diff options
| author | David S. Miller <davem@davemloft.net> | 2012-04-01 21:03:10 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2012-04-02 04:33:44 -0400 |
| commit | d33e152e1edd2679cc2c49be0a3604fbabafece7 (patch) | |
| tree | 4323479ee0dbaace0dabdbeb725ce56e07e5d6f9 | |
| parent | 7b69549a0f2cd0822fa5d26be3424ba267150d92 (diff) | |
iwlwifi: Stop using NLA_PUT*().
These macros contain a hidden goto, and are thus extremely error
prone and make code hard to audit.
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | drivers/net/wireless/iwlwifi/iwl-testmode.c | 71 |
1 files changed, 41 insertions, 30 deletions
diff --git a/drivers/net/wireless/iwlwifi/iwl-testmode.c b/drivers/net/wireless/iwlwifi/iwl-testmode.c index 76f7f9251436..a54e20e7b17f 100644 --- a/drivers/net/wireless/iwlwifi/iwl-testmode.c +++ b/drivers/net/wireless/iwlwifi/iwl-testmode.c | |||
| @@ -184,9 +184,10 @@ static void iwl_testmode_ucode_rx_pkt(struct iwl_priv *priv, | |||
| 184 | "Run out of memory for messages to user space ?\n"); | 184 | "Run out of memory for messages to user space ?\n"); |
| 185 | return; | 185 | return; |
| 186 | } | 186 | } |
| 187 | NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND, IWL_TM_CMD_DEV2APP_UCODE_RX_PKT); | 187 | if (nla_put_u32(skb, IWL_TM_ATTR_COMMAND, IWL_TM_CMD_DEV2APP_UCODE_RX_PKT) || |
| 188 | /* the length doesn't include len_n_flags field, so add it manually */ | 188 | /* the length doesn't include len_n_flags field, so add it manually */ |
| 189 | NLA_PUT(skb, IWL_TM_ATTR_UCODE_RX_PKT, length + sizeof(__le32), data); | 189 | nla_put(skb, IWL_TM_ATTR_UCODE_RX_PKT, length + sizeof(__le32), data)) |
| 190 | goto nla_put_failure; | ||
| 190 | cfg80211_testmode_event(skb, GFP_ATOMIC); | 191 | cfg80211_testmode_event(skb, GFP_ATOMIC); |
| 191 | return; | 192 | return; |
| 192 | 193 | ||
| @@ -314,8 +315,9 @@ static int iwl_testmode_ucode(struct ieee80211_hw *hw, struct nlattr **tb) | |||
| 314 | memcpy(reply_buf, &(pkt->hdr), reply_len); | 315 | memcpy(reply_buf, &(pkt->hdr), reply_len); |
| 315 | iwl_free_resp(&cmd); | 316 | iwl_free_resp(&cmd); |
| 316 | 317 | ||
| 317 | NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND, IWL_TM_CMD_DEV2APP_UCODE_RX_PKT); | 318 | if (nla_put_u32(skb, IWL_TM_ATTR_COMMAND, IWL_TM_CMD_DEV2APP_UCODE_RX_PKT) || |
| 318 | NLA_PUT(skb, IWL_TM_ATTR_UCODE_RX_PKT, reply_len, reply_buf); | 319 | nla_put(skb, IWL_TM_ATTR_UCODE_RX_PKT, reply_len, reply_buf)) |
| 320 | goto nla_put_failure; | ||
| 319 | return cfg80211_testmode_reply(skb); | 321 | return cfg80211_testmode_reply(skb); |
| 320 | 322 | ||
| 321 | nla_put_failure: | 323 | nla_put_failure: |
| @@ -379,7 +381,8 @@ static int iwl_testmode_reg(struct ieee80211_hw *hw, struct nlattr **tb) | |||
| 379 | IWL_ERR(priv, "Memory allocation fail\n"); | 381 | IWL_ERR(priv, "Memory allocation fail\n"); |
| 380 | return -ENOMEM; | 382 | return -ENOMEM; |
| 381 | } | 383 | } |
| 382 | NLA_PUT_U32(skb, IWL_TM_ATTR_REG_VALUE32, val32); | 384 | if (nla_put_u32(skb, IWL_TM_ATTR_REG_VALUE32, val32)) |
| 385 | goto nla_put_failure; | ||
| 383 | status = cfg80211_testmode_reply(skb); | 386 | status = cfg80211_testmode_reply(skb); |
| 384 | if (status < 0) | 387 | if (status < 0) |
| 385 | IWL_ERR(priv, "Error sending msg : %d\n", status); | 388 | IWL_ERR(priv, "Error sending msg : %d\n", status); |
| @@ -478,10 +481,11 @@ static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb) | |||
| 478 | IWL_ERR(priv, "Memory allocation fail\n"); | 481 | IWL_ERR(priv, "Memory allocation fail\n"); |
| 479 | return -ENOMEM; | 482 | return -ENOMEM; |
| 480 | } | 483 | } |
| 481 | NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND, | 484 | if (nla_put_u32(skb, IWL_TM_ATTR_COMMAND, |
| 482 | IWL_TM_CMD_DEV2APP_SYNC_RSP); | 485 | IWL_TM_CMD_DEV2APP_SYNC_RSP) || |
| 483 | NLA_PUT(skb, IWL_TM_ATTR_SYNC_RSP, | 486 | nla_put(skb, IWL_TM_ATTR_SYNC_RSP, |
| 484 | rsp_data_len, rsp_data_ptr); | 487 | rsp_data_len, rsp_data_ptr)) |
| 488 | goto nla_put_failure; | ||
| 485 | status = cfg80211_testmode_reply(skb); | 489 | status = cfg80211_testmode_reply(skb); |
| 486 | if (status < 0) | 490 | if (status < 0) |
| 487 | IWL_ERR(priv, "Error sending msg : %d\n", status); | 491 | IWL_ERR(priv, "Error sending msg : %d\n", status); |
| @@ -536,11 +540,12 @@ static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb) | |||
| 536 | IWL_ERR(priv, "Memory allocation fail\n"); | 540 | IWL_ERR(priv, "Memory allocation fail\n"); |
| 537 | return -ENOMEM; | 541 | return -ENOMEM; |
| 538 | } | 542 | } |
| 539 | NLA_PUT_U32(skb, IWL_TM_ATTR_COMMAND, | 543 | if (nla_put_u32(skb, IWL_TM_ATTR_COMMAND, |
| 540 | IWL_TM_CMD_DEV2APP_EEPROM_RSP); | 544 | IWL_TM_CMD_DEV2APP_EEPROM_RSP) || |
| 541 | NLA_PUT(skb, IWL_TM_ATTR_EEPROM, | 545 | nla_put(skb, IWL_TM_ATTR_EEPROM, |
| 542 | cfg(priv)->base_params->eeprom_size, | 546 | cfg(priv)->base_params->eeprom_size, |
| 543 | priv->shrd->eeprom); | 547 | priv->shrd->eeprom)) |
| 548 | goto nla_put_failure; | ||
| 544 | status = cfg80211_testmode_reply(skb); | 549 | status = cfg80211_testmode_reply(skb); |
| 545 | if (status < 0) | 550 | if (status < 0) |
| 546 | IWL_ERR(priv, "Error sending msg : %d\n", | 551 | IWL_ERR(priv, "Error sending msg : %d\n", |
| @@ -566,8 +571,9 @@ static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb) | |||
| 566 | IWL_ERR(priv, "Memory allocation fail\n"); | 571 | IWL_ERR(priv, "Memory allocation fail\n"); |
| 567 | return -ENOMEM; | 572 | return -ENOMEM; |
| 568 | } | 573 | } |
| 569 | NLA_PUT_U32(skb, IWL_TM_ATTR_FW_VERSION, | 574 | if (nla_put_u32(skb, IWL_TM_ATTR_FW_VERSION, |
| 570 | priv->fw->ucode_ver); | 575 | priv->fw->ucode_ver)) |
| 576 | goto nla_put_failure; | ||
| 571 | status = cfg80211_testmode_reply(skb); | 577 | status = cfg80211_testmode_reply(skb); |
| 572 | if (status < 0) | 578 | if (status < 0) |
| 573 | IWL_ERR(priv, "Error sending msg : %d\n", status); | 579 | IWL_ERR(priv, "Error sending msg : %d\n", status); |
| @@ -582,7 +588,8 @@ static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb) | |||
| 582 | IWL_ERR(priv, "Memory allocation fail\n"); | 588 | IWL_ERR(priv, "Memory allocation fail\n"); |
| 583 | return -ENOMEM; | 589 | return -ENOMEM; |
| 584 | } | 590 | } |
| 585 | NLA_PUT_U32(skb, IWL_TM_ATTR_DEVICE_ID, devid); | 591 | if (nla_put_u32(skb, IWL_TM_ATTR_DEVICE_ID, devid)) |
| 592 | goto nla_put_failure; | ||
| 586 | status = cfg80211_testmode_reply(skb); | 593 | status = cfg80211_testmode_reply(skb); |
| 587 | if (status < 0) | 594 | if (status < 0) |
| 588 | IWL_ERR(priv, "Error sending msg : %d\n", status); | 595 | IWL_ERR(priv, "Error sending msg : %d\n", status); |
| @@ -602,9 +609,10 @@ static int iwl_testmode_driver(struct ieee80211_hw *hw, struct nlattr **tb) | |||
| 602 | inst_size = img->sec[IWL_UCODE_SECTION_INST].len; | 609 | inst_size = img->sec[IWL_UCODE_SECTION_INST].len; |
| 603 | data_size = img->sec[IWL_UCODE_SECTION_DATA].len; | 610 | data_size = img->sec[IWL_UCODE_SECTION_DATA].len; |
| 604 | } | 611 | } |
| 605 | NLA_PUT_U32(skb, IWL_TM_ATTR_FW_TYPE, priv->shrd->ucode_type); | 612 | if (nla_put_u32(skb, IWL_TM_ATTR_FW_TYPE, priv->shrd->ucode_type) || |
| 606 | NLA_PUT_U32(skb, IWL_TM_ATTR_FW_INST_SIZE, inst_size); | 613 | nla_put_u32(skb, IWL_TM_ATTR_FW_INST_SIZE, inst_size) || |
| 607 | NLA_PUT_U32(skb, IWL_TM_ATTR_FW_DATA_SIZE, data_size); | 614 | nla_put_u32(skb, IWL_TM_ATTR_FW_DATA_SIZE, data_size)) |
| 615 | goto nla_put_failure; | ||
| 608 | status = cfg80211_testmode_reply(skb); | 616 | status = cfg80211_testmode_reply(skb); |
| 609 | if (status < 0) | 617 | if (status < 0) |
| 610 | IWL_ERR(priv, "Error sending msg : %d\n", status); | 618 | IWL_ERR(priv, "Error sending msg : %d\n", status); |
| @@ -678,9 +686,10 @@ static int iwl_testmode_trace(struct ieee80211_hw *hw, struct nlattr **tb) | |||
| 678 | iwl_trace_cleanup(priv); | 686 | iwl_trace_cleanup(priv); |
| 679 | return -ENOMEM; | 687 | return -ENOMEM; |
| 680 | } | 688 | } |
| 681 | NLA_PUT(skb, IWL_TM_ATTR_TRACE_ADDR, | 689 | if (nla_put(skb, IWL_TM_ATTR_TRACE_ADDR, |
| 682 | sizeof(priv->testmode_trace.dma_addr), | 690 | sizeof(priv->testmode_trace.dma_addr), |
| 683 | (u64 *)&priv->testmode_trace.dma_addr); | 691 | (u64 *)&priv->testmode_trace.dma_addr)) |
| 692 | goto nla_put_failure; | ||
| 684 | status = cfg80211_testmode_reply(skb); | 693 | status = cfg80211_testmode_reply(skb); |
| 685 | if (status < 0) { | 694 | if (status < 0) { |
| 686 | IWL_ERR(priv, "Error sending msg : %d\n", status); | 695 | IWL_ERR(priv, "Error sending msg : %d\n", status); |
| @@ -725,9 +734,10 @@ static int iwl_testmode_trace_dump(struct ieee80211_hw *hw, | |||
| 725 | length = priv->testmode_trace.buff_size % | 734 | length = priv->testmode_trace.buff_size % |
| 726 | DUMP_CHUNK_SIZE; | 735 | DUMP_CHUNK_SIZE; |
| 727 | 736 | ||
| 728 | NLA_PUT(skb, IWL_TM_ATTR_TRACE_DUMP, length, | 737 | if (nla_put(skb, IWL_TM_ATTR_TRACE_DUMP, length, |
| 729 | priv->testmode_trace.trace_addr + | 738 | priv->testmode_trace.trace_addr + |
| 730 | (DUMP_CHUNK_SIZE * idx)); | 739 | (DUMP_CHUNK_SIZE * idx))) |
| 740 | goto nla_put_failure; | ||
| 731 | idx++; | 741 | idx++; |
| 732 | cb->args[4] = idx; | 742 | cb->args[4] = idx; |
| 733 | return 0; | 743 | return 0; |
| @@ -922,9 +932,10 @@ static int iwl_testmode_buffer_dump(struct ieee80211_hw *hw, | |||
| 922 | length = priv->testmode_mem.buff_size % | 932 | length = priv->testmode_mem.buff_size % |
| 923 | DUMP_CHUNK_SIZE; | 933 | DUMP_CHUNK_SIZE; |
| 924 | 934 | ||
| 925 | NLA_PUT(skb, IWL_TM_ATTR_BUFFER_DUMP, length, | 935 | if (nla_put(skb, IWL_TM_ATTR_BUFFER_DUMP, length, |
| 926 | priv->testmode_mem.buff_addr + | 936 | priv->testmode_mem.buff_addr + |
| 927 | (DUMP_CHUNK_SIZE * idx)); | 937 | (DUMP_CHUNK_SIZE * idx))) |
| 938 | goto nla_put_failure; | ||
| 928 | idx++; | 939 | idx++; |
| 929 | cb->args[4] = idx; | 940 | cb->args[4] = idx; |
| 930 | return 0; | 941 | return 0; |