Commit 92c70a95 authored by Devidas Puranik's avatar Devidas Puranik Committed by Kalle Valo
Browse files

mwifiex: fix for unaligned reads 



Using the accessor function e.g. get_unaligned_le32 instead of
le32_to_cpu to avoid the unaligned access. This is for the
architectures that don't handle the unaligned memory access

Signed-off-by: default avatarDevidas Puranik <devidas@marvell.com>
Signed-off-by: default avatarGanapathi Bhat <gbhat@marvell.com>
Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
parent 5653c646

drivers/net/wireless/marvell/mwifiex/cmdevt.c

+2 −2
Original line number Diff line number Diff line
@@ -242,7 +242,7 @@ static int mwifiex_dnld_cmd_to_fw(struct mwifiex_private *priv, 
	mwifiex_dbg(adapter, CMD,

		    "cmd: DNLD_CMD: %#x, act %#x, len %d, seqno %#x\n",

		    cmd_code,

		    le16_to_cpu(*(__le16 *)((u8 *)host_cmd + S_DS_GEN)),

		    get_unaligned_le16((u8 *)host_cmd + S_DS_GEN),

		    cmd_size, le16_to_cpu(host_cmd->seq_num));

	mwifiex_dbg_dump(adapter, CMD_D, "cmd buffer:", host_cmd, cmd_size);
@@ -286,7 +286,7 @@ static int mwifiex_dnld_cmd_to_fw(struct mwifiex_private *priv, 
			(adapter->dbg.last_cmd_index + 1) % DBG_CMD_NUM;

	adapter->dbg.last_cmd_id[adapter->dbg.last_cmd_index] = cmd_code;

	adapter->dbg.last_cmd_act[adapter->dbg.last_cmd_index] =

			le16_to_cpu(*(__le16 *) ((u8 *) host_cmd + S_DS_GEN));

			get_unaligned_le16((u8 *)host_cmd + S_DS_GEN);



	/* Clear BSS_NO_BITS from HostCmd */

	cmd_code &= HostCmd_CMD_ID_MASK;

drivers/net/wireless/marvell/mwifiex/pcie.c

+16 −21
Original line number Diff line number Diff line
@@ -119,7 +119,7 @@ static int mwifiex_read_reg_byte(struct mwifiex_adapter *adapter, 
 */

static bool mwifiex_pcie_ok_to_access_hw(struct mwifiex_adapter *adapter)

{

	u32 *cookie_addr;

	u32 cookie_value;

	struct pcie_service_card *card = adapter->card;

	const struct mwifiex_pcie_card_reg *reg = card->pcie.reg;
@@ -127,11 +127,11 @@ static bool mwifiex_pcie_ok_to_access_hw(struct mwifiex_adapter *adapter) 
		return true;



	if (card->sleep_cookie_vbase) {

		cookie_addr = (u32 *)card->sleep_cookie_vbase;

		cookie_value = get_unaligned_le32(card->sleep_cookie_vbase);

		mwifiex_dbg(adapter, INFO,

			    "info: ACCESS_HW: sleep cookie=0x%x\n",

			    *cookie_addr);

		if (*cookie_addr == FW_AWAKE_COOKIE)

			    cookie_value);

		if (cookie_value == FW_AWAKE_COOKIE)

			return true;

	}
@@ -440,7 +440,7 @@ static void mwifiex_delay_for_sleep_cookie(struct mwifiex_adapter *adapter, 
					    sizeof(sleep_cookie),

					    PCI_DMA_FROMDEVICE);

		buffer = cmdrsp->data;

		sleep_cookie = READ_ONCE(*(u32 *)buffer);

		sleep_cookie = get_unaligned_le32(buffer);



		if (sleep_cookie == MWIFIEX_DEF_SLEEP_COOKIE) {

			mwifiex_dbg(adapter, INFO,
@@ -1042,6 +1042,7 @@ static int mwifiex_pcie_delete_cmdrsp_buf(struct mwifiex_adapter *adapter) 
static int mwifiex_pcie_alloc_sleep_cookie_buf(struct mwifiex_adapter *adapter)

{

	struct pcie_service_card *card = adapter->card;

	u32 tmp;



	card->sleep_cookie_vbase = pci_alloc_consistent(card->dev, sizeof(u32),

						     &card->sleep_cookie_pbase);
@@ -1051,11 +1052,12 @@ static int mwifiex_pcie_alloc_sleep_cookie_buf(struct mwifiex_adapter *adapter) 
		return -ENOMEM;

	}

	/* Init val of Sleep Cookie */

	*(u32 *)card->sleep_cookie_vbase = FW_AWAKE_COOKIE;

	tmp = FW_AWAKE_COOKIE;

	put_unaligned(tmp, card->sleep_cookie_vbase);



	mwifiex_dbg(adapter, INFO,

		    "alloc_scook: sleep cookie=0x%x\n",

		    *((u32 *)card->sleep_cookie_vbase));

		    get_unaligned(card->sleep_cookie_vbase));



	return 0;

}
@@ -1216,7 +1218,6 @@ mwifiex_pcie_send_data(struct mwifiex_adapter *adapter, struct sk_buff *skb, 
	dma_addr_t buf_pa;

	struct mwifiex_pcie_buf_desc *desc = NULL;

	struct mwifiex_pfu_buf_desc *desc2 = NULL;

	__le16 *tmp;



	if (!(skb->data && skb->len)) {

		mwifiex_dbg(adapter, ERROR,
@@ -1237,10 +1238,8 @@ mwifiex_pcie_send_data(struct mwifiex_adapter *adapter, struct sk_buff *skb, 


		adapter->data_sent = true;

		payload = skb->data;

		tmp = (__le16 *)&payload[0];

		*tmp = cpu_to_le16((u16)skb->len);

		tmp = (__le16 *)&payload[2];

		*tmp = cpu_to_le16(MWIFIEX_TYPE_DATA);

		put_unaligned_le16((u16)skb->len, payload + 0);

		put_unaligned_le16(MWIFIEX_TYPE_DATA, payload + 2);



		if (mwifiex_map_pci_memory(adapter, skb, skb->len,

					   PCI_DMA_TODEVICE))
@@ -1369,7 +1368,6 @@ static int mwifiex_pcie_process_recv_data(struct mwifiex_adapter *adapter) 
		(card->rxbd_rdptr & reg->rx_rollover_ind))) {

		struct sk_buff *skb_data;

		u16 rx_len;

		__le16 pkt_len;



		rd_index = card->rxbd_rdptr & reg->rx_mask;

		skb_data = card->rx_buf_list[rd_index];
@@ -1386,8 +1384,7 @@ static int mwifiex_pcie_process_recv_data(struct mwifiex_adapter *adapter) 
		/* Get data length from interface header -

		 * first 2 bytes for len, next 2 bytes is for type

		 */

		pkt_len = *((__le16 *)skb_data->data);

		rx_len = le16_to_cpu(pkt_len);

		rx_len = get_unaligned_le16(skb_data->data);

		if (WARN_ON(rx_len <= INTF_HEADER_LEN ||

			    rx_len > MWIFIEX_RX_DATA_BUF_SIZE)) {

			mwifiex_dbg(adapter, ERROR,
@@ -1594,8 +1591,8 @@ mwifiex_pcie_send_cmd(struct mwifiex_adapter *adapter, struct sk_buff *skb) 


	adapter->cmd_sent = true;



	*(__le16 *)&payload[0] = cpu_to_le16((u16)skb->len);

