| developer | d243af0 | 2023-12-21 14:49:33 +0800 | [diff] [blame^] | 1 | From 6bef1f8c48baa71a2c7b4bc22e30915fe0651b92 Mon Sep 17 00:00:00 2001 |
| 2 | From: Benjamin Lin <benjamin-jw.lin@mediatek.com> |
| 3 | Date: Thu, 9 Nov 2023 10:35:13 +0800 |
| 4 | Subject: [PATCH 08/23] mtk: wifi: mt76: mt7992: add TLV sanity check |
| 5 | |
| 6 | If TLV involves beacon content, its length might not be 4-byte aligned. |
| 7 | Therefore, 4-byte alignment check and padding, if necessary, are performed before sending TLV to FW. |
| 8 | |
| 9 | Signed-off-by: Benjamin Lin <benjamin-jw.lin@mediatek.com> |
| 10 | --- |
| 11 | mt7996/mcu.c | 14 +++++--------- |
| 12 | mt7996/mcu.h | 4 ++-- |
| 13 | 2 files changed, 7 insertions(+), 11 deletions(-) |
| 14 | |
| 15 | diff --git a/mt7996/mcu.c b/mt7996/mcu.c |
| 16 | index 8c033030..071a9ec2 100644 |
| 17 | --- a/mt7996/mcu.c |
| 18 | +++ b/mt7996/mcu.c |
| 19 | @@ -732,13 +732,10 @@ void mt7996_mcu_rx_event(struct mt7996_dev *dev, struct sk_buff *skb) |
| 20 | static struct tlv * |
| 21 | mt7996_mcu_add_uni_tlv(struct sk_buff *skb, u16 tag, u16 len) |
| 22 | { |
| 23 | - struct tlv *ptlv, tlv = { |
| 24 | - .tag = cpu_to_le16(tag), |
| 25 | - .len = cpu_to_le16(len), |
| 26 | - }; |
| 27 | + struct tlv *ptlv = skb_put(skb, len); |
| 28 | |
| 29 | - ptlv = skb_put(skb, len); |
| 30 | - memcpy(ptlv, &tlv, sizeof(tlv)); |
| 31 | + ptlv->tag = cpu_to_le16(tag); |
| 32 | + ptlv->len = cpu_to_le16(len); |
| 33 | |
| 34 | return ptlv; |
| 35 | } |
| 36 | @@ -2536,7 +2533,7 @@ int mt7996_mcu_add_beacon(struct ieee80211_hw *hw, |
| 37 | info = IEEE80211_SKB_CB(skb); |
| 38 | info->hw_queue |= FIELD_PREP(MT_TX_HW_QUEUE_PHY, phy->mt76->band_idx); |
| 39 | |
| 40 | - len = sizeof(*bcn) + MT_TXD_SIZE + skb->len; |
| 41 | + len = ALIGN(sizeof(*bcn) + MT_TXD_SIZE + skb->len, 4); |
| 42 | tlv = mt7996_mcu_add_uni_tlv(rskb, UNI_BSS_INFO_BCN_CONTENT, len); |
| 43 | bcn = (struct bss_bcn_content_tlv *)tlv; |
| 44 | bcn->enable = en; |
| 45 | @@ -2605,8 +2602,7 @@ int mt7996_mcu_beacon_inband_discov(struct mt7996_dev *dev, |
| 46 | info->band = band; |
| 47 | info->hw_queue |= FIELD_PREP(MT_TX_HW_QUEUE_PHY, phy->mt76->band_idx); |
| 48 | |
| 49 | - len = sizeof(*discov) + MT_TXD_SIZE + skb->len; |
| 50 | - |
| 51 | + len = ALIGN(sizeof(*discov) + MT_TXD_SIZE + skb->len, 4); |
| 52 | tlv = mt7996_mcu_add_uni_tlv(rskb, UNI_BSS_INFO_OFFLOAD, len); |
| 53 | |
| 54 | discov = (struct bss_inband_discovery_tlv *)tlv; |
| 55 | diff --git a/mt7996/mcu.h b/mt7996/mcu.h |
| 56 | index 3e013b20..a9ba63d1 100644 |
| 57 | --- a/mt7996/mcu.h |
| 58 | +++ b/mt7996/mcu.h |
| 59 | @@ -800,10 +800,10 @@ enum { |
| 60 | sizeof(struct sta_rec_hdr_trans) + \ |
| 61 | sizeof(struct tlv)) |
| 62 | |
| 63 | -#define MT7996_MAX_BEACON_SIZE 1342 |
| 64 | +#define MT7996_MAX_BEACON_SIZE 1338 |
| 65 | #define MT7996_BEACON_UPDATE_SIZE (sizeof(struct bss_req_hdr) + \ |
| 66 | sizeof(struct bss_bcn_content_tlv) + \ |
| 67 | - MT_TXD_SIZE + \ |
| 68 | + 4 + MT_TXD_SIZE + \ |
| 69 | sizeof(struct bss_bcn_cntdwn_tlv) + \ |
| 70 | sizeof(struct bss_bcn_mbss_tlv)) |
| 71 | #define MT7996_MAX_BSS_OFFLOAD_SIZE (MT7996_MAX_BEACON_SIZE + \ |
| 72 | -- |
| 73 | 2.18.0 |
| 74 | |