summaryrefslogtreecommitdiff
path: root/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/staging/rtl8188eu/os_dep/ioctl_linux.c')
-rw-r--r--drivers/staging/rtl8188eu/os_dep/ioctl_linux.c242
1 files changed, 114 insertions, 128 deletions
diff --git a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
index 4ad80ae1067f..2636e7f3dbb8 100644
--- a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
+++ b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
@@ -35,6 +35,7 @@
#include <rtw_mp.h>
#include <rtw_iol.h>
+#include <linux/vmalloc.h>
#define RTL_IOCTL_WPA_SUPPLICANT (SIOCIWFIRSTPRIV + 30)
@@ -472,8 +473,6 @@ static int wpa_set_encryption(struct net_device *dev, struct ieee_param *param,
struct wifidirect_info *pwdinfo = &padapter->wdinfo;
#endif /* CONFIG_88EU_P2P */
-_func_enter_;
-
param->u.crypt.err = 0;
param->u.crypt.alg[IEEE_CRYPT_ALG_NAME_LEN - 1] = '\0';
@@ -614,9 +613,6 @@ _func_enter_;
exit:
kfree(pwep);
-
-_func_exit_;
-
return ret;
}
@@ -770,8 +766,6 @@ static int rtw_wx_get_name(struct net_device *dev,
RT_TRACE(_module_rtl871x_mlme_c_, _drv_info_, ("cmd_code =%x\n", info->cmd));
- _func_enter_;
-
if (check_fwstate(pmlmepriv, _FW_LINKED|WIFI_ADHOC_MASTER_STATE) == true) {
/* parsing HT_CAP_IE */
p = rtw_get_ie(&pcur_bss->IEs[12], _HT_CAPABILITY_IE_, &ht_ielen, pcur_bss->IELength-12);
@@ -806,9 +800,6 @@ static int rtw_wx_get_name(struct net_device *dev,
} else {
snprintf(wrqu->name, IFNAMSIZ, "unassociated");
}
-
- _func_exit_;
-
return 0;
}
@@ -816,12 +807,7 @@ static int rtw_wx_set_freq(struct net_device *dev,
struct iw_request_info *info,
union iwreq_data *wrqu, char *extra)
{
- _func_enter_;
-
RT_TRACE(_module_rtl871x_mlme_c_, _drv_notice_, ("+rtw_wx_set_freq\n"));
-
- _func_exit_;
-
return 0;
}
@@ -854,8 +840,6 @@ static int rtw_wx_set_mode(struct net_device *dev, struct iw_request_info *a,
enum ndis_802_11_network_infra networkType;
int ret = 0;
- _func_enter_;
-
if (_FAIL == rtw_pwr_wakeup(padapter)) {
ret = -EPERM;
goto exit;
@@ -894,7 +878,6 @@ static int rtw_wx_set_mode(struct net_device *dev, struct iw_request_info *a,
}
rtw_setopmode_cmd(padapter, networkType);
exit:
- _func_exit_;
return ret;
}
@@ -906,8 +889,6 @@ static int rtw_wx_get_mode(struct net_device *dev, struct iw_request_info *a,
RT_TRACE(_module_rtl871x_mlme_c_, _drv_info_, (" rtw_wx_get_mode\n"));
- _func_enter_;
-
if (check_fwstate(pmlmepriv, WIFI_STATION_STATE))
wrqu->mode = IW_MODE_INFRA;
else if ((check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE)) ||
@@ -918,8 +899,6 @@ static int rtw_wx_get_mode(struct net_device *dev, struct iw_request_info *a,
else
wrqu->mode = IW_MODE_AUTO;
- _func_exit_;
-
return 0;
}
@@ -1011,8 +990,6 @@ static int rtw_wx_get_range(struct net_device *dev,
u16 val;
int i;
- _func_enter_;
-
RT_TRACE(_module_rtl871x_mlme_c_, _drv_info_, ("rtw_wx_get_range. cmd_code =%x\n", info->cmd));
wrqu->data.length = sizeof(*range);
@@ -1093,8 +1070,6 @@ static int rtw_wx_get_range(struct net_device *dev,
range->scan_capa = IW_SCAN_CAPA_ESSID | IW_SCAN_CAPA_TYPE |
IW_SCAN_CAPA_BSSID | IW_SCAN_CAPA_CHANNEL |
IW_SCAN_CAPA_MODE | IW_SCAN_CAPA_RATE;
- _func_exit_;
-
return 0;
}
@@ -1118,8 +1093,6 @@ static int rtw_wx_set_wap(struct net_device *dev,
struct wlan_network *pnetwork = NULL;
enum ndis_802_11_auth_mode authmode;
- _func_enter_;
-
if (_FAIL == rtw_pwr_wakeup(padapter)) {
ret = -1;
goto exit;
@@ -1138,15 +1111,15 @@ static int rtw_wx_set_wap(struct net_device *dev,
authmode = padapter->securitypriv.ndisauthtype;
spin_lock_bh(&queue->lock);
phead = get_list_head(queue);
- pmlmepriv->pscanned = get_next(phead);
+ pmlmepriv->pscanned = phead->next;
while (1) {
if ((rtw_end_of_queue_search(phead, pmlmepriv->pscanned)) == true)
break;
- pnetwork = LIST_CONTAINOR(pmlmepriv->pscanned, struct wlan_network, list);
+ pnetwork = container_of(pmlmepriv->pscanned, struct wlan_network, list);
- pmlmepriv->pscanned = get_next(pmlmepriv->pscanned);
+ pmlmepriv->pscanned = pmlmepriv->pscanned->next;
dst_bssid = pnetwork->network.MacAddress;
@@ -1173,8 +1146,6 @@ static int rtw_wx_set_wap(struct net_device *dev,
exit:
- _func_exit_;
-
return ret;
}
@@ -1192,17 +1163,12 @@ static int rtw_wx_get_wap(struct net_device *dev,
RT_TRACE(_module_rtl871x_mlme_c_, _drv_info_, ("rtw_wx_get_wap\n"));
- _func_enter_;
-
if (((check_fwstate(pmlmepriv, _FW_LINKED)) == true) ||
((check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE)) == true) ||
((check_fwstate(pmlmepriv, WIFI_AP_STATE)) == true))
memcpy(wrqu->ap_addr.sa_data, pcur_bss->MacAddress, ETH_ALEN);
else
_rtw_memset(wrqu->ap_addr.sa_data, 0, ETH_ALEN);
-
- _func_exit_;
-
return 0;
}
@@ -1252,7 +1218,6 @@ static int rtw_wx_set_scan(struct net_device *dev, struct iw_request_info *a,
#endif /* CONFIG_88EU_P2P */
RT_TRACE(_module_rtl871x_mlme_c_, _drv_info_, ("rtw_wx_set_scan\n"));
-_func_enter_;
if (padapter->registrypriv.mp_mode == 1) {
if (check_fwstate(pmlmepriv, WIFI_MP_STATE)) {
ret = -1;
@@ -1383,7 +1348,6 @@ _func_enter_;
exit:
-_func_exit_;
return ret;
}
@@ -1407,8 +1371,6 @@ static int rtw_wx_get_scan(struct net_device *dev, struct iw_request_info *a,
RT_TRACE(_module_rtl871x_mlme_c_, _drv_info_, ("rtw_wx_get_scan\n"));
RT_TRACE(_module_rtl871x_ioctl_os_c, _drv_info_, (" Start of Query SIOCGIWSCAN .\n"));
- _func_enter_;
-
if (padapter->pwrctrlpriv.brfoffbyhw && padapter->bDriverStopped) {
ret = -EINVAL;
goto exit;
@@ -1440,7 +1402,7 @@ static int rtw_wx_get_scan(struct net_device *dev, struct iw_request_info *a,
spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
phead = get_list_head(queue);
- plist = get_next(phead);
+ plist = phead->next;
while (1) {
if (rtw_end_of_queue_search(phead, plist))
@@ -1451,13 +1413,13 @@ static int rtw_wx_get_scan(struct net_device *dev, struct iw_request_info *a,
break;
}
- pnetwork = LIST_CONTAINOR(plist, struct wlan_network, list);
+ pnetwork = container_of(plist, struct wlan_network, list);
/* report network only if the current channel set contains the channel to which this network belongs */
if (rtw_ch_set_search_ch(padapter->mlmeextpriv.channel_set, pnetwork->network.Configuration.DSConfig) >= 0)
ev = translate_scan(padapter, a, pnetwork, ev, stop);
- plist = get_next(plist);
+ plist = plist->next;
}
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
@@ -1466,7 +1428,6 @@ static int rtw_wx_get_scan(struct net_device *dev, struct iw_request_info *a,
wrqu->data.flags = 0;
exit:
- _func_exit_;
return ret;
}
@@ -1490,7 +1451,6 @@ static int rtw_wx_set_essid(struct net_device *dev,
uint ret = 0, len;
- _func_enter_;
RT_TRACE(_module_rtl871x_ioctl_os_c, _drv_info_,
("+rtw_wx_set_essid: fw_state = 0x%08x\n", get_fwstate(pmlmepriv)));
@@ -1530,7 +1490,7 @@ static int rtw_wx_set_essid(struct net_device *dev,
RT_TRACE(_module_rtl871x_ioctl_os_c, _drv_info_, ("rtw_wx_set_essid: ssid =[%s]\n", src_ssid));
spin_lock_bh(&queue->lock);
phead = get_list_head(queue);
- pmlmepriv->pscanned = get_next(phead);
+ pmlmepriv->pscanned = phead->next;
while (1) {
if (rtw_end_of_queue_search(phead, pmlmepriv->pscanned) == true) {
@@ -1540,9 +1500,9 @@ static int rtw_wx_set_essid(struct net_device *dev,
break;
}
- pnetwork = LIST_CONTAINOR(pmlmepriv->pscanned, struct wlan_network, list);
+ pnetwork = container_of(pmlmepriv->pscanned, struct wlan_network, list);
- pmlmepriv->pscanned = get_next(pmlmepriv->pscanned);
+ pmlmepriv->pscanned = pmlmepriv->pscanned->next;
dst_ssid = pnetwork->network.Ssid.Ssid;
@@ -1583,7 +1543,6 @@ exit:
DBG_88E("<=%s, ret %d\n", __func__, ret);
- _func_exit_;
return ret;
}
@@ -1599,7 +1558,6 @@ static int rtw_wx_get_essid(struct net_device *dev,
RT_TRACE(_module_rtl871x_mlme_c_, _drv_info_, ("rtw_wx_get_essid\n"));
- _func_enter_;
if ((check_fwstate(pmlmepriv, _FW_LINKED)) ||
(check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE))) {
@@ -1617,7 +1575,6 @@ static int rtw_wx_get_essid(struct net_device *dev,
exit:
- _func_exit_;
return ret;
}
@@ -1634,7 +1591,6 @@ static int rtw_wx_set_rate(struct net_device *dev,
u32 ratevalue = 0;
u8 mpdatarate[NumRates] = {11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0, 0xff};
-_func_enter_;
RT_TRACE(_module_rtl871x_mlme_c_, _drv_info_, (" rtw_wx_set_rate\n"));
RT_TRACE(_module_rtl871x_ioctl_os_c, _drv_info_, ("target_rate = %d, fixed = %d\n", target_rate, fixed));
@@ -1706,7 +1662,6 @@ set_rate:
ret = -1;
}
-_func_exit_;
return ret;
}
@@ -1734,7 +1689,6 @@ static int rtw_wx_set_rts(struct net_device *dev,
{
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
- _func_enter_;
if (wrqu->rts.disabled) {
padapter->registrypriv.rts_thresh = 2347;
@@ -1748,7 +1702,6 @@ static int rtw_wx_set_rts(struct net_device *dev,
DBG_88E("%s, rts_thresh =%d\n", __func__, padapter->registrypriv.rts_thresh);
- _func_exit_;
return 0;
}
@@ -1759,7 +1712,6 @@ static int rtw_wx_get_rts(struct net_device *dev,
{
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
- _func_enter_;
DBG_88E("%s, rts_thresh =%d\n", __func__, padapter->registrypriv.rts_thresh);
@@ -1767,7 +1719,6 @@ static int rtw_wx_get_rts(struct net_device *dev,
wrqu->rts.fixed = 0; /* no auto select */
/* wrqu->rts.disabled = (wrqu->rts.value == DEFAULT_RTS_THRESHOLD); */
- _func_exit_;
return 0;
}
@@ -1778,7 +1729,6 @@ static int rtw_wx_set_frag(struct net_device *dev,
{
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
- _func_enter_;
if (wrqu->frag.disabled) {
padapter->xmitpriv.frag_len = MAX_FRAG_THRESHOLD;
@@ -1792,7 +1742,6 @@ static int rtw_wx_set_frag(struct net_device *dev,
DBG_88E("%s, frag_len =%d\n", __func__, padapter->xmitpriv.frag_len);
- _func_exit_;
return 0;
}
@@ -1803,14 +1752,12 @@ static int rtw_wx_get_frag(struct net_device *dev,
{
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
- _func_enter_;
DBG_88E("%s, frag_len =%d\n", __func__, padapter->xmitpriv.frag_len);
wrqu->frag.value = padapter->xmitpriv.frag_len;
wrqu->frag.fixed = 0; /* no auto select */
- _func_exit_;
return 0;
}
@@ -1844,7 +1791,6 @@ static int rtw_wx_set_enc(struct net_device *dev,
key = erq->flags & IW_ENCODE_INDEX;
- _func_enter_;
if (erq->flags & IW_ENCODE_DISABLED) {
DBG_88E("EncryptionDisabled\n");
@@ -1939,7 +1885,6 @@ static int rtw_wx_set_enc(struct net_device *dev,
exit:
- _func_exit_;
return ret;
}
@@ -1953,7 +1898,6 @@ static int rtw_wx_get_enc(struct net_device *dev,
struct iw_point *erq = &(wrqu->encoding);
struct mlme_priv *pmlmepriv = &(padapter->mlmepriv);
- _func_enter_;
if (check_fwstate(pmlmepriv, _FW_LINKED) != true) {
if (!check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE)) {
@@ -2007,7 +1951,6 @@ static int rtw_wx_get_enc(struct net_device *dev,
erq->flags |= IW_ENCODE_DISABLED;
break;
}
- _func_exit_;
return ret;
}
@@ -2210,6 +2153,7 @@ static int rtw_wx_read32(struct net_device *dev,
u32 data32;
u32 bytes;
u8 *ptmp;
+ int rv;
padapter = (struct adapter *)rtw_netdev_priv(dev);
p = &wrqu->data;
@@ -2225,7 +2169,11 @@ static int rtw_wx_read32(struct net_device *dev,
bytes = 0;
addr = 0;
- sscanf(ptmp, "%d,%x", &bytes, &addr);
+ rv = sscanf(ptmp, "%d,%x", &bytes, &addr);
+ if (rv != 2) {
+ kfree(ptmp);
+ return -EINVAL;
+ }
switch (bytes) {
case 1:
@@ -2255,6 +2203,7 @@ static int rtw_wx_write32(struct net_device *dev,
union iwreq_data *wrqu, char *extra)
{
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
+ int rv;
u32 addr;
u32 data32;
@@ -2263,7 +2212,9 @@ static int rtw_wx_write32(struct net_device *dev,
bytes = 0;
addr = 0;
data32 = 0;
- sscanf(extra, "%d,%x,%x", &bytes, &addr, &data32);
+ rv = sscanf(extra, "%d,%x,%x", &bytes, &addr, &data32);
+ if (rv != 3)
+ return -EINVAL;
switch (bytes) {
case 1:
@@ -2607,13 +2558,13 @@ static int rtw_get_ap_info(struct net_device *dev,
spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
phead = get_list_head(queue);
- plist = get_next(phead);
+ plist = phead->next;
while (1) {
if (rtw_end_of_queue_search(phead, plist) == true)
break;
- pnetwork = LIST_CONTAINOR(plist, struct wlan_network, list);
+ pnetwork = container_of(plist, struct wlan_network, list);
if (hwaddr_aton_i(data, bssid)) {
DBG_88E("Invalid BSSID '%s'.\n", (u8 *)data);
@@ -2638,7 +2589,7 @@ static int rtw_get_ap_info(struct net_device *dev,
}
}
- plist = get_next(plist);
+ plist = plist->next;
}
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
@@ -2690,13 +2641,13 @@ static int rtw_wps_start(struct net_device *dev,
struct iw_point *pdata = &wrqu->data;
u32 u32wps_start = 0;
- ret = copy_from_user((void *)&u32wps_start, pdata->pointer, 4);
- if (ret) {
+ if ((padapter->bDriverStopped) || (pdata == NULL)) {
ret = -EINVAL;
goto exit;
}
- if ((padapter->bDriverStopped) || (pdata == NULL)) {
+ ret = copy_from_user((void *)&u32wps_start, pdata->pointer, 4);
+ if (ret) {
ret = -EINVAL;
goto exit;
}
@@ -3110,13 +3061,13 @@ static int rtw_p2p_get_wps_configmethod(struct net_device *dev,
spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
phead = get_list_head(queue);
- plist = get_next(phead);
+ plist = phead->next;
while (1) {
if (rtw_end_of_queue_search(phead, plist) == true)
break;
- pnetwork = LIST_CONTAINOR(plist, struct wlan_network, list);
+ pnetwork = container_of(plist, struct wlan_network, list);
if (!memcmp(pnetwork->network.MacAddress, peerMAC, ETH_ALEN)) {
u8 *wpsie;
uint wpsie_len = 0;
@@ -3134,7 +3085,7 @@ static int rtw_p2p_get_wps_configmethod(struct net_device *dev,
}
break;
}
- plist = get_next(plist);
+ plist = plist->next;
}
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
@@ -3180,13 +3131,13 @@ static int rtw_p2p_get_go_device_address(struct net_device *dev,
spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
phead = get_list_head(queue);
- plist = get_next(phead);
+ plist = phead->next;
while (1) {
if (rtw_end_of_queue_search(phead, plist) == true)
break;
- pnetwork = LIST_CONTAINOR(plist, struct wlan_network, list);
+ pnetwork = container_of(plist, struct wlan_network, list);
if (!memcmp(pnetwork->network.MacAddress, peerMAC, ETH_ALEN)) {
/* Commented by Albert 2011/05/18 */
/* Match the device address located in the P2P IE */
@@ -3215,7 +3166,7 @@ static int rtw_p2p_get_go_device_address(struct net_device *dev,
}
}
- plist = get_next(plist);
+ plist = plist->next;
}
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
@@ -3264,13 +3215,13 @@ static int rtw_p2p_get_device_type(struct net_device *dev,
spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
phead = get_list_head(queue);
- plist = get_next(phead);
+ plist = phead->next;
while (1) {
if (rtw_end_of_queue_search(phead, plist) == true)
break;
- pnetwork = LIST_CONTAINOR(plist, struct wlan_network, list);
+ pnetwork = container_of(plist, struct wlan_network, list);
if (!memcmp(pnetwork->network.MacAddress, peerMAC, ETH_ALEN)) {
u8 *wpsie;
uint wpsie_len = 0;
@@ -3295,7 +3246,7 @@ static int rtw_p2p_get_device_type(struct net_device *dev,
break;
}
- plist = get_next(plist);
+ plist = plist->next;
}
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
@@ -3343,13 +3294,13 @@ static int rtw_p2p_get_device_name(struct net_device *dev,
spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
phead = get_list_head(queue);
- plist = get_next(phead);
+ plist = phead->next;
while (1) {
if (rtw_end_of_queue_search(phead, plist) == true)
break;
- pnetwork = LIST_CONTAINOR(plist, struct wlan_network, list);
+ pnetwork = container_of(plist, struct wlan_network, list);
if (!memcmp(pnetwork->network.MacAddress, peerMAC, ETH_ALEN)) {
u8 *wpsie;
uint wpsie_len = 0;
@@ -3366,7 +3317,7 @@ static int rtw_p2p_get_device_name(struct net_device *dev,
break;
}
- plist = get_next(plist);
+ plist = plist->next;
}
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
@@ -3414,13 +3365,13 @@ static int rtw_p2p_get_invitation_procedure(struct net_device *dev,
spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
phead = get_list_head(queue);
- plist = get_next(phead);
+ plist = phead->next;
while (1) {
if (rtw_end_of_queue_search(phead, plist) == true)
break;
- pnetwork = LIST_CONTAINOR(plist, struct wlan_network, list);
+ pnetwork = container_of(plist, struct wlan_network, list);
if (!memcmp(pnetwork->network.MacAddress, peerMAC, ETH_ALEN)) {
/* Commented by Albert 20121226 */
/* Match the device address located in the P2P IE */
@@ -3440,7 +3391,7 @@ static int rtw_p2p_get_invitation_procedure(struct net_device *dev,
}
}
}
- plist = get_next(plist);
+ plist = plist->next;
}
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
@@ -3496,19 +3447,19 @@ static int rtw_p2p_connect(struct net_device *dev,
spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
phead = get_list_head(queue);
- plist = get_next(phead);
+ plist = phead->next;
while (1) {
if (rtw_end_of_queue_search(phead, plist) == true)
break;
- pnetwork = LIST_CONTAINOR(plist, struct wlan_network, list);
+ pnetwork = container_of(plist, struct wlan_network, list);
if (!memcmp(pnetwork->network.MacAddress, peerMAC, ETH_ALEN)) {
uintPeerChannel = pnetwork->network.Configuration.DSConfig;
break;
}
- plist = get_next(plist);
+ plist = plist->next;
}
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
@@ -3591,13 +3542,13 @@ static int rtw_p2p_invite_req(struct net_device *dev,
spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
phead = get_list_head(queue);
- plist = get_next(phead);
+ plist = phead->next;
while (1) {
if (rtw_end_of_queue_search(phead, plist) == true)
break;
- pnetwork = LIST_CONTAINOR(plist, struct wlan_network, list);
+ pnetwork = container_of(plist, struct wlan_network, list);
/* Commented by Albert 2011/05/18 */
/* Match the device address located in the P2P IE */
@@ -3622,7 +3573,7 @@ static int rtw_p2p_invite_req(struct net_device *dev,
}
}
}
- plist = get_next(plist);
+ plist = plist->next;
}
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
@@ -3741,7 +3692,7 @@ static int rtw_p2p_prov_disc(struct net_device *dev,
spin_lock_bh(&(pmlmepriv->scanned_queue.lock));
phead = get_list_head(queue);
- plist = get_next(phead);
+ plist = phead->next;
while (1) {
if (rtw_end_of_queue_search(phead, plist) == true)
@@ -3750,7 +3701,7 @@ static int rtw_p2p_prov_disc(struct net_device *dev,
if (uintPeerChannel != 0)
break;
- pnetwork = LIST_CONTAINOR(plist, struct wlan_network, list);
+ pnetwork = container_of(plist, struct wlan_network, list);
/* Commented by Albert 2011/05/18 */
/* Match the device address located in the P2P IE */
@@ -3781,7 +3732,7 @@ static int rtw_p2p_prov_disc(struct net_device *dev,
}
}
- plist = get_next(plist);
+ plist = plist->next;
}
spin_unlock_bh(&pmlmepriv->scanned_queue.lock);
@@ -3914,24 +3865,33 @@ static int rtw_p2p_get(struct net_device *dev,
struct adapter *padapter = (struct adapter *)rtw_netdev_priv(dev);
if (padapter->bShowGetP2PState)
- DBG_88E("[%s] extra = %s\n", __func__, (char *)wrqu->data.pointer);
- if (!memcmp(wrqu->data.pointer, "status", 6)) {
+ DBG_88E("[%s] extra = %s\n", __func__,
+ (char __user *)wrqu->data.pointer);
+ if (!memcmp((__force const char *)wrqu->data.pointer,
+ "status", 6)) {
rtw_p2p_get_status(dev, info, wrqu, extra);
- } else if (!memcmp(wrqu->data.pointer, "role", 4)) {
+ } else if (!memcmp((__force const char *)wrqu->data.pointer,
+ "role", 4)) {
rtw_p2p_get_role(dev, info, wrqu, extra);
- } else if (!memcmp(wrqu->data.pointer, "peer_ifa", 8)) {
+ } else if (!memcmp((__force const char *)wrqu->data.pointer,
+ "peer_ifa", 8)) {
rtw_p2p_get_peer_ifaddr(dev, info, wrqu, extra);
- } else if (!memcmp(wrqu->data.pointer, "req_cm", 6)) {
+ } else if (!memcmp((__force const char *)wrqu->data.pointer,
+ "req_cm", 6)) {
rtw_p2p_get_req_cm(dev, info, wrqu, extra);
- } else if (!memcmp(wrqu->data.pointer, "peer_deva", 9)) {
+ } else if (!memcmp((__force const char *)wrqu->data.pointer,
+ "peer_deva", 9)) {
/* Get the P2P device address when receiving the provision discovery request frame. */
rtw_p2p_get_peer_devaddr(dev, info, wrqu, extra);
- } else if (!memcmp(wrqu->data.pointer, "group_id", 8)) {
+ } else if (!memcmp((__force const char *)wrqu->data.pointer,
+ "group_id", 8)) {
rtw_p2p_get_groupid(dev, info, wrqu, extra);
- } else if (!memcmp(wrqu->data.pointer, "peer_deva_inv", 9)) {
+ } else if (!memcmp((__force const char *)wrqu->data.pointer,
+ "peer_deva_inv", 9)) {
/* Get the P2P device address when receiving the P2P Invitation request frame. */
rtw_p2p_get_peer_devaddr_by_invitation(dev, info, wrqu, extra);
- } else if (!memcmp(wrqu->data.pointer, "op_ch", 5)) {
+ } else if (!memcmp((__force const char *)wrqu->data.pointer,
+ "op_ch", 5)) {
rtw_p2p_get_op_ch(dev, info, wrqu, extra);
}
#endif /* CONFIG_88EU_P2P */
@@ -3945,7 +3905,8 @@ static int rtw_p2p_get2(struct net_device *dev,
int ret = 0;
#ifdef CONFIG_88EU_P2P
- DBG_88E("[%s] extra = %s\n", __func__, (char *)wrqu->data.pointer);
+ DBG_88E("[%s] extra = %s\n", __func__,
+ (char __user *)wrqu->data.pointer);
if (!memcmp(extra, "wpsCM =", 6)) {
wrqu->data.length -= 6;
rtw_p2p_get_wps_configmethod(dev, info, wrqu, &extra[6]);
@@ -4436,12 +4397,12 @@ static int rtw_dbg_port(struct net_device *dev,
for (i = 0; i < NUM_STA; i++) {
phead = &(pstapriv->sta_hash[i]);
- plist = get_next(phead);
+ plist = phead->next;
while ((rtw_end_of_queue_search(phead, plist)) == false) {
- psta = LIST_CONTAINOR(plist, struct sta_info, hash_list);
+ psta = container_of(plist, struct sta_info, hash_list);
- plist = get_next(plist);
+ plist = plist->next;
if (extra_arg == psta->aid) {
DBG_88E("sta's macaddr:%pM\n", (psta->hwaddr));
@@ -4507,11 +4468,9 @@ static int rtw_dbg_port(struct net_device *dev,
struct registry_priv *pregpriv = &padapter->registrypriv;
/* 0: disable, bit(0):enable 2.4g, bit(1):enable 5g, 0x3: enable both 2.4g and 5g */
/* default is set to enable 2.4GHZ for IOT issue with bufflao's AP at 5GHZ */
- if (pregpriv &&
- (extra_arg == 0 ||
- extra_arg == 1 ||
- extra_arg == 2 ||
- extra_arg == 3)) {
+ if (!pregpriv)
+ break;
+ if (extra_arg >= 0 && extra_arg <= 3) {
pregpriv->rx_stbc = extra_arg;
DBG_88E("set rx_stbc =%d\n", pregpriv->rx_stbc);
} else {
@@ -4523,7 +4482,9 @@ static int rtw_dbg_port(struct net_device *dev,
{
struct registry_priv *pregpriv = &padapter->registrypriv;
/* 0: disable, 0x1:enable (but wifi_spec should be 0), 0x2: force enable (don't care wifi_spec) */
- if (pregpriv && extra_arg >= 0 && extra_arg < 3) {
+ if (!pregpriv)
+ break;
+ if (extra_arg >= 0 && extra_arg < 3) {
pregpriv->ampdu_enable = extra_arg;
DBG_88E("set ampdu_enable =%d\n", pregpriv->ampdu_enable);
} else {
@@ -5648,12 +5609,12 @@ static int rtw_wx_set_priv(struct net_device *dev,
return -EFAULT;
len = dwrq->length;
- ext = rtw_vmalloc(len);
+ ext = vmalloc(len);
if (!ext)
return -ENOMEM;
if (copy_from_user(ext, dwrq->pointer, len)) {
- rtw_vmfree(ext, len);
+ vfree(ext);
return -EFAULT;
}
@@ -5693,7 +5654,7 @@ static int rtw_wx_set_priv(struct net_device *dev,
