Commit 6fe7dd0d authored by Amit Beka's avatar Amit Beka Committed by Wey-Yi Guy

iwlwifi: range check to testmode direct reg access

Added a check on the direct register access.
Checks that the address is in the lower ragnge (0x0-0x2000),
which belongs to CSR, HBUS and FH registers.
Signed-off-by: default avatarAmit Beka <amit.beka@intel.com>
Signed-off-by: default avatarWey-Yi W Guy <wey-yi.w.guy@intel.com>
parent f057ac4e
...@@ -79,6 +79,7 @@ ...@@ -79,6 +79,7 @@
#include "iwl-testmode.h" #include "iwl-testmode.h"
#include "iwl-trans.h" #include "iwl-trans.h"
#include "iwl-bus.h" #include "iwl-bus.h"
#include "iwl-fh.h"
/* The TLVs used in the gnl message policy between the kernel module and /* The TLVs used in the gnl message policy between the kernel module and
* user space application. iwl_testmode_gnl_msg_policy is to be carried * user space application. iwl_testmode_gnl_msg_policy is to be carried
...@@ -288,7 +289,7 @@ static int iwl_testmode_ucode(struct ieee80211_hw *hw, struct nlattr **tb) ...@@ -288,7 +289,7 @@ static int iwl_testmode_ucode(struct ieee80211_hw *hw, struct nlattr **tb)
static int iwl_testmode_reg(struct ieee80211_hw *hw, struct nlattr **tb) static int iwl_testmode_reg(struct ieee80211_hw *hw, struct nlattr **tb)
{ {
struct iwl_priv *priv = hw->priv; struct iwl_priv *priv = hw->priv;
u32 ofs, val32; u32 ofs, val32, cmd;
u8 val8; u8 val8;
struct sk_buff *skb; struct sk_buff *skb;
int status = 0; int status = 0;
...@@ -300,7 +301,20 @@ static int iwl_testmode_reg(struct ieee80211_hw *hw, struct nlattr **tb) ...@@ -300,7 +301,20 @@ static int iwl_testmode_reg(struct ieee80211_hw *hw, struct nlattr **tb)
ofs = nla_get_u32(tb[IWL_TM_ATTR_REG_OFFSET]); ofs = nla_get_u32(tb[IWL_TM_ATTR_REG_OFFSET]);
IWL_INFO(priv, "testmode register access command offset 0x%x\n", ofs); IWL_INFO(priv, "testmode register access command offset 0x%x\n", ofs);
switch (nla_get_u32(tb[IWL_TM_ATTR_COMMAND])) { /* Allow access only to FH/CSR/HBUS in direct mode.
Since we don't have the upper bounds for the CSR and HBUS segments,
we will use only the upper bound of FH for sanity check. */
cmd = nla_get_u32(tb[IWL_TM_ATTR_COMMAND]);
if ((cmd == IWL_TM_CMD_APP2DEV_DIRECT_REG_READ32 ||
cmd == IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE32 ||
cmd == IWL_TM_CMD_APP2DEV_DIRECT_REG_WRITE8) &&
(ofs >= FH_MEM_UPPER_BOUND)) {
IWL_DEBUG_INFO(priv, "offset out of segment (0x0 - 0x%x)\n",
FH_MEM_UPPER_BOUND);
return -EINVAL;
}
switch (cmd) {
case IWL_TM_CMD_APP2DEV_DIRECT_REG_READ32: case IWL_TM_CMD_APP2DEV_DIRECT_REG_READ32:
val32 = iwl_read_direct32(trans(priv), ofs); val32 = iwl_read_direct32(trans(priv), ofs);
IWL_INFO(priv, "32bit value to read 0x%x\n", val32); IWL_INFO(priv, "32bit value to read 0x%x\n", val32);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment