-static inline void qtnf_cmd_skb_put_tlv_u8(struct sk_buff *skb, u16 tlv_id,
-                                          u8 value)
-{
-       struct qlink_tlv_hdr *hdr = skb_put(skb, sizeof(*hdr) + sizeof(value));
-
-       hdr->type = cpu_to_le16(tlv_id);
-       hdr->len = cpu_to_le16(sizeof(value));
-       *hdr->val = value;
-}
-
-static inline void qtnf_cmd_skb_put_tlv_u16(struct sk_buff *skb,
-                                           u16 tlv_id, u16 value)
-{
-       struct qlink_tlv_hdr *hdr = skb_put(skb, sizeof(*hdr) + sizeof(value));
-       __le16 tmp = cpu_to_le16(value);
-
-       hdr->type = cpu_to_le16(tlv_id);
-       hdr->len = cpu_to_le16(sizeof(value));
-       memcpy(hdr->val, &tmp, sizeof(tmp));
-}
-
 static inline void qtnf_cmd_skb_put_tlv_u32(struct sk_buff *skb,
                                            u16 tlv_id, u32 value)
 {
@@ -85,4 +65,17 @@ u32 qlink_utils_chflags_cfg2q(u32 cfgflags);
 void qlink_utils_regrule_q2nl(struct ieee80211_reg_rule *rule,
                              const struct qlink_tlv_reg_rule *tlv_rule);
 
+#define qlink_for_each_tlv(_tlv, _start, _datalen)                     \
+       for (_tlv = (const struct qlink_tlv_hdr *)(_start);             \
+            (const u8 *)(_start) + (_datalen) - (const u8 *)_tlv >=    \
+               (int)sizeof(*_tlv) &&                                   \
+            (const u8 *)(_start) + (_datalen) - (const u8 *)_tlv >=    \
+               (int)sizeof(*_tlv) + le16_to_cpu(_tlv->len);            \
+            _tlv = (const struct qlink_tlv_hdr *)(_tlv->val +          \
+               round_up(le16_to_cpu(_tlv->len), QLINK_ALIGN)))
+
+#define qlink_tlv_parsing_ok(_tlv_last, _start, _datalen)      \
+       ((const u8 *)(_tlv_last) == \
+               (const u8 *)(_start) + round_up(_datalen, QLINK_ALIGN))
+
 #endif /* _QTN_FMAC_QLINK_UTIL_H_ */