FREE_EXT:
- rtw_vmfree(ext, len);
+ vfree(ext);
return ret;
}
@@ -5709,10 +5670,14 @@ static int rtw_pm_set(struct net_device *dev,
DBG_88E("[%s] extra = %s\n", __func__, extra);
if (!memcmp(extra, "lps =", 4)) {
- sscanf(extra+4, "%u", &mode);
+ ret = sscanf(extra+4, "%u", &mode);
+ if (ret != 1)
+ return -EINVAL;
ret = rtw_pm_set_lps(padapter, mode);
} else if (!memcmp(extra, "ips =", 4)) {
- sscanf(extra+4, "%u", &mode);
+ ret = sscanf(extra+4, "%u", &mode);
+ if (ret != 1)
+ return -EINVAL;
ret = rtw_pm_set_ips(padapter, mode);
} else {
ret = -EINVAL;
@@ -6812,8 +6777,11 @@ static int rtw_mp_bandwidth(struct net_device *dev,
{
u32 bandwidth = 0, sg = 0;
struct adapter *padapter = rtw_netdev_priv(dev);
+ int rv;
- sscanf(extra, "40M =%d, shortGI =%d", &bandwidth, &sg);
+ rv = sscanf(extra, "40M =%d, shortGI =%d", &bandwidth, &sg);
+ if (rv != 2)
+ return -EINVAL;
if (bandwidth != HT_CHANNEL_WIDTH_40)
bandwidth = HT_CHANNEL_WIDTH_20;
@@ -6833,6 +6801,7 @@ static int rtw_mp_txpower(struct net_device *dev,
u32 idx_a = 0, idx_b = 0;
char *input = kmalloc(wrqu->length, GFP_KERNEL);
struct adapter *padapter = rtw_netdev_priv(dev);
+ int rv;
if (!input)
return -ENOMEM;
@@ -6840,7 +6809,11 @@ static int rtw_mp_txpower(struct net_device *dev,
kfree(input);
return -EFAULT;
}
- sscanf(input, "patha =%d, pathb =%d", &idx_a, &idx_b);
+ rv = sscanf(input, "patha =%d, pathb =%d", &idx_a, &idx_b);
+ if (rv != 2) {
+ kfree(input);
+ return -EINVAL;
+ }
sprintf(extra, "Set power level path_A:%d path_B:%d", idx_a, idx_b);
padapter->mppriv.txpoweridx = (u8)idx_a;
@@ -6934,6 +6907,7 @@ static int rtw_mp_ctx(struct net_device *dev,
u32 pkTx = 1, countPkTx = 1, cotuTx = 1, CarrSprTx = 1, scTx = 1, sgleTx = 1, stop = 1;
u32 bStartTest = 1;
u32 count = 0;
+ int rv;
struct mp_priv *pmp_priv;
struct pkt_attrib *pattrib;
@@ -6953,7 +6927,9 @@ static int rtw_mp_ctx(struct net_device *dev,
sgleTx = strncmp(extra, "background, stone", 20);
pkTx = strncmp(extra, "background, pkt", 20);
stop = strncmp(extra, "stop", 4);
- sscanf(extra, "count =%d, pkt", &count);
+ rv = sscanf(extra, "count =%d, pkt", &count);
+ if (rv != 2)
+ return -EINVAL;
_rtw_memset(extra, '\0', sizeof(*extra));
@@ -7312,6 +7288,7 @@ static int rtw_mp_phypara(struct net_device *dev,
{
char *input = kmalloc(wrqu->length, GFP_KERNEL);
u32 valxcap;
+ int rv;
if (!input)
return -ENOMEM;
@@ -7322,7 +7299,11 @@ static int rtw_mp_phypara(struct net_device *dev,
DBG_88E("%s:iwpriv in =%s\n", __func__, input);
- sscanf(input, "xcap =%d", &valxcap);
+ rv = sscanf(input, "xcap =%d", &valxcap);
+ if (rv != 1) {
+ kfree(input);
+ return -EINVAL;
+ }
kfree(input);
return 0;
@@ -7888,6 +7869,7 @@ static int rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq_
s32 len;
u8 *extra = NULL;
u32 extra_size = 0;
+ int rv;
s32 k;
const iw_handler *priv; /* Private ioctl */
@@ -7913,7 +7895,11 @@ static int rtw_ioctl_wext_private(struct net_device *dev, union iwreq_data *wrq_
ptr = input;
len = input_len;
- sscanf(ptr, "%16s", cmdname);
+ rv = sscanf(ptr, "%16s", cmdname);
+ if (rv != 1) {
+ err = -EINVAL;
+ goto exit;
+ }
cmdlen = strlen(cmdname);
DBG_88E("%s: cmd =%s\n", __func__, cmdname);
generated by cgit v1.2.3 (git 2.0.4) at 2024-06-13 09:21:23 +0000