[Prism54-devel] [PATCH 10/14 linux-2.6.7-rc1] prism54: Don't allow mib reads while unconfigured

Luis R. Rodriguez Luis R. Rodriguez" <mcgrof@ruslug.rutgers.edu
Mon, 24 May 2004 04:33:30 -0400


--cGn0fZIJon5R7R2H
Content-Type: multipart/mixed; boundary="yQifGgTvVVJcdOYJ"
Content-Disposition: inline


--yQifGgTvVVJcdOYJ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


2004-04-17      Aurelien Alleaume <slts@free.fr>

        * oid_mgt.c, isl_ioctl.c : Cleanup. Prevented real oid reading
	before the card is configured with mib values (might be
	related to
	bug #53).

--=20
GnuPG Key fingerprint =3D 113F B290 C6D2 0251 4D84  A34A 6ADD 4937 E20A 525E

--yQifGgTvVVJcdOYJ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="10-prevent-oid-read-before-config.patch"
Content-Transfer-Encoding: quoted-printable

2004-04-17	Aurelien Alleaume <slts@free.fr>

	* oid_mgt.c, isl_ioctl.c : Cleanup. Prevented real oid reading
	before the card is configured with mib values (might be related to=20
	bug #53).

Index: linux-2.6.7-rc1/drivers/net/wireless/prism54/isl_ioctl.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /var/lib/cvs/prism54-ng/ksrc/isl_ioctl.c,v
retrieving revision 1.151
retrieving revision 1.152
diff -u -r1.151 -r1.152
--- linux-2.6.7-rc1/drivers/net/wireless/prism54/isl_ioctl.c	9 Apr 2004 11:=
42:25 -0000	1.151
+++ linux-2.6.7-rc1/drivers/net/wireless/prism54/isl_ioctl.c	17 Apr 2004 08=
:46:04 -0000	1.152
@@ -1,4 +1,4 @@
-/*  $Header: /var/lib/cvs/prism54-ng/ksrc/isl_ioctl.c,v 1.151 2004/04/09 1=
1:42:25 ajfa Exp $
+/*  $Header: /var/lib/cvs/prism54-ng/ksrc/isl_ioctl.c,v 1.152 2004/04/17 0=
8:46:04 ajfa Exp $
  * =20
  *  Copyright (C) 2002 Intersil Americas Inc.
  *            (C) 2003,2004 Aurelien Alleaume <slts@free.fr>
@@ -173,14 +173,6 @@
 	prism54_mib_mode_helper(priv, init_mode);
 }
=20
-void
-prism54_mib_init_work(islpci_private *priv)
-{
-	down_write(&priv->mib_sem);
-	mgt_commit(priv);
-	up_write(&priv->mib_sem);
-}
-
 /* this will be executed outside of atomic context thanks to
  * schedule_work(), thus we can as well use sleeping semaphore
  * locking */
@@ -195,13 +187,6 @@
 	if (down_interruptible(&priv->stats_sem))
 		return;
=20
-/* missing stats are :
- *  iwstatistics.qual.updated
- *  iwstatistics.discard.nwid	   =20
- *  iwstatistics.discard.fragment	   =20
- *  iwstatistics.discard.misc
- *  iwstatistics.miss.beacon */
-
 /* Noise floor.
  * I'm not sure if the unit is dBm.
  * Note : If we are not connected, this value seems to be irrelevant. */
@@ -425,7 +410,6 @@
 	/* by default  the card sets this to 20. */
 	sens =3D vwrq->disabled ? 20 : vwrq->value;
=20
-	/* set the ed threshold. */
 	return mgt_set_request(priv, DOT11_OID_EDTHRESHOLD, 0, &sens);
 }
=20
@@ -534,9 +518,7 @@
 		i++;
 		data++;
 	}
-
 	range->num_bitrates =3D i;
-
 	kfree(r.ptr);
=20
 	return rvalue;
@@ -575,7 +557,6 @@
 	int rvalue;
=20
 	rvalue =3D mgt_get_request(priv, DOT11_OID_BSSID, 0, NULL, &r);
