[PATCH 22/55] staging: wfx: ensure that received hif messages are never modified

From: JÃrÃme Pouiller
Date: Mon Dec 16 2019 - 12:04:36 EST

Next message: JÃrÃme Pouiller: "[PATCH 21/55] staging: wfx: ensure that traces never modify arguments"
Previous message: JÃrÃme Pouiller: "[PATCH 25/55] staging: wfx: fix name of struct hif_req_start_scan_alt"
In reply to: JÃrÃme Pouiller: "[PATCH 25/55] staging: wfx: fix name of struct hif_req_start_scan_alt"
Next in thread: JÃrÃme Pouiller: "[PATCH 21/55] staging: wfx: ensure that traces never modify arguments"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: JÃrÃme Pouiller <jerome.pouiller@xxxxxxxxxx>

There are no real reason to modify the data received from device. So,
let's mark the arguments constant.

Signed-off-by: JÃrÃme Pouiller <jerome.pouiller@xxxxxxxxxx>
---
drivers/staging/wfx/data_rx.c | 8 ++-
drivers/staging/wfx/data_rx.h | 4 +-
drivers/staging/wfx/data_tx.c | 2 +-
drivers/staging/wfx/data_tx.h | 2 +-
drivers/staging/wfx/hif_rx.c | 94 +++++++++++++++++--------------
drivers/staging/wfx/scan.c | 3 +-
drivers/staging/wfx/scan.h | 3 +-
drivers/staging/wfx/secure_link.h | 8 ++-
drivers/staging/wfx/sta.c | 2 +-
drivers/staging/wfx/sta.h | 2 +-
10 files changed, 72 insertions(+), 56 deletions(-)

diff --git a/drivers/staging/wfx/data_rx.c b/drivers/staging/wfx/data_rx.c
index e7fcce8d0cc4..d460c0ffca1f 100644
--- a/drivers/staging/wfx/data_rx.c
+++ b/drivers/staging/wfx/data_rx.c
@@ -48,7 +48,9 @@ static int wfx_handle_pspoll(struct wfx_vif *wvif, struct sk_buff *skb)
return 0;
}

-static int wfx_drop_encrypt_data(struct wfx_dev *wdev, struct hif_ind_rx *arg, struct sk_buff *skb)
+static int wfx_drop_encrypt_data(struct wfx_dev *wdev,
+ const struct hif_ind_rx *arg,
+ struct sk_buff *skb)
{
struct ieee80211_hdr *frame = (struct ieee80211_hdr *) skb->data;
size_t hdrlen = ieee80211_hdrlen(frame->frame_control);
@@ -98,8 +100,8 @@ static int wfx_drop_encrypt_data(struct wfx_dev *wdev, struct hif_ind_rx *arg, s

}

-void wfx_rx_cb(struct wfx_vif *wvif, struct hif_ind_rx *arg,
- struct sk_buff *skb)
+void wfx_rx_cb(struct wfx_vif *wvif,
+ const struct hif_ind_rx *arg, struct sk_buff *skb)
{
int link_id = arg->rx_flags.peer_sta_id;
struct ieee80211_rx_status *hdr = IEEE80211_SKB_RXCB(skb);
diff --git a/drivers/staging/wfx/data_rx.h b/drivers/staging/wfx/data_rx.h
index a50ce352bc5e..61c28bfd2a37 100644
--- a/drivers/staging/wfx/data_rx.h
+++ b/drivers/staging/wfx/data_rx.h
@@ -13,7 +13,7 @@
struct wfx_vif;
struct sk_buff;

-void wfx_rx_cb(struct wfx_vif *wvif, struct hif_ind_rx *arg,
- struct sk_buff *skb);
+void wfx_rx_cb(struct wfx_vif *wvif,
+ const struct hif_ind_rx *arg, struct sk_buff *skb);

#endif /* WFX_DATA_RX_H */
diff --git a/drivers/staging/wfx/data_tx.c b/drivers/staging/wfx/data_tx.c
index c9dea627661f..a45243a7f15f 100644
--- a/drivers/staging/wfx/data_tx.c
+++ b/drivers/staging/wfx/data_tx.c
@@ -720,7 +720,7 @@ void wfx_tx(struct ieee80211_hw *hw, struct ieee80211_tx_control *control,
ieee80211_tx_status_irqsafe(wdev->hw, skb);
}

-void wfx_tx_confirm_cb(struct wfx_vif *wvif, struct hif_cnf_tx *arg)
+void wfx_tx_confirm_cb(struct wfx_vif *wvif, const struct hif_cnf_tx *arg)
{
int i;
int tx_count;
diff --git a/drivers/staging/wfx/data_tx.h b/drivers/staging/wfx/data_tx.h
index 0fc388db62e0..078d0cfc521a 100644
--- a/drivers/staging/wfx/data_tx.h
+++ b/drivers/staging/wfx/data_tx.h
@@ -65,7 +65,7 @@ void wfx_tx_policy_upload_work(struct work_struct *work);

void wfx_tx(struct ieee80211_hw *hw, struct ieee80211_tx_control *control,
struct sk_buff *skb);
-void wfx_tx_confirm_cb(struct wfx_vif *wvif, struct hif_cnf_tx *arg);
+void wfx_tx_confirm_cb(struct wfx_vif *wvif, const struct hif_cnf_tx *arg);
void wfx_skb_dtor(struct wfx_dev *wdev, struct sk_buff *skb);

int wfx_unmap_link(struct wfx_vif *wvif, int link_id);
diff --git a/drivers/staging/wfx/hif_rx.c b/drivers/staging/wfx/hif_rx.c
index 1494ad5a507b..8a3ccdc60b7d 100644
--- a/drivers/staging/wfx/hif_rx.c
+++ b/drivers/staging/wfx/hif_rx.c
@@ -18,8 +18,8 @@
#include "secure_link.h"
#include "hif_api_cmd.h"

-static int hif_generic_confirm(struct wfx_dev *wdev, struct hif_msg *hif,
- void *buf)
+static int hif_generic_confirm(struct wfx_dev *wdev,
+ const struct hif_msg *hif, const void *buf)
{
// All confirm messages start with status
int status = le32_to_cpu(*((__le32 *) buf));
@@ -59,9 +59,10 @@ static int hif_generic_confirm(struct wfx_dev *wdev, struct hif_msg *hif,
return status;
}

-static int hif_tx_confirm(struct wfx_dev *wdev, struct hif_msg *hif, void *buf)
+static int hif_tx_confirm(struct wfx_dev *wdev,
+ const struct hif_msg *hif, const void *buf)
{
- struct hif_cnf_tx *body = buf;
+ const struct hif_cnf_tx *body = buf;
struct wfx_vif *wvif = wdev_to_wvif(wdev, hif->interface);

WARN_ON(!wvif);
@@ -72,11 +73,12 @@ static int hif_tx_confirm(struct wfx_dev *wdev, struct hif_msg *hif, void *buf)
return 0;
}

-static int hif_multi_tx_confirm(struct wfx_dev *wdev, struct hif_msg *hif,
- void *buf)
+static int hif_multi_tx_confirm(struct wfx_dev *wdev,
+ const struct hif_msg *hif, const void *buf)
{
- struct hif_cnf_multi_transmit *body = buf;
- struct hif_cnf_tx *buf_loc = (struct hif_cnf_tx *) &body->tx_conf_payload;
+ const struct hif_cnf_multi_transmit *body = buf;
+ const struct hif_cnf_tx *buf_loc =
+ (const struct hif_cnf_tx *)&body->tx_conf_payload;
struct wfx_vif *wvif = wdev_to_wvif(wdev, hif->interface);
int count = body->num_tx_confs;
int i;
@@ -93,10 +95,10 @@ static int hif_multi_tx_confirm(struct wfx_dev *wdev, struct hif_msg *hif,
return 0;
}

-static int hif_startup_indication(struct wfx_dev *wdev, struct hif_msg *hif,
- void *buf)
+static int hif_startup_indication(struct wfx_dev *wdev,
+ const struct hif_msg *hif, const void *buf)
{
- struct hif_ind_startup *body = buf;
+ const struct hif_ind_startup *body = buf;

if (body->status || body->firmware_type > 4) {
dev_err(wdev->dev, "received invalid startup indication");
@@ -112,8 +114,8 @@ static int hif_startup_indication(struct wfx_dev *wdev, struct hif_msg *hif,
return 0;
}

-static int hif_wakeup_indication(struct wfx_dev *wdev, struct hif_msg *hif,
- void *buf)
+static int hif_wakeup_indication(struct wfx_dev *wdev,
+ const struct hif_msg *hif, const void *buf)
{
if (!wdev->pdata.gpio_wakeup
|| !gpiod_get_value(wdev->pdata.gpio_wakeup)) {
@@ -123,25 +125,27 @@ static int hif_wakeup_indication(struct wfx_dev *wdev, struct hif_msg *hif,
return 0;
}

-static int hif_keys_indication(struct wfx_dev *wdev, struct hif_msg *hif,
- void *buf)
+static int hif_keys_indication(struct wfx_dev *wdev,
+ const struct hif_msg *hif, const void *buf)
{
- struct hif_ind_sl_exchange_pub_keys *body = buf;
+ const struct hif_ind_sl_exchange_pub_keys *body = buf;
+ u8 pubkey[API_NCP_PUB_KEY_SIZE];

- // Compatibility with legacy secure link
- if (body->status == SL_PUB_KEY_EXCHANGE_STATUS_SUCCESS)
- body->status = 0;
- if (body->status)
+ // SL_PUB_KEY_EXCHANGE_STATUS_SUCCESS is used by legacy secure link
+ if (body->status && body->status != SL_PUB_KEY_EXCHANGE_STATUS_SUCCESS)
dev_warn(wdev->dev, "secure link negociation error\n");
- wfx_sl_check_pubkey(wdev, body->ncp_pub_key, body->ncp_pub_key_mac);
+ memcpy(pubkey, body->ncp_pub_key, sizeof(pubkey));
+ memreverse(pubkey, sizeof(pubkey));
+ wfx_sl_check_pubkey(wdev, pubkey, body->ncp_pub_key_mac);
return 0;
}

-static int hif_receive_indication(struct wfx_dev *wdev, struct hif_msg *hif,
- void *buf, struct sk_buff *skb)
+static int hif_receive_indication(struct wfx_dev *wdev,
+ const struct hif_msg *hif,
+ const void *buf, struct sk_buff *skb)
{
struct wfx_vif *wvif = wdev_to_wvif(wdev, hif->interface);
- struct hif_ind_rx *body = buf;
+ const struct hif_ind_rx *body = buf;

if (!wvif) {
dev_warn(wdev->dev, "ignore rx data for non-existent vif %d\n",
@@ -154,11 +158,11 @@ static int hif_receive_indication(struct wfx_dev *wdev, struct hif_msg *hif,
return 0;
}

-static int hif_event_indication(struct wfx_dev *wdev, struct hif_msg *hif,
- void *buf)
+static int hif_event_indication(struct wfx_dev *wdev,
+ const struct hif_msg *hif, const void *buf)
{
struct wfx_vif *wvif = wdev_to_wvif(wdev, hif->interface);
- struct hif_ind_event *body = buf;
+ const struct hif_ind_event *body = buf;
struct wfx_hif_event *event;
int first;

@@ -183,7 +187,8 @@ static int hif_event_indication(struct wfx_dev *wdev, struct hif_msg *hif,
}

static int hif_pm_mode_complete_indication(struct wfx_dev *wdev,
- struct hif_msg *hif, void *buf)
+ const struct hif_msg *hif,
+ const void *buf)
{
struct wfx_vif *wvif = wdev_to_wvif(wdev, hif->interface);

@@ -194,10 +199,11 @@ static int hif_pm_mode_complete_indication(struct wfx_dev *wdev,
}

static int hif_scan_complete_indication(struct wfx_dev *wdev,
- struct hif_msg *hif, void *buf)
+ const struct hif_msg *hif,
+ const void *buf)
{
struct wfx_vif *wvif = wdev_to_wvif(wdev, hif->interface);
- struct hif_ind_scan_cmpl *body = buf;
+ const struct hif_ind_scan_cmpl *body = buf;

WARN_ON(!wvif);
wfx_scan_complete_cb(wvif, body);
@@ -206,7 +212,8 @@ static int hif_scan_complete_indication(struct wfx_dev *wdev,
}

static int hif_join_complete_indication(struct wfx_dev *wdev,
- struct hif_msg *hif, void *buf)
+ const struct hif_msg *hif,
+ const void *buf)
{
struct wfx_vif *wvif = wdev_to_wvif(wdev, hif->interface);

@@ -217,10 +224,11 @@ static int hif_join_complete_indication(struct wfx_dev *wdev,
}

static int hif_suspend_resume_indication(struct wfx_dev *wdev,
- struct hif_msg *hif, void *buf)
+ const struct hif_msg *hif,
+ const void *buf)
{
struct wfx_vif *wvif = wdev_to_wvif(wdev, hif->interface);
- struct hif_ind_suspend_resume_tx *body = buf;
+ const struct hif_ind_suspend_resume_tx *body = buf;

WARN_ON(!wvif);
wfx_suspend_resume(wvif, body);
@@ -228,10 +236,10 @@ static int hif_suspend_resume_indication(struct wfx_dev *wdev,
return 0;
}

-static int hif_error_indication(struct wfx_dev *wdev, struct hif_msg *hif,
- void *buf)
+static int hif_error_indication(struct wfx_dev *wdev,
+ const struct hif_msg *hif, const void *buf)
{
- struct hif_ind_error *body = buf;
+ const struct hif_ind_error *body = buf;
u8 *pRollback = (u8 *) body->data;
u32 *pStatus = (u32 *) body->data;

@@ -268,10 +276,10 @@ static int hif_error_indication(struct wfx_dev *wdev, struct hif_msg *hif,
return 0;
}

-static int hif_generic_indication(struct wfx_dev *wdev, struct hif_msg *hif,
- void *buf)
+static int hif_generic_indication(struct wfx_dev *wdev,
+ const struct hif_msg *hif, const void *buf)
{
- struct hif_ind_generic *body = buf;
+ const struct hif_ind_generic *body = buf;

switch (body->indication_type) {
case HIF_GENERIC_INDICATION_TYPE_RAW:
@@ -299,9 +307,10 @@ static int hif_generic_indication(struct wfx_dev *wdev, struct hif_msg *hif,
}

static int hif_exception_indication(struct wfx_dev *wdev,
- struct hif_msg *hif, void *buf)
+ const struct hif_msg *hif, const void *buf)
{
size_t len = hif->len - 4; // drop header
+
dev_err(wdev->dev, "firmware exception\n");
print_hex_dump_bytes("Dump: ", DUMP_PREFIX_NONE, buf, len);
wdev->chip_frozen = 1;
@@ -311,7 +320,8 @@ static int hif_exception_indication(struct wfx_dev *wdev,

static const struct {
int msg_id;
- int (*handler)(struct wfx_dev *wdev, struct hif_msg *hif, void *buf);
+ int (*handler)(struct wfx_dev *wdev,
+ const struct hif_msg *hif, const void *buf);
} hif_handlers[] = {
/* Confirmations */
{ HIF_CNF_ID_TX, hif_tx_confirm },
@@ -335,7 +345,7 @@ static const struct {
void wfx_handle_rx(struct wfx_dev *wdev, struct sk_buff *skb)
{
int i;
- struct hif_msg *hif = (struct hif_msg *) skb->data;
+ const struct hif_msg *hif = (const struct hif_msg *)skb->data;
int hif_id = hif->id;

if (hif_id == HIF_IND_ID_RX) {
diff --git a/drivers/staging/wfx/scan.c b/drivers/staging/wfx/scan.c
index a6c93400a7ba..45e78c5722ff 100644
--- a/drivers/staging/wfx/scan.c
+++ b/drivers/staging/wfx/scan.c
@@ -267,7 +267,8 @@ void wfx_scan_failed_cb(struct wfx_vif *wvif)
}
}

-void wfx_scan_complete_cb(struct wfx_vif *wvif, struct hif_ind_scan_cmpl *arg)
+void wfx_scan_complete_cb(struct wfx_vif *wvif,
+ const struct hif_ind_scan_cmpl *arg)
{
if (cancel_delayed_work_sync(&wvif->scan.timeout) > 0) {
wvif->scan.status = 1;
diff --git a/drivers/staging/wfx/scan.h b/drivers/staging/wfx/scan.h
index b4ddd0771a9b..c7c0ab178c87 100644
--- a/drivers/staging/wfx/scan.h
+++ b/drivers/staging/wfx/scan.h
@@ -36,7 +36,8 @@ int wfx_hw_scan(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
struct ieee80211_scan_request *req);
void wfx_scan_work(struct work_struct *work);
void wfx_scan_timeout(struct work_struct *work);
-void wfx_scan_complete_cb(struct wfx_vif *wvif, struct hif_ind_scan_cmpl *arg);
+void wfx_scan_complete_cb(struct wfx_vif *wvif,
+ const struct hif_ind_scan_cmpl *arg);
void wfx_scan_failed_cb(struct wfx_vif *wvif);

#endif /* WFX_SCAN_H */
diff --git a/drivers/staging/wfx/secure_link.h b/drivers/staging/wfx/secure_link.h
index 666b26e5308d..c3d055b2f8b1 100644
--- a/drivers/staging/wfx/secure_link.h
+++ b/drivers/staging/wfx/secure_link.h
@@ -25,14 +25,16 @@ static inline int wfx_sl_decode(struct wfx_dev *wdev, struct hif_sl_msg *m)
return -EIO;
}

-static inline int wfx_sl_encode(struct wfx_dev *wdev, struct hif_msg *input,
+static inline int wfx_sl_encode(struct wfx_dev *wdev,
+ const struct hif_msg *input,
struct hif_sl_msg *output)
{
return -EIO;
}

-static inline int wfx_sl_check_pubkey(struct wfx_dev *wdev, u8 *ncp_pubkey,
- u8 *ncp_pubmac)
+static inline int wfx_sl_check_pubkey(struct wfx_dev *wdev,
+ const u8 *ncp_pubkey,
+ const u8 *ncp_pubmac)
{
return -EIO;
}
diff --git a/drivers/staging/wfx/sta.c b/drivers/staging/wfx/sta.c
index 7f4eaa8e6d84..b4bb5b653e64 100644
--- a/drivers/staging/wfx/sta.c
+++ b/drivers/staging/wfx/sta.c
@@ -1345,7 +1345,7 @@ int wfx_ampdu_action(struct ieee80211_hw *hw,
}

void wfx_suspend_resume(struct wfx_vif *wvif,
- struct hif_ind_suspend_resume_tx *arg)
+ const struct hif_ind_suspend_resume_tx *arg)
{
if (arg->suspend_resume_flags.bc_mc_only) {
bool cancel_tmo = false;
diff --git a/drivers/staging/wfx/sta.h b/drivers/staging/wfx/sta.h
index 4ccf1b17632b..721b7cee9c10 100644
--- a/drivers/staging/wfx/sta.h
+++ b/drivers/staging/wfx/sta.h
@@ -92,7 +92,7 @@ void wfx_unassign_vif_chanctx(struct ieee80211_hw *hw,

// WSM Callbacks
void wfx_suspend_resume(struct wfx_vif *wvif,
- struct hif_ind_suspend_resume_tx *arg);
+ const struct hif_ind_suspend_resume_tx *arg);

// Other Helpers
void wfx_cqm_bssloss_sm(struct wfx_vif *wvif, int init, int good, int bad);
--
2.20.1

Next message: JÃrÃme Pouiller: "[PATCH 21/55] staging: wfx: ensure that traces never modify arguments"
Previous message: JÃrÃme Pouiller: "[PATCH 25/55] staging: wfx: fix name of struct hif_req_start_scan_alt"
In reply to: JÃrÃme Pouiller: "[PATCH 25/55] staging: wfx: fix name of struct hif_req_start_scan_alt"
Next in thread: JÃrÃme Pouiller: "[PATCH 21/55] staging: wfx: ensure that traces never modify arguments"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]