OpenCloudOS-Kernel/drivers/net/wireless/wl3501.h

616 lines
14 KiB
C
Raw Normal View History

License cleanup: add SPDX GPL-2.0 license identifier to files with no license Many source files in the tree are missing licensing information, which makes it harder for compliance tools to determine the correct license. By default all files without license information are under the default license of the kernel, which is GPL version 2. Update the files which contain no license information with the 'GPL-2.0' SPDX license identifier. The SPDX identifier is a legally binding shorthand, which can be used instead of the full boiler plate text. This patch is based on work done by Thomas Gleixner and Kate Stewart and Philippe Ombredanne. How this work was done: Patches were generated and checked against linux-4.14-rc6 for a subset of the use cases: - file had no licensing information it it. - file was a */uapi/* one with no licensing information in it, - file was a */uapi/* one with existing licensing information, Further patches will be generated in subsequent months to fix up cases where non-standard license headers were used, and references to license had to be inferred by heuristics based on keywords. The analysis to determine which SPDX License Identifier to be applied to a file was done in a spreadsheet of side by side results from of the output of two independent scanners (ScanCode & Windriver) producing SPDX tag:value files created by Philippe Ombredanne. Philippe prepared the base worksheet, and did an initial spot review of a few 1000 files. The 4.13 kernel was the starting point of the analysis with 60,537 files assessed. Kate Stewart did a file by file comparison of the scanner results in the spreadsheet to determine which SPDX license identifier(s) to be applied to the file. She confirmed any determination that was not immediately clear with lawyers working with the Linux Foundation. Criteria used to select files for SPDX license identifier tagging was: - Files considered eligible had to be source code files. - Make and config files were included as candidates if they contained >5 lines of source - File already had some variant of a license header in it (even if <5 lines). All documentation files were explicitly excluded. The following heuristics were used to determine which SPDX license identifiers to apply. - when both scanners couldn't find any license traces, file was considered to have no license information in it, and the top level COPYING file license applied. For non */uapi/* files that summary was: SPDX license identifier # files ---------------------------------------------------|------- GPL-2.0 11139 and resulted in the first patch in this series. If that file was a */uapi/* path one, it was "GPL-2.0 WITH Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was: SPDX license identifier # files ---------------------------------------------------|------- GPL-2.0 WITH Linux-syscall-note 930 and resulted in the second patch in this series. - if a file had some form of licensing information in it, and was one of the */uapi/* ones, it was denoted with the Linux-syscall-note if any GPL family license was found in the file or had no licensing in it (per prior point). Results summary: SPDX license identifier # files ---------------------------------------------------|------ GPL-2.0 WITH Linux-syscall-note 270 GPL-2.0+ WITH Linux-syscall-note 169 ((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21 ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17 LGPL-2.1+ WITH Linux-syscall-note 15 GPL-1.0+ WITH Linux-syscall-note 14 ((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5 LGPL-2.0+ WITH Linux-syscall-note 4 LGPL-2.1 WITH Linux-syscall-note 3 ((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3 ((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1 and that resulted in the third patch in this series. - when the two scanners agreed on the detected license(s), that became the concluded license(s). - when there was disagreement between the two scanners (one detected a license but the other didn't, or they both detected different licenses) a manual inspection of the file occurred. - In most cases a manual inspection of the information in the file resulted in a clear resolution of the license that should apply (and which scanner probably needed to revisit its heuristics). - When it was not immediately clear, the license identifier was confirmed with lawyers working with the Linux Foundation. - If there was any question as to the appropriate license identifier, the file was flagged for further research and to be revisited later in time. In total, over 70 hours of logged manual review was done on the spreadsheet to determine the SPDX license identifiers to apply to the source files by Kate, Philippe, Thomas and, in some cases, confirmation by lawyers working with the Linux Foundation. Kate also obtained a third independent scan of the 4.13 code base from FOSSology, and compared selected files where the other two scanners disagreed against that SPDX file, to see if there was new insights. The Windriver scanner is based on an older version of FOSSology in part, so they are related. Thomas did random spot checks in about 500 files from the spreadsheets for the uapi headers and agreed with SPDX license identifier in the files he inspected. For the non-uapi files Thomas did random spot checks in about 15000 files. In initial set of patches against 4.14-rc6, 3 files were found to have copy/paste license identifier errors, and have been fixed to reflect the correct identifier. Additionally Philippe spent 10 hours this week doing a detailed manual inspection and review of the 12,461 patched files from the initial patch version early this week with: - a full scancode scan run, collecting the matched texts, detected license ids and scores - reviewing anything where there was a license detected (about 500+ files) to ensure that the applied SPDX license was correct - reviewing anything where there was no detection but the patch license was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied SPDX license was correct This produced a worksheet with 20 files needing minor correction. This worksheet was then exported into 3 different .csv files for the different types of files to be modified. These .csv files were then reviewed by Greg. Thomas wrote a script to parse the csv files and add the proper SPDX tag to the file, in the format that the file expected. This script was further refined by Greg based on the output to detect more types of files automatically and to distinguish between header and source .c files (which need different comment types.) Finally Greg ran the script using the .csv files to generate the patches. Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-01 22:07:57 +08:00
/* SPDX-License-Identifier: GPL-2.0 */
#ifndef __WL3501_H__
#define __WL3501_H__
#include <linux/spinlock.h>
#include <linux/ieee80211.h>
/* define for WLA 2.0 */
#define WL3501_BLKSZ 256
/*
* ID for input Signals of DRIVER block
* bit[7-5] is block ID: 000
* bit[4-0] is signal ID
*/
enum wl3501_signals {
WL3501_SIG_ALARM,
WL3501_SIG_MD_CONFIRM,
WL3501_SIG_MD_IND,
WL3501_SIG_ASSOC_CONFIRM,
WL3501_SIG_ASSOC_IND,
WL3501_SIG_AUTH_CONFIRM,
WL3501_SIG_AUTH_IND,
WL3501_SIG_DEAUTH_CONFIRM,
WL3501_SIG_DEAUTH_IND,
WL3501_SIG_DISASSOC_CONFIRM,
WL3501_SIG_DISASSOC_IND,
WL3501_SIG_GET_CONFIRM,
WL3501_SIG_JOIN_CONFIRM,
WL3501_SIG_PWR_MGMT_CONFIRM,
WL3501_SIG_REASSOC_CONFIRM,
WL3501_SIG_REASSOC_IND,
WL3501_SIG_SCAN_CONFIRM,
WL3501_SIG_SET_CONFIRM,
WL3501_SIG_START_CONFIRM,
WL3501_SIG_RESYNC_CONFIRM,
WL3501_SIG_SITE_CONFIRM,
WL3501_SIG_SAVE_CONFIRM,
WL3501_SIG_RFTEST_CONFIRM,
/*
* ID for input Signals of MLME block
* bit[7-5] is block ID: 010
* bit[4-0] is signal ID
*/
WL3501_SIG_ASSOC_REQ = 0x20,
WL3501_SIG_AUTH_REQ,
WL3501_SIG_DEAUTH_REQ,
WL3501_SIG_DISASSOC_REQ,
WL3501_SIG_GET_REQ,
WL3501_SIG_JOIN_REQ,
WL3501_SIG_PWR_MGMT_REQ,
WL3501_SIG_REASSOC_REQ,
WL3501_SIG_SCAN_REQ,
WL3501_SIG_SET_REQ,
WL3501_SIG_START_REQ,
WL3501_SIG_MD_REQ,
WL3501_SIG_RESYNC_REQ,
WL3501_SIG_SITE_REQ,
WL3501_SIG_SAVE_REQ,
WL3501_SIG_RF_TEST_REQ,
WL3501_SIG_MM_CONFIRM = 0x60,
WL3501_SIG_MM_IND,
};
enum wl3501_mib_attribs {
WL3501_MIB_ATTR_STATION_ID,
WL3501_MIB_ATTR_AUTH_ALGORITHMS,
WL3501_MIB_ATTR_AUTH_TYPE,
WL3501_MIB_ATTR_MEDIUM_OCCUPANCY_LIMIT,
WL3501_MIB_ATTR_CF_POLLABLE,
WL3501_MIB_ATTR_CFP_PERIOD,
WL3501_MIB_ATTR_CFPMAX_DURATION,
WL3501_MIB_ATTR_AUTH_RESP_TMOUT,
WL3501_MIB_ATTR_RX_DTIMS,
WL3501_MIB_ATTR_PRIV_OPT_IMPLEMENTED,
WL3501_MIB_ATTR_PRIV_INVOKED,
WL3501_MIB_ATTR_WEP_DEFAULT_KEYS,
WL3501_MIB_ATTR_WEP_DEFAULT_KEY_ID,
WL3501_MIB_ATTR_WEP_KEY_MAPPINGS,
WL3501_MIB_ATTR_WEP_KEY_MAPPINGS_LEN,
WL3501_MIB_ATTR_EXCLUDE_UNENCRYPTED,
WL3501_MIB_ATTR_WEP_ICV_ERROR_COUNT,
WL3501_MIB_ATTR_WEP_UNDECRYPTABLE_COUNT,
WL3501_MIB_ATTR_WEP_EXCLUDED_COUNT,
WL3501_MIB_ATTR_MAC_ADDR,
WL3501_MIB_ATTR_GROUP_ADDRS,
WL3501_MIB_ATTR_RTS_THRESHOLD,
WL3501_MIB_ATTR_SHORT_RETRY_LIMIT,
WL3501_MIB_ATTR_LONG_RETRY_LIMIT,
WL3501_MIB_ATTR_FRAG_THRESHOLD,
WL3501_MIB_ATTR_MAX_TX_MSDU_LIFETIME,
WL3501_MIB_ATTR_MAX_RX_LIFETIME,
WL3501_MIB_ATTR_MANUFACTURER_ID,
WL3501_MIB_ATTR_PRODUCT_ID,
WL3501_MIB_ATTR_TX_FRAG_COUNT,
WL3501_MIB_ATTR_MULTICAST_TX_FRAME_COUNT,
WL3501_MIB_ATTR_FAILED_COUNT,
WL3501_MIB_ATTR_RX_FRAG_COUNT,
WL3501_MIB_ATTR_MULTICAST_RX_COUNT,
WL3501_MIB_ATTR_FCS_ERROR_COUNT,
WL3501_MIB_ATTR_RETRY_COUNT,
WL3501_MIB_ATTR_MULTIPLE_RETRY_COUNT,
WL3501_MIB_ATTR_RTS_SUCCESS_COUNT,
WL3501_MIB_ATTR_RTS_FAILURE_COUNT,
WL3501_MIB_ATTR_ACK_FAILURE_COUNT,
WL3501_MIB_ATTR_FRAME_DUPLICATE_COUNT,
WL3501_MIB_ATTR_PHY_TYPE,
WL3501_MIB_ATTR_REG_DOMAINS_SUPPORT,
WL3501_MIB_ATTR_CURRENT_REG_DOMAIN,
WL3501_MIB_ATTR_SLOT_TIME,
WL3501_MIB_ATTR_CCA_TIME,
WL3501_MIB_ATTR_RX_TX_TURNAROUND_TIME,
WL3501_MIB_ATTR_TX_PLCP_DELAY,
WL3501_MIB_ATTR_RX_TX_SWITCH_TIME,
WL3501_MIB_ATTR_TX_RAMP_ON_TIME,
WL3501_MIB_ATTR_TX_RF_DELAY,
WL3501_MIB_ATTR_SIFS_TIME,
WL3501_MIB_ATTR_RX_RF_DELAY,
WL3501_MIB_ATTR_RX_PLCP_DELAY,
WL3501_MIB_ATTR_MAC_PROCESSING_DELAY,
WL3501_MIB_ATTR_TX_RAMP_OFF_TIME,
WL3501_MIB_ATTR_PREAMBLE_LEN,
WL3501_MIB_ATTR_PLCP_HEADER_LEN,
WL3501_MIB_ATTR_MPDU_DURATION_FACTOR,
WL3501_MIB_ATTR_AIR_PROPAGATION_TIME,
WL3501_MIB_ATTR_TEMP_TYPE,
WL3501_MIB_ATTR_CW_MIN,
WL3501_MIB_ATTR_CW_MAX,
WL3501_MIB_ATTR_SUPPORT_DATA_RATES_TX,
WL3501_MIB_ATTR_SUPPORT_DATA_RATES_RX,
WL3501_MIB_ATTR_MPDU_MAX_LEN,
WL3501_MIB_ATTR_SUPPORT_TX_ANTENNAS,
WL3501_MIB_ATTR_CURRENT_TX_ANTENNA,
WL3501_MIB_ATTR_SUPPORT_RX_ANTENNAS,
WL3501_MIB_ATTR_DIVERSITY_SUPPORT,
WL3501_MIB_ATTR_DIVERSITY_SELECTION_RS,
WL3501_MIB_ATTR_NR_SUPPORTED_PWR_LEVELS,
WL3501_MIB_ATTR_TX_PWR_LEVEL1,
WL3501_MIB_ATTR_TX_PWR_LEVEL2,
WL3501_MIB_ATTR_TX_PWR_LEVEL3,
WL3501_MIB_ATTR_TX_PWR_LEVEL4,
WL3501_MIB_ATTR_TX_PWR_LEVEL5,
WL3501_MIB_ATTR_TX_PWR_LEVEL6,
WL3501_MIB_ATTR_TX_PWR_LEVEL7,
WL3501_MIB_ATTR_TX_PWR_LEVEL8,
WL3501_MIB_ATTR_CURRENT_TX_PWR_LEVEL,
WL3501_MIB_ATTR_CURRENT_CHAN,
WL3501_MIB_ATTR_CCA_MODE_SUPPORTED,
WL3501_MIB_ATTR_CURRENT_CCA_MODE,
WL3501_MIB_ATTR_ED_THRESHOLD,
WL3501_MIB_ATTR_SINTHESIZER_LOCKED,
WL3501_MIB_ATTR_CURRENT_PWR_STATE,
WL3501_MIB_ATTR_DOZE_TURNON_TIME,
WL3501_MIB_ATTR_RCR33,
WL3501_MIB_ATTR_DEFAULT_CHAN,
WL3501_MIB_ATTR_SSID,
WL3501_MIB_ATTR_PWR_MGMT_ENABLE,
WL3501_MIB_ATTR_NET_CAPABILITY,
WL3501_MIB_ATTR_ROUTING,
};
enum wl3501_net_type {
WL3501_NET_TYPE_INFRA,
WL3501_NET_TYPE_ADHOC,
WL3501_NET_TYPE_ANY_BSS,
};
enum wl3501_scan_type {
WL3501_SCAN_TYPE_ACTIVE,
WL3501_SCAN_TYPE_PASSIVE,
};
enum wl3501_tx_result {
WL3501_TX_RESULT_SUCCESS,
WL3501_TX_RESULT_NO_BSS,
WL3501_TX_RESULT_RETRY_LIMIT,
};
enum wl3501_sys_type {
WL3501_SYS_TYPE_OPEN,
WL3501_SYS_TYPE_SHARE_KEY,
};
enum wl3501_status {
WL3501_STATUS_SUCCESS,
WL3501_STATUS_INVALID,
WL3501_STATUS_TIMEOUT,
WL3501_STATUS_REFUSED,
WL3501_STATUS_MANY_REQ,
WL3501_STATUS_ALREADY_BSS,
};
#define WL3501_MGMT_CAPABILITY_ESS 0x0001 /* see 802.11 p.58 */
#define WL3501_MGMT_CAPABILITY_IBSS 0x0002 /* - " - */
#define WL3501_MGMT_CAPABILITY_CF_POLLABLE 0x0004 /* - " - */
#define WL3501_MGMT_CAPABILITY_CF_POLL_REQUEST 0x0008 /* - " - */
#define WL3501_MGMT_CAPABILITY_PRIVACY 0x0010 /* - " - */
#define IW_REG_DOMAIN_FCC 0x10 /* Channel 1 to 11 USA */
#define IW_REG_DOMAIN_DOC 0x20 /* Channel 1 to 11 Canada */
#define IW_REG_DOMAIN_ETSI 0x30 /* Channel 1 to 13 Europe */
#define IW_REG_DOMAIN_SPAIN 0x31 /* Channel 10 to 11 Spain */
#define IW_REG_DOMAIN_FRANCE 0x32 /* Channel 10 to 13 France */
#define IW_REG_DOMAIN_MKK 0x40 /* Channel 14 Japan */
#define IW_REG_DOMAIN_MKK1 0x41 /* Channel 1-14 Japan */
#define IW_REG_DOMAIN_ISRAEL 0x50 /* Channel 3 - 9 Israel */