-
 	memcpy(awrq->sa_data, r.ptr, 6);
 	awrq->sa_family =3D ARPHRD_ETHER;
 	kfree(r.ptr);
@@ -685,7 +666,6 @@
 			kfree(buf);
 		}
 	}
-
 	return current_ev;
 }
=20
@@ -712,7 +692,7 @@
=20
 	/* Ask the device for a list of known bss. We can report at most
 	 * IW_MAX_AP=3D64 to the range struct. But the device won't repport anyth=
ing
-	 * if you change the value of MAXBSS=3D24. Anyway 24 AP It is probably en=
ough.
+	 * if you change the value of IWMAX_BSS=3D24.
 	 */
 	rvalue |=3D mgt_get_request(priv, DOT11_OID_BSSLIST, 0, NULL, &r);
 	bsslist =3D r.ptr;
@@ -969,8 +949,6 @@
  * small frame <=3D>  smaller than the rts threshold
  * This is not really the behavior expected by the wireless tool but it se=
ems
  * to be a common behavior in other drivers.
- *=20
- * It seems that playing with this tends to hang the card -> DISABLED
  */
=20
 static int
@@ -1002,18 +980,16 @@
 		lifetime =3D vwrq->value / 1024;
=20
 	/* now set what is requested */
-
-	if (slimit !=3D 0)
+	if (slimit)
 		rvalue =3D
 		    mgt_set_request(priv, DOT11_OID_SHORTRETRIES, 0, &slimit);
-	if (llimit !=3D 0)
+	if (llimit)
 		rvalue |=3D
 		    mgt_set_request(priv, DOT11_OID_LONGRETRIES, 0, &llimit);
-	if (lifetime !=3D 0)
+	if (lifetime)
 		rvalue |=3D
 		    mgt_set_request(priv, DOT11_OID_MAXTXLIFETIME, 0,
 				    &lifetime);
-
 	return rvalue;
 }
=20
@@ -1109,8 +1085,7 @@
 			}
 		}
 	}
-
-	/* now read the flags     */
+	/* now read the flags */
 	if (dwrq->flags & IW_ENCODE_DISABLED) {
 		/* Encoding disabled,=20
 		 * authen =3D DOT11_AUTH_OS;
@@ -1261,11 +1236,6 @@
 prism54_set_u32(struct net_device *ndev, struct iw_request_info *info,
 		__u32 * uwrq, char *extra)
 {
-	/*
-	   u32 *i =3D (int *) extra;
-	   int param =3D *i;
-	   int u =3D *(i + 1);
-	 */
 	u32 oid =3D uwrq[0], u =3D uwrq[1];
=20
 	return mgt_set_request((islpci_private *) ndev->priv, oid, 0, &u);
@@ -1836,9 +1806,7 @@
 				     0);
 		break;
=20
-		/* Note : the following should never happen since we don't run the card =
in
-		 * extended mode.
-		 * Note : "mlme" is actually a "struct obj_mlmeex *" here, but this
+		/* Note : "mlme" is actually a "struct obj_mlmeex *" here, but this
 		 * is backward compatible layout-wise with "struct obj_mlme".
 		 */
=20
Index: linux-2.6.7-rc1/drivers/net/wireless/prism54/isl_ioctl.h
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /var/lib/cvs/prism54-ng/ksrc/isl_ioctl.h,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- linux-2.6.7-rc1/drivers/net/wireless/prism54/isl_ioctl.h	18 Mar 2004 05=
:25:24 -0000	1.31
+++ linux-2.6.7-rc1/drivers/net/wireless/prism54/isl_ioctl.h	17 Apr 2004 08=
:46:04 -0000	1.32
@@ -1,4 +1,4 @@
-/*  $Header: /var/lib/cvs/prism54-ng/ksrc/isl_ioctl.h,v 1.30 2004/01/30 16=
:24:00 ajfa Exp $
+/*  $Header: /var/lib/cvs/prism54-ng/ksrc/isl_ioctl.h,v 1.32 2004/04/17 08=
:46:04 ajfa Exp $
  * =20
  *  Copyright (C) 2002 Intersil Americas Inc.
  *            (C) 2003 Aurelien Alleaume <slts@free.fr>
@@ -30,7 +30,6 @@
 #define SUPPORTED_WIRELESS_EXT                  16
=20
 void prism54_mib_init(islpci_private *);
-void prism54_mib_init_work(islpci_private *);
=20
 struct iw_statistics *prism54_get_wireless_stats(struct net_device *);
 void prism54_update_stats(islpci_private *);
Index: linux-2.6.7-rc1/drivers/net/wireless/prism54/islpci_dev.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /var/lib/cvs/prism54-ng/ksrc/islpci_dev.c,v
retrieving revision 1.74
retrieving revision 1.75
diff -u -r1.74 -r1.75
--- linux-2.6.7-rc1/drivers/net/wireless/prism54/islpci_dev.c	7 Apr 2004 04=
:12:12 -0000	1.74
+++ linux-2.6.7-rc1/drivers/net/wireless/prism54/islpci_dev.c	17 Apr 2004 0=
8:46:04 -0000	1.75
@@ -1,4 +1,4 @@
-/*  $Header: /var/lib/cvs/prism54-ng/ksrc/islpci_dev.c,v 1.74 2004/04/07 0=
4:12:12 msw Exp $
+/*  $Header: /var/lib/cvs/prism54-ng/ksrc/islpci_dev.c,v 1.75 2004/04/17 0=
8:46:04 ajfa Exp $
  * =20
  *  Copyright (C) 2002 Intersil Americas Inc.
  *  Copyright (C) 2003 Herbert Valerio Riedel <hvr@gnu.org>
@@ -387,7 +387,9 @@
 	 * the IRQ line until we know for sure the reset went through */
 	isl38xx_enable_common_interrupts(priv->device_base);
=20
-	prism54_mib_init_work(priv);
+	down_write(&priv->mib_sem);
+	mgt_commit(priv);
+	up_write(&priv->mib_sem);
=20
 	islpci_set_state(priv, PRV_STATE_READY);
=20
Index: linux-2.6.7-rc1/drivers/net/wireless/prism54/islpci_mgt.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /var/lib/cvs/prism54-ng/ksrc/islpci_mgt.c,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- linux-2.6.7-rc1/drivers/net/wireless/prism54/islpci_mgt.c	9 Apr 2004 11=
:42:25 -0000	1.44
+++ linux-2.6.7-rc1/drivers/net/wireless/prism54/islpci_mgt.c	10 Apr 2004 0=
3:16:55 -0000	1.45
@@ -1,4 +1,4 @@
-/*  $Header: /var/lib/cvs/prism54-ng/ksrc/islpci_mgt.c,v 1.44 2004/04/09 1=
1:42:25 ajfa Exp $
+/*  $Header: /var/lib/cvs/prism54-ng/ksrc/islpci_mgt.c,v 1.45 2004/04/10 0=
3:16:55 msw Exp $
  * =20
  *  Copyright (C) 2002 Intersil Americas Inc.
  *  Copyright 2004 Jens Maurer <Jens.Maurer@gmx.net>
@@ -312,8 +312,9 @@
 		 * size of a receive buffer.  Thus, if this check
 		 * triggers, we likely have kernel heap corruption. */
 		if (frag_len > MGMT_FRAME_SIZE) {
-			printk(KERN_WARNING "%s: Bogus packet size of %d (%#x).\
-n", ndev->name, frag_len, frag_len);
+			printk(KERN_WARNING
+				"%s: Bogus packet size of %d (%#x).\n",
+				ndev->name, frag_len, frag_len);
 			frag_len =3D MGMT_FRAME_SIZE;
 		}
=20
@@ -487,8 +488,9 @@
 		}
 		if (timeleft =3D=3D 0) {
 			printk(KERN_DEBUG
-			       "%s: timeout waiting for mgmt response %lu, trigging device\n",
-			       ndev->name, timeout_left);
+				"%s: timeout waiting for mgmt response %lu, "
+				"triggering device\n",
+				ndev->name, timeout_left);
 			islpci_trigger(priv);
 		}
 		timeout_left +=3D timeleft - wait_cycle_jiffies;
Index: linux-2.6.7-rc1/drivers/net/wireless/prism54/oid_mgt.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /var/lib/cvs/prism54-ng/ksrc/oid_mgt.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- linux-2.6.7-rc1/drivers/net/wireless/prism54/oid_mgt.c	9 Apr 2004 11:42=
:25 -0000	1.14
+++ linux-2.6.7-rc1/drivers/net/wireless/prism54/oid_mgt.c	17 Apr 2004 08:4=
6:04 -0000	1.15
@@ -446,7 +446,7 @@
 	if (cache)
 		down_write(&priv->mib_sem);
=20
-	if (islpci_get_state(priv) >=3D PRV_STATE_INIT) {
+	if (islpci_get_state(priv) >=3D PRV_STATE_READY) {
 		ret =3D islpci_mgt_transaction(priv->ndev, PIMFOR_OP_SET, oid,
 					     _data, dlen, &response);
 		if (!ret) {
@@ -500,7 +500,7 @@
 	if (cache)
 		down_read(&priv->mib_sem);
=20
-	if (islpci_get_state(priv) >=3D PRV_STATE_INIT) {
+	if (islpci_get_state(priv) >=3D PRV_STATE_READY) {
 		ret =3D islpci_mgt_transaction(priv->ndev, PIMFOR_OP_GET,
 					     oid, data, dlen, &response);
 		if (ret || !response ||
@@ -539,7 +539,7 @@
 	if (reslen > isl_oid[n].size)
 		printk(KERN_DEBUG
 		       "mgt_get_request(0x%x): received data length was bigger "
-		       "than expected (%d > %d). Memory is probably corrupted... ",
+		       "than expected (%d > %d). Memory is probably corrupted...",
 		       oid, reslen, isl_oid[n].size);
=20
 	return ret;
@@ -622,12 +622,32 @@
 	OID_INL_OUTPUTPOWER,
 };
=20
+/* update the MAC addr. */
+static int
+mgt_update_addr(islpci_private *priv)
+{
+	struct islpci_mgmtframe *res;
+	int ret;
+
+	ret =3D islpci_mgt_transaction(priv->ndev, PIMFOR_OP_GET,
+				     isl_oid[GEN_OID_MACADDRESS].oid, NULL,
+				     isl_oid[GEN_OID_MACADDRESS].size, &res);
+
+	if ((ret =3D=3D 0) && res && (res->header->operation !=3D PIMFOR_OP_ERROR=
))
+		memcpy(priv->ndev->dev_addr, res->data, 6);
+	else
+		ret =3D -EIO;
+	if (res)
+		islpci_mgt_release(res);
+
+	return ret;
+}
+
 void
 mgt_commit(islpci_private *priv)
 {
 	int rvalue;
 	u32 u;
-	union oid_res_t r;
=20
 	if (islpci_get_state(priv) < PRV_STATE_INIT)
 		return;
@@ -643,6 +663,7 @@
=20
 	u =3D OID_INL_MODE;
 	rvalue |=3D mgt_commit_list(priv, &u, 1);
+	rvalue |=3D mgt_update_addr(priv);
=20
 	if (rvalue) {
 		/* some request have failed. The device might be in an
@@ -650,14 +671,6 @@
 		printk(KERN_DEBUG "%s: mgt_commit has failed. Restart the "
 		       "device \n", priv->ndev->name);
 	}
-
-	/* update the MAC addr. As it's not cached, no lock will be acquired by
-	 * the mgt_get_request
-	 */
-	mgt_get_request(priv, GEN_OID_MACADDRESS, 0, NULL, &r);
-	memcpy(priv->ndev->dev_addr, r.ptr, 6);
-	kfree(r.ptr);
-
 }
=20
 /* This will tell you if you are allowed to answer a mlme(ex) request .*/
@@ -710,8 +723,11 @@
 	case OID_TYPE_BSS:{
 			struct obj_bss *bss =3D r->ptr;
 			return snprintf(str, PRIV_STR_SIZE,
-					"age=3D%u\nchannel=3D%u\n\
-				        capinfo=3D0x%X\nrates=3D0x%X\nbasic_rates=3D0x%X\n", bss->age,=
 bss->channel, bss->capinfo, bss->rates, bss->basic_rates);
+					"age=3D%u\nchannel=3D%u\n"
+					"capinfo=3D0x%X\nrates=3D0x%X\n"
