staging: wfx: ensure that received hif messages are never modified

There are no real reason to modify the data received from device. So,
let's mark the arguments constant.

Signed-off-by: Jérôme Pouiller <jerome.pouiller@silabs.com>
Link: https://lore.kernel.org/r/20191217161318.31402-23-Jerome.Pouiller@silabs.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/wfx/data_rx.c b/drivers/staging/wfx/data_rx.c
index e7fcce8d0cc451b1c46f9420765e2ab30c13e0a0..d460c0ffca1f8fdc7faf9b29b232611c9b7c918e 100644 (file)
--- a/drivers/staging/wfx/data_rx.c
+++ b/drivers/staging/wfx/data_rx.c
@@ -48,7 +48,9 @@ static int wfx_handle_pspoll(struct wfx_vif *wvif, struct sk_buff *skb)
        return 0;
 }
 
-static int wfx_drop_encrypt_data(struct wfx_dev *wdev, struct hif_ind_rx *arg, struct sk_buff *skb)
+static int wfx_drop_encrypt_data(struct wfx_dev *wdev,
+                                const struct hif_ind_rx *arg,
+                                struct sk_buff *skb)
 {
        struct ieee80211_hdr *frame = (struct ieee80211_hdr *) skb->data;
        size_t hdrlen = ieee80211_hdrlen(frame->frame_control);
@@ -98,8 +100,8 @@ static int wfx_drop_encrypt_data(struct wfx_dev *wdev, struct hif_ind_rx *arg, s
 
 }
 
-void wfx_rx_cb(struct wfx_vif *wvif, struct hif_ind_rx *arg,
-              struct sk_buff *skb)
+void wfx_rx_cb(struct wfx_vif *wvif,
+              const struct hif_ind_rx *arg, struct sk_buff *skb)
 {
        int link_id = arg->rx_flags.peer_sta_id;
        struct ieee80211_rx_status *hdr = IEEE80211_SKB_RXCB(skb);

diff --git a/drivers/staging/wfx/data_rx.h b/drivers/staging/wfx/data_rx.h
index a50ce352bc5eb414433ee682f49fc17630af24e8..61c28bfd2a37d3ff875e9271af7c34e0f2a14213 100644 (file)
--- a/drivers/staging/wfx/data_rx.h
+++ b/drivers/staging/wfx/data_rx.h
@@ -13,7 +13,7 @@
 struct wfx_vif;
 struct sk_buff;
 
-void wfx_rx_cb(struct wfx_vif *wvif, struct hif_ind_rx *arg,
-              struct sk_buff *skb);
+void wfx_rx_cb(struct wfx_vif *wvif,
+              const struct hif_ind_rx *arg, struct sk_buff *skb);
 
 #endif /* WFX_DATA_RX_H */

diff --git a/drivers/staging/wfx/data_tx.c b/drivers/staging/wfx/data_tx.c
index a1853056ebf1b9136bfa579a8b2e6c0d3e58f7df..b2a325c47b2daf05b5e164b7ae9576513af94e3b 100644 (file)
--- a/drivers/staging/wfx/data_tx.c
+++ b/drivers/staging/wfx/data_tx.c
@@ -720,7 +720,7 @@ drop:
        ieee80211_tx_status_irqsafe(wdev->hw, skb);
 }
 
-void wfx_tx_confirm_cb(struct wfx_vif *wvif, struct hif_cnf_tx *arg)
+void wfx_tx_confirm_cb(struct wfx_vif *wvif, const struct hif_cnf_tx *arg)
 {
        int i;
        int tx_count;

diff --git a/drivers/staging/wfx/data_tx.h b/drivers/staging/wfx/data_tx.h
index 0fc388db62e0dd0343869ba32c08cadb5ea7c405..078d0cfc521a6be0b357523be14ac8862405d9dc 100644 (file)
--- a/drivers/staging/wfx/data_tx.h
+++ b/drivers/staging/wfx/data_tx.h
@@ -65,7 +65,7 @@ void wfx_tx_policy_upload_work(struct work_struct *work);
 
 void wfx_tx(struct ieee80211_hw *hw, struct ieee80211_tx_control *control,
            struct sk_buff *skb);
-void wfx_tx_confirm_cb(struct wfx_vif *wvif, struct hif_cnf_tx *arg);
+void wfx_tx_confirm_cb(struct wfx_vif *wvif, const struct hif_cnf_tx *arg);
 void wfx_skb_dtor(struct wfx_dev *wdev, struct sk_buff *skb);
 
 int wfx_unmap_link(struct wfx_vif *wvif, int link_id);

diff --git a/drivers/staging/wfx/hif_rx.c b/drivers/staging/wfx/hif_rx.c
index 1494ad5a507b63edc8584a674e770db01c4f96db..8a3ccdc60b7df66a4c220d621af55ae763ddc85f 100644 (file)
--- a/drivers/staging/wfx/hif_rx.c
+++ b/drivers/staging/wfx/hif_rx.c
@@ -18,8 +18,8 @@
 #include "secure_link.h"
 #include "hif_api_cmd.h"
 
-static int hif_generic_confirm(struct wfx_dev *wdev, struct hif_msg *hif,
-                              void *buf)
+static int hif_generic_confirm(struct wfx_dev *wdev,
+                              const struct hif_msg *hif, const void *buf)
 {
        // All confirm messages start with status
        int status = le32_to_cpu(*((__le32 *) buf));
@@ -59,9 +59,10 @@ static int hif_generic_confirm(struct wfx_dev *wdev, struct hif_msg *hif,
        return status;
 }
 
-static int hif_tx_confirm(struct wfx_dev *wdev, struct hif_msg *hif, void *buf)
+static int hif_tx_confirm(struct wfx_dev *wdev,
+                         const struct hif_msg *hif, const void *buf)
 {
-       struct hif_cnf_tx *body = buf;
+       const struct hif_cnf_tx *body = buf;
        struct wfx_vif *wvif = wdev_to_wvif(wdev, hif->interface);
 
        WARN_ON(!wvif);
@@ -72,11 +73,12 @@ static int hif_tx_confirm(struct wfx_dev *wdev, struct hif_msg *hif, void *buf)
        return 0;
 }
 
-static int hif_multi_tx_confirm(struct wfx_dev *wdev, struct hif_msg *hif,
-                               void *buf)
+static int hif_multi_tx_confirm(struct wfx_dev *wdev,
+                               const struct hif_msg *hif, const void *buf)
 {
-       struct hif_cnf_multi_transmit *body = buf;
-       struct hif_cnf_tx *buf_loc = (struct hif_cnf_tx *) &body->tx_conf_payload;
+       const struct hif_cnf_multi_transmit *body = buf;
+       const struct hif_cnf_tx *buf_loc =
+               (const struct hif_cnf_tx *)&body->tx_conf_payload;
        struct wfx_vif *wvif = wdev_to_wvif(wdev, hif->interface);
        int count = body->num_tx_confs;
        int i;
@@ -93,10 +95,10 @@ static int hif_multi_tx_confirm(struct wfx_dev *wdev, struct hif_msg *hif,
        return 0;
 }
 
-static int hif_startup_indication(struct wfx_dev *wdev, struct hif_msg *hif,
-                                 void *buf)
+static int hif_startup_indication(struct wfx_dev *wdev,
+                                 const struct hif_msg *hif, const void *buf)
 {
-       struct hif_ind_startup *body = buf;
+       const struct hif_ind_startup *body = buf;
 
        if (body->status || body->firmware_type > 4) {
                dev_err(wdev->dev, "received invalid startup indication");
@@ -112,8 +114,8 @@ static int hif_startup_indication(struct wfx_dev *wdev, struct hif_msg *hif,
        return 0;
 }
 
-static int hif_wakeup_indication(struct wfx_dev *wdev, struct hif_msg *hif,
-                                void *buf)
+static int hif_wakeup_indication(struct wfx_dev *wdev,
+                                const struct hif_msg *hif, const void *buf)
 {
        if (!wdev->pdata.gpio_wakeup
            || !gpiod_get_value(wdev->pdata.gpio_wakeup)) {
@@ -123,25 +125,27 @@ static int hif_wakeup_indication(struct wfx_dev *wdev, struct hif_msg *hif,
        return 0;
 }
 
-static int hif_keys_indication(struct wfx_dev *wdev, struct hif_msg *hif,
-                              void *buf)
+static int hif_keys_indication(struct wfx_dev *wdev,
+                              const struct hif_msg *hif, const void *buf)
 {
-       struct hif_ind_sl_exchange_pub_keys *body = buf;
+       const struct hif_ind_sl_exchange_pub_keys *body = buf;
+       u8 pubkey[API_NCP_PUB_KEY_SIZE];
 
-       // Compatibility with legacy secure link
-       if (body->status == SL_PUB_KEY_EXCHANGE_STATUS_SUCCESS)
-               body->status = 0;
-       if (body->status)
+       // SL_PUB_KEY_EXCHANGE_STATUS_SUCCESS is used by legacy secure link
+       if (body->status && body->status != SL_PUB_KEY_EXCHANGE_STATUS_SUCCESS)
                dev_warn(wdev->dev, "secure link negociation error\n");
-       wfx_sl_check_pubkey(wdev, body->ncp_pub_key, body->ncp_pub_key_mac);
+       memcpy(pubkey, body->ncp_pub_key, sizeof(pubkey));
+       memreverse(pubkey, sizeof(pubkey));
+       wfx_sl_check_pubkey(wdev, pubkey, body->ncp_pub_key_mac);
        return 0;
 }
 
-static int hif_receive_indication(struct wfx_dev *wdev, struct hif_msg *hif,
-                                 void *buf, struct sk_buff *skb)
+static int hif_receive_indication(struct wfx_dev *wdev,
+                                 const struct hif_msg *hif,
+                                 const void *buf, struct sk_buff *skb)
 {
        struct wfx_vif *wvif = wdev_to_wvif(wdev, hif->interface);
-       struct hif_ind_rx *body = buf;
+       const struct hif_ind_rx *body = buf;
 
        if (!wvif) {
                dev_warn(wdev->dev, "ignore rx data for non-existent vif %d\n",
@@ -154,11 +158,11 @@ static int hif_receive_indication(struct wfx_dev *wdev, struct hif_msg *hif,
        return 0;
 }
 
-static int hif_event_indication(struct wfx_dev *wdev, struct hif_msg *hif,
-                               void *buf)
+static int hif_event_indication(struct wfx_dev *wdev,
+                               const struct hif_msg *hif, const void *buf)
 {
        struct wfx_vif *wvif = wdev_to_wvif(wdev, hif->interface);
-       struct hif_ind_event *body = buf;
+       const struct hif_ind_event *body = buf;
        struct wfx_hif_event *event;
        int first;
 
@@ -183,7 +187,8 @@ static int hif_event_indication(struct wfx_dev *wdev, struct hif_msg *hif,
 }
 
 static int hif_pm_mode_complete_indication(struct wfx_dev *wdev,
-                                          struct hif_msg *hif, void *buf)
+                                          const struct hif_msg *hif,
+                                          const void *buf)
 {
        struct wfx_vif *wvif = wdev_to_wvif(wdev, hif->interface);
 
@@ -194,10 +199,11 @@ static int hif_pm_mode_complete_indication(struct wfx_dev *wdev,
 }
 
 static int hif_scan_complete_indication(struct wfx_dev *wdev,
-                                       struct hif_msg *hif, void *buf)
+                                       const struct hif_msg *hif,
+                                       const void *buf)
 {
        struct wfx_vif *wvif = wdev_to_wvif(wdev, hif->interface);
-       struct hif_ind_scan_cmpl *body = buf;
+       const struct hif_ind_scan_cmpl *body = buf;
 
        WARN_ON(!wvif);
        wfx_scan_complete_cb(wvif, body);
@@ -206,7 +212,8 @@ static int hif_scan_complete_indication(struct wfx_dev *wdev,
 }
 
 static int hif_join_complete_indication(struct wfx_dev *wdev,
-                                       struct hif_msg *hif, void *buf)
+                                       const struct hif_msg *hif,
+                                       const void *buf)
 {
        struct wfx_vif *wvif = wdev_to_wvif(wdev, hif->interface);
 