#define IW_MGMT_RATE_LABEL_MANDATORY 128 /* MSB */
enum iw_mgmt_rate_labels {
IW_MGMT_RATE_LABEL_1MBIT = 2,
IW_MGMT_RATE_LABEL_2MBIT = 4,
IW_MGMT_RATE_LABEL_5_5MBIT = 11,
IW_MGMT_RATE_LABEL_11MBIT = 22,
};
enum iw_mgmt_info_element_ids {
IW_MGMT_INFO_ELEMENT_SSID, /* Service Set Identity */
IW_MGMT_INFO_ELEMENT_SUPPORTED_RATES,
IW_MGMT_INFO_ELEMENT_FH_PARAMETER_SET,
IW_MGMT_INFO_ELEMENT_DS_PARAMETER_SET,
IW_MGMT_INFO_ELEMENT_CS_PARAMETER_SET,
IW_MGMT_INFO_ELEMENT_CS_TIM, /* Traffic Information Map */
IW_MGMT_INFO_ELEMENT_IBSS_PARAMETER_SET,
/* 7-15: Reserved, unused */
IW_MGMT_INFO_ELEMENT_CHALLENGE_TEXT = 16,
/* 17-31 Reserved for challenge text extension */
/* 32-255 Reserved, unused */
};
struct iw_mgmt_info_element {
u8 id; /* one of enum iw_mgmt_info_element_ids,
but sizeof(enum) > sizeof(u8) :-( */
u8 len;
u8 data[];
} __packed;
struct iw_mgmt_essid_pset {
struct iw_mgmt_info_element el;
u8 essid[IW_ESSID_MAX_SIZE];
} __packed;
/*
* According to 802.11 Wireless Networks, the definitive guide - O'Reilly
* Pg 75
*/
#define IW_DATA_RATE_MAX_LABELS 8
struct iw_mgmt_data_rset {
struct iw_mgmt_info_element el;
u8 data_rate_labels[IW_DATA_RATE_MAX_LABELS];
} __packed;
struct iw_mgmt_ds_pset {
struct iw_mgmt_info_element el;
u8 chan;
} __packed;
struct iw_mgmt_cf_pset {
struct iw_mgmt_info_element el;
u8 cfp_count;
u8 cfp_period;
u16 cfp_max_duration;
u16 cfp_dur_remaining;
} __packed;
struct iw_mgmt_ibss_pset {
struct iw_mgmt_info_element el;
u16 atim_window;
} __packed;
struct wl3501_tx_hdr {
u16 tx_cnt;
u8 sync[16];
u16 sfd;
u8 signal;
u8 service;
u16 len;
u16 crc16;
u16 frame_ctrl;
u16 duration_id;
u8 addr1[ETH_ALEN];
u8 addr2[ETH_ALEN];
u8 addr3[ETH_ALEN];
u16 seq_ctrl;
u8 addr4[ETH_ALEN];
};
struct wl3501_rx_hdr {
u16 rx_next_blk;
u16 rc_next_frame_blk;
u8 rx_blk_ctrl;
u8 rx_next_frame;
u8 rx_next_frame1;
u8 rssi;
char time[8];
u8 signal;
u8 service;
u16 len;
u16 crc16;
u16 frame_ctrl;
u16 duration;
u8 addr1[ETH_ALEN];
u8 addr2[ETH_ALEN];
u8 addr3[ETH_ALEN];
u16 seq;
u8 addr4[ETH_ALEN];
};
struct wl3501_start_req {
u16 next_blk;
u8 sig_id;
u8 bss_type;
u16 beacon_period;
u16 dtim_period;
u16 probe_delay;
u16 cap_info;
struct iw_mgmt_essid_pset ssid;
struct iw_mgmt_data_rset bss_basic_rset;
struct iw_mgmt_data_rset operational_rset;
struct iw_mgmt_cf_pset cf_pset;
struct iw_mgmt_ds_pset ds_pset;
struct iw_mgmt_ibss_pset ibss_pset;
};
struct wl3501_assoc_req {
u16 next_blk;
u8 sig_id;
u8 reserved;
u16 timeout;
u16 cap_info;
u16 listen_interval;
u8 mac_addr[ETH_ALEN];
};
struct wl3501_assoc_confirm {
u16 next_blk;
u8 sig_id;
u8 reserved;
u16 status;
};
struct wl3501_assoc_ind {
u16 next_blk;
u8 sig_id;
u8 mac_addr[ETH_ALEN];
};
struct wl3501_auth_req {
u16 next_blk;
u8 sig_id;
u8 reserved;
u16 type;
u16 timeout;
u8 mac_addr[ETH_ALEN];
};
struct wl3501_auth_confirm {
u16 next_blk;
u8 sig_id;
u8 reserved;
u16 type;
u16 status;
u8 mac_addr[ETH_ALEN];
};
struct wl3501_get_req {
u16 next_blk;
u8 sig_id;
u8 reserved;
u16 mib_attrib;
};
struct wl3501_get_confirm {
u16 next_blk;
u8 sig_id;
u8 reserved;
u16 mib_status;
u16 mib_attrib;
u8 mib_value[100];
};
wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join Fix the following out-of-bounds warnings by adding a new structure wl3501_req instead of duplicating the same members in structure wl3501_join_req and wl3501_scan_confirm: arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [39, 108] from the object at 'sig' is out of the bounds of referenced subobject 'beacon_period' with type 'short unsigned int' at offset 36 [-Warray-bounds] arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [25, 95] from the object at 'sig' is out of the bounds of referenced subobject 'beacon_period' with type 'short unsigned int' at offset 22 [-Warray-bounds] Refactor the code, accordingly: $ pahole -C wl3501_req drivers/net/wireless/wl3501_cs.o struct wl3501_req { u16 beacon_period; /* 0 2 */ u16 dtim_period; /* 2 2 */ u16 cap_info; /* 4 2 */ u8 bss_type; /* 6 1 */ u8 bssid[6]; /* 7 6 */ struct iw_mgmt_essid_pset ssid; /* 13 34 */ struct iw_mgmt_ds_pset ds_pset; /* 47 3 */ struct iw_mgmt_cf_pset cf_pset; /* 50 8 */ struct iw_mgmt_ibss_pset ibss_pset; /* 58 4 */ struct iw_mgmt_data_rset bss_basic_rset; /* 62 10 */ /* size: 72, cachelines: 2, members: 10 */ /* last cacheline: 8 bytes */ }; $ pahole -C wl3501_join_req drivers/net/wireless/wl3501_cs.o struct wl3501_join_req { u16 next_blk; /* 0 2 */ u8 sig_id; /* 2 1 */ u8 reserved; /* 3 1 */ struct iw_mgmt_data_rset operational_rset; /* 4 10 */ u16 reserved2; /* 14 2 */ u16 timeout; /* 16 2 */ u16 probe_delay; /* 18 2 */ u8 timestamp[8]; /* 20 8 */ u8 local_time[8]; /* 28 8 */ struct wl3501_req req; /* 36 72 */ /* size: 108, cachelines: 2, members: 10 */ /* last cacheline: 44 bytes */ }; $ pahole -C wl3501_scan_confirm drivers/net/wireless/wl3501_cs.o struct wl3501_scan_confirm { u16 next_blk; /* 0 2 */ u8 sig_id; /* 2 1 */ u8 reserved; /* 3 1 */ u16 status; /* 4 2 */ char timestamp[8]; /* 6 8 */ char localtime[8]; /* 14 8 */ struct wl3501_req req; /* 22 72 */ /* --- cacheline 1 boundary (64 bytes) was 30 bytes ago --- */ u8 rssi; /* 94 1 */ /* size: 96, cachelines: 2, members: 8 */ /* padding: 1 */ /* last cacheline: 32 bytes */ }; The problem is that the original code is trying to copy data into a bunch of struct members adjacent to each other in a single call to memcpy(). Now that a new struct wl3501_req enclosing all those adjacent members is introduced, memcpy() doesn't overrun the length of &sig.beacon_period and &this->bss_set[i].beacon_period, because the address of the new struct object _req_ is used as the destination, instead. This helps with the ongoing efforts to globally enable -Warray-bounds and get us closer to being able to tighten the FORTIFY_SOURCE routines on memcpy(). Link: https://github.com/KSPP/linux/issues/109 Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/1fbaf516da763b50edac47d792a9145aa4482e29.1618442265.git.gustavoars@kernel.org
2021-04-15 07:45:15 +08:00
struct wl3501_req {
u16 beacon_period;
u16 dtim_period;
u16 cap_info;
u8 bss_type;
u8 bssid[ETH_ALEN];
struct iw_mgmt_essid_pset ssid;
struct iw_mgmt_ds_pset ds_pset;
struct iw_mgmt_cf_pset cf_pset;
struct iw_mgmt_ibss_pset ibss_pset;
struct iw_mgmt_data_rset bss_basic_rset;
};
wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join Fix the following out-of-bounds warnings by adding a new structure wl3501_req instead of duplicating the same members in structure wl3501_join_req and wl3501_scan_confirm: arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [39, 108] from the object at 'sig' is out of the bounds of referenced subobject 'beacon_period' with type 'short unsigned int' at offset 36 [-Warray-bounds] arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [25, 95] from the object at 'sig' is out of the bounds of referenced subobject 'beacon_period' with type 'short unsigned int' at offset 22 [-Warray-bounds] Refactor the code, accordingly: $ pahole -C wl3501_req drivers/net/wireless/wl3501_cs.o struct wl3501_req { u16 beacon_period; /* 0 2 */ u16 dtim_period; /* 2 2 */ u16 cap_info; /* 4 2 */ u8 bss_type; /* 6 1 */ u8 bssid[6]; /* 7 6 */ struct iw_mgmt_essid_pset ssid; /* 13 34 */ struct iw_mgmt_ds_pset ds_pset; /* 47 3 */ struct iw_mgmt_cf_pset cf_pset; /* 50 8 */ struct iw_mgmt_ibss_pset ibss_pset; /* 58 4 */ struct iw_mgmt_data_rset bss_basic_rset; /* 62 10 */ /* size: 72, cachelines: 2, members: 10 */ /* last cacheline: 8 bytes */ }; $ pahole -C wl3501_join_req drivers/net/wireless/wl3501_cs.o struct wl3501_join_req { u16 next_blk; /* 0 2 */ u8 sig_id; /* 2 1 */ u8 reserved; /* 3 1 */ struct iw_mgmt_data_rset operational_rset; /* 4 10 */ u16 reserved2; /* 14 2 */ u16 timeout; /* 16 2 */ u16 probe_delay; /* 18 2 */ u8 timestamp[8]; /* 20 8 */ u8 local_time[8]; /* 28 8 */ struct wl3501_req req; /* 36 72 */ /* size: 108, cachelines: 2, members: 10 */ /* last cacheline: 44 bytes */ }; $ pahole -C wl3501_scan_confirm drivers/net/wireless/wl3501_cs.o struct wl3501_scan_confirm { u16 next_blk; /* 0 2 */ u8 sig_id; /* 2 1 */ u8 reserved; /* 3 1 */ u16 status; /* 4 2 */ char timestamp[8]; /* 6 8 */ char localtime[8]; /* 14 8 */ struct wl3501_req req; /* 22 72 */ /* --- cacheline 1 boundary (64 bytes) was 30 bytes ago --- */ u8 rssi; /* 94 1 */ /* size: 96, cachelines: 2, members: 8 */ /* padding: 1 */ /* last cacheline: 32 bytes */ }; The problem is that the original code is trying to copy data into a bunch of struct members adjacent to each other in a single call to memcpy(). Now that a new struct wl3501_req enclosing all those adjacent members is introduced, memcpy() doesn't overrun the length of &sig.beacon_period and &this->bss_set[i].beacon_period, because the address of the new struct object _req_ is used as the destination, instead. This helps with the ongoing efforts to globally enable -Warray-bounds and get us closer to being able to tighten the FORTIFY_SOURCE routines on memcpy(). Link: https://github.com/KSPP/linux/issues/109 Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/1fbaf516da763b50edac47d792a9145aa4482e29.1618442265.git.gustavoars@kernel.org
2021-04-15 07:45:15 +08:00
struct wl3501_join_req {
u16 next_blk;
u8 sig_id;
u8 reserved;
struct iw_mgmt_data_rset operational_rset;
u16 reserved2;
u16 timeout;
u16 probe_delay;
u8 timestamp[8];
u8 local_time[8];
struct wl3501_req req;
};
struct wl3501_join_confirm {
u16 next_blk;
u8 sig_id;
u8 reserved;
u16 status;
};
struct wl3501_pwr_mgmt_req {
u16 next_blk;
u8 sig_id;
u8 pwr_save;
u8 wake_up;
u8 receive_dtims;
};
struct wl3501_pwr_mgmt_confirm {
u16 next_blk;
u8 sig_id;
u8 reserved;
u16 status;
};
struct wl3501_scan_req {
u16 next_blk;
u8 sig_id;
u8 bss_type;
u16 probe_delay;
u16 min_chan_time;
u16 max_chan_time;
u8 chan_list[14];
u8 bssid[ETH_ALEN];
struct iw_mgmt_essid_pset ssid;
enum wl3501_scan_type scan_type;
};
struct wl3501_scan_confirm {
u16 next_blk;
u8 sig_id;
u8 reserved;
u16 status;
char timestamp[8];
char localtime[8];
wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join Fix the following out-of-bounds warnings by adding a new structure wl3501_req instead of duplicating the same members in structure wl3501_join_req and wl3501_scan_confirm: arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [39, 108] from the object at 'sig' is out of the bounds of referenced subobject 'beacon_period' with type 'short unsigned int' at offset 36 [-Warray-bounds] arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [25, 95] from the object at 'sig' is out of the bounds of referenced subobject 'beacon_period' with type 'short unsigned int' at offset 22 [-Warray-bounds] Refactor the code, accordingly: $ pahole -C wl3501_req drivers/net/wireless/wl3501_cs.o struct wl3501_req { u16 beacon_period; /* 0 2 */ u16 dtim_period; /* 2 2 */ u16 cap_info; /* 4 2 */ u8 bss_type; /* 6 1 */ u8 bssid[6]; /* 7 6 */ struct iw_mgmt_essid_pset ssid; /* 13 34 */ struct iw_mgmt_ds_pset ds_pset; /* 47 3 */ struct iw_mgmt_cf_pset cf_pset; /* 50 8 */ struct iw_mgmt_ibss_pset ibss_pset; /* 58 4 */ struct iw_mgmt_data_rset bss_basic_rset; /* 62 10 */ /* size: 72, cachelines: 2, members: 10 */ /* last cacheline: 8 bytes */ }; $ pahole -C wl3501_join_req drivers/net/wireless/wl3501_cs.o struct wl3501_join_req { u16 next_blk; /* 0 2 */ u8 sig_id; /* 2 1 */ u8 reserved; /* 3 1 */ struct iw_mgmt_data_rset operational_rset; /* 4 10 */ u16 reserved2; /* 14 2 */ u16 timeout; /* 16 2 */ u16 probe_delay; /* 18 2 */ u8 timestamp[8]; /* 20 8 */ u8 local_time[8]; /* 28 8 */ struct wl3501_req req; /* 36 72 */ /* size: 108, cachelines: 2, members: 10 */ /* last cacheline: 44 bytes */ }; $ pahole -C wl3501_scan_confirm drivers/net/wireless/wl3501_cs.o struct wl3501_scan_confirm { u16 next_blk; /* 0 2 */ u8 sig_id; /* 2 1 */ u8 reserved; /* 3 1 */ u16 status; /* 4 2 */ char timestamp[8]; /* 6 8 */ char localtime[8]; /* 14 8 */ struct wl3501_req req; /* 22 72 */ /* --- cacheline 1 boundary (64 bytes) was 30 bytes ago --- */ u8 rssi; /* 94 1 */ /* size: 96, cachelines: 2, members: 8 */ /* padding: 1 */ /* last cacheline: 32 bytes */ }; The problem is that the original code is trying to copy data into a bunch of struct members adjacent to each other in a single call to memcpy(). Now that a new struct wl3501_req enclosing all those adjacent members is introduced, memcpy() doesn't overrun the length of &sig.beacon_period and &this->bss_set[i].beacon_period, because the address of the new struct object _req_ is used as the destination, instead. This helps with the ongoing efforts to globally enable -Warray-bounds and get us closer to being able to tighten the FORTIFY_SOURCE routines on memcpy(). Link: https://github.com/KSPP/linux/issues/109 Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/1fbaf516da763b50edac47d792a9145aa4482e29.1618442265.git.gustavoars@kernel.org
2021-04-15 07:45:15 +08:00
struct wl3501_req req;
u8 rssi;
};
struct wl3501_start_confirm {
u16 next_blk;
u8 sig_id;
u8 reserved;
u16 status;
};
struct wl3501_md_req {
u16 next_blk;
u8 sig_id;
u8 routing;
u16 data;
u16 size;
u8 pri;
u8 service_class;
wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt Fix the following out-of-bounds warnings by enclosing structure members daddr and saddr into new struct addr, in structures wl3501_md_req and wl3501_md_ind: arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [18, 23] from the object at 'sig' is out of the bounds of referenced subobject 'daddr' with type 'u8[6]' {aka 'unsigned char[6]'} at offset 11 [-Warray-bounds] arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [18, 23] from the object at 'sig' is out of the bounds of referenced subobject 'daddr' with type 'u8[6]' {aka 'unsigned char[6]'} at offset 11 [-Warray-bounds] Refactor the code, accordingly: $ pahole -C wl3501_md_req drivers/net/wireless/wl3501_cs.o struct wl3501_md_req { u16 next_blk; /* 0 2 */ u8 sig_id; /* 2 1 */ u8 routing; /* 3 1 */ u16 data; /* 4 2 */ u16 size; /* 6 2 */ u8 pri; /* 8 1 */ u8 service_class; /* 9 1 */ struct { u8 daddr[6]; /* 10 6 */ u8 saddr[6]; /* 16 6 */ } addr; /* 10 12 */ /* size: 22, cachelines: 1, members: 8 */ /* last cacheline: 22 bytes */ }; $ pahole -C wl3501_md_ind drivers/net/wireless/wl3501_cs.o struct wl3501_md_ind { u16 next_blk; /* 0 2 */ u8 sig_id; /* 2 1 */ u8 routing; /* 3 1 */ u16 data; /* 4 2 */ u16 size; /* 6 2 */ u8 reception; /* 8 1 */ u8 pri; /* 9 1 */ u8 service_class; /* 10 1 */ struct { u8 daddr[6]; /* 11 6 */ u8 saddr[6]; /* 17 6 */ } addr; /* 11 12 */ /* size: 24, cachelines: 1, members: 9 */ /* padding: 1 */ /* last cacheline: 24 bytes */ }; The problem is that the original code is trying to copy data into a couple of arrays adjacent to each other in a single call to memcpy(). Now that a new struct _addr_ enclosing those two adjacent arrays is introduced, memcpy() doesn't overrun the length of &sig.daddr[0] and &sig.daddr, because the address of the new struct object _addr_ is used, instead. This helps with the ongoing efforts to globally enable -Warray-bounds and get us closer to being able to tighten the FORTIFY_SOURCE routines on memcpy(). Link: https://github.com/KSPP/linux/issues/109 Reported-by: kernel test robot <lkp@intel.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/d260fe56aed7112bff2be5b4d152d03ad7b78e78.1618442265.git.gustavoars@kernel.org
2021-04-15 07:43:19 +08:00
struct {
u8 daddr[ETH_ALEN];
u8 saddr[ETH_ALEN];
} addr;
};
struct wl3501_md_ind {
u16 next_blk;
u8 sig_id;
u8 routing;
u16 data;
u16 size;
u8 reception;
u8 pri;
u8 service_class;
wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt Fix the following out-of-bounds warnings by enclosing structure members daddr and saddr into new struct addr, in structures wl3501_md_req and wl3501_md_ind: arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [18, 23] from the object at 'sig' is out of the bounds of referenced subobject 'daddr' with type 'u8[6]' {aka 'unsigned char[6]'} at offset 11 [-Warray-bounds] arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [18, 23] from the object at 'sig' is out of the bounds of referenced subobject 'daddr' with type 'u8[6]' {aka 'unsigned char[6]'} at offset 11 [-Warray-bounds] Refactor the code, accordingly: $ pahole -C wl3501_md_req drivers/net/wireless/wl3501_cs.o struct wl3501_md_req { u16 next_blk; /* 0 2 */ u8 sig_id; /* 2 1 */ u8 routing; /* 3 1 */ u16 data; /* 4 2 */ u16 size; /* 6 2 */ u8 pri; /* 8 1 */ u8 service_class; /* 9 1 */ struct { u8 daddr[6]; /* 10 6 */ u8 saddr[6]; /* 16 6 */ } addr; /* 10 12 */ /* size: 22, cachelines: 1, members: 8 */ /* last cacheline: 22 bytes */ }; $ pahole -C wl3501_md_ind drivers/net/wireless/wl3501_cs.o struct wl3501_md_ind { u16 next_blk; /* 0 2 */ u8 sig_id; /* 2 1 */ u8 routing; /* 3 1 */ u16 data; /* 4 2 */ u16 size; /* 6 2 */ u8 reception; /* 8 1 */ u8 pri; /* 9 1 */ u8 service_class; /* 10 1 */ struct { u8 daddr[6]; /* 11 6 */ u8 saddr[6]; /* 17 6 */ } addr; /* 11 12 */ /* size: 24, cachelines: 1, members: 9 */ /* padding: 1 */ /* last cacheline: 24 bytes */ }; The problem is that the original code is trying to copy data into a couple of arrays adjacent to each other in a single call to memcpy(). Now that a new struct _addr_ enclosing those two adjacent arrays is introduced, memcpy() doesn't overrun the length of &sig.daddr[0] and &sig.daddr, because the address of the new struct object _addr_ is used, instead. This helps with the ongoing efforts to globally enable -Warray-bounds and get us closer to being able to tighten the FORTIFY_SOURCE routines on memcpy(). Link: https://github.com/KSPP/linux/issues/109 Reported-by: kernel test robot <lkp@intel.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/d260fe56aed7112bff2be5b4d152d03ad7b78e78.1618442265.git.gustavoars@kernel.org
2021-04-15 07:43:19 +08:00
struct {
u8 daddr[ETH_ALEN];
u8 saddr[ETH_ALEN];
} addr;
};
struct wl3501_md_confirm {
u16 next_blk;
u8 sig_id;
u8 reserved;
u16 data;
u8 status;
u8 pri;
u8 service_class;
};
struct wl3501_resync_req {
u16 next_blk;
u8 sig_id;
};
/* Definitions for supporting clone adapters. */
/* System Interface Registers (SIR space) */
#define WL3501_NIC_GCR ((u8)0x00) /* SIR0 - General Conf Register */
#define WL3501_NIC_BSS ((u8)0x01) /* SIR1 - Bank Switching Select Reg */
#define WL3501_NIC_LMAL ((u8)0x02) /* SIR2 - Local Mem addr Reg [7:0] */
#define WL3501_NIC_LMAH ((u8)0x03) /* SIR3 - Local Mem addr Reg [14:8] */
#define WL3501_NIC_IODPA ((u8)0x04) /* SIR4 - I/O Data Port A */
#define WL3501_NIC_IODPB ((u8)0x05) /* SIR5 - I/O Data Port B */
#define WL3501_NIC_IODPC ((u8)0x06) /* SIR6 - I/O Data Port C */
#define WL3501_NIC_IODPD ((u8)0x07) /* SIR7 - I/O Data Port D */
/* Bits in GCR */
#define WL3501_GCR_SWRESET ((u8)0x80)
#define WL3501_GCR_CORESET ((u8)0x40)
#define WL3501_GCR_DISPWDN ((u8)0x20)
#define WL3501_GCR_ECWAIT ((u8)0x10)
#define WL3501_GCR_ECINT ((u8)0x08)
#define WL3501_GCR_INT2EC ((u8)0x04)
#define WL3501_GCR_ENECINT ((u8)0x02)
#define WL3501_GCR_DAM ((u8)0x01)
/* Bits in BSS (Bank Switching Select Register) */
#define WL3501_BSS_FPAGE0 ((u8)0x20) /* Flash memory page0 */
#define WL3501_BSS_FPAGE1 ((u8)0x28)
#define WL3501_BSS_FPAGE2 ((u8)0x30)
#define WL3501_BSS_FPAGE3 ((u8)0x38)
#define WL3501_BSS_SPAGE0 ((u8)0x00) /* SRAM page0 */
#define WL3501_BSS_SPAGE1 ((u8)0x08)
#define WL3501_BSS_SPAGE2 ((u8)0x10)
#define WL3501_BSS_SPAGE3 ((u8)0x18)
/* Define Driver Interface */
/* Refer IEEE 802.11 */
/* Tx packet header, include PLCP and MPDU */
/* Tx PLCP Header */
struct wl3501_80211_tx_plcp_hdr {
u8 sync[16];
u16 sfd;
u8 signal;
u8 service;
u16 len;
u16 crc16;
} __packed;
struct wl3501_80211_tx_hdr {
struct wl3501_80211_tx_plcp_hdr pclp_hdr;
struct ieee80211_hdr mac_hdr;
} __packed __aligned(2);
/*
Reserve the beginning Tx space for descriptor use.
TxBlockOffset --> *----*----*----*----* \
(TxFreeDesc) | 0 | 1 | 2 | 3 | \
| 4 | 5 | 6 | 7 | |
| 8 | 9 | 10 | 11 | TX_DESC * 20
| 12 | 13 | 14 | 15 | |
| 16 | 17 | 18 | 19 | /
TxBufferBegin --> *----*----*----*----* /
(TxBufferHead) | |
(TxBufferTail) | |
| Send Buffer |
| |
| |
*-------------------*
TxBufferEnd -------------------------/
*/
struct wl3501_card {
int base_addr;
u8 mac_addr[ETH_ALEN];
spinlock_t lock;
wait_queue_head_t wait;
struct wl3501_get_confirm sig_get_confirm;
struct wl3501_pwr_mgmt_confirm sig_pwr_mgmt_confirm;
u16 tx_buffer_size;
u16 tx_buffer_head;
u16 tx_buffer_tail;
u16 tx_buffer_cnt;
u16 esbq_req_start;
u16 esbq_req_end;
u16 esbq_req_head;
u16 esbq_req_tail;
u16 esbq_confirm_start;
u16 esbq_confirm_end;
u16 esbq_confirm;
struct iw_mgmt_essid_pset essid;
struct iw_mgmt_essid_pset keep_essid;
u8 bssid[ETH_ALEN];
int net_type;
char nick[32];
char card_name[32];
char firmware_date[32];
u8 chan;
u8 cap_info;
u16 start_seg;
u16 bss_cnt;
u16 join_sta_bss;
u8 rssi;
u8 adhoc_times;
u8 reg_domain;
u8 version[2];
struct wl3501_scan_confirm bss_set[20];
struct iw_statistics wstats;
struct iw_spy_data spy_data;
struct iw_public_data wireless_data;
struct pcmcia_device *p_dev;
};
#endif