+					"basic_rates=3D0x%X\n", bss->age,
+					bss->channel, bss->capinfo,
+					bss->rates, bss->basic_rates);
 		}
 		break;
 	case OID_TYPE_BSSLIST:{
@@ -720,7 +736,9 @@
 			k =3D snprintf(str, PRIV_STR_SIZE, "nr=3D%u\n", list->nr);
 			for (i =3D 0; i < list->nr; i++)
 				k +=3D snprintf(str + k, PRIV_STR_SIZE - k,
-					      "bss[%u] : \nage=3D%u\nchannel=3D%u\ncapinfo=3D0x%X\nrates=3D0x=
%X\nbasic_rates=3D0x%X\n",
+					      "bss[%u] : \nage=3D%u\nchannel=3D%u\n"
+					      "capinfo=3D0x%X\nrates=3D0x%X\n"
+					      "basic_rates=3D0x%X\n",
 					      i, list->bsslist[i].age,
 					      list->bsslist[i].channel,
 					      list->bsslist[i].capinfo,
@@ -742,16 +760,17 @@
 		break;
 	case OID_TYPE_MLME:{
 			struct obj_mlme *mlme =3D r->ptr;
-			return snprintf(str, PRIV_STR_SIZE, "id=3D0x%X\nstate=3D0x%X\n\
-			         code=3D0x%X\n", mlme->id, mlme->state,
-					mlme->code);
+			return snprintf(str, PRIV_STR_SIZE,
+					"id=3D0x%X\nstate=3D0x%X\ncode=3D0x%X\n",
+					mlme->id, mlme->state, mlme->code);
 		}
 		break;
 	case OID_TYPE_MLMEEX:{
 			struct obj_mlmeex *mlme =3D r->ptr;
-			return snprintf(str, PRIV_STR_SIZE, "id=3D0x%X\nstate=3D0x%X\n\
-			         code=3D0x%X\nsize=3D0x%X\n", mlme->id, mlme->state,
-					mlme->code, mlme->size);
+			return snprintf(str, PRIV_STR_SIZE,
+					"id=3D0x%X\nstate=3D0x%X\n"
+					"code=3D0x%X\nsize=3D0x%X\n", mlme->id,
+					mlme->state, mlme->code, mlme->size);
 		}
 		break;
 	case OID_TYPE_SSID:{
Index: linux-2.6.7-rc1/drivers/net/wireless/prism54/prismcompat24.h
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /var/lib/cvs/prism54-ng/ksrc/prismcompat24.h,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- linux-2.6.7-rc1/drivers/net/wireless/prism54/prismcompat24.h	20 Mar 200=
4 18:23:28 -0000	1.1
+++ linux-2.6.7-rc1/drivers/net/wireless/prism54/prismcompat24.h	13 Apr 200=
4 08:20:13 -0000	1.2
@@ -27,20 +27,25 @@
 #include <linux/config.h>
 #include <linux/tqueue.h>
=20
-#define work_struct		tq_struct
-#define INIT_WORK		INIT_TQUEUE
-#define schedule_work		schedule_task
-
-#define irqreturn_t		void
-#define IRQ_HANDLED
-#define IRQ_NONE
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,4,25)
+#define module_param(x, y, z)	MODULE_PARM(x, "i")
+#else
+#include <linux/moduleparam.h>
+#endif
=20
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,4,23)
 #define free_netdev(x)		kfree(x)
 #define pci_name(x)		x->slot_name
+#define irqreturn_t		void
+#define IRQ_HANDLED
+#define IRQ_NONE
+#else
+#include <linux/interrupt.h>
 #endif
=20
-#define module_param(x, y, z)	MODULE_PARM(x, "i")
+#define work_struct		tq_struct
+#define INIT_WORK		INIT_TQUEUE
+#define schedule_work		schedule_task
=20
 #define netdev_priv(x)		x->priv
=20

--yQifGgTvVVJcdOYJ--

--cGn0fZIJon5R7R2H
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAsbNaat1JN+IKUl4RAmYgAJ9lElz3VPsY3qRvJlVTIo9AyreENACfXoTc
Exnhw03PYFJcxGzvK20JIts=
=ClAE
-----END PGP SIGNATURE-----

--cGn0fZIJon5R7R2H--