	*(__le16 *)&payload[2] = cpu_to_le16(MWIFIEX_TYPE_CMD);

	put_unaligned_le16((u16)skb->len, &payload[0]);

	put_unaligned_le16(MWIFIEX_TYPE_CMD, &payload[2]);



	if (mwifiex_map_pci_memory(adapter, skb, skb->len, PCI_DMA_TODEVICE))

		return -1;
@@ -1687,7 +1684,6 @@ static int mwifiex_pcie_process_cmd_complete(struct mwifiex_adapter *adapter) 
	struct sk_buff *skb = card->cmdrsp_buf;

	int count = 0;

	u16 rx_len;

	__le16 pkt_len;



	mwifiex_dbg(adapter, CMD,

		    "info: Rx CMD Response\n");
@@ -1707,8 +1703,7 @@ static int mwifiex_pcie_process_cmd_complete(struct mwifiex_adapter *adapter) 
		card->cmd_buf = NULL;

	}



	pkt_len = *((__le16 *)skb->data);

	rx_len = le16_to_cpu(pkt_len);

	rx_len = get_unaligned_le16(skb->data);

	skb_put(skb, MWIFIEX_UPLD_SIZE - skb->len);

	skb_trim(skb, rx_len);
@@ -1849,7 +1844,7 @@ static int mwifiex_pcie_process_event_ready(struct mwifiex_adapter *adapter) 
		desc = card->evtbd_ring[rdptr];

		memset(desc, 0, sizeof(*desc));



		event = *(u32 *) &skb_cmd->data[INTF_HEADER_LEN];

		event = get_unaligned_le32(&skb_cmd->data[INTF_HEADER_LEN]);

		adapter->event_cause = event;

		/* The first 4bytes will be the event transfer header

		   len is 2 bytes followed by type which is 2 bytes */

drivers/net/wireless/marvell/mwifiex/sdio.c

+13 −10
Original line number Diff line number Diff line
@@ -943,7 +943,7 @@ static int mwifiex_sdio_card_to_host(struct mwifiex_adapter *adapter, 
		return -1;

	}



	nb = le16_to_cpu(*(__le16 *) (buffer));

	nb = get_unaligned_le16((buffer));

	if (nb > npayload) {

		mwifiex_dbg(adapter, ERROR,

			    "%s: invalid packet, nb=%d npayload=%d\n",
@@ -951,7 +951,7 @@ static int mwifiex_sdio_card_to_host(struct mwifiex_adapter *adapter, 
		return -1;

	}



	*type = le16_to_cpu(*(__le16 *) (buffer + 2));

	*type = get_unaligned_le16((buffer + 2));



	return ret;

}
@@ -1139,7 +1139,8 @@ static void mwifiex_deaggr_sdio_pkt(struct mwifiex_adapter *adapter, 
				    __func__, blk_num, blk_size, total_pkt_len);

			break;

		}

		pkt_len = le16_to_cpu(*(__le16 *)(data + SDIO_HEADER_OFFSET));

		pkt_len = get_unaligned_le16((data +

					     SDIO_HEADER_OFFSET));

		if ((pkt_len + SDIO_HEADER_OFFSET) > blk_size) {

			mwifiex_dbg(adapter, ERROR,

				    "%s: error in pkt_len,\t"
@@ -1172,10 +1173,11 @@ static int mwifiex_decode_rx_packet(struct mwifiex_adapter *adapter, 
				    struct sk_buff *skb, u32 upld_typ)

{

	u8 *cmd_buf;

	__le16 *curr_ptr = (__le16 *)skb->data;

	u16 pkt_len = le16_to_cpu(*curr_ptr);

	u16 pkt_len;

	struct mwifiex_rxinfo *rx_info;



	pkt_len = get_unaligned_le16(skb->data);



	if (upld_typ != MWIFIEX_TYPE_AGGR_DATA) {

		skb_trim(skb, pkt_len);

		skb_pull(skb, INTF_HEADER_LEN);
@@ -1235,7 +1237,7 @@ static int mwifiex_decode_rx_packet(struct mwifiex_adapter *adapter, 
	case MWIFIEX_TYPE_EVENT:

