* This file implement the Wireless Extensions APIs.
*
* Authors : Jean Tourrilhes - HPL - <jt@hpl.hp.com>
- * Copyright (c) 1997-2004 Jean Tourrilhes, All Rights Reserved.
+ * Copyright (c) 1997-2003 Jean Tourrilhes, All Rights Reserved.
*
* (As all part of the Linux kernel, this file is GPL)
*/
* o Add common spy support : iw_handler_set_spy(), wireless_spy_update()
* o Add enhanced spy support : iw_handler_set_thrspy() and event.
* o Add WIRELESS_EXT version display in /proc/net/wireless
- *
- * v6 - 18.06.04 - Jean II
- * o Change get_spydata() method for added safety
- * o Remove spy #ifdef, they are always on -> cleaner code
- * o Allow any size GET request if user specifies length > max
- * and if request has IW_DESCR_FLAG_NOMAX flag or is SIOCGIWPRIV
- * o Start migrating get_wireless_stats to struct iw_handler_def
- * o Add wmb() in iw_handler_set_spy() for non-coherent archs/cpus
- * Based on patch from Pavel Roskin <proski@gnu.org> :
- * o Fix kernel data leak to user space in private handler handling
*/
/***************************** INCLUDES *****************************/
/**************************** CONSTANTS ****************************/
+/* Enough lenience, let's make sure things are proper... */
+#define WE_STRICT_WRITE /* Check write buffer size */
+/* I'll probably drop both the define and kernel message in the next version */
+
/* Debugging stuff */
#undef WE_IOCTL_DEBUG /* Debug IOCTL API */
#undef WE_EVENT_DEBUG /* Debug Event dispatcher */
.token_size = sizeof(struct sockaddr) +
sizeof(struct iw_quality),
.max_tokens = IW_MAX_AP,
- .flags = IW_DESCR_FLAG_NOMAX,
},
[SIOCSIWSCAN - SIOCIWFIRST] = {
.header_type = IW_HEADER_TYPE_PARAM,
.header_type = IW_HEADER_TYPE_POINT,
.token_size = 1,
.max_tokens = IW_SCAN_MAX_DATA,
- .flags = IW_DESCR_FLAG_NOMAX,
},
[SIOCSIWESSID - SIOCIWFIRST] = {
.header_type = IW_HEADER_TYPE_POINT,
sizeof(struct iw_ioctl_description));
/* Size (in bytes) of the various private data types */
-const char iw_priv_type_size[] = {
+static const char priv_type_size[] = {
0, /* IW_PRIV_TYPE_NONE */
1, /* IW_PRIV_TYPE_BYTE */
1, /* IW_PRIV_TYPE_CHAR */
*/
static inline struct iw_statistics *get_wireless_stats(struct net_device *dev)
{
- /* New location */
- if((dev->wireless_handlers != NULL) &&
- (dev->wireless_handlers->get_wireless_stats != NULL))
- return dev->wireless_handlers->get_wireless_stats(dev);
-
- /* Old location, will be phased out in next WE */
return (dev->get_wireless_stats ?
dev->get_wireless_stats(dev) :
(struct iw_statistics *) NULL);
+ /* In the future, get_wireless_stats may move from 'struct net_device'
+ * to 'struct iw_handler_def', to de-bloat struct net_device.
+ * Definitely worse a thought... */
}
/* ---------------------------------------------------------------- */
/* ---------------------------------------------------------------- */
/*
- * Calculate size of private arguments
+ * Number of private arguments
*/
static inline int get_priv_size(__u16 args)
{
int num = args & IW_PRIV_SIZE_MASK;
int type = (args & IW_PRIV_TYPE_MASK) >> 12;
- return num * iw_priv_type_size[type];
-}
-
-/* ---------------------------------------------------------------- */
-/*
- * Re-calculate the size of private arguments
- */
-static inline int adjust_priv_size(__u16 args,
- union iwreq_data * wrqu)
-{
- int num = wrqu->data.length;
- int max = args & IW_PRIV_SIZE_MASK;
- int type = (args & IW_PRIV_TYPE_MASK) >> 12;
-
- /* Make sure the driver doesn't goof up */
- if (max < num)
- num = max;
-
- return num * iw_priv_type_size[type];
+ return num * priv_type_size[type];
}
seq_printf(seq, "%6s: %04x %3d%c %3d%c %3d%c %6d %6d %6d "
"%6d %6d %6d\n",
dev->name, stats->status, stats->qual.qual,
- stats->qual.updated & IW_QUAL_QUAL_UPDATED
- ? '.' : ' ',
+ stats->qual.updated & 1 ? '.' : ' ',
((__u8) stats->qual.level),
- stats->qual.updated & IW_QUAL_LEVEL_UPDATED
- ? '.' : ' ',
+ stats->qual.updated & 2 ? '.' : ' ',
((__u8) stats->qual.noise),
- stats->qual.updated & IW_QUAL_NOISE_UPDATED
- ? '.' : ' ',
+ stats->qual.updated & 4 ? '.' : ' ',
stats->discard.nwid, stats->discard.code,
stats->discard.fragment, stats->discard.retries,
stats->discard.misc, stats->miss.beacon);
/* Check NULL pointer */
if(iwr->u.data.pointer == NULL)
return -EFAULT;
-
+#ifdef WE_STRICT_WRITE
/* Check if there is enough buffer up there */
if(iwr->u.data.length < dev->wireless_handlers->num_private_args) {
- /* User space can't know in advance how large the buffer
- * needs to be. Give it a hint, so that we can support
- * any size buffer we want somewhat efficiently... */
- iwr->u.data.length = dev->wireless_handlers->num_private_args;
+ printk(KERN_ERR "%s (WE) : Buffer for request SIOCGIWPRIV too small (%d<%d)\n", dev->name, iwr->u.data.length, dev->wireless_handlers->num_private_args);
return -E2BIG;
}
+#endif /* WE_STRICT_WRITE */
/* Set the number of available ioctls. */
iwr->u.data.length = dev->wireless_handlers->num_private_args;
const struct iw_ioctl_description * descr;
struct iw_request_info info;
int ret = -EINVAL;
+ int user_size = 0;
/* Get the description of the IOCTL */
if((cmd - SIOCIWFIRST) >= standard_ioctl_num)
#endif /* WE_SET_EVENT */
} else {
char * extra;
- int extra_size;
- int user_length = 0;
int err;
- /* Calculate space needed by arguments. Always allocate
- * for max space. Easier, and won't last long... */
- extra_size = descr->max_tokens * descr->token_size;
-
/* Check what user space is giving us */
if(IW_IS_SET(cmd)) {
/* Check NULL pointer */
if(iwr->u.data.pointer == NULL)
return -EFAULT;
/* Save user space buffer size for checking */
- user_length = iwr->u.data.length;
-
- /* Don't check if user_length > max to allow forward
- * compatibility. The test user_length < min is
- * implied by the test at the end. */
-
- /* Support for very large requests */
- if((descr->flags & IW_DESCR_FLAG_NOMAX) &&
- (user_length > descr->max_tokens)) {
- /* Allow userspace to GET more than max so
- * we can support any size GET requests.
- * There is still a limit : -ENOMEM. */
- extra_size = user_length * descr->token_size;
- /* Note : user_length is originally a __u16,
- * and token_size is controlled by us,
- * so extra_size won't get negative and
- * won't overflow... */
- }
+ user_size = iwr->u.data.length;
}
#ifdef WE_IOCTL_DEBUG
printk(KERN_DEBUG "%s (WE) : Malloc %d bytes\n",
- dev->name, extra_size);
+ dev->name, descr->max_tokens * descr->token_size);
#endif /* WE_IOCTL_DEBUG */
- /* Create the kernel buffer */
- extra = kmalloc(extra_size, GFP_KERNEL);
+ /* Always allocate for max space. Easier, and won't last
+ * long... */
+ extra = kmalloc(descr->max_tokens * descr->token_size,
+ GFP_KERNEL);
if (extra == NULL) {
return -ENOMEM;
}
/* If we have something to return to the user */
if (!ret && IW_IS_GET(cmd)) {
+#ifdef WE_STRICT_WRITE
/* Check if there is enough buffer up there */
- if(user_length < iwr->u.data.length) {
+ if(user_size < iwr->u.data.length) {
+ printk(KERN_ERR "%s (WE) : Buffer for request %04X too small (%d<%d)\n", dev->name, cmd, user_size, iwr->u.data.length);
kfree(extra);
return -E2BIG;
}
+#endif /* WE_STRICT_WRITE */
err = copy_to_user(iwr->u.data.pointer, extra,
iwr->u.data.length *
iw_handler handler)
{
struct iwreq * iwr = (struct iwreq *) ifr;
- const struct iw_priv_args * descr = NULL;
+ struct iw_priv_args * descr = NULL;
struct iw_request_info info;
int extra_size = 0;
int i;
((extra_size + offset) <= IFNAMSIZ))
extra_size = 0;
} else {
- /* Size of get arguments */
+ /* Size of set arguments */
extra_size = get_priv_size(descr->get_args);
/* Does it fits in iwr ? */
/* If we have something to return to the user */
if (!ret && IW_IS_GET(cmd)) {
-
- /* Adjust for the actual length if it's variable,
- * avoid leaking kernel bits outside. */
- if (!(descr->get_args & IW_PRIV_SIZE_FIXED)) {
- extra_size = adjust_priv_size(descr->get_args,
- &(iwr->u));
- }
-
err = copy_to_user(iwr->u.data.pointer, extra,
extra_size);
if (err)
* One of the main advantage of centralising spy support here is that
* it becomes much easier to improve and extend it without having to touch
* the drivers. One example is the addition of the Spy-Threshold events.
+ * Note : IW_WIRELESS_SPY is defined in iw_handler.h
*/
-/* ---------------------------------------------------------------- */
-/*
- * Return the pointer to the spy data in the driver.
- * Because this is called on the Rx path via wireless_spy_update(),
- * we want it to be efficient...
- */
-static inline struct iw_spy_data * get_spydata(struct net_device *dev)
-{
- /* This is the new way */
- if(dev->wireless_data)
- return(dev->wireless_data->spy_data);
-
- /* This is the old way. Doesn't work for multi-headed drivers.
- * It will be removed in the next version of WE. */
- return (dev->priv + dev->wireless_handlers->spy_offset);
-}
-
/*------------------------------------------------------------------*/
/*
* Standard Wireless Handler : set Spy List
union iwreq_data * wrqu,
char * extra)
{
- struct iw_spy_data * spydata = get_spydata(dev);
+#ifdef IW_WIRELESS_SPY
+ struct iw_spy_data * spydata = (dev->priv +
+ dev->wireless_handlers->spy_offset);
struct sockaddr * address = (struct sockaddr *) extra;
- if(!dev->wireless_data)
- /* Help user know that driver needs updating */
- printk(KERN_DEBUG "%s (WE) : Driver using old/buggy spy support, please fix driver !\n",
- dev->name);
- /* Make sure driver is not buggy or using the old API */
- if(!spydata)
- return -EOPNOTSUPP;
-
/* Disable spy collection while we copy the addresses.
- * While we copy addresses, any call to wireless_spy_update()
- * will NOP. This is OK, as anyway the addresses are changing. */
+ * As we don't disable interrupts, we need to do this to avoid races.
+ * As we are the only writer, this is good enough. */
spydata->spy_number = 0;
- /* We want to operate without locking, because wireless_spy_update()
- * most likely will happen in the interrupt handler, and therefore
- * have its own locking constraints and needs performance.
- * The rtnl_lock() make sure we don't race with the other iw_handlers.
- * This make sure wireless_spy_update() "see" that the spy list
- * is temporarily disabled. */
- wmb();
-
/* Are there are addresses to copy? */
if(wrqu->data.length > 0) {
int i;
spydata->spy_address[i][5]);
#endif /* WE_SPY_DEBUG */
}
-
- /* Make sure above is updated before re-enabling */
- wmb();
-
/* Enable addresses */
spydata->spy_number = wrqu->data.length;
return 0;
+#else /* IW_WIRELESS_SPY */
+ return -EOPNOTSUPP;
+#endif /* IW_WIRELESS_SPY */
}
/*------------------------------------------------------------------*/
union iwreq_data * wrqu,
char * extra)
{
- struct iw_spy_data * spydata = get_spydata(dev);
+#ifdef IW_WIRELESS_SPY
+ struct iw_spy_data * spydata = (dev->priv +
+ dev->wireless_handlers->spy_offset);
struct sockaddr * address = (struct sockaddr *) extra;
int i;
- /* Make sure driver is not buggy or using the old API */
- if(!spydata)
- return -EOPNOTSUPP;
-
wrqu->data.length = spydata->spy_number;
/* Copy addresses. */
for(i = 0; i < spydata->spy_number; i++)
spydata->spy_stat[i].updated = 0;
return 0;
+#else /* IW_WIRELESS_SPY */
+ return -EOPNOTSUPP;
+#endif /* IW_WIRELESS_SPY */
}
/*------------------------------------------------------------------*/
union iwreq_data * wrqu,
char * extra)
{
- struct iw_spy_data * spydata = get_spydata(dev);
+#ifdef IW_WIRELESS_THRSPY
+ struct iw_spy_data * spydata = (dev->priv +
+ dev->wireless_handlers->spy_offset);
struct iw_thrspy * threshold = (struct iw_thrspy *) extra;
- /* Make sure driver is not buggy or using the old API */
- if(!spydata)
- return -EOPNOTSUPP;
-
/* Just do it */
memcpy(&(spydata->spy_thr_low), &(threshold->low),
2 * sizeof(struct iw_quality));
#endif /* WE_SPY_DEBUG */
return 0;
+#else /* IW_WIRELESS_THRSPY */
+ return -EOPNOTSUPP;
+#endif /* IW_WIRELESS_THRSPY */
}
/*------------------------------------------------------------------*/
union iwreq_data * wrqu,
char * extra)
{
- struct iw_spy_data * spydata = get_spydata(dev);
+#ifdef IW_WIRELESS_THRSPY
+ struct iw_spy_data * spydata = (dev->priv +
+ dev->wireless_handlers->spy_offset);
struct iw_thrspy * threshold = (struct iw_thrspy *) extra;
- /* Make sure driver is not buggy or using the old API */
- if(!spydata)
- return -EOPNOTSUPP;
-
/* Just do it */
memcpy(&(threshold->low), &(spydata->spy_thr_low),
2 * sizeof(struct iw_quality));
return 0;
+#else /* IW_WIRELESS_THRSPY */
+ return -EOPNOTSUPP;
+#endif /* IW_WIRELESS_THRSPY */
}
+#ifdef IW_WIRELESS_THRSPY
/*------------------------------------------------------------------*/
/*
* Prepare and send a Spy Threshold event
/* Send event to user space */
wireless_send_event(dev, SIOCGIWTHRSPY, &wrqu, (char *) &threshold);
}
+#endif /* IW_WIRELESS_THRSPY */
/* ---------------------------------------------------------------- */
/*
unsigned char * address,
struct iw_quality * wstats)
{
- struct iw_spy_data * spydata = get_spydata(dev);
+#ifdef IW_WIRELESS_SPY
+ struct iw_spy_data * spydata = (dev->priv +
+ dev->wireless_handlers->spy_offset);
int i;
int match = -1;
- /* Make sure driver is not buggy or using the old API */
- if(!spydata)
- return;
-
#ifdef WE_SPY_DEBUG
printk(KERN_DEBUG "wireless_spy_update() : offset %ld, spydata %p, address %02X:%02X:%02X:%02X:%02X:%02X\n", dev->wireless_handlers->spy_offset, spydata, address[0], address[1], address[2], address[3], address[4], address[5]);
#endif /* WE_SPY_DEBUG */
sizeof(struct iw_quality));
match = i;
}
-
+#ifdef IW_WIRELESS_THRSPY
/* Generate an event if we cross the spy threshold.
* To avoid event storms, we have a simple hysteresis : we generate
* event only when we go under the low threshold or above the
}
}
}
+#endif /* IW_WIRELESS_THRSPY */
+#endif /* IW_WIRELESS_SPY */
}
EXPORT_SYMBOL(iw_handler_get_spy);