[PATCH] mwl8k: Avoid overlapping composite structs that contain flex-arrays

From: Erick Archer
Date: Sat Mar 16 2024 - 11:07:55 EST

Next message: Arınç ÜNAL: "Re: [PATCH 00/14] mips: dts: ralink: mt7621: improve DTS style"
Previous message: Koakuma: "[sparc] Use of -fcall-used-* flags in Makefile?"
Next in thread: Gustavo A. R. Silva: "Re: [PATCH] mwl8k: Avoid overlapping composite structs that contain flex-arrays"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When a struct containing a flexible array is included in another struct,
and there is a member after the struct-with-flex-array, there is a
possibility of memory overlap. These cases must be audited [1]. See:

struct inner {
...
int flex[];
};

struct outer {
...
struct inner header;
int overlap;
...
};

This is the scenario for the "struct mwl8k_cmd_pkt" structure that is
included in the following "struct mwl8k_cmd_*" structures:

struct mwl8k_cmd_get_hw_spec_sta
struct mwl8k_cmd_get_hw_spec_ap
struct mwl8k_cmd_set_hw_spec
struct mwl8k_cmd_mac_multicast_adr
struct mwl8k_cmd_get_stat
struct mwl8k_cmd_radio_control
struct mwl8k_cmd_rf_tx_power
struct mwl8k_cmd_tx_power
struct mwl8k_cmd_rf_antenna
struct mwl8k_cmd_set_beacon
struct mwl8k_cmd_bbp_reg_access
struct mwl8k_cmd_set_post_scan
struct mwl8k_cmd_set_rf_channel
struct mwl8k_cmd_update_set_aid
struct mwl8k_cmd_set_rate
struct mwl8k_cmd_finalize_join
struct mwl8k_cmd_set_rts_threshold
struct mwl8k_cmd_set_slot
struct mwl8k_cmd_set_edca_params
struct mwl8k_cmd_set_wmm_mode
struct mwl8k_cmd_mimo_config
struct mwl8k_cmd_use_fixed_rate_sta
struct mwl8k_cmd_use_fixed_rate_ap
struct mwl8k_cmd_enable_sniffer
struct mwl8k_cmd_update_mac_addr
struct mwl8k_cmd_set_rate_adapt_mode
struct mwl8k_cmd_get_watchdog_bitmap
struct mwl8k_cmd_bss_start
struct mwl8k_cmd_bastream
struct mwl8k_cmd_set_new_stn
struct mwl8k_cmd_update_encryption
struct mwl8k_cmd_set_key
struct mwl8k_cmd_update_stadb

The pattern is like the one shown below:

struct mwl8k_cmd_pkt {
...
char payload[];
} __packed;

struct mwl8k_cmd_* {
struct mwl8k_cmd_pkt header;
...
};

In this case, because the flexible array "payload" is only used in the
"mwl8k_load_fw_image" function, it is best to define a new structure for
the packet header called "struct mwl8k_cmd_pkt_hdr". This way, the
"struct mwl8k_cmd_pkt" and all the affected "struct mwl8k_cmd_*" used
for commands can now be defined using this new header structure.

For consistency, although the "struct mwl8k_cmd_set_pre_scan" does not
suffer from the overlapping scenario, also use the new header structure
to define it.

Moreover, change the prototype of the "mwl8k_post_cmd" function and the
"mwl8k_post_pervif_cmd" function because it is not necessary to pass the
whole packet structure. It is enough to use only the header structure.
Also, change the return type of the "__mwl8k_cmd_mac_multicast_adr"
function for the same reason.

As a final point, refactor the necessary calls, use the new members of
the structures and change some variable names and types to achieve the
desired goal.

Link: https://github.com/KSPP/linux/issues/202 [1]
Signed-off-by: Erick Archer <erick.archer@xxxxxxx>
---
Hi everyone,

This patch is based on my understanding of the code. Any comments would
be greatly appreciated.

Also, I have verified that the old and new packet structure are the same
size:

struct mwl8k_cmd_pkt_old {
__le16 code;
__le16 length;
__u8 seq_num;
__u8 macid;
__le16 result;
char payload[];
} __packed;

struct mwl8k_cmd_pkt_hdr {
__le16 code;
__le16 length;
__u8 seq_num;
__u8 macid;
__le16 result;
} __packed;

struct mwl8k_cmd_pkt_new {
struct mwl8k_cmd_pkt_hdr header;
char payload[];
} __packed;

static_assert(sizeof(struct mwl8k_cmd_pkt_old) == sizeof(struct mwl8k_cmd_pkt_new));

Best regards,
Erick
---
drivers/net/wireless/marvell/mwl8k.c | 145 ++++++++++++++-------------
1 file changed, 75 insertions(+), 70 deletions(-)

diff --git a/drivers/net/wireless/marvell/mwl8k.c b/drivers/net/wireless/marvell/mwl8k.c
index ce8fea76dbb2..57de32ba4efc 100644
--- a/drivers/net/wireless/marvell/mwl8k.c
+++ b/drivers/net/wireless/marvell/mwl8k.c
@@ -586,13 +586,17 @@ static int mwl8k_request_firmware(struct mwl8k_priv *priv, char *fw_image,
return 0;
}

-struct mwl8k_cmd_pkt {
+struct mwl8k_cmd_pkt_hdr {
__le16 code;
__le16 length;
__u8 seq_num;
__u8 macid;
__le16 result;
- char payload[];
+} __packed;
+
+struct mwl8k_cmd_pkt {
+ struct mwl8k_cmd_pkt_hdr header;
+ char payload[];
} __packed;

/*
@@ -652,17 +656,17 @@ static int mwl8k_load_fw_image(struct mwl8k_priv *priv,
if (cmd == NULL)
return -ENOMEM;

- cmd->code = cpu_to_le16(MWL8K_CMD_CODE_DNLD);
- cmd->seq_num = 0;
- cmd->macid = 0;
- cmd->result = 0;
+ cmd->header.code = cpu_to_le16(MWL8K_CMD_CODE_DNLD);
+ cmd->header.seq_num = 0;
+ cmd->header.macid = 0;
+ cmd->header.result = 0;

done = 0;
while (length) {
int block_size = length > 256 ? 256 : length;

memcpy(cmd->payload, data + done, block_size);
- cmd->length = cpu_to_le16(block_size);
+ cmd->header.length = cpu_to_le16(block_size);

rc = mwl8k_send_fw_load_cmd(priv, cmd,
sizeof(*cmd) + block_size);
@@ -674,7 +678,7 @@ static int mwl8k_load_fw_image(struct mwl8k_priv *priv,
}

if (!rc) {
- cmd->length = 0;
+ cmd->header.length = 0;
rc = mwl8k_send_fw_load_cmd(priv, cmd, sizeof(*cmd));
}

@@ -2201,7 +2205,8 @@ static void mwl8k_enable_bsses(struct ieee80211_hw *hw, bool enable,
/* Timeout firmware commands after 10s */
#define MWL8K_CMD_TIMEOUT_MS 10000

-static int mwl8k_post_cmd(struct ieee80211_hw *hw, struct mwl8k_cmd_pkt *cmd)
+static int mwl8k_post_cmd(struct ieee80211_hw *hw,
+ struct mwl8k_cmd_pkt_hdr *hdr)
{
DECLARE_COMPLETION_ONSTACK(cmd_wait);
struct mwl8k_priv *priv = hw->priv;
@@ -2214,7 +2219,7 @@ static int mwl8k_post_cmd(struct ieee80211_hw *hw, struct mwl8k_cmd_pkt *cmd)
u32 bitmap = 0;

wiphy_dbg(hw->wiphy, "Posting %s [%d]\n",
- mwl8k_cmd_name(cmd->code, buf, sizeof(buf)), cmd->macid);
+ mwl8k_cmd_name(hdr->code, buf, sizeof(buf)), hdr->macid);

/* Before posting firmware commands that could change the hardware
* characteristics, make sure that all BSSes are stopped temporary.
@@ -2226,7 +2231,7 @@ static int mwl8k_post_cmd(struct ieee80211_hw *hw, struct mwl8k_cmd_pkt *cmd)
return rc;

if (priv->ap_fw && priv->running_bsses) {
- switch (le16_to_cpu(cmd->code)) {
+ switch (le16_to_cpu(hdr->code)) {
case MWL8K_CMD_SET_RF_CHANNEL:
case MWL8K_CMD_RADIO_CONTROL:
case MWL8K_CMD_RF_TX_POWER:
@@ -2240,9 +2245,9 @@ static int mwl8k_post_cmd(struct ieee80211_hw *hw, struct mwl8k_cmd_pkt *cmd)
}
}

- cmd->result = (__force __le16) 0xffff;
- dma_size = le16_to_cpu(cmd->length);
- dma_addr = dma_map_single(&priv->pdev->dev, cmd, dma_size,
+ hdr->result = (__force __le16)0xffff;
+ dma_size = le16_to_cpu(hdr->length);
+ dma_addr = dma_map_single(&priv->pdev->dev, hdr, dma_size,
DMA_BIDIRECTIONAL);
if (dma_mapping_error(&priv->pdev->dev, dma_addr)) {
rc = -ENOMEM;
@@ -2267,7 +2272,7 @@ static int mwl8k_post_cmd(struct ieee80211_hw *hw, struct mwl8k_cmd_pkt *cmd)

if (!timeout) {
wiphy_err(hw->wiphy, "Command %s timeout after %u ms\n",
- mwl8k_cmd_name(cmd->code, buf, sizeof(buf)),
+ mwl8k_cmd_name(hdr->code, buf, sizeof(buf)),
MWL8K_CMD_TIMEOUT_MS);
rc = -ETIMEDOUT;
} else {
@@ -2275,15 +2280,15 @@ static int mwl8k_post_cmd(struct ieee80211_hw *hw, struct mwl8k_cmd_pkt *cmd)

ms = MWL8K_CMD_TIMEOUT_MS - jiffies_to_msecs(timeout);

- rc = cmd->result ? -EINVAL : 0;
+ rc = hdr->result ? -EINVAL : 0;
if (rc)
wiphy_err(hw->wiphy, "Command %s error 0x%x\n",
- mwl8k_cmd_name(cmd->code, buf, sizeof(buf)),
- le16_to_cpu(cmd->result));
+ mwl8k_cmd_name(hdr->code, buf, sizeof(buf)),
+ le16_to_cpu(hdr->result));
else if (ms > 2000)
wiphy_notice(hw->wiphy, "Command %s took %d ms\n",
- mwl8k_cmd_name(cmd->code,
- buf, sizeof(buf)),
+ mwl8k_cmd_name(hdr->code, buf,
+ sizeof(buf)),
ms);
}

@@ -2298,11 +2303,11 @@ static int mwl8k_post_cmd(struct ieee80211_hw *hw, struct mwl8k_cmd_pkt *cmd)

static int mwl8k_post_pervif_cmd(struct ieee80211_hw *hw,
struct ieee80211_vif *vif,
- struct mwl8k_cmd_pkt *cmd)
+ struct mwl8k_cmd_pkt_hdr *hdr)
{
if (vif != NULL)
- cmd->macid = MWL8K_VIF(vif)->macid;
- return mwl8k_post_cmd(hw, cmd);
+ hdr->macid = MWL8K_VIF(vif)->macid;
+ return mwl8k_post_cmd(hw, hdr);
}

/*
@@ -2350,7 +2355,7 @@ static void mwl8k_setup_5ghz_band(struct ieee80211_hw *hw)
* CMD_GET_HW_SPEC (STA version).
*/
struct mwl8k_cmd_get_hw_spec_sta {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__u8 hw_rev;
__u8 host_interface;
__le16 num_mcaddrs;
@@ -2499,7 +2504,7 @@ static int mwl8k_cmd_get_hw_spec_sta(struct ieee80211_hw *hw)
* CMD_GET_HW_SPEC (AP version).
*/
struct mwl8k_cmd_get_hw_spec_ap {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__u8 hw_rev;
__u8 host_interface;
__le16 num_wcb;
@@ -2593,7 +2598,7 @@ static int mwl8k_cmd_get_hw_spec_ap(struct ieee80211_hw *hw)
* CMD_SET_HW_SPEC.
*/
struct mwl8k_cmd_set_hw_spec {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__u8 hw_rev;
__u8 host_interface;
__le16 num_mcaddrs;
@@ -2670,7 +2675,7 @@ static int mwl8k_cmd_set_hw_spec(struct ieee80211_hw *hw)
* CMD_MAC_MULTICAST_ADR.
*/
struct mwl8k_cmd_mac_multicast_adr {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le16 action;
__le16 numaddr;
__u8 addr[][ETH_ALEN];
@@ -2681,7 +2686,7 @@ struct mwl8k_cmd_mac_multicast_adr {
#define MWL8K_ENABLE_RX_ALL_MULTICAST 0x0004
#define MWL8K_ENABLE_RX_BROADCAST 0x0008

-static struct mwl8k_cmd_pkt *
+static struct mwl8k_cmd_pkt_hdr *
__mwl8k_cmd_mac_multicast_adr(struct ieee80211_hw *hw, int allmulti,
struct netdev_hw_addr_list *mc_list)
{
@@ -2729,7 +2734,7 @@ __mwl8k_cmd_mac_multicast_adr(struct ieee80211_hw *hw, int allmulti,
* CMD_GET_STAT.
*/
struct mwl8k_cmd_get_stat {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le32 stats[64];
} __packed;

@@ -2771,7 +2776,7 @@ static int mwl8k_cmd_get_stat(struct ieee80211_hw *hw,
* CMD_RADIO_CONTROL.
*/
struct mwl8k_cmd_radio_control {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le16 action;
__le16 control;
__le16 radio_on;
@@ -2832,7 +2837,7 @@ mwl8k_set_radio_preamble(struct ieee80211_hw *hw, bool short_preamble)
#define MWL8K_RF_TX_POWER_LEVEL_TOTAL 8

struct mwl8k_cmd_rf_tx_power {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le16 action;
__le16 support_level;
__le16 current_level;
@@ -2866,7 +2871,7 @@ static int mwl8k_cmd_rf_tx_power(struct ieee80211_hw *hw, int dBm)
#define MWL8K_TX_POWER_LEVEL_TOTAL 12

struct mwl8k_cmd_tx_power {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le16 action;
__le16 band;
__le16 channel;
@@ -2925,7 +2930,7 @@ static int mwl8k_cmd_tx_power(struct ieee80211_hw *hw,
* CMD_RF_ANTENNA.
*/
struct mwl8k_cmd_rf_antenna {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le16 antenna;
__le16 mode;
} __packed;
@@ -2958,7 +2963,7 @@ mwl8k_cmd_rf_antenna(struct ieee80211_hw *hw, int antenna, int mask)
* CMD_SET_BEACON.
*/
struct mwl8k_cmd_set_beacon {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le16 beacon_len;
__u8 beacon[];
};
@@ -2988,7 +2993,7 @@ static int mwl8k_cmd_set_beacon(struct ieee80211_hw *hw,
* CMD_SET_PRE_SCAN.
*/
struct mwl8k_cmd_set_pre_scan {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
} __packed;

static int mwl8k_cmd_set_pre_scan(struct ieee80211_hw *hw)
@@ -3013,7 +3018,7 @@ static int mwl8k_cmd_set_pre_scan(struct ieee80211_hw *hw)
* CMD_BBP_REG_ACCESS.
*/
struct mwl8k_cmd_bbp_reg_access {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le16 action;
__le16 offset;
u8 value;
@@ -3054,7 +3059,7 @@ mwl8k_cmd_bbp_reg_access(struct ieee80211_hw *hw,
* CMD_SET_POST_SCAN.
*/
struct mwl8k_cmd_set_post_scan {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le32 isibss;
__u8 bssid[ETH_ALEN];
} __packed;
@@ -3142,7 +3147,7 @@ static void mwl8k_update_survey(struct mwl8k_priv *priv,
* CMD_SET_RF_CHANNEL.
*/
struct mwl8k_cmd_set_rf_channel {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le16 action;
__u8 current_channel;
__le32 channel_flags;
@@ -3211,7 +3216,7 @@ static int mwl8k_cmd_set_rf_channel(struct ieee80211_hw *hw,
#define MWL8K_FRAME_PROT_11N_HT_ALL 0x06

struct mwl8k_cmd_update_set_aid {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le16 aid;

/* AP's MAC address (BSSID) */
@@ -3283,7 +3288,7 @@ mwl8k_cmd_set_aid(struct ieee80211_hw *hw,
* CMD_SET_RATE.
*/
struct mwl8k_cmd_set_rate {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__u8 legacy_rates[14];

/* Bitmap for supported MCS codes. */
@@ -3319,7 +3324,7 @@ mwl8k_cmd_set_rate(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
#define MWL8K_FJ_BEACON_MAXLEN 128

struct mwl8k_cmd_finalize_join {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le32 sleep_interval; /* Number of beacon periods to sleep */
__u8 beacon_data[MWL8K_FJ_BEACON_MAXLEN];
} __packed;
@@ -3358,7 +3363,7 @@ static int mwl8k_cmd_finalize_join(struct ieee80211_hw *hw, void *frame,
* CMD_SET_RTS_THRESHOLD.
*/
struct mwl8k_cmd_set_rts_threshold {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le16 action;
__le16 threshold;
} __packed;
@@ -3388,7 +3393,7 @@ mwl8k_cmd_set_rts_threshold(struct ieee80211_hw *hw, int rts_thresh)
* CMD_SET_SLOT.
*/
struct mwl8k_cmd_set_slot {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le16 action;
__u8 short_slot;
} __packed;
@@ -3417,7 +3422,7 @@ static int mwl8k_cmd_set_slot(struct ieee80211_hw *hw, bool short_slot_time)
* CMD_SET_EDCA_PARAMS.
*/
struct mwl8k_cmd_set_edca_params {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;

/* See MWL8K_SET_EDCA_XXX below */
__le16 action;
@@ -3502,7 +3507,7 @@ mwl8k_cmd_set_edca_params(struct ieee80211_hw *hw, __u8 qnum,
* CMD_SET_WMM_MODE.
*/
struct mwl8k_cmd_set_wmm_mode {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le16 action;
} __packed;

@@ -3533,7 +3538,7 @@ static int mwl8k_cmd_set_wmm_mode(struct ieee80211_hw *hw, bool enable)
* CMD_MIMO_CONFIG.
*/
struct mwl8k_cmd_mimo_config {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le32 action;
__u8 rx_antenna_map;
__u8 tx_antenna_map;
@@ -3564,7 +3569,7 @@ static int mwl8k_cmd_mimo_config(struct ieee80211_hw *hw, __u8 rx, __u8 tx)
* CMD_USE_FIXED_RATE (STA version).
*/
struct mwl8k_cmd_use_fixed_rate_sta {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le32 action;
__le32 allow_rate_drop;
__le32 num_rates;
@@ -3606,7 +3611,7 @@ static int mwl8k_cmd_use_fixed_rate_sta(struct ieee80211_hw *hw)
* CMD_USE_FIXED_RATE (AP version).
*/
struct mwl8k_cmd_use_fixed_rate_ap {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le32 action;
__le32 allow_rate_drop;
__le32 num_rates;
@@ -3647,7 +3652,7 @@ mwl8k_cmd_use_fixed_rate_ap(struct ieee80211_hw *hw, int mcast, int mgmt)
* CMD_ENABLE_SNIFFER.
*/
struct mwl8k_cmd_enable_sniffer {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le32 action;
} __packed;

@@ -3671,7 +3676,7 @@ static int mwl8k_cmd_enable_sniffer(struct ieee80211_hw *hw, bool enable)
}

struct mwl8k_cmd_update_mac_addr {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
union {
struct {
__le16 mac_type;
@@ -3756,7 +3761,7 @@ static inline int mwl8k_cmd_del_mac_addr(struct ieee80211_hw *hw,
* CMD_SET_RATEADAPT_MODE.
*/
struct mwl8k_cmd_set_rate_adapt_mode {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le16 action;
__le16 mode;
} __packed;
@@ -3785,7 +3790,7 @@ static int mwl8k_cmd_set_rateadapt_mode(struct ieee80211_hw *hw, __u16 mode)
* CMD_GET_WATCHDOG_BITMAP.
*/
struct mwl8k_cmd_get_watchdog_bitmap {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
u8 bitmap;
} __packed;

@@ -3865,7 +3870,7 @@ static void mwl8k_watchdog_ba_events(struct work_struct *work)
* CMD_BSS_START.
*/
struct mwl8k_cmd_bss_start {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le32 enable;
} __packed;

@@ -3960,7 +3965,7 @@ struct mwl8k_destroy_ba_stream {
} __packed;

struct mwl8k_cmd_bastream {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le32 action;
union {
struct mwl8k_create_ba_stream create_params;
@@ -4070,7 +4075,7 @@ static void mwl8k_destroy_ba(struct ieee80211_hw *hw,
* CMD_SET_NEW_STN.
*/
struct mwl8k_cmd_set_new_stn {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;
__le16 aid;
__u8 mac_addr[6];
__le16 stn_id;
@@ -4206,7 +4211,7 @@ static int mwl8k_cmd_set_new_stn_del(struct ieee80211_hw *hw,
#define MIC_KEY_LENGTH 8

struct mwl8k_cmd_update_encryption {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;

__le32 action;
__le32 reserved;
@@ -4216,7 +4221,7 @@ struct mwl8k_cmd_update_encryption {
} __packed;

struct mwl8k_cmd_set_key {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;

__le32 action;
__le32 reserved;
@@ -4504,7 +4509,7 @@ struct peer_capability_info {
} __packed;

struct mwl8k_cmd_update_stadb {
- struct mwl8k_cmd_pkt header;
+ struct mwl8k_cmd_pkt_hdr header;

/* See STADB_ACTION_TYPE */
__le32 action;
@@ -5174,7 +5179,7 @@ mwl8k_bss_info_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
static u64 mwl8k_prepare_multicast(struct ieee80211_hw *hw,
struct netdev_hw_addr_list *mc_list)
{
- struct mwl8k_cmd_pkt *cmd;
+ struct mwl8k_cmd_pkt_hdr *hdr;

/*
* Synthesize and return a command packet that programs the
@@ -5183,9 +5188,9 @@ static u64 mwl8k_prepare_multicast(struct ieee80211_hw *hw,
* we'll end up throwing this packet away and creating a new
* one in mwl8k_configure_filter().
*/
- cmd = __mwl8k_cmd_mac_multicast_adr(hw, 0, mc_list);
+ hdr = __mwl8k_cmd_mac_multicast_adr(hw, 0, mc_list);

- return (unsigned long)cmd;
+ return (unsigned long)hdr;
}

static int
@@ -5234,7 +5239,7 @@ static void mwl8k_configure_filter(struct ieee80211_hw *hw,
u64 multicast)
{
struct mwl8k_priv *priv = hw->priv;
- struct mwl8k_cmd_pkt *cmd = (void *)(unsigned long)multicast;
+ struct mwl8k_cmd_pkt_hdr *hdr = (void *)(unsigned long)multicast;

/*
* AP firmware doesn't allow fine-grained control over
@@ -5242,7 +5247,7 @@ static void mwl8k_configure_filter(struct ieee80211_hw *hw,
*/
if (priv->ap_fw) {
*total_flags &= FIF_ALLMULTI | FIF_BCN_PRBRESP_PROMISC;
- kfree(cmd);
+ kfree(hdr);
return;
}

@@ -5252,7 +5257,7 @@ static void mwl8k_configure_filter(struct ieee80211_hw *hw,
*/
if (*total_flags & (FIF_CONTROL | FIF_OTHER_BSS) &&
mwl8k_configure_filter_sniffer(hw, changed_flags, total_flags)) {
- kfree(cmd);
+ kfree(hdr);
return;
}

@@ -5260,7 +5265,7 @@ static void mwl8k_configure_filter(struct ieee80211_hw *hw,
*total_flags &= FIF_ALLMULTI | FIF_BCN_PRBRESP_PROMISC;

if (mwl8k_fw_lock(hw)) {
- kfree(cmd);
+ kfree(hdr);
return;
}

@@ -5304,13 +5309,13 @@ static void mwl8k_configure_filter(struct ieee80211_hw *hw,
* packets.
*/
if (*total_flags & FIF_ALLMULTI) {
- kfree(cmd);
- cmd = __mwl8k_cmd_mac_multicast_adr(hw, 1, NULL);
+ kfree(hdr);
+ hdr = __mwl8k_cmd_mac_multicast_adr(hw, 1, NULL);
}

- if (cmd != NULL) {
- mwl8k_post_cmd(hw, cmd);
- kfree(cmd);
+ if (hdr) {
+ mwl8k_post_cmd(hw, hdr);
+ kfree(hdr);
}

mwl8k_fw_unlock(hw);
--
2.25.1

Next message: Arınç ÜNAL: "Re: [PATCH 00/14] mips: dts: ralink: mt7621: improve DTS style"
Previous message: Koakuma: "[sparc] Use of -fcall-used-* flags in Makefile?"
Next in thread: Gustavo A. R. Silva: "Re: [PATCH] mwl8k: Avoid overlapping composite structs that contain flex-arrays"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]