		mwifiex_dbg(adapter, EVENT,

			    "info: --- Rx: Event ---\n");

		adapter->event_cause = le32_to_cpu(*(__le32 *) skb->data);

		adapter->event_cause = get_unaligned_le32(skb->data);



		if ((skb->len > 0) && (skb->len  < MAX_EVENT_SIZE))

			memcpy(adapter->event_body,
@@ -1392,8 +1394,8 @@ static int mwifiex_sdio_card_to_host_mp_aggr(struct mwifiex_adapter *adapter, 
			u32 *len_arr = card->mpa_rx.len_arr;



			/* get curr PKT len & type */

			pkt_len = le16_to_cpu(*(__le16 *) &curr_ptr[0]);

			pkt_type = le16_to_cpu(*(__le16 *) &curr_ptr[2]);

			pkt_len = get_unaligned_le16(&curr_ptr[0]);

			pkt_type = get_unaligned_le16(&curr_ptr[2]);



			/* copy pkt to deaggr buf */

			skb_deaggr = mwifiex_alloc_dma_align_buf(len_arr[pind],
@@ -1874,8 +1876,9 @@ static int mwifiex_sdio_host_to_card(struct mwifiex_adapter *adapter, 
	/* Allocate buffer and copy payload */

	blk_size = MWIFIEX_SDIO_BLOCK_SIZE;

	buf_block_len = (pkt_len + blk_size - 1) / blk_size;

	*(__le16 *)&payload[0] = cpu_to_le16((u16)pkt_len);

	*(__le16 *)&payload[2] = cpu_to_le16(type);

	put_unaligned_le16((u16)pkt_len, payload + 0);

	put_unaligned_le16((u32)type, payload + 2);





	/*

	 * This is SDIO specific header

drivers/net/wireless/marvell/mwifiex/sta_cmd.c

+10 −9
Original line number Diff line number Diff line
@@ -130,7 +130,7 @@ static int mwifiex_cmd_802_11_snmp_mib(struct mwifiex_private *priv, 
	} else if (cmd_action == HostCmd_ACT_GEN_SET) {

		snmp_mib->query_type = cpu_to_le16(HostCmd_ACT_GEN_SET);

		snmp_mib->buf_size = cpu_to_le16(sizeof(u16));

		*((__le16 *) (snmp_mib->value)) = cpu_to_le16(*ul_temp);

		put_unaligned_le16(*ul_temp, snmp_mib->value);

		le16_unaligned_add_cpu(&cmd->size, sizeof(u16));

	}
@@ -138,7 +138,7 @@ static int mwifiex_cmd_802_11_snmp_mib(struct mwifiex_private *priv, 
		    "cmd: SNMP_CMD: Action=0x%x, OID=0x%x,\t"

		    "OIDSize=0x%x, Value=0x%x\n",

		    cmd_action, cmd_oid, le16_to_cpu(snmp_mib->buf_size),

		    le16_to_cpu(*(__le16 *)snmp_mib->value));

		    get_unaligned_le16(snmp_mib->value));

	return 0;

}
@@ -1400,7 +1400,7 @@ mwifiex_cmd_append_rpn_expression(struct mwifiex_private *priv, 
		filter = &mef_entry->filter[i];

		if (!filter->filt_type)

			break;

		*(__le32 *)stack_ptr = cpu_to_le32((u32)filter->repeat);

		put_unaligned_le32((u32)filter->repeat, stack_ptr);

		stack_ptr += 4;

		*stack_ptr = TYPE_DNUM;

		stack_ptr += 1;
@@ -1412,8 +1412,7 @@ mwifiex_cmd_append_rpn_expression(struct mwifiex_private *priv, 
		stack_ptr += 1;

		*stack_ptr = TYPE_BYTESEQ;

		stack_ptr += 1;



		*(__le32 *)stack_ptr = cpu_to_le32((u32)filter->offset);

		put_unaligned_le32((u32)filter->offset, stack_ptr);

		stack_ptr += 4;

		*stack_ptr = TYPE_DNUM;

		stack_ptr += 1;
@@ -1787,7 +1786,7 @@ mwifiex_cmd_tdls_oper(struct mwifiex_private *priv, 
			return -ENODATA;

		}



		*(__le16 *)pos = cpu_to_le16(params->capability);

		put_unaligned_le16(params->capability, pos);

		config_len += sizeof(params->capability);



		qos_info = params->uapsd_queues | (params->max_sp << 5);
@@ -2036,7 +2035,7 @@ int mwifiex_sta_prepare_cmd(struct mwifiex_private *priv, uint16_t cmd_no, 
	case HostCmd_CMD_VERSION_EXT:

		cmd_ptr->command = cpu_to_le16(cmd_no);

		cmd_ptr->params.verext.version_str_sel =

			(u8) (*((u32 *) data_buf));

			(u8)(get_unaligned((u32 *)data_buf));

		memcpy(&cmd_ptr->params, data_buf,

		       sizeof(struct host_cmd_ds_version_ext));

		cmd_ptr->size =
@@ -2047,7 +2046,8 @@ int mwifiex_sta_prepare_cmd(struct mwifiex_private *priv, uint16_t cmd_no, 
	case HostCmd_CMD_MGMT_FRAME_REG:

		cmd_ptr->command = cpu_to_le16(cmd_no);

		cmd_ptr->params.reg_mask.action = cpu_to_le16(cmd_action);

		cmd_ptr->params.reg_mask.mask = cpu_to_le32(*(u32 *)data_buf);

		cmd_ptr->params.reg_mask.mask = cpu_to_le32(

						get_unaligned((u32 *)data_buf));

		cmd_ptr->size =

			cpu_to_le16(sizeof(struct host_cmd_ds_mgmt_frame_reg) +

				    S_DS_GEN);
@@ -2067,7 +2067,8 @@ int mwifiex_sta_prepare_cmd(struct mwifiex_private *priv, uint16_t cmd_no, 
	case HostCmd_CMD_P2P_MODE_CFG:

		cmd_ptr->command = cpu_to_le16(cmd_no);

		cmd_ptr->params.mode_cfg.action = cpu_to_le16(cmd_action);

		cmd_ptr->params.mode_cfg.mode = cpu_to_le16(*(u16 *)data_buf);

		cmd_ptr->params.mode_cfg.mode = cpu_to_le16(

						get_unaligned((u16 *)data_buf));

		cmd_ptr->size =

			cpu_to_le16(sizeof(struct host_cmd_ds_p2p_mode_cfg) +

				    S_DS_GEN);

drivers/net/wireless/marvell/mwifiex/sta_cmdresp.c

+2 −2
Original line number Diff line number Diff line
@@ -183,7 +183,7 @@ static int mwifiex_ret_802_11_snmp_mib(struct mwifiex_private *priv, 
		    "query_type = %#x, buf size = %#x\n",

		    oid, query_type, le16_to_cpu(smib->buf_size));

	if (query_type == HostCmd_ACT_GEN_GET) {

		ul_temp = le16_to_cpu(*((__le16 *) (smib->value)));

		ul_temp = get_unaligned_le16(smib->value);

		if (data_buf)

			*data_buf = ul_temp;

		switch (oid) {
@@ -741,7 +741,7 @@ mwifiex_ret_p2p_mode_cfg(struct mwifiex_private *priv, 
	struct host_cmd_ds_p2p_mode_cfg *mode_cfg = &resp->params.mode_cfg;



	if (data_buf)

		*((u16 *)data_buf) = le16_to_cpu(mode_cfg->mode);

		put_unaligned_le16(le16_to_cpu(mode_cfg->mode), data_buf);



	return 0;

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE