linux/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.h
Hante Meuleman 0aedbcaf6f brcmfmac: Add length checks on firmware events
Add additional length checks on firmware events to create more
robust code.

Reviewed-by: Arend Van Spriel <arend@broadcom.com>
Reviewed-by: Franky (Zhenhui) Lin <frankyl@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieterpg@broadcom.com>
Reviewed-by: Lei Zhang <leizh@broadcom.com>
Signed-off-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2016-03-07 14:14:45 +02:00

332 lines
9.4 KiB
C

/*
* Copyright (c) 2012 Broadcom Corporation
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef FWEH_H_
#define FWEH_H_
#include <asm/unaligned.h>
#include <linux/skbuff.h>
#include <linux/if_ether.h>
#include <linux/if.h>
/* formward declarations */
struct brcmf_pub;
struct brcmf_if;
struct brcmf_cfg80211_info;
/* list of firmware events */
#define BRCMF_FWEH_EVENT_ENUM_DEFLIST \
BRCMF_ENUM_DEF(SET_SSID, 0) \
BRCMF_ENUM_DEF(JOIN, 1) \
BRCMF_ENUM_DEF(START, 2) \
BRCMF_ENUM_DEF(AUTH, 3) \
BRCMF_ENUM_DEF(AUTH_IND, 4) \
BRCMF_ENUM_DEF(DEAUTH, 5) \
BRCMF_ENUM_DEF(DEAUTH_IND, 6) \
BRCMF_ENUM_DEF(ASSOC, 7) \
BRCMF_ENUM_DEF(ASSOC_IND, 8) \
BRCMF_ENUM_DEF(REASSOC, 9) \
BRCMF_ENUM_DEF(REASSOC_IND, 10) \
BRCMF_ENUM_DEF(DISASSOC, 11) \
BRCMF_ENUM_DEF(DISASSOC_IND, 12) \
BRCMF_ENUM_DEF(QUIET_START, 13) \
BRCMF_ENUM_DEF(QUIET_END, 14) \
BRCMF_ENUM_DEF(BEACON_RX, 15) \
BRCMF_ENUM_DEF(LINK, 16) \
BRCMF_ENUM_DEF(MIC_ERROR, 17) \
BRCMF_ENUM_DEF(NDIS_LINK, 18) \
BRCMF_ENUM_DEF(ROAM, 19) \
BRCMF_ENUM_DEF(TXFAIL, 20) \
BRCMF_ENUM_DEF(PMKID_CACHE, 21) \
BRCMF_ENUM_DEF(RETROGRADE_TSF, 22) \
BRCMF_ENUM_DEF(PRUNE, 23) \
BRCMF_ENUM_DEF(AUTOAUTH, 24) \
BRCMF_ENUM_DEF(EAPOL_MSG, 25) \
BRCMF_ENUM_DEF(SCAN_COMPLETE, 26) \
BRCMF_ENUM_DEF(ADDTS_IND, 27) \
BRCMF_ENUM_DEF(DELTS_IND, 28) \
BRCMF_ENUM_DEF(BCNSENT_IND, 29) \
BRCMF_ENUM_DEF(BCNRX_MSG, 30) \
BRCMF_ENUM_DEF(BCNLOST_MSG, 31) \
BRCMF_ENUM_DEF(ROAM_PREP, 32) \
BRCMF_ENUM_DEF(PFN_NET_FOUND, 33) \
BRCMF_ENUM_DEF(PFN_NET_LOST, 34) \
BRCMF_ENUM_DEF(RESET_COMPLETE, 35) \
BRCMF_ENUM_DEF(JOIN_START, 36) \
BRCMF_ENUM_DEF(ROAM_START, 37) \
BRCMF_ENUM_DEF(ASSOC_START, 38) \
BRCMF_ENUM_DEF(IBSS_ASSOC, 39) \
BRCMF_ENUM_DEF(RADIO, 40) \
BRCMF_ENUM_DEF(PSM_WATCHDOG, 41) \
BRCMF_ENUM_DEF(PROBREQ_MSG, 44) \
BRCMF_ENUM_DEF(SCAN_CONFIRM_IND, 45) \
BRCMF_ENUM_DEF(PSK_SUP, 46) \
BRCMF_ENUM_DEF(COUNTRY_CODE_CHANGED, 47) \
BRCMF_ENUM_DEF(EXCEEDED_MEDIUM_TIME, 48) \
BRCMF_ENUM_DEF(ICV_ERROR, 49) \
BRCMF_ENUM_DEF(UNICAST_DECODE_ERROR, 50) \
BRCMF_ENUM_DEF(MULTICAST_DECODE_ERROR, 51) \
BRCMF_ENUM_DEF(TRACE, 52) \
BRCMF_ENUM_DEF(IF, 54) \
BRCMF_ENUM_DEF(P2P_DISC_LISTEN_COMPLETE, 55) \
BRCMF_ENUM_DEF(RSSI, 56) \
BRCMF_ENUM_DEF(EXTLOG_MSG, 58) \
BRCMF_ENUM_DEF(ACTION_FRAME, 59) \
BRCMF_ENUM_DEF(ACTION_FRAME_COMPLETE, 60) \
BRCMF_ENUM_DEF(PRE_ASSOC_IND, 61) \
BRCMF_ENUM_DEF(PRE_REASSOC_IND, 62) \
BRCMF_ENUM_DEF(CHANNEL_ADOPTED, 63) \
BRCMF_ENUM_DEF(AP_STARTED, 64) \
BRCMF_ENUM_DEF(DFS_AP_STOP, 65) \
BRCMF_ENUM_DEF(DFS_AP_RESUME, 66) \
BRCMF_ENUM_DEF(ESCAN_RESULT, 69) \
BRCMF_ENUM_DEF(ACTION_FRAME_OFF_CHAN_COMPLETE, 70) \
BRCMF_ENUM_DEF(PROBERESP_MSG, 71) \
BRCMF_ENUM_DEF(P2P_PROBEREQ_MSG, 72) \
BRCMF_ENUM_DEF(DCS_REQUEST, 73) \
BRCMF_ENUM_DEF(FIFO_CREDIT_MAP, 74) \
BRCMF_ENUM_DEF(ACTION_FRAME_RX, 75) \
BRCMF_ENUM_DEF(TDLS_PEER_EVENT, 92) \
BRCMF_ENUM_DEF(BCMC_CREDIT_SUPPORT, 127)
#define BRCMF_ENUM_DEF(id, val) \
BRCMF_E_##id = (val),
/* firmware event codes sent by the dongle */
enum brcmf_fweh_event_code {
BRCMF_FWEH_EVENT_ENUM_DEFLIST
/* this determines event mask length which must match
* minimum length check in device firmware so it is
* hard-coded here.
*/
BRCMF_E_LAST = 139
};
#undef BRCMF_ENUM_DEF
#define BRCMF_EVENTING_MASK_LEN DIV_ROUND_UP(BRCMF_E_LAST, 8)
/* flags field values in struct brcmf_event_msg */
#define BRCMF_EVENT_MSG_LINK 0x01
#define BRCMF_EVENT_MSG_FLUSHTXQ 0x02
#define BRCMF_EVENT_MSG_GROUP 0x04
/* status field values in struct brcmf_event_msg */
#define BRCMF_E_STATUS_SUCCESS 0
#define BRCMF_E_STATUS_FAIL 1
#define BRCMF_E_STATUS_TIMEOUT 2
#define BRCMF_E_STATUS_NO_NETWORKS 3
#define BRCMF_E_STATUS_ABORT 4
#define BRCMF_E_STATUS_NO_ACK 5
#define BRCMF_E_STATUS_UNSOLICITED 6
#define BRCMF_E_STATUS_ATTEMPT 7
#define BRCMF_E_STATUS_PARTIAL 8
#define BRCMF_E_STATUS_NEWSCAN 9
#define BRCMF_E_STATUS_NEWASSOC 10
#define BRCMF_E_STATUS_11HQUIET 11
#define BRCMF_E_STATUS_SUPPRESS 12
#define BRCMF_E_STATUS_NOCHANS 13
#define BRCMF_E_STATUS_CS_ABORT 15
#define BRCMF_E_STATUS_ERROR 16
/* reason field values in struct brcmf_event_msg */
#define BRCMF_E_REASON_INITIAL_ASSOC 0
#define BRCMF_E_REASON_LOW_RSSI 1
#define BRCMF_E_REASON_DEAUTH 2
#define BRCMF_E_REASON_DISASSOC 3
#define BRCMF_E_REASON_BCNS_LOST 4
#define BRCMF_E_REASON_MINTXRATE 9
#define BRCMF_E_REASON_TXFAIL 10
#define BRCMF_E_REASON_LINK_BSSCFG_DIS 4
#define BRCMF_E_REASON_FAST_ROAM_FAILED 5
#define BRCMF_E_REASON_DIRECTED_ROAM 6
#define BRCMF_E_REASON_TSPEC_REJECTED 7
#define BRCMF_E_REASON_BETTER_AP 8
#define BRCMF_E_REASON_TDLS_PEER_DISCOVERED 0
#define BRCMF_E_REASON_TDLS_PEER_CONNECTED 1
#define BRCMF_E_REASON_TDLS_PEER_DISCONNECTED 2
/* action field values for brcmf_ifevent */
#define BRCMF_E_IF_ADD 1
#define BRCMF_E_IF_DEL 2
#define BRCMF_E_IF_CHANGE 3
/* flag field values for brcmf_ifevent */
#define BRCMF_E_IF_FLAG_NOIF 1
/* role field values for brcmf_ifevent */
#define BRCMF_E_IF_ROLE_STA 0
#define BRCMF_E_IF_ROLE_AP 1
#define BRCMF_E_IF_ROLE_WDS 2
#define BRCMF_E_IF_ROLE_P2P_GO 3
#define BRCMF_E_IF_ROLE_P2P_CLIENT 4
/**
* definitions for event packet validation.
