[PATCH 2/2] staging: rtl8188eu: Fix private WEXT IOCTL calls

From: ishraq . i . ashraf
Date: Fri Nov 24 2017 - 19:53:18 EST

Next message: Finn Thain: "Re: [PATCH v2 13/13] nubus: Add support for the driver model"
Previous message: Thomas Gleixner: "Re: [PATCH 22/43] x86/mm/kaiser: Prepare assembly for entry/exit CR3 switching"
Next in thread: Dan Carpenter: "Re: [PATCH 2/2] staging: rtl8188eu: Fix private WEXT IOCTL calls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ishraq Ibne Ashraf <ishraq.i.ashraf@xxxxxxxxx>

Apply changes suggested by Dan Carpenter
---
drivers/staging/rtl8188eu/os_dep/ioctl_linux.c | 1052 ++++++++++++------------
1 file changed, 536 insertions(+), 516 deletions(-)

diff --git a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
index 7503751..e871344 100644
--- a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
+++ b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
@@ -3062,25 +3062,16 @@ static iw_handler rtw_handlers[] = {
};

static int get_private_handler_ieee_param(struct adapter *padapter,
- union iwreq_data *wrqu,
- void *param)
+ union iwreq_data *wrqu,
+ void *param)
{
/*
* This function is expected to be called in master mode, which allows no
* power saving. So we just check hw_init_completed.
*/
-
if (!padapter->hw_init_completed)
return -EPERM;

- if (!wrqu->data.pointer)
- return -EINVAL;
-
- /*
- * Since we don't allocate memory for param in this function, we assume
- * the caller of this function will properly allocate and deallocate memory
- * for param.
- */
if (copy_from_user(param, wrqu->data.pointer, wrqu->data.length))
return -EFAULT;

@@ -3088,305 +3079,310 @@ static int get_private_handler_ieee_param(struct adapter *padapter,
}

static int rtw_hostapd_sta_flush_pvt(struct net_device *dev,
- struct iw_request_info *info,
- union iwreq_data *wrqu,
- char *extra)
+ struct iw_request_info *info,
+ union iwreq_data *wrqu,
+ char *extra)
{
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
-
- DBG_88E("%s\n", __func__);
-
- flush_all_cam_entry(padapter); // Clear CAM.
-
+ flush_all_cam_entry(padapter); /* Clear CAM. */
return rtw_sta_flush(padapter);
}

static int rtw_add_sta_pvt(struct net_device *dev,
- struct iw_request_info *info,
- union iwreq_data *wrqu,
- char *extra)
+ struct iw_request_info *info,
+ union iwreq_data *wrqu,
+ char *extra)
{
- int ret = 0;
- struct sta_info *psta = NULL;
- struct ieee_param *param = NULL;
+ int ret;
+ int flags;
+ struct sta_info *psta;
+ struct ieee_param *param;
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
- struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
struct sta_priv *pstapriv = &padapter->stapriv;
+ struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);

- param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
-
- if (!param) {
- DBG_88E(" rtw_add_sta: ieee_param allocate fail !!!\n");
-
+ param = (struct ieee_param *)kmalloc(wrqu->data.length, GFP_KERNEL);
+ if (!param)
return -ENOMEM;
- }

ret = get_private_handler_ieee_param(padapter, wrqu, param);
+ if (ret)
+ goto err_free_param;

- if (ret != 0) {
- kfree(param);
- DBG_88E(" rtw_add_sta: ieee_param get fail !!!\n");
+ DBG_88E("rtw_add_sta(aid =%d) =%pM\n",
+ param->u.add_sta.aid,
+ (param->sta_addr));

- return ret;
+ if (!check_fwstate(pmlmepriv, (_FW_LINKED|WIFI_AP_STATE))) {
+ ret = -EINVAL;
+ goto err_free_param;
}

- DBG_88E("rtw_add_sta(aid =%d) =%pM\n", param->u.add_sta.aid, (param->sta_addr));
-
- if (!check_fwstate(pmlmepriv, (_FW_LINKED|WIFI_AP_STATE)))
- return -EINVAL;
-
if (param->sta_addr[0] == 0xff && param->sta_addr[1] == 0xff &&
param->sta_addr[2] == 0xff && param->sta_addr[3] == 0xff &&
- param->sta_addr[4] == 0xff && param->sta_addr[5] == 0xff)
- return -EINVAL;
+ param->sta_addr[4] == 0xff && param->sta_addr[5] == 0xff) {
+ ret = -EINVAL;
+ goto err_free_param;
+ }

psta = rtw_get_stainfo(pstapriv, param->sta_addr);
- if (psta) {
- int flags = param->u.add_sta.flags;
- psta->aid = param->u.add_sta.aid; // aid = 1~2007.
-
- memcpy(psta->bssrateset, param->u.add_sta.tx_supp_rates, 16);
+ if (!psta) {
+ ret = -ENOMEM;
+ goto err_free_param;
+ }

- // Check WMM cap.
- if (WLAN_STA_WME&flags)
- psta->qos_option = 1;
- else
- psta->qos_option = 0;
+ flags = param->u.add_sta.flags;
+ psta->aid = param->u.add_sta.aid; /* aid = 1~2007. */

- if (pmlmepriv->qospriv.qos_option == 0)
- psta->qos_option = 0;
+ memcpy(psta->bssrateset, param->u.add_sta.tx_supp_rates, 16);

- // Check 802.11n HT cap.
- if (WLAN_STA_HT&flags) {
- psta->htpriv.ht_option = true;
- psta->qos_option = 1;
- memcpy(&psta->htpriv.ht_cap,
- &param->u.add_sta.ht_cap,
- sizeof(struct ieee80211_ht_cap));
- } else {
- psta->htpriv.ht_option = false;
- }
+ /* Check WMM cap. */
+ if (WLAN_STA_WME&flags)
+ psta->qos_option = 1;
+ else
+ psta->qos_option = 0;

- if (pmlmepriv->htpriv.ht_option == false)
- psta->htpriv.ht_option = false;
+ if (pmlmepriv->qospriv.qos_option == 0)
+ psta->qos_option = 0;

- update_sta_info_apmode(padapter, psta);
+ /* Check 802.11n HT cap. */
+ if (WLAN_STA_HT&flags) {
+ psta->htpriv.ht_option = true;
+ psta->qos_option = 1;
+ memcpy(&psta->htpriv.ht_cap,
+ &param->u.add_sta.ht_cap,
+ sizeof(struct ieee80211_ht_cap));
} else {
- ret = -ENOMEM;
+ psta->htpriv.ht_option = false;
}

- if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+ if (pmlmepriv->htpriv.ht_option == false)
+ psta->htpriv.ht_option = false;
+
+ update_sta_info_apmode(padapter, psta);
+
+ ret = 0;
+
+ if (copy_to_user(wrqu->data.pointer, param, wrqu->data.length))
ret = -EFAULT;

- return ret;
+ err_free_param:
+ kfree(param);
+ return ret;
}

static int rtw_del_sta_pvt(struct net_device *dev,
- struct iw_request_info *info,
- union iwreq_data *wrqu,
- char *extra)
+ struct iw_request_info *info,
+ union iwreq_data *wrqu,
+ char *extra)
{
- int ret = 0;
- struct sta_info *psta = NULL;
- struct ieee_param *param = NULL;
+ int ret;
+ int updated;
+ struct sta_info *psta;
+ struct ieee_param *param;
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
- struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
struct sta_priv *pstapriv = &padapter->stapriv;
- int updated = 0;
-
- param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
-
- if (!param) {
- DBG_88E(" rtw_del_sta: ieee_param allocate fail !!!\n");
+ struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);

+ param = (struct ieee_param *)kmalloc(wrqu->data.length, GFP_KERNEL);
+ if (!param)
return -ENOMEM;
- }

ret = get_private_handler_ieee_param(padapter, wrqu, param);
-
- if (ret != 0) {
- kfree(param);
- DBG_88E(" rtw_del_sta: ieee_param get fail !!!\n");
-
- return ret;
- }
+ if (ret)
+ goto err_free_param;

DBG_88E("rtw_del_sta =%pM\n", (param->sta_addr));

- if (check_fwstate(pmlmepriv, (_FW_LINKED|WIFI_AP_STATE)) != true)
- return -EINVAL;
+ if (check_fwstate(pmlmepriv, (_FW_LINKED|WIFI_AP_STATE)) != true) {
+ ret = -EINVAL;
+ goto err_free_param;
+ }

if (param->sta_addr[0] == 0xff && param->sta_addr[1] == 0xff &&
param->sta_addr[2] == 0xff && param->sta_addr[3] == 0xff &&
- param->sta_addr[4] == 0xff && param->sta_addr[5] == 0xff)
- return -EINVAL;
+ param->sta_addr[4] == 0xff && param->sta_addr[5] == 0xff) {
+ ret = -EINVAL;
+ goto err_free_param;
+ }

psta = rtw_get_stainfo(pstapriv, param->sta_addr);
- if (psta) {
- spin_lock_bh(&pstapriv->asoc_list_lock);
- if (!list_empty(&psta->asoc_list)) {
- list_del_init(&psta->asoc_list);
- pstapriv->asoc_list_cnt--;
- updated = ap_free_sta(padapter, psta, true, WLAN_REASON_DEAUTH_LEAVING);
- }
- spin_unlock_bh(&pstapriv->asoc_list_lock);
- associated_clients_update(padapter, updated);
- psta = NULL;
- } else {
+ if (!psta) {
DBG_88E("rtw_del_sta(), sta has already been removed or never been added\n");
+ ret = -ENOMEM;
+ goto err_free_param;
+ }
+
+ spin_lock_bh(&pstapriv->asoc_list_lock);
+
+ updated = 0;
+
+ if (!list_empty(&psta->asoc_list)) {
+ list_del_init(&psta->asoc_list);
+ pstapriv->asoc_list_cnt--;
+ updated = ap_free_sta(padapter, psta, true, WLAN_REASON_DEAUTH_LEAVING);
}

- if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+ spin_unlock_bh(&pstapriv->asoc_list_lock);
+ associated_clients_update(padapter, updated);
+
+ ret = 0;
+
+ if (copy_to_user(wrqu->data.pointer, param, wrqu->data.length))
ret = -EFAULT;

- return ret;
+ err_free_param:
+ kfree(param);
+ return ret;
}

static int rtw_set_beacon_pvt(struct net_device *dev,
- struct iw_request_info *info,
- union iwreq_data *wrqu,
- char *extra)
+ struct iw_request_info *info,
+ union iwreq_data *wrqu,
+ char *extra)
{
- int ret = 0;
- int len = 0;
- unsigned char *pbuf = NULL;
- struct ieee_param *param = NULL;
+ int ret;
+ int len;
+ unsigned char *pbuf;
+ struct ieee_param *param;
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
- struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
struct sta_priv *pstapriv = &padapter->stapriv;
+ struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);

- param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
-
- if (!param) {
- DBG_88E(" rtw_set_beacon: ieee_param allocate fail !!!\n");
-
+ param = (struct ieee_param *)kmalloc(wrqu->data.length, GFP_KERNEL);
+ if (!param)
return -ENOMEM;
- }

ret = get_private_handler_ieee_param(padapter, wrqu, param);
-
- if (ret != 0) {
- kfree(param);
- DBG_88E(" rtw_set_beacon: ieee_param get fail !!!\n");
-
- return ret;
- }
+ if (ret)
+ goto err_free_param;

len = wrqu->data.length;
pbuf = param->u.bcn_ie.buf;

DBG_88E("%s, len =%d\n", __func__, len);

- if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true)
- return -EINVAL;
+ if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true) {
+ ret = -EINVAL;
+ goto err_free_param;
+ }

memcpy(&pstapriv->max_num_sta, param->u.bcn_ie.reserved, 2);

if ((pstapriv->max_num_sta > NUM_STA) || (pstapriv->max_num_sta <= 0))
pstapriv->max_num_sta = NUM_STA;

- if (rtw_check_beacon_data(padapter, pbuf, (len-12-2)) == _SUCCESS) // 12 = Param header, 2 = Not packed.
- ret = 0;
- else
+ if (rtw_check_beacon_data(padapter, pbuf, (len-12-2)) != _SUCCESS) { /* 12 = Param header, 2 = Not packed. */
ret = -EINVAL;
+ goto err_free_param;
+ }

- if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+ ret = 0;
+
+ if (copy_to_user(wrqu->data.pointer, param, wrqu->data.length))
ret = -EFAULT;

- return ret;
+ err_free_param:
+ kfree(param);
+ return ret;
}

static int rtw_set_encryption_pvt(struct net_device *dev,
- struct iw_request_info *info,
- union iwreq_data *wrqu,
- char *extra)
+ struct iw_request_info *info,
+ union iwreq_data *wrqu,
+ char *extra)
{
- int ret = 0;
- int param_len = 0;
- struct ieee_param *param = NULL;
- u32 wep_key_idx, wep_key_len, wep_total_len;
- struct ndis_802_11_wep *pwep = NULL;
- struct sta_info *psta = NULL, *pbcmc_sta = NULL;
+ int ret;
+ int param_len;
+ u32 wep_key_idx;
+ u32 wep_key_len;
+ u32 wep_total_len;
+ struct sta_info *psta;
+ struct ieee_param *param;
+ struct sta_info *pbcmc_sta;
+ struct ndis_802_11_wep *pwep;
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
- struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
- struct security_priv *psecuritypriv = &(padapter->securitypriv);
struct sta_priv *pstapriv = &padapter->stapriv;
+ struct mlme_priv *pmlmepriv = &padapter->mlmepriv;
+ struct security_priv *psecuritypriv = &(padapter->securitypriv);

- param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
-
- if (!param) {
- ret = -ENOMEM;
- DBG_88E(" r871x_set_encryption: ieee_param allocate fail !!!\n");
-
- goto exit;
- }
+ param = (struct ieee_param *)kmalloc(wrqu->data.length, GFP_KERNEL);
+ if (!param)
+ return -ENOMEM;

ret = get_private_handler_ieee_param(padapter, wrqu, param);
-
- if (ret != 0) {
- kfree(param);
- DBG_88E(" r871x_set_encryption: ieee_param get fail !!!\n");
-
- goto exit;
- }
+ if (ret)
+ goto err_free_param;

param_len = wrqu->data.length;
-
- DBG_88E("%s\n", __func__);
param->u.crypt.err = 0;
param->u.crypt.alg[IEEE_CRYPT_ALG_NAME_LEN - 1] = '\0';
+
if (param_len != sizeof(struct ieee_param) + param->u.crypt.key_len) {
ret = -EINVAL;
- goto exit;
+ goto err_free_param;
}
+
+ psta = NULL;
+
if (param->sta_addr[0] == 0xff && param->sta_addr[1] == 0xff &&
param->sta_addr[2] == 0xff && param->sta_addr[3] == 0xff &&
param->sta_addr[4] == 0xff && param->sta_addr[5] == 0xff) {
if (param->u.crypt.idx >= WEP_KEYS) {
ret = -EINVAL;
- goto exit;
+ goto err_free_param;
}
} else {
psta = rtw_get_stainfo(pstapriv, param->sta_addr);
if (!psta) {
DBG_88E("rtw_set_encryption(), sta has already been removed or never been added\n");
- goto exit;
+ ret = -ENOMEM;
+ goto err_free_param;
}
}

if (strcmp(param->u.crypt.alg, "none") == 0 && (!psta)) {
- // TODO: Clear default encryption keys.
-
- DBG_88E("clear default encryption keys, keyid =%d\n", param->u.crypt.idx);
- goto exit;
+ /* TODO: Clear default encryption keys. */
+ DBG_88E("clear default encryption keys, keyid =%d\n",
+ param->u.crypt.idx);
+ ret = -EINVAL;
+ goto err_free_param;
}
+
+ pwep = NULL;
+
if (strcmp(param->u.crypt.alg, "WEP") == 0 && (!psta)) {
DBG_88E("r871x_set_encryption, crypt.alg = WEP\n");
+
wep_key_idx = param->u.crypt.idx;
wep_key_len = param->u.crypt.key_len;
- DBG_88E("r871x_set_encryption, wep_key_idx=%d, len=%d\n", wep_key_idx, wep_key_len);
+
+ DBG_88E("r871x_set_encryption, wep_key_idx=%d, len=%d\n",
+ wep_key_idx,
+ wep_key_len);
+
if ((wep_key_idx >= WEP_KEYS) || (wep_key_len <= 0)) {
ret = -EINVAL;
- goto exit;
+ goto err_free_param;
}

if (wep_key_len > 0) {
wep_key_len = wep_key_len <= 5 ? 5 : 13;
wep_total_len = wep_key_len + offsetof(struct ndis_802_11_wep, KeyMaterial);
- pwep = (struct ndis_802_11_wep *)rtw_malloc(wep_total_len);
+
+ pwep = (struct ndis_802_11_wep *)kmalloc(wep_total_len, GFP_KERNEL);
if (!pwep) {
DBG_88E(" r871x_set_encryption: pwep allocate fail !!!\n");
- goto exit;
+ ret = -ENOMEM;
+ goto err_free_param;
}

memset(pwep, 0, wep_total_len);
-
pwep->KeyLength = wep_key_len;
pwep->Length = wep_total_len;
}

pwep->KeyIndex = wep_key_idx;
-
memcpy(pwep->KeyMaterial, param->u.crypt.key, pwep->KeyLength);

if (param->u.crypt.set_tx) {
@@ -3402,13 +3398,10 @@ static int rtw_set_encryption_pvt(struct net_device *dev,
}

psecuritypriv->dot11PrivacyKeyIndex = wep_key_idx;
-
memcpy(&(psecuritypriv->dot11DefKey[wep_key_idx].skey[0]),
pwep->KeyMaterial,
pwep->KeyLength);
-
psecuritypriv->dot11DefKeylen[wep_key_idx] = pwep->KeyLength;
-
set_wep_key(padapter, pwep->KeyMaterial, pwep->KeyLength, wep_key_idx);
} else {
DBG_88E("wep, set_tx = 0\n");
@@ -3422,16 +3415,19 @@ static int rtw_set_encryption_pvt(struct net_device *dev,
memcpy(&(psecuritypriv->dot11DefKey[wep_key_idx].skey[0]),
pwep->KeyMaterial,
pwep->KeyLength);
-
psecuritypriv->dot11DefKeylen[wep_key_idx] = pwep->KeyLength;
-
set_wep_key(padapter, pwep->KeyMaterial, pwep->KeyLength, wep_key_idx);
}

- goto exit;
+ ret = 0;
+
+ if (pwep)
+ goto err_free_pwep_param;
+ else
+ goto err_free_param;
}

- if (!psta && check_fwstate(pmlmepriv, WIFI_AP_STATE)) { // Group key.
+ if (!psta && check_fwstate(pmlmepriv, WIFI_AP_STATE)) { /* Group key. */
if (param->u.crypt.set_tx == 1) {
if (strcmp(param->u.crypt.alg, "WEP") == 0) {
DBG_88E("%s, set group_key, WEP\n", __func__);
@@ -3440,69 +3436,80 @@ static int rtw_set_encryption_pvt(struct net_device *dev,
param->u.crypt.key,
min_t(u16, param->u.crypt.key_len,
16));
-
psecuritypriv->dot118021XGrpPrivacy = _WEP40_;
+
if (param->u.crypt.key_len == 13)
- psecuritypriv->dot118021XGrpPrivacy = _WEP104_;
+ psecuritypriv->dot118021XGrpPrivacy = _WEP104_;
} else if (strcmp(param->u.crypt.alg, "TKIP") == 0) {
DBG_88E("%s, set group_key, TKIP\n", __func__);
+
psecuritypriv->dot118021XGrpPrivacy = _TKIP_;
memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey,
param->u.crypt.key,
min_t(u16, param->u.crypt.key_len,
16));
- // Set mic key.
+ /* Set mic key. */
memcpy(psecuritypriv->dot118021XGrptxmickey[param->u.crypt.idx].skey,
&(param->u.crypt.key[16]),
8);
memcpy(psecuritypriv->dot118021XGrprxmickey[param->u.crypt.idx].skey,
&(param->u.crypt.key[24]),
8);
-
psecuritypriv->busetkipkey = true;
} else if (strcmp(param->u.crypt.alg, "CCMP") == 0) {
DBG_88E("%s, set group_key, CCMP\n", __func__);
+
psecuritypriv->dot118021XGrpPrivacy = _AES_;
memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey,
param->u.crypt.key,
min_t(u16, param->u.crypt.key_len, 16));
} else {
DBG_88E("%s, set group_key, none\n", __func__);
+
psecuritypriv->dot118021XGrpPrivacy = _NO_PRIVACY_;
}
+
psecuritypriv->dot118021XGrpKeyid = param->u.crypt.idx;
psecuritypriv->binstallGrpkey = true;
psecuritypriv->dot11PrivacyAlgrthm = psecuritypriv->dot118021XGrpPrivacy;
set_group_key(padapter, param->u.crypt.key, psecuritypriv->dot118021XGrpPrivacy, param->u.crypt.idx);
+
pbcmc_sta = rtw_get_bcmc_stainfo(padapter);
if (pbcmc_sta) {
pbcmc_sta->ieee8021x_blocked = false;
- pbcmc_sta->dot118021XPrivacy = psecuritypriv->dot118021XGrpPrivacy; // rx will use bmc_sta's dot118021XPrivacy.
+ pbcmc_sta->dot118021XPrivacy = psecuritypriv->dot118021XGrpPrivacy; /* rx will use bmc_sta's dot118021XPrivacy. */
}
}
- goto exit;
+
+ ret = 0;
+
+ if (pwep)
+ goto err_free_pwep_param;
+ else
+ goto err_free_param;
}

- if (psecuritypriv->dot11AuthAlgrthm == dot11AuthAlgrthm_8021X && psta) { // psk/802_1x.
+ if (psecuritypriv->dot11AuthAlgrthm == dot11AuthAlgrthm_8021X && psta) { /* psk/802_1x. */
if (check_fwstate(pmlmepriv, WIFI_AP_STATE)) {
if (param->u.crypt.set_tx == 1) {
- memcpy(psta->dot118021x_UncstKey.skey, param->u.crypt.key, min_t(u16, param->u.crypt.key_len, 16));
+ memcpy(psta->dot118021x_UncstKey.skey,
+ param->u.crypt.key,
+ min_t(u16, param->u.crypt.key_len, 16));

if (strcmp(param->u.crypt.alg, "WEP") == 0) {
DBG_88E("%s, set pairwise key, WEP\n", __func__);

psta->dot118021XPrivacy = _WEP40_;
+
if (param->u.crypt.key_len == 13)
psta->dot118021XPrivacy = _WEP104_;
} else if (strcmp(param->u.crypt.alg, "TKIP") == 0) {
DBG_88E("%s, set pairwise key, TKIP\n", __func__);

psta->dot118021XPrivacy = _TKIP_;
-
- // Set mic key.
+ /* Set mic key. */
memcpy(psta->dot11tkiptxmickey.skey, &(param->u.crypt.key[16]), 8);
memcpy(psta->dot11tkiprxmickey.skey, &(param->u.crypt.key[24]), 8);
-
psecuritypriv->busetkipkey = true;
} else if (strcmp(param->u.crypt.alg, "CCMP") == 0) {
DBG_88E("%s, set pairwise key, CCMP\n", __func__);
@@ -3517,31 +3524,28 @@ static int rtw_set_encryption_pvt(struct net_device *dev,
set_pairwise_key(padapter, psta);

psta->ieee8021x_blocked = false;
- } else { // Group key ?
+ } else { /* Group key ? */
if (strcmp(param->u.crypt.alg, "WEP") == 0) {
memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey,
param->u.crypt.key,
min_t(u16, param->u.crypt.key_len, 16));
psecuritypriv->dot118021XGrpPrivacy = _WEP40_;
+
if (param->u.crypt.key_len == 13)
psecuritypriv->dot118021XGrpPrivacy = _WEP104_;
} else if (strcmp(param->u.crypt.alg, "TKIP") == 0) {
psecuritypriv->dot118021XGrpPrivacy = _TKIP_;
-
memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey,
param->u.crypt.key,
min_t(u16, param->u.crypt.key_len, 16));
-
- // Set mic key.
+ /* Set mic key. */
memcpy(psecuritypriv->dot118021XGrptxmickey[param->u.crypt.idx].skey,
&(param->u.crypt.key[16]), 8);
memcpy(psecuritypriv->dot118021XGrprxmickey[param->u.crypt.idx].skey,
&(param->u.crypt.key[24]), 8);
-
psecuritypriv->busetkipkey = true;
} else if (strcmp(param->u.crypt.alg, "CCMP") == 0) {
psecuritypriv->dot118021XGrpPrivacy = _AES_;
-
memcpy(psecuritypriv->dot118021XGrpKey[param->u.crypt.idx].skey,
param->u.crypt.key,
min_t(u16, param->u.crypt.key_len, 16));
@@ -3552,553 +3556,569 @@ static int rtw_set_encryption_pvt(struct net_device *dev,
psecuritypriv->dot118021XGrpKeyid = param->u.crypt.idx;
psecuritypriv->binstallGrpkey = true;
psecuritypriv->dot11PrivacyAlgrthm = psecuritypriv->dot118021XGrpPrivacy;
-
set_group_key(padapter,
- param->u.crypt.key,
- psecuritypriv->dot118021XGrpPrivacy,
- param->u.crypt.idx);
+ param->u.crypt.key,
+ psecuritypriv->dot118021XGrpPrivacy,
+ param->u.crypt.idx);

pbcmc_sta = rtw_get_bcmc_stainfo(padapter);
if (pbcmc_sta) {
pbcmc_sta->ieee8021x_blocked = false;
- pbcmc_sta->dot118021XPrivacy = psecuritypriv->dot118021XGrpPrivacy; // rx will use bmc_sta's dot118021XPrivacy.
+ pbcmc_sta->dot118021XPrivacy = psecuritypriv->dot118021XGrpPrivacy; /* rx will use bmc_sta's dot118021XPrivacy. */
}
}
}
}

-exit:
-
- kfree(pwep);
+ ret = 0;

- if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+ if (copy_to_user(wrqu->data.pointer, param, wrqu->data.length))
ret = -EFAULT;

- return ret;
+ if (pwep)
+ goto err_free_pwep_param;
+
+ err_free_param:
+ kfree(param);
+ return ret;
+
+ err_free_pwep_param:
+ kfree(pwep);
+ kfree(param);
+ return ret;
}

static int rtw_get_sta_wpaie_pvt(struct net_device *dev,
- struct iw_request_info *info,
- union iwreq_data *wrqu,
- char *extra)
+ struct iw_request_info *info,
+ union iwreq_data *wrqu,
+ char *extra)
{
- int ret = 0;
- struct sta_info *psta = NULL;
- struct ieee_param *param = NULL;
+ int ret;
+ struct sta_info *psta;
+ struct ieee_param *param;
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
- struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
struct sta_priv *pstapriv = &padapter->stapriv;
+ struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);

- param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
-
- if (!param) {
- DBG_88E(" rtw_get_sta_wpaie: ieee_param allocate fail !!!\n");
-
+ param = (struct ieee_param *)kmalloc(wrqu->data.length, GFP_KERNEL);
+ if (!param)
return -ENOMEM;
- }

ret = get_private_handler_ieee_param(padapter, wrqu, param);
-
- if (ret != 0) {
- kfree(param);
- DBG_88E(" rtw_get_sta_wpaie: ieee_param get fail !!!\n");
-
- return ret;
- }
+ if (!ret)
+ goto err_free_param;

DBG_88E("rtw_get_sta_wpaie, sta_addr: %pM\n", (param->sta_addr));

- if (check_fwstate(pmlmepriv, (_FW_LINKED|WIFI_AP_STATE)) != true)
- return -EINVAL;
+ if (check_fwstate(pmlmepriv, (_FW_LINKED|WIFI_AP_STATE)) != true) {
+ ret = -EINVAL;
+ goto err_free_param;
+ }

if (param->sta_addr[0] == 0xff && param->sta_addr[1] == 0xff &&
param->sta_addr[2] == 0xff && param->sta_addr[3] == 0xff &&
- param->sta_addr[4] == 0xff && param->sta_addr[5] == 0xff)
- return -EINVAL;
+ param->sta_addr[4] == 0xff && param->sta_addr[5] == 0xff) {
+ ret = -EINVAL;
+ goto err_free_param;
+ }

psta = rtw_get_stainfo(pstapriv, param->sta_addr);
- if (psta) {
- if (psta->wpa_ie[0] == WLAN_EID_RSN ||
- psta->wpa_ie[0] == WLAN_EID_VENDOR_SPECIFIC) {
- int wpa_ie_len;
- int copy_len;
+ if (!psta) {
+ ret = -ENOMEM;
+ goto err_free_param;
+ }

- wpa_ie_len = psta->wpa_ie[1];
- copy_len = min_t(int, wpa_ie_len + 2, sizeof(psta->wpa_ie));
- param->u.wpa_ie.len = copy_len;
- memcpy(param->u.wpa_ie.reserved, psta->wpa_ie, copy_len);
- } else {
- DBG_88E("sta's wpa_ie is NONE\n");
- }
+ if (psta->wpa_ie[0] == WLAN_EID_RSN ||
+ psta->wpa_ie[0] == WLAN_EID_VENDOR_SPECIFIC) {
+ int copy_len;
+ int wpa_ie_len;
+
+ wpa_ie_len = psta->wpa_ie[1];
+ copy_len = min_t(int, wpa_ie_len + 2, sizeof(psta->wpa_ie));
+ param->u.wpa_ie.len = copy_len;
+ memcpy(param->u.wpa_ie.reserved, psta->wpa_ie, copy_len);
} else {
- ret = -1;
+ DBG_88E("sta's wpa_ie is NONE\n");
}

- if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+ ret = 0;
+
+ if (copy_to_user(wrqu->data.pointer, param, wrqu->data.length))
ret = -EFAULT;

- return ret;
+ err_free_param:
+ kfree(param);
+ return ret;
}

static int rtw_set_wps_beacon_pvt(struct net_device *dev,
- struct iw_request_info *info,
- union iwreq_data *wrqu,
- char *extra)
+ struct iw_request_info *info,
+ union iwreq_data *wrqu,
+ char *extra)
{
- int ret = 0;
- struct ieee_param *param = NULL;
+ int ret;
+ int len;
+ int ie_len;
+ struct ieee_param *param;
unsigned char wps_oui[4] = {0x0, 0x50, 0xf2, 0x04};
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
- struct mlme_ext_priv *pmlmeext = &(padapter->mlmeextpriv);
- int len, ie_len;
-
- param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
-
- if (!param) {
- DBG_88E(" rtw_set_wps_beacon: ieee_param allocate fail !!!\n");
+ struct mlme_ext_priv *pmlmeext = &(padapter->mlmeextpriv);

+ param = (struct ieee_param *)kmalloc(wrqu->data.length, GFP_KERNEL);
+ if (!param)
return -ENOMEM;
- }

ret = get_private_handler_ieee_param(padapter, wrqu, param);
-
- if (ret != 0) {
- kfree(param);
- DBG_88E(" rtw_set_wps_beacon: ieee_param get fail !!!\n");
-
- return ret;
- }
+ if (ret)
+ goto err_free_param;

len = wrqu->data.length;

DBG_88E("%s, len =%d\n", __func__, len);

- if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true)
- return -EINVAL;
-
- ie_len = len-12-2; // 12 = Param header, 2 = Not packed.
+ if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true) {
+ ret = -EINVAL;
+ goto err_free_param;
+ }

kfree(pmlmepriv->wps_beacon_ie);
pmlmepriv->wps_beacon_ie = NULL;

+ ie_len = len-12-2; /* 12 = Param header, 2 = Not packed. */
if (ie_len > 0) {
- pmlmepriv->wps_beacon_ie = rtw_malloc(ie_len);
- pmlmepriv->wps_beacon_ie_len = ie_len;
+ pmlmepriv->wps_beacon_ie = kmalloc(ie_len, GFP_KERNEL);
if (!pmlmepriv->wps_beacon_ie) {
- DBG_88E("%s()-%d: rtw_malloc() ERROR!\n", __func__, __LINE__);
- return -EINVAL;
+ DBG_88E("%s()-%d: kmalloc() ERROR!\n", __func__, __LINE__);
+ ret = -EINVAL;
+ goto err_free_param;
}

+ pmlmepriv->wps_beacon_ie_len = ie_len;
memcpy(pmlmepriv->wps_beacon_ie, param->u.bcn_ie.buf, ie_len);
update_beacon(padapter, _VENDOR_SPECIFIC_IE_, wps_oui, true);
-
pmlmeext->bstart_bss = true;
}

- if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+ ret = 0;
+
+ if (copy_to_user(wrqu->data.pointer, param, wrqu->data.length))
ret = -EFAULT;

- return ret;
+ if (pmlmepriv->wps_beacon_ie)
+ goto err_free_param_wps_beacon_ie;
+
+ err_free_param:
+ kfree(param);
+ return ret;
+
+ err_free_param_wps_beacon_ie:
+ kfree(pmlmepriv->wps_beacon_ie);
+ kfree(param);
+ return ret;
+
}

static int rtw_set_wps_probe_resp_pvt(struct net_device *dev,
- struct iw_request_info *info,
- union iwreq_data *wrqu,
- char *extra)
+ struct iw_request_info *info,
+ union iwreq_data *wrqu,
+ char *extra)
{
- int ret = 0;
- struct ieee_param *param = NULL;
+ int ret;
+ int len;
+ int ie_len;
+ struct ieee_param *param;
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
- int len, ie_len;
-
- param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
-
- if (!param) {
- DBG_88E(" rtw_set_wps_probe_resp: ieee_param allocate fail !!!\n");

+ param = (struct ieee_param *)kmalloc(wrqu->data.length, GFP_KERNEL);
+ if (!param)
return -ENOMEM;
- }

ret = get_private_handler_ieee_param(padapter, wrqu, param);
-
- if (ret != 0) {
- kfree(param);
- DBG_88E(" rtw_set_wps_probe_resp: ieee_param get fail !!!\n");
-
- return ret;
- }
+ if (ret)
+ goto err_free_param;

len = wrqu->data.length;

DBG_88E("%s, len =%d\n", __func__, len);

- if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true)
- return -EINVAL;
-
- ie_len = len-12-2; // 12 = Param header, 2 = Not packed.
+ if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true) {
+ ret = -EINVAL;
+ goto err_free_param;
+ }

kfree(pmlmepriv->wps_probe_resp_ie);
pmlmepriv->wps_probe_resp_ie = NULL;

+ ie_len = len-12-2; /* 12 = Param header, 2 = Not packed. */
if (ie_len > 0) {
- pmlmepriv->wps_probe_resp_ie = rtw_malloc(ie_len);
- pmlmepriv->wps_probe_resp_ie_len = ie_len;
+ pmlmepriv->wps_probe_resp_ie = kmalloc(ie_len, GFP_KERNEL);
if (!pmlmepriv->wps_probe_resp_ie) {
- DBG_88E("%s()-%d: rtw_malloc() ERROR!\n", __func__, __LINE__);
- return -EINVAL;
+ DBG_88E("%s()-%d: kmalloc() ERROR!\n", __func__, __LINE__);
+ ret = -EINVAL;
+ goto err_free_param;
}
+
+ pmlmepriv->wps_probe_resp_ie_len = ie_len;
memcpy(pmlmepriv->wps_probe_resp_ie, param->u.bcn_ie.buf, ie_len);
}

- if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+ ret = 0;
+
+ if (copy_to_user(wrqu->data.pointer, param, wrqu->data.length))
ret = -EFAULT;

- return ret;
+ if (pmlmepriv->wps_probe_resp_ie)
+ goto err_free_param_wps_probe_resp_ie;
+
+ err_free_param:
+ kfree(param);
+ return ret;
+
+ err_free_param_wps_probe_resp_ie:
+ kfree(pmlmepriv->wps_probe_resp_ie);
+ kfree(param);
+ return ret;
}

static int rtw_set_wps_assoc_resp_pvt(struct net_device *dev,
- struct iw_request_info *info,
- union iwreq_data *wrqu,
- char *extra)
+ struct iw_request_info *info,
+ union iwreq_data *wrqu,
+ char *extra)
{
- int ret = 0;
- struct ieee_param *param = NULL;
+ int ret;
+ int len;
+ int ie_len;
+ struct ieee_param *param;
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
- int len, ie_len;
-
- param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
-
- if (!param) {
- DBG_88E(" rtw_set_wps_assoc_resp: ieee_param allocate fail !!!\n");

+ param = (struct ieee_param *)kmalloc(wrqu->data.length, GFP_KERNEL);
+ if (!param)
return -ENOMEM;
- }

ret = get_private_handler_ieee_param(padapter, wrqu, param);
-
- if (ret != 0) {
- kfree(param);
- DBG_88E(" rtw_set_wps_assoc_resp: ieee_param get fail !!!\n");
-
- return ret;
- }
+ if (ret)
+ goto err_free_param;

len = wrqu->data.length;

DBG_88E("%s, len =%d\n", __func__, len);

- if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true)
- return -EINVAL;
-
- ie_len = len-12-2; // 12 = Param header, 2 = Not packed.
+ if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true) {
+ ret = -EINVAL;
+ goto err_free_param;
+ }

kfree(pmlmepriv->wps_assoc_resp_ie);
pmlmepriv->wps_assoc_resp_ie = NULL;

+ ie_len = len-12-2; /* 12 = Param header, 2 = Not packed. */
if (ie_len > 0) {
- pmlmepriv->wps_assoc_resp_ie = rtw_malloc(ie_len);
- pmlmepriv->wps_assoc_resp_ie_len = ie_len;
+ pmlmepriv->wps_assoc_resp_ie = kmalloc(ie_len, GFP_KERNEL);
if (!pmlmepriv->wps_assoc_resp_ie) {
- DBG_88E("%s()-%d: rtw_malloc() ERROR!\n", __func__, __LINE__);
- return -EINVAL;
+ DBG_88E("%s()-%d: kmalloc() ERROR!\n", __func__, __LINE__);
+ ret = -EINVAL;
+ goto err_free_param;
}

+ pmlmepriv->wps_assoc_resp_ie_len = ie_len;
memcpy(pmlmepriv->wps_assoc_resp_ie, param->u.bcn_ie.buf, ie_len);
}

- if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+ ret = 0;
+
+ if (copy_to_user(wrqu->data.pointer, param, wrqu->data.length))
ret = -EFAULT;

- return ret;
+ if (pmlmepriv->wps_assoc_resp_ie)
+ goto err_free_param_wps_assoc_resp_ie;
+
+ err_free_param:
+ kfree(param);
+ return ret;
+
+ err_free_param_wps_assoc_resp_ie:
+ kfree(pmlmepriv->wps_assoc_resp_ie);
+ kfree(param);
+ return ret;
}

static int rtw_set_hidden_ssid_pvt(struct net_device *dev,
- struct iw_request_info *info,
- union iwreq_data *wrqu,
- char *extra)
+ struct iw_request_info *info,
+ union iwreq_data *wrqu,
+ char *extra)
{
- int ret = 0;
- struct ieee_param *param = NULL;
+ int ret;
+ u8 value;
+ struct ieee_param *param;
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
- struct mlme_ext_priv *pmlmeext = &(padapter->mlmeextpriv);
+ struct mlme_ext_priv *pmlmeext = &(padapter->mlmeextpriv);
struct mlme_ext_info *pmlmeinfo = &(pmlmeext->mlmext_info);

- u8 value;
-
- param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
-
- if (!param) {
- DBG_88E(" rtw_set_hidden_ssid: ieee_param allocate fail !!!\n");
-
+ param = (struct ieee_param *)kmalloc(wrqu->data.length, GFP_KERNEL);
+ if (!param)
return -ENOMEM;
- }

ret = get_private_handler_ieee_param(padapter, wrqu, param);
+ if (ret)
+ goto err_free_param;

- if (ret != 0) {
- kfree(param);
- DBG_88E(" rtw_set_hidden_ssid: ieee_param get fail !!!\n");
-
- return ret;
+ if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true) {
+ ret = -EINVAL;
+ goto err_free_param;
}

- if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true)
- return -EINVAL;
-
- if (param->u.wpa_param.name != 0) // Dummy test.
+ if (param->u.wpa_param.name != 0) /* Dummy test. */
DBG_88E("%s name(%u) != 0\n", __func__, param->u.wpa_param.name);
+
value = param->u.wpa_param.value;

- // Use the same definition of hostapd's ignore_broadcast_ssid.
+ /* Use the same definition of hostapd's ignore_broadcast_ssid. */
if (value != 1 && value != 2)
value = 0;
+
DBG_88E("%s value(%u)\n", __func__, value);
+
pmlmeinfo->hidden_ssid_mode = value;

- if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+ ret = 0;
+
+ if (copy_to_user(wrqu->data.pointer, param, wrqu->data.length))
ret = -EFAULT;

- return ret;
+ err_free_param:
+ kfree(param);
+ return ret;
}

static int rtw_ioctl_get_sta_data_pvt(struct net_device *dev,
- struct iw_request_info *info,
- union iwreq_data *wrqu,
- char *extra)
+ struct iw_request_info *info,
+ union iwreq_data *wrqu,
+ char *extra)
{
- int ret = 0;
- struct sta_info *psta = NULL;
- struct sta_data *psta_data = NULL;
- struct ieee_param_ex *param_ex = NULL;
+ int ret;
+ struct sta_info *psta;
+ struct sta_data *psta_data;
+ struct ieee_param_ex *param_ex;
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
struct sta_priv *pstapriv = &padapter->stapriv;

- param_ex = (struct ieee_param_ex *)rtw_malloc(wrqu->data.length);
-
- if (!param_ex) {
- DBG_88E(" rtw_ioctl_get_sta_data: ieee_param_ex allocate fail !!!\n");
-
+ param_ex = (struct ieee_param_ex *)kmalloc(wrqu->data.length, GFP_KERNEL);
+ if (!param_ex)
return -ENOMEM;
- }

ret = get_private_handler_ieee_param(padapter, wrqu, param_ex);
-
- if (ret != 0) {
- kfree(param_ex);
- DBG_88E(" rtw_ioctl_get_sta_data: ieee_param get fail !!!\n");
-
- return ret;
- }
+ if (ret)
+ goto err_free_param_ex;

psta_data = (struct sta_data *)param_ex->data;

DBG_88E("rtw_ioctl_get_sta_info, sta_addr: %pM\n", (param_ex->sta_addr));

- if (check_fwstate(pmlmepriv, (_FW_LINKED|WIFI_AP_STATE)) != true)
- return -EINVAL;
+ if (check_fwstate(pmlmepriv, (_FW_LINKED|WIFI_AP_STATE)) != true) {
+ ret = -EINVAL;
+ goto err_free_param_ex;
+ }

if (param_ex->sta_addr[0] == 0xff && param_ex->sta_addr[1] == 0xff &&
param_ex->sta_addr[2] == 0xff && param_ex->sta_addr[3] == 0xff &&
- param_ex->sta_addr[4] == 0xff && param_ex->sta_addr[5] == 0xff)
- return -EINVAL;
+ param_ex->sta_addr[4] == 0xff && param_ex->sta_addr[5] == 0xff) {
+ ret = -EINVAL;
+ goto err_free_param_ex;
+ }

psta = rtw_get_stainfo(pstapriv, param_ex->sta_addr);
- if (psta) {
- psta_data->aid = (u16)psta->aid;
- psta_data->capability = psta->capability;
- psta_data->flags = psta->flags;
+ if (!psta) {
+ ret = -ENOMEM;
+ goto err_free_param_ex;
+ }

- /*
- nonerp_set : BIT(0)
- no_short_slot_time_set : BIT(1)
- no_short_preamble_set : BIT(2)
- no_ht_gf_set : BIT(3)
- no_ht_set : BIT(4)
- ht_20mhz_set : BIT(5)
- */
+ psta_data->aid = (u16)psta->aid;
+ psta_data->capability = psta->capability;
+ psta_data->flags = psta->flags;

- psta_data->sta_set = \
- ((psta->nonerp_set) |
- (psta->no_short_slot_time_set << 1) |
- (psta->no_short_preamble_set << 2) |
- (psta->no_ht_gf_set << 3) |
- (psta->no_ht_set << 4) |
- (psta->ht_20mhz_set << 5));
- psta_data->tx_supp_rates_len = psta->bssratelen;
- memcpy(psta_data->tx_supp_rates, psta->bssrateset, psta->bssratelen);
- memcpy(&psta_data->ht_cap,
- &psta->htpriv.ht_cap,
- sizeof(struct ieee80211_ht_cap));
- psta_data->rx_pkts = psta->sta_stats.rx_data_pkts;
- psta_data->rx_bytes = psta->sta_stats.rx_bytes;
- psta_data->rx_drops = psta->sta_stats.rx_drops;
- psta_data->tx_pkts = psta->sta_stats.tx_pkts;
- psta_data->tx_bytes = psta->sta_stats.tx_bytes;
- psta_data->tx_drops = psta->sta_stats.tx_drops;
- } else {
- ret = -1;
- }
+ /*
+ nonerp_set : BIT(0)
+ no_short_slot_time_set : BIT(1)
+ no_short_preamble_set : BIT(2)
+ no_ht_gf_set : BIT(3)
+ no_ht_set : BIT(4)
+ ht_20mhz_set : BIT(5)
+ */

- if (ret == 0 && (copy_to_user(wrqu->data.pointer, param_ex, wrqu->data.length)))
+ psta_data->sta_set = \
+ ((psta->nonerp_set) |
+ (psta->no_short_slot_time_set << 1) |
+ (psta->no_short_preamble_set << 2) |
+ (psta->no_ht_gf_set << 3) |
+ (psta->no_ht_set << 4) |
+ (psta->ht_20mhz_set << 5));
+ psta_data->tx_supp_rates_len = psta->bssratelen;
+ memcpy(psta_data->tx_supp_rates, psta->bssrateset, psta->bssratelen);
+ memcpy(&psta_data->ht_cap,
+ &psta->htpriv.ht_cap,
+ sizeof(struct ieee80211_ht_cap));
+ psta_data->rx_pkts = psta->sta_stats.rx_data_pkts;
+ psta_data->rx_bytes = psta->sta_stats.rx_bytes;
+ psta_data->rx_drops = psta->sta_stats.rx_drops;
+ psta_data->tx_pkts = psta->sta_stats.tx_pkts;
+ psta_data->tx_bytes = psta->sta_stats.tx_bytes;
+ psta_data->tx_drops = psta->sta_stats.tx_drops;
+
+ ret = 0;
+
+ if (copy_to_user(wrqu->data.pointer, param_ex, wrqu->data.length))
ret = -EFAULT;

- return ret;
+ err_free_param_ex:
+ kfree(param_ex);
+ return ret;
}

static int rtw_ioctl_set_macaddr_acl_pvt(struct net_device *dev,
- struct iw_request_info *info,
- union iwreq_data *wrqu,
- char *extra)
+ struct iw_request_info *info,
+ union iwreq_data *wrqu,
+ char *extra)
{
- int ret = 0;
- struct ieee_param *param = NULL;
+ int ret;
+ struct ieee_param *param;
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);

- param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
-
- if (!param) {
- DBG_88E(" rtw_ioctl_set_macaddr_acl: ieee_param allocate fail !!!\n");
-
+ param = (struct ieee_param *)kmalloc(wrqu->data.length, GFP_KERNEL);
+ if (!param)
return -ENOMEM;
- }

ret = get_private_handler_ieee_param(padapter, wrqu, param);
+ if (ret)
+ goto err_free_param;

- if (ret != 0) {
- kfree(param);
- DBG_88E(" rtw_ioctl_set_macaddr_acl: ieee_param get fail !!!\n");
-
- return ret;
+ if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true) {
+ ret = -EINVAL;
+ goto err_free_param;
}

- if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true)
- return -EINVAL;
-
rtw_set_macaddr_acl(padapter, param->u.mlme.command);

- if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+ ret = 0;
+
+ if (copy_to_user(wrqu->data.pointer, param, wrqu->data.length))
ret = -EFAULT;

- return ret;
+ err_free_param:
+ kfree(param);
+ return ret;
}

static int rtw_ioctl_acl_add_sta_pvt(struct net_device *dev,
- struct iw_request_info *info,
- union iwreq_data *wrqu,
- char *extra)
+ struct iw_request_info *info,
+ union iwreq_data *wrqu,
+ char *extra)
{
- int ret = 0;
- struct ieee_param *param = NULL;
+ int ret;
+ struct ieee_param *param;
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);

- param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
-
- if (!param) {
- DBG_88E(" rtw_ioctl_acl_add_sta: ieee_param allocate fail !!!\n");
-
+ param = (struct ieee_param *)kmalloc(wrqu->data.length, GFP_KERNEL);
+ if (!param)
return -ENOMEM;
- }

ret = get_private_handler_ieee_param(padapter, wrqu, param);
+ if (ret)
+ goto err_free_param;

- if (ret != 0) {
- kfree(param);
- DBG_88E(" rtw_ioctl_acl_add_sta: ieee_param get fail !!!\n");
-
- return ret;
+ if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true) {
+ ret = -EINVAL;
+ goto err_free_param;
}

- if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true)
- return -EINVAL;
-
if (param->sta_addr[0] == 0xff && param->sta_addr[1] == 0xff &&
param->sta_addr[2] == 0xff && param->sta_addr[3] == 0xff &&
- param->sta_addr[4] == 0xff && param->sta_addr[5] == 0xff)
- return -EINVAL;
+ param->sta_addr[4] == 0xff && param->sta_addr[5] == 0xff) {
+ ret = -EINVAL;
+ goto err_free_param;
+ }

ret = rtw_acl_add_sta(padapter, param->sta_addr);

- if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+ if (copy_to_user(wrqu->data.pointer, param, wrqu->data.length))
ret = -EFAULT;

- return ret;
+ err_free_param:
+ kfree(param);
+ return ret;
}

static int rtw_ioctl_acl_remove_sta_pvt(struct net_device *dev,
- struct iw_request_info *info,
- union iwreq_data *wrqu,
- char *extra)
+ struct iw_request_info *info,
+ union iwreq_data *wrqu,
+ char *extra)
{
- int ret = 0;
- struct ieee_param *param = NULL;
+ int ret;
+ struct ieee_param *param;
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);

- param = (struct ieee_param *)rtw_malloc(wrqu->data.length);
-
- if (!param) {
- DBG_88E(" rtw_ioctl_acl_remove_sta: ieee_param allocate fail !!!\n");
-
+ param = (struct ieee_param *)kmalloc(wrqu->data.length, GFP_KERNEL);
+ if (!param)
return -ENOMEM;
- }

ret = get_private_handler_ieee_param(padapter, wrqu, param);
+ if (ret)
+ goto err_free_param;

- if (ret != 0) {
- kfree(param);
- DBG_88E(" rtw_ioctl_acl_remove_sta: ieee_param get fail !!!\n");
-
- return ret;
+ if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true) {
+ ret = -EINVAL;
+ goto err_free_param;
}

- if (check_fwstate(pmlmepriv, WIFI_AP_STATE) != true)
- return -EINVAL;
-
if (param->sta_addr[0] == 0xff && param->sta_addr[1] == 0xff &&
param->sta_addr[2] == 0xff && param->sta_addr[3] == 0xff &&
- param->sta_addr[4] == 0xff && param->sta_addr[5] == 0xff)
- return -EINVAL;
+ param->sta_addr[4] == 0xff && param->sta_addr[5] == 0xff) {
+ ret = -EINVAL;
+ goto err_free_param;
+ }

ret = rtw_acl_remove_sta(padapter, param->sta_addr);

- if (ret == 0 && (copy_to_user(wrqu->data.pointer, param, wrqu->data.length)))
+ if (copy_to_user(wrqu->data.pointer, param, wrqu->data.length))
ret = -EFAULT;

- return ret;
+ err_free_param:
+ kfree(param);
+ return ret;
}

static iw_handler rtw_handlers_private[] = {
- NULL, // Empty
- rtw_hostapd_sta_flush_pvt, // RTL871X_HOSTAPD_FLUSH
- rtw_add_sta_pvt, // RTL871X_HOSTAPD_ADD_STA
- rtw_del_sta_pvt, // RTL871X_HOSTAPD_REMOVE_STA
- rtw_ioctl_get_sta_data_pvt, // RTL871X_HOSTAPD_GET_INFO_STA
- rtw_get_sta_wpaie_pvt, // RTL871X_HOSTAPD_GET_WPAIE_STA
- rtw_set_encryption_pvt, // RTL871X_SET_ENCRYPTION
- NULL, // RTL871X_GET_ENCRYPTION
- NULL, // RTL871X_HOSTAPD_SET_FLAGS_STA
- NULL, // RTL871X_HOSTAPD_GET_RID
- NULL, // RTL871X_HOSTAPD_SET_RID
- NULL, // RTL871X_HOSTAPD_SET_ASSOC_AP_ADDR
- NULL, // RTL871X_HOSTAPD_SET_GENERIC_ELEMENT
- NULL, // RTL871X_HOSTAPD_MLME
- NULL, // RTL871X_HOSTAPD_SCAN_REQ
- NULL, // RTL871X_HOSTAPD_STA_CLEAR_STATS
- rtw_set_beacon_pvt, // RTL871X_HOSTAPD_SET_BEACON
- rtw_set_wps_beacon_pvt, // RTL871X_HOSTAPD_SET_WPS_BEACON
- rtw_set_wps_probe_resp_pvt, // RTL871X_HOSTAPD_SET_WPS_PROBE_RESP
- rtw_set_wps_assoc_resp_pvt, // RTL871X_HOSTAPD_SET_WPS_ASSOC_RESP
- rtw_set_hidden_ssid_pvt, // RTL871X_HOSTAPD_SET_HIDDEN_SSID
- rtw_ioctl_set_macaddr_acl_pvt, // RTL871X_HOSTAPD_SET_MACADDR_ACL
- rtw_ioctl_acl_add_sta_pvt, // RTL871X_HOSTAPD_ACL_ADD_STA
- rtw_ioctl_acl_remove_sta_pvt, // RTL871X_HOSTAPD_ACL_REMOVE_STA
+ NULL, /* Empty */
+ rtw_hostapd_sta_flush_pvt, /* RTL871X_HOSTAPD_FLUSH */
+ rtw_add_sta_pvt, /* RTL871X_HOSTAPD_ADD_STA */
+ rtw_del_sta_pvt, /* RTL871X_HOSTAPD_REMOVE_STA */
+ rtw_ioctl_get_sta_data_pvt, /* RTL871X_HOSTAPD_GET_INFO_STA */
+ rtw_get_sta_wpaie_pvt, /* RTL871X_HOSTAPD_GET_WPAIE_STA */
+ rtw_set_encryption_pvt, /* RTL871X_SET_ENCRYPTION */
+ NULL, /* RTL871X_GET_ENCRYPTION */
+ NULL, /* RTL871X_HOSTAPD_SET_FLAGS_STA */
+ NULL, /* RTL871X_HOSTAPD_GET_RID */
+ NULL, /* RTL871X_HOSTAPD_SET_RID */
+ NULL, /* RTL871X_HOSTAPD_SET_ASSOC_AP_ADDR */
+ NULL, /* RTL871X_HOSTAPD_SET_GENERIC_ELEMENT */
+ NULL, /* RTL871X_HOSTAPD_MLME */
+ NULL, /* RTL871X_HOSTAPD_SCAN_REQ */
+ NULL, /* RTL871X_HOSTAPD_STA_CLEAR_STATS */
+ rtw_set_beacon_pvt, /* RTL871X_HOSTAPD_SET_BEACON */
+ rtw_set_wps_beacon_pvt, /* RTL871X_HOSTAPD_SET_WPS_BEACON */
+ rtw_set_wps_probe_resp_pvt, /* RTL871X_HOSTAPD_SET_WPS_PROBE_RESP */
+ rtw_set_wps_assoc_resp_pvt, /* RTL871X_HOSTAPD_SET_WPS_ASSOC_RESP */
+ rtw_set_hidden_ssid_pvt, /* RTL871X_HOSTAPD_SET_HIDDEN_SSID */
+ rtw_ioctl_set_macaddr_acl_pvt, /* RTL871X_HOSTAPD_SET_MACADDR_ACL */
+ rtw_ioctl_acl_add_sta_pvt, /* RTL871X_HOSTAPD_ACL_ADD_STA */
+ rtw_ioctl_acl_remove_sta_pvt, /* RTL871X_HOSTAPD_ACL_REMOVE_STA */
};

static struct iw_statistics *rtw_get_wireless_stats(struct net_device *dev)
--
2.7.4

Next message: Finn Thain: "Re: [PATCH v2 13/13] nubus: Add support for the driver model"
Previous message: Thomas Gleixner: "Re: [PATCH 22/43] x86/mm/kaiser: Prepare assembly for entry/exit CR3 switching"
Next in thread: Dan Carpenter: "Re: [PATCH 2/2] staging: rtl8188eu: Fix private WEXT IOCTL calls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]