@@ -217,10 +224,11 @@ static int hif_join_complete_indication(struct wfx_dev *wdev,
 }
 
 static int hif_suspend_resume_indication(struct wfx_dev *wdev,
-                                        struct hif_msg *hif, void *buf)
+                                        const struct hif_msg *hif,
+                                        const void *buf)
 {
        struct wfx_vif *wvif = wdev_to_wvif(wdev, hif->interface);
-       struct hif_ind_suspend_resume_tx *body = buf;
+       const struct hif_ind_suspend_resume_tx *body = buf;
 
        WARN_ON(!wvif);
        wfx_suspend_resume(wvif, body);
@@ -228,10 +236,10 @@ static int hif_suspend_resume_indication(struct wfx_dev *wdev,
        return 0;
 }
 
-static int hif_error_indication(struct wfx_dev *wdev, struct hif_msg *hif,
-                               void *buf)
+static int hif_error_indication(struct wfx_dev *wdev,
+                               const struct hif_msg *hif, const void *buf)
 {
-       struct hif_ind_error *body = buf;
+       const struct hif_ind_error *body = buf;
        u8 *pRollback = (u8 *) body->data;
        u32 *pStatus = (u32 *) body->data;
 
@@ -268,10 +276,10 @@ static int hif_error_indication(struct wfx_dev *wdev, struct hif_msg *hif,
        return 0;
 }
 
-static int hif_generic_indication(struct wfx_dev *wdev, struct hif_msg *hif,
-                                 void *buf)
+static int hif_generic_indication(struct wfx_dev *wdev,
+                                 const struct hif_msg *hif, const void *buf)
 {
-       struct hif_ind_generic *body = buf;
+       const struct hif_ind_generic *body = buf;
 
        switch (body->indication_type) {
        case HIF_GENERIC_INDICATION_TYPE_RAW:
@@ -299,9 +307,10 @@ static int hif_generic_indication(struct wfx_dev *wdev, struct hif_msg *hif,
 }
 
 static int hif_exception_indication(struct wfx_dev *wdev,
-                                   struct hif_msg *hif, void *buf)
+                                   const struct hif_msg *hif, const void *buf)
 {
        size_t len = hif->len - 4; // drop header
+
        dev_err(wdev->dev, "firmware exception\n");
        print_hex_dump_bytes("Dump: ", DUMP_PREFIX_NONE, buf, len);
        wdev->chip_frozen = 1;
@@ -311,7 +320,8 @@ static int hif_exception_indication(struct wfx_dev *wdev,
 
 static const struct {
        int msg_id;
-       int (*handler)(struct wfx_dev *wdev, struct hif_msg *hif, void *buf);
+       int (*handler)(struct wfx_dev *wdev,
+                      const struct hif_msg *hif, const void *buf);
 } hif_handlers[] = {
        /* Confirmations */
        { HIF_CNF_ID_TX,                   hif_tx_confirm },
@@ -335,7 +345,7 @@ static const struct {
 void wfx_handle_rx(struct wfx_dev *wdev, struct sk_buff *skb)
 {
        int i;
-       struct hif_msg *hif = (struct hif_msg *) skb->data;
+       const struct hif_msg *hif = (const struct hif_msg *)skb->data;
        int hif_id = hif->id;
 
        if (hif_id == HIF_IND_ID_RX) {

diff --git a/drivers/staging/wfx/scan.c b/drivers/staging/wfx/scan.c
index a6c93400a7bad619eedd5b08b0bf70414a048ca3..45e78c5722ffa79f895dfdd94f316091359ca449 100644 (file)
--- a/drivers/staging/wfx/scan.c
+++ b/drivers/staging/wfx/scan.c
@@ -267,7 +267,8 @@ void wfx_scan_failed_cb(struct wfx_vif *wvif)
        }
 }
 
-void wfx_scan_complete_cb(struct wfx_vif *wvif, struct hif_ind_scan_cmpl *arg)
+void wfx_scan_complete_cb(struct wfx_vif *wvif,
+                         const struct hif_ind_scan_cmpl *arg)
 {
        if (cancel_delayed_work_sync(&wvif->scan.timeout) > 0) {
                wvif->scan.status = 1;

diff --git a/drivers/staging/wfx/scan.h b/drivers/staging/wfx/scan.h
index b4ddd0771a9b5807afa56f856676c508e26daf98..c7c0ab178c87def1233f06bd4b5a9aae7e3e2218 100644 (file)
--- a/drivers/staging/wfx/scan.h
+++ b/drivers/staging/wfx/scan.h
@@ -36,7 +36,8 @@ int wfx_hw_scan(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
                struct ieee80211_scan_request *req);
 void wfx_scan_work(struct work_struct *work);
 void wfx_scan_timeout(struct work_struct *work);
-void wfx_scan_complete_cb(struct wfx_vif *wvif, struct hif_ind_scan_cmpl *arg);
+void wfx_scan_complete_cb(struct wfx_vif *wvif,
+                         const struct hif_ind_scan_cmpl *arg);
 void wfx_scan_failed_cb(struct wfx_vif *wvif);
 
 #endif /* WFX_SCAN_H */

diff --git a/drivers/staging/wfx/secure_link.h b/drivers/staging/wfx/secure_link.h
index 666b26e5308dfd3f72fa9ecff4e00e48d4c5c370..c3d055b2f8b143b821f278b473eafa965e4107fc 100644 (file)
--- a/drivers/staging/wfx/secure_link.h
+++ b/drivers/staging/wfx/secure_link.h
@@ -25,14 +25,16 @@ static inline int wfx_sl_decode(struct wfx_dev *wdev, struct hif_sl_msg *m)
        return -EIO;
 }
 
-static inline int wfx_sl_encode(struct wfx_dev *wdev, struct hif_msg *input,
+static inline int wfx_sl_encode(struct wfx_dev *wdev,
+                               const struct hif_msg *input,
                                struct hif_sl_msg *output)
 {
        return -EIO;
 }
 
-static inline int wfx_sl_check_pubkey(struct wfx_dev *wdev, u8 *ncp_pubkey,
-                                     u8 *ncp_pubmac)
+static inline int wfx_sl_check_pubkey(struct wfx_dev *wdev,
+                                     const u8 *ncp_pubkey,
+                                     const u8 *ncp_pubmac)
 {
        return -EIO;
 }

diff --git a/drivers/staging/wfx/sta.c b/drivers/staging/wfx/sta.c
index 7f4eaa8e6d84597df77ce412e0e6e256fa4d9e2b..b4bb5b653e64f931c9c7f44116074dba48d88c8e 100644 (file)
--- a/drivers/staging/wfx/sta.c
+++ b/drivers/staging/wfx/sta.c
@@ -1345,7 +1345,7 @@ int wfx_ampdu_action(struct ieee80211_hw *hw,
 }
 
 void wfx_suspend_resume(struct wfx_vif *wvif,
-                       struct hif_ind_suspend_resume_tx *arg)
+                       const struct hif_ind_suspend_resume_tx *arg)
 {
        if (arg->suspend_resume_flags.bc_mc_only) {
                bool cancel_tmo = false;

diff --git a/drivers/staging/wfx/sta.h b/drivers/staging/wfx/sta.h
index 4ccf1b17632bf78402b4876749af0e7f59e83eed..721b7cee9c101f97491c88f61572849cc83b8f5a 100644 (file)
--- a/drivers/staging/wfx/sta.h
+++ b/drivers/staging/wfx/sta.h
@@ -92,7 +92,7 @@ void wfx_unassign_vif_chanctx(struct ieee80211_hw *hw,
 
 // WSM Callbacks
 void wfx_suspend_resume(struct wfx_vif *wvif,
-                       struct hif_ind_suspend_resume_tx *arg);
+                       const struct hif_ind_suspend_resume_tx *arg);
 
 // Other Helpers
 void wfx_cqm_bssloss_sm(struct wfx_vif *wvif, int init, int good, int bad);