Commit d33e152e authored by David S. Miller's avatar David S. Miller

iwlwifi: Stop using NLA_PUT*().

These macros contain a hidden goto, and are thus extremely error
prone and make code hard to audit.
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 7b69549a
...@@ -184,9 +184,10 @@ static void iwl_testmode_ucode_rx_pkt(struct iwl_priv *priv, ...@@ -184,9 +184,10 @@ static void iwl_testmode_ucode_rx_pkt(struct iwl_priv *priv,
"Run out of memory for messages to user space ?\n"); "Run out of memory for messages to user space ?\n");
return; return;
} }
NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND, IWL_TM_CMD_DEV2APP_UCODE_RX_PKT); if (nla_put_u32(skb, IWL_TM_ATTR_COMMAND, IWL_TM_CMD_DEV2APP_UCODE_RX_PKT) ||
/* the length doesn't include len_n_flags field, so add it manually */ /* the length doesn't include len_n_flags field, so add it manually */
NLA_PUT(skb, IWL_TM_ATTR_UCODE_RX_PKT, length + sizeof(__le32), data); nla_put(skb, IWL_TM_ATTR_UCODE_RX_PKT, length + sizeof(__le32), data))
goto nla_put_failure;
cfg80211_testmode_event(skb, GFP_ATOMIC); cfg80211_testmode_event(skb, GFP_ATOMIC);
return; return;
...@@ -314,8 +315,9 @@ static int iwl_testmode_ucode(struct ieee80211_hw *hw, struct nlattr **tb) ...@@ -314,8 +315,9 @@ static int iwl_testmode_ucode(struct ieee80211_hw *hw, struct nlattr **tb)
memcpy(reply_buf, &(pkt->hdr), reply_len); memcpy(reply_buf, &(pkt->hdr), reply_len);
iwl_free_resp(&cmd); iwl_free_resp(&cmd);
NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND, IWL_TM_CMD_DEV2APP_UCODE_RX_PKT); if (nla_put_u32(skb, IWL_TM_ATTR_COMMAND, IWL_TM_CMD_DEV2APP_UCODE_RX_PKT) ||
NLA_PUT(skb, IWL_TM_ATTR_UCODE_RX_PKT, reply_len, reply_buf); nla_put(skb, IWL_TM_ATTR_UCODE_RX_PKT, reply_len, reply_buf))
goto nla_put_failure;
return cfg80211_testmode_reply(skb); return cfg80211_testmode_reply(skb);
nla_put_failure: nla_put_failure:
...@@ -379,7 +381,8 @@ static int iwl_testmode_reg(struct ieee80211_hw *hw, struct nlattr **tb) ...@@ -379,7 +381,8 @@ static int iwl_testmode_reg(struct ieee80211_hw *hw, struct nlattr **tb)
IWL_ERR(priv, "Memory allocation fail\n"); IWL_ERR(priv, "Memory allocation fail\n");
return -ENOMEM; return -ENOMEM;
} }
NLA_PUT_U32(skb, IWL_TM_ATTR_REG_VALUE32, val32); if (nla_put_u32(skb, IWL_TM_ATTR_REG_VALUE32, val32))
goto nla_put_failure;
status = cfg80211_testmode_reply(skb); status = cfg80211_testmode_reply(skb);
if (status < 0) if (status < 0)
IWL_ERR(priv, "Error sending msg : %d\n", status); IWL_ERR(priv, "Error sending msg : %d\n", status);
...@@ -478,10 +481,11 @@ static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb) ...@@ -478,10 +481,11 @@ static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb)
IWL_ERR(priv, "Memory allocation fail\n"); IWL_ERR(priv, "Memory allocation fail\n");
return -ENOMEM; return -ENOMEM;
} }
NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND, if (nla_put_u32(skb, IWL_TM_ATTR_COMMAND,
IWL_TM_CMD_DEV2APP_SYNC_RSP); IWL_TM_CMD_DEV2APP_SYNC_RSP) ||
NLA_PUT(skb, IWL_TM_ATTR_SYNC_RSP, nla_put(skb, IWL_TM_ATTR_SYNC_RSP,
rsp_data_len, rsp_data_ptr); rsp_data_len, rsp_data_ptr))
goto nla_put_failure;
status = cfg80211_testmode_reply(skb); status = cfg80211_testmode_reply(skb);
if (status < 0) if (status < 0)
IWL_ERR(priv, "Error sending msg : %d\n", status); IWL_ERR(priv, "Error sending msg : %d\n", status);
...@@ -536,11 +540,12 @@ static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb) ...@@ -536,11 +540,12 @@ static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb)
IWL_ERR(priv, "Memory allocation fail\n"); IWL_ERR(priv, "Memory allocation fail\n");
return -ENOMEM; return -ENOMEM;
} }
NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND, if (nla_put_u32(skb, IWL_TM_ATTR_COMMAND,
IWL_TM_CMD_DEV2APP_EEPROM_RSP); IWL_TM_CMD_DEV2APP_EEPROM_RSP) ||
NLA_PUT(skb, IWL_TM_ATTR_EEPROM, nla_put(skb, IWL_TM_ATTR_EEPROM,
cfg(priv)->base_params->eeprom_size, cfg(priv)->base_params->eeprom_size,
priv->shrd->eeprom); priv->shrd->eeprom))
goto nla_put_failure;
status = cfg80211_testmode_reply(skb); status = cfg80211_testmode_reply(skb);
if (status < 0) if (status < 0)
IWL_ERR(priv, "Error sending msg : %d\n", IWL_ERR(priv, "Error sending msg : %d\n",
...@@ -566,8 +571,9 @@ static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb) ...@@ -566,8 +571,9 @@ static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb)
IWL_ERR(priv, "Memory allocation fail\n"); IWL_ERR(priv, "Memory allocation fail\n");
return -ENOMEM; return -ENOMEM;
} }
NLA_PUT_U32(skb, IWL_TM_ATTR_FW_VERSION, if (nla_put_u32(skb, IWL_TM_ATTR_FW_VERSION,
priv->fw->ucode_ver); priv->fw->ucode_ver))
goto nla_put_failure;
status = cfg80211_testmode_reply(skb); status = cfg80211_testmode_reply(skb);
if (status < 0) if (status < 0)
IWL_ERR(priv, "Error sending msg : %d\n", status); IWL_ERR(priv, "Error sending msg : %d\n", status);
...@@ -582,7 +588,8 @@ static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb) ...@@ -582,7 +588,8 @@ static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb)
IWL_ERR(priv, "Memory allocation fail\n"); IWL_ERR(priv, "Memory allocation fail\n");
return -ENOMEM; return -ENOMEM;
} }
NLA_PUT_U32(skb, IWL_TM_ATTR_DEVICE_ID, devid); if (nla_put_u32(skb, IWL_TM_ATTR_DEVICE_ID, devid))
goto nla_put_failure;
status = cfg80211_testmode_reply(skb); status = cfg80211_testmode_reply(skb);
if (status < 0) if (status < 0)
IWL_ERR(priv, "Error sending msg : %d\n", status); IWL_ERR(priv, "Error sending msg : %d\n", status);
...@@ -602,9 +609,10 @@ static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb) ...@@ -602,9 +609,10 @@ static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb)
inst_size = img->sec[IWL_UCODE_SECTION_INST].len; inst_size = img->sec[IWL_UCODE_SECTION_INST].len;
data_size = img->sec[IWL_UCODE_SECTION_DATA].len; data_size = img->sec[IWL_UCODE_SECTION_DATA].len;
} }
NLA_PUT_U32(skb, IWL_TM_ATTR_FW_TYPE, priv->shrd->ucode_type); if (nla_put_u32(skb, IWL_TM_ATTR_FW_TYPE, priv->shrd->ucode_type) ||
NLA_PUT_U32(skb, IWL_TM_ATTR_FW_INST_SIZE, inst_size); nla_put_u32(skb, IWL_TM_ATTR_FW_INST_SIZE, inst_size) ||
NLA_PUT_U32(skb, IWL_TM_ATTR_FW_DATA_SIZE, data_size); nla_put_u32(skb, IWL_TM_ATTR_FW_DATA_SIZE, data_size))
goto nla_put_failure;
status = cfg80211_testmode_reply(skb); status = cfg80211_testmode_reply(skb);
if (status < 0) if (status < 0)
IWL_ERR(priv, "Error sending msg : %d\n", status); IWL_ERR(priv, "Error sending msg : %d\n", status);
...@@ -678,9 +686,10 @@ static int iwl_testmode_trace(struct ieee80211_hw *hw, struct nlattr **tb) ...@@ -678,9 +686,10 @@ static int iwl_testmode_trace(struct ieee80211_hw *hw, struct nlattr **tb)
iwl_trace_cleanup(priv); iwl_trace_cleanup(priv);
return -ENOMEM; return -ENOMEM;
} }
NLA_PUT(skb, IWL_TM_ATTR_TRACE_ADDR, if (nla_put(skb, IWL_TM_ATTR_TRACE_ADDR,
sizeof(priv->testmode_trace.dma_addr), sizeof(priv->testmode_trace.dma_addr),
(u64 *)&priv->testmode_trace.dma_addr); (u64 *)&priv->testmode_trace.dma_addr))
goto nla_put_failure;
status = cfg80211_testmode_reply(skb); status = cfg80211_testmode_reply(skb);
if (status < 0) { if (status < 0) {
IWL_ERR(priv, "Error sending msg : %d\n", status); IWL_ERR(priv, "Error sending msg : %d\n", status);
...@@ -725,9 +734,10 @@ static int iwl_testmode_trace_dump(struct ieee80211_hw *hw, ...@@ -725,9 +734,10 @@ static int iwl_testmode_trace_dump(struct ieee80211_hw *hw,
length = priv->testmode_trace.buff_size % length = priv->testmode_trace.buff_size %
DUMP_CHUNK_SIZE; DUMP_CHUNK_SIZE;
NLA_PUT(skb, IWL_TM_ATTR_TRACE_DUMP, length, if (nla_put(skb, IWL_TM_ATTR_TRACE_DUMP, length,
priv->testmode_trace.trace_addr + priv->testmode_trace.trace_addr +
(DUMP_CHUNK_SIZE * idx)); (DUMP_CHUNK_SIZE * idx)))
goto nla_put_failure;
idx++; idx++;
cb->args[4] = idx; cb->args[4] = idx;
return 0; return 0;
...@@ -922,9 +932,10 @@ static int iwl_testmode_buffer_dump(struct ieee80211_hw *hw, ...@@ -922,9 +932,10 @@ static int iwl_testmode_buffer_dump(struct ieee80211_hw *hw,
length = priv->testmode_mem.buff_size % length = priv->testmode_mem.buff_size %
DUMP_CHUNK_SIZE; DUMP_CHUNK_SIZE;
NLA_PUT(skb, IWL_TM_ATTR_BUFFER_DUMP, length, if (nla_put(skb, IWL_TM_ATTR_BUFFER_DUMP, length,
priv->testmode_mem.buff_addr + priv->testmode_mem.buff_addr +
(DUMP_CHUNK_SIZE * idx)); (DUMP_CHUNK_SIZE * idx)))
goto nla_put_failure;
idx++; idx++;
cb->args[4] = idx; cb->args[4] = idx;
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment