|
|
@@ -552,17 +552,26 @@ static int ath6kl_wmi_p2p_capabilities_event_rx(u8 *datap, int len)
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
-static int ath6kl_wmi_rx_action_event_rx(u8 *datap, int len)
|
|
|
+static int ath6kl_wmi_rx_action_event_rx(struct wmi *wmi, u8 *datap, int len)
|
|
|
{
|
|
|
struct wmi_rx_action_event *ev;
|
|
|
+ u32 freq;
|
|
|
u16 dlen;
|
|
|
+ struct ath6kl *ar = wmi->parent_dev;
|
|
|
|
|
|
if (len < sizeof(*ev))
|
|
|
return -EINVAL;
|
|
|
|
|
|
ev = (struct wmi_rx_action_event *) datap;
|
|
|
+ freq = le32_to_cpu(ev->freq);
|
|
|
dlen = le16_to_cpu(ev->len);
|
|
|
- ath6kl_dbg(ATH6KL_DBG_WMI, "rx_action: len=%u\n", dlen);
|
|
|
+ if (datap + len < ev->data + dlen) {
|
|
|
+ ath6kl_err("invalid wmi_rx_action_event: "
|
|
|
+ "len=%d dlen=%u\n", len, dlen);
|
|
|
+ return -EINVAL;
|
|
|
+ }
|
|
|
+ ath6kl_dbg(ATH6KL_DBG_WMI, "rx_action: len=%u freq=%u\n", dlen, freq);
|
|
|
+ cfg80211_rx_mgmt(ar->net_dev, freq, ev->data, dlen, GFP_ATOMIC);
|
|
|
|
|
|
return 0;
|
|
|
}
|
|
|
@@ -3086,7 +3095,7 @@ int ath6kl_wmi_control_rx(struct wmi *wmi, struct sk_buff *skb)
|
|
|
break;
|
|
|
case WMI_RX_ACTION_EVENTID:
|
|
|
ath6kl_dbg(ATH6KL_DBG_WMI, "WMI_RX_ACTION_EVENTID\n");
|
|
|
- ret = ath6kl_wmi_rx_action_event_rx(datap, len);
|
|
|
+ ret = ath6kl_wmi_rx_action_event_rx(wmi, datap, len);
|
|
|
break;
|
|
|
case WMI_P2P_INFO_EVENTID:
|
|
|
ath6kl_dbg(ATH6KL_DBG_WMI, "WMI_P2P_INFO_EVENTID\n");
|
Jouni Malinen