From patchwork Tue Sep 24 07:59:34 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: You-Sheng Yang <vicamo.yang@canonical.com>
X-Patchwork-Id: 1166430
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 46cttJ5fDCz9sPD;
	Tue, 24 Sep 2019 18:01:12 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1iCfky-0007xf-64; Tue, 24 Sep 2019 08:01:08 +0000
Received: from mail-pl1-f195.google.com ([209.85.214.195])
	by huckleberry.canonical.com with esmtps
	(TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
	(envelope-from <vicamo@gmail.com>) id 1iCfkS-0007Z4-4Q
	for kernel-team@lists.ubuntu.com; Tue, 24 Sep 2019 08:00:36 +0000
Received: by mail-pl1-f195.google.com with SMTP id q15so625254pll.11
	for <kernel-team@lists.ubuntu.com>;
	Tue, 24 Sep 2019 01:00:36 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=Ik9H4E3MEGdSiVNpO5MSxaxVaIvxQyE8zZOzWODV71c=;
	b=hqETOiYxRXT0BsdOiTJk2x0q/aja86AcdZo32Az+jEwhkEyeQE1rG8HBti+Qc+zDhA
	aSrgbnCLx+ZoSwwFoaSthS2hc4yZpBCZrUsze9S0hMXCxBaE0luRfP2+gDAh6eXdbVLQ
	oOq/8dmcAZo0kRgZeFUjxUfa71VXB7HMdEEP27h+6PCx2pbgUVC2Erp8AH3dRnaH3l9m
	SwpaNQuY1X6b2cAR67wpLHm+8tel3vYCvYVPOO517pWj4yDVixhSsk0GWsL5ljc3lWEh
	OCnio36lMLW5Q6FHl0GTfWo9fufaiwHPiaK1bKgK73MfDksus3drdJCXkmlWXAKaboo3
	XEsQ==
X-Gm-Message-State: APjAAAV3ZDtnpj8R/tTOn/661G7hRNlVwzn9/VYQLXFvo23Jad3n3FPV
	IMEmbFaXYMuX6nNP3l6NO17UjtgX
X-Google-Smtp-Source: 
 APXvYqz/OQ1KpakrE6lwex7rNrwnh5Ub/fIwVxWoWyLra0Z3XqbJ34gIw5R9b/hMEtcRdgsG+PEfEw==
X-Received: by 2002:a17:902:ab89:: with SMTP id
	f9mr1554720plr.295.1569312033846;
	Tue, 24 Sep 2019 01:00:33 -0700 (PDT)
Received: from localhost.localdomain (61-220-137-37.HINET-IP.hinet.net.
	[61.220.137.37]) by smtp.gmail.com with ESMTPSA id
	g202sm1359780pfb.155.2019.09.24.01.00.32
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Tue, 24 Sep 2019 01:00:33 -0700 (PDT)
From: You-Sheng Yang <vicamo.yang@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 08/21][SRU][OEM-OSP1-B] cfg80211: use for_each_element() for
	multi-bssid parsing
Date: Tue, 24 Sep 2019 15:59:34 +0800
Message-Id: <20190924075947.33954-9-vicamo.yang@canonical.com>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20190924075947.33954-1-vicamo.yang@canonical.com>
References: <20190924075947.33954-1-vicamo.yang@canonical.com>
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Johannes Berg <johannes.berg@intel.com>

BugLink: https://bugs.launchpad.net/bugs/1845138

Use the new for_each_element() helper here, we cannot use
for_each_subelement() since we have a fixed 1 byte before
the subelements start.

While at it, also fix le16_to_cpup() to be get_unaligned_le16()
since we don't know anything about alignment.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit 1c8745f3ec6f46f5fa99dbcdf92381144ae1b37f)
Signed-off-by: You-Sheng Yang <vicamo.yang@canonical.com>
---
 net/wireless/scan.c | 47 +++++++++++++++------------------------------
 1 file changed, 15 insertions(+), 32 deletions(-)

diff --git a/net/wireless/scan.c b/net/wireless/scan.c
index 531c2e56413fd..54feb7741c26c 100644
--- a/net/wireless/scan.c
+++ b/net/wireless/scan.c
@@ -1377,9 +1377,9 @@ static void cfg80211_parse_mbssid_data(struct wiphy *wiphy,
 				       struct cfg80211_bss *trans_bss,
 				       gfp_t gfp)
 {
-	const u8 *pos, *subelement, *mbssid_end_pos;
-	const u8 *tmp, *mbssid_index_ie;
-	size_t subie_len, new_ie_len;
+	const u8 *mbssid_index_ie;
+	const struct element *elem, *sub;
+	size_t new_ie_len;
 	u8 new_bssid[ETH_ALEN];
 	u8 *new_ie;
 	u16 capability;
@@ -1390,34 +1390,21 @@ static void cfg80211_parse_mbssid_data(struct wiphy *wiphy,
 	if (!cfg80211_find_ie(WLAN_EID_MULTIPLE_BSSID, ie, ielen))
 		return;
 
-	pos = ie;
-
 	new_ie = kmalloc(IEEE80211_MAX_DATA_LEN, gfp);
 	if (!new_ie)
 		return;
 
-	while (pos < ie + ielen + 2) {
-		tmp = cfg80211_find_ie(WLAN_EID_MULTIPLE_BSSID, pos,
-				       ielen - (pos - ie));
-		if (!tmp)
-			break;
-
-		mbssid_end_pos = tmp + tmp[1] + 2;
-		/* Skip Element ID, Len, MaxBSSID Indicator */
-		if (tmp[1] < 4)
-			break;
-		for (subelement = tmp + 3; subelement < mbssid_end_pos - 1;
-		     subelement += 2 + subelement[1]) {
-			subie_len = subelement[1];
-			if (mbssid_end_pos - subelement < 2 + subie_len)
-				break;
-			if (subelement[0] != 0 || subelement[1] < 4) {
+	for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID, ie, ielen) {
+		if (elem->datalen < 4)
+			continue;
+		for_each_element(sub, elem->data + 1, elem->datalen - 1) {
+			if (sub->id != 0 || sub->datalen < 4) {
 				/* not a valid BSS profile */
 				continue;
 			}
 
-			if (subelement[2] != WLAN_EID_NON_TX_BSSID_CAP ||
-			    subelement[3] != 2) {
+			if (sub->data[0] != WLAN_EID_NON_TX_BSSID_CAP ||
+			    sub->data[1] != 2) {
 				/* The first element within the Nontransmitted
 				 * BSSID Profile is not the Nontransmitted
 				 * BSSID Capability element.
@@ -1428,26 +1415,24 @@ static void cfg80211_parse_mbssid_data(struct wiphy *wiphy,
 			/* found a Nontransmitted BSSID Profile */
 			mbssid_index_ie = cfg80211_find_ie
 				(WLAN_EID_MULTI_BSSID_IDX,
-				 subelement + 2, subie_len);
+				 sub->data, sub->datalen);
 			if (!mbssid_index_ie || mbssid_index_ie[1] < 1 ||
 			    mbssid_index_ie[2] == 0) {
 				/* No valid Multiple BSSID-Index element */
 				continue;
 			}
 
-			cfg80211_gen_new_bssid(bssid, tmp[2],
+			cfg80211_gen_new_bssid(bssid, elem->data[0],
 					       mbssid_index_ie[2],
 					       new_bssid);
 			memset(new_ie, 0, IEEE80211_MAX_DATA_LEN);
-			new_ie_len = cfg80211_gen_new_ie(ie, ielen,
-							 subelement + 2,
-							 subie_len, new_ie,
+			new_ie_len = cfg80211_gen_new_ie(ie, ielen, sub->data,
+							 sub->datalen, new_ie,
 							 gfp);
 			if (!new_ie_len)
 				continue;
 
-			capability = le16_to_cpup((const __le16 *)
-						  &subelement[4]);
+			capability = get_unaligned_le16(sub->data + 2);
 			bss = cfg80211_inform_single_bss_data(wiphy, data,
 							      ftype,
 							      new_bssid, tsf,
@@ -1460,8 +1445,6 @@ static void cfg80211_parse_mbssid_data(struct wiphy *wiphy,
 				break;
 			cfg80211_put_bss(wiphy, bss);
 		}
-
-		pos = mbssid_end_pos;
 	}
 
 	kfree(new_ie);