mwifiex: improvements in mwifiex_ret_tx_power_cfg()
authorAmitkumar Karwar <akarwar@marvell.com>
Tue, 22 Oct 2013 22:24:47 +0000 (15:24 -0700)
committerJohn W. Linville <linville@tuxdriver.com>
Thu, 5 Dec 2013 19:32:31 +0000 (14:32 -0500)
1) Move common code out of switch case handling
2) Return from the function if number of bytes left in response buffer
are less than tlv size
3) Pass pg_tlv_hdr directly instead of txp_cfg to mwifiex_get_power_level()

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/mwifiex/sta_cmdresp.c

index 2675ca7f8d146ca579a7a4bb4c1397f641a95ee0..551194605aa7ae1862c2df113b33a8701c8d5243 100644 (file)
@@ -338,8 +338,7 @@ static int mwifiex_get_power_level(struct mwifiex_private *priv, void *data_buf)
        if (!data_buf)
                return -1;
 
-       pg_tlv_hdr = (struct mwifiex_types_power_group *)
-               ((u8 *) data_buf + sizeof(struct host_cmd_ds_txpwr_cfg));
+       pg_tlv_hdr = (struct mwifiex_types_power_group *)((u8 *)data_buf);
        pg = (struct mwifiex_power_group *)
                ((u8 *) pg_tlv_hdr + sizeof(struct mwifiex_types_power_group));
        length = le16_to_cpu(pg_tlv_hdr->length);
@@ -383,19 +382,25 @@ static int mwifiex_ret_tx_power_cfg(struct mwifiex_private *priv,
        struct mwifiex_types_power_group *pg_tlv_hdr;
        struct mwifiex_power_group *pg;
        u16 action = le16_to_cpu(txp_cfg->action);
+       u16 tlv_buf_left;
 
-       switch (action) {
-       case HostCmd_ACT_GEN_GET:
-               pg_tlv_hdr = (struct mwifiex_types_power_group *)
-                       ((u8 *) txp_cfg +
-                        sizeof(struct host_cmd_ds_txpwr_cfg));
+       pg_tlv_hdr = (struct mwifiex_types_power_group *)
+               ((u8 *)txp_cfg +
+                sizeof(struct host_cmd_ds_txpwr_cfg));
 
-               pg = (struct mwifiex_power_group *)
-                       ((u8 *) pg_tlv_hdr +
-                        sizeof(struct mwifiex_types_power_group));
+       pg = (struct mwifiex_power_group *)
+               ((u8 *)pg_tlv_hdr +
+                sizeof(struct mwifiex_types_power_group));
 
+       tlv_buf_left = le16_to_cpu(resp->size) - S_DS_GEN - sizeof(*txp_cfg);
+       if (tlv_buf_left <
+                       le16_to_cpu(pg_tlv_hdr->length) + sizeof(*pg_tlv_hdr))
+               return 0;
+
+       switch (action) {
+       case HostCmd_ACT_GEN_GET:
                if (adapter->hw_status == MWIFIEX_HW_STATUS_INITIALIZING)
-                       mwifiex_get_power_level(priv, txp_cfg);
+                       mwifiex_get_power_level(priv, pg_tlv_hdr);
 
                priv->tx_power_level = (u16) pg->power_min;
                break;
@@ -404,14 +409,6 @@ static int mwifiex_ret_tx_power_cfg(struct mwifiex_private *priv,
                if (!le32_to_cpu(txp_cfg->mode))
                        break;
 
-               pg_tlv_hdr = (struct mwifiex_types_power_group *)
-                       ((u8 *) txp_cfg +
-                        sizeof(struct host_cmd_ds_txpwr_cfg));
-
-               pg = (struct mwifiex_power_group *)
-                       ((u8 *) pg_tlv_hdr +
-                        sizeof(struct mwifiex_types_power_group));
-
                if (pg->power_max == pg->power_min)
                        priv->tx_power_level = (u16) pg->power_min;
                break;