*/
#define BRCM_OUI "\x00\x10\x18"
#define BCMILCP_BCM_SUBTYPE_EVENT 1
/**
* struct brcm_ethhdr - broadcom specific ether header.
*
* @subtype: subtype for this packet.
* @length: TODO: length of appended data.
* @version: version indication.
* @oui: OUI of this packet.
* @usr_subtype: subtype for this OUI.
*/
struct brcm_ethhdr {
__be16 subtype;
__be16 length;
u8 version;
u8 oui[3];
__be16 usr_subtype;
} __packed;
struct brcmf_event_msg_be {
__be16 version;
__be16 flags;
__be32 event_type;
__be32 status;
__be32 reason;
__be32 auth_type;
__be32 datalen;
u8 addr[ETH_ALEN];
char ifname[IFNAMSIZ];
u8 ifidx;
u8 bsscfgidx;
} __packed;
/**
* struct brcmf_event - contents of broadcom event packet.
*
* @eth: standard ether header.
* @hdr: broadcom specific ether header.
* @msg: common part of the actual event message.
*/
struct brcmf_event {
struct ethhdr eth;
struct brcm_ethhdr hdr;
struct brcmf_event_msg_be msg;
} __packed;
/**
* struct brcmf_event_msg - firmware event message.
*
* @version: version information.
* @flags: event flags.
* @event_code: firmware event code.
* @status: status information.
* @reason: reason code.
* @auth_type: authentication type.
* @datalen: lenght of event data buffer.
* @addr: ether address.
* @ifname: interface name.
* @ifidx: interface index.
* @bsscfgidx: bsscfg index.
*/
struct brcmf_event_msg {
u16 version;
u16 flags;
u32 event_code;
u32 status;
u32 reason;
s32 auth_type;
u32 datalen;
u8 addr[ETH_ALEN];
char ifname[IFNAMSIZ];
u8 ifidx;
u8 bsscfgidx;
};
struct brcmf_if_event {
u8 ifidx;
u8 action;
u8 flags;
u8 bsscfgidx;
u8 role;
};
typedef int (*brcmf_fweh_handler_t)(struct brcmf_if *ifp,
const struct brcmf_event_msg *evtmsg,
void *data);
/**
* struct brcmf_fweh_info - firmware event handling information.
*
* @p2pdev_setup_ongoing: P2P device creation in progress.
* @event_work: event worker.
* @evt_q_lock: lock for event queue protection.
* @event_q: event queue.
* @evt_handler: registered event handlers.
*/
struct brcmf_fweh_info {
bool p2pdev_setup_ongoing;
struct work_struct event_work;
spinlock_t evt_q_lock;
struct list_head event_q;
int (*evt_handler[BRCMF_E_LAST])(struct brcmf_if *ifp,
const struct brcmf_event_msg *evtmsg,
void *data);
};
void brcmf_fweh_attach(struct brcmf_pub *drvr);
void brcmf_fweh_detach(struct brcmf_pub *drvr);
int brcmf_fweh_register(struct brcmf_pub *drvr, enum brcmf_fweh_event_code code,
int (*handler)(struct brcmf_if *ifp,
const struct brcmf_event_msg *evtmsg,
void *data));
void brcmf_fweh_unregister(struct brcmf_pub *drvr,
enum brcmf_fweh_event_code code);
int brcmf_fweh_activate_events(struct brcmf_if *ifp);
void brcmf_fweh_process_event(struct brcmf_pub *drvr,
struct brcmf_event *event_packet,
u32 packet_len);
void brcmf_fweh_p2pdev_setup(struct brcmf_if *ifp, bool ongoing);
static inline void brcmf_fweh_process_skb(struct brcmf_pub *drvr,
struct sk_buff *skb)
{
struct brcmf_event *event_packet;
u16 usr_stype;
/* only process events when protocol matches */
if (skb->protocol != cpu_to_be16(ETH_P_LINK_CTL))
return;
if ((skb->len + ETH_HLEN) < sizeof(*event_packet))
return;
/* check for BRCM oui match */
event_packet = (struct brcmf_event *)skb_mac_header(skb);
if (memcmp(BRCM_OUI, &event_packet->hdr.oui[0],
sizeof(event_packet->hdr.oui)))
return;
/* final match on usr_subtype */
usr_stype = get_unaligned_be16(&event_packet->hdr.usr_subtype);
if (usr_stype != BCMILCP_BCM_SUBTYPE_EVENT)
return;
brcmf_fweh_process_event(drvr, event_packet, skb->len + ETH_HLEN);
}
#endif /* FWEH_H_ */