[PATCH 0/4] use proper size for mt7615 sta mcu commands

[PATCH 0/4] use proper size for mt7615 sta mcu commands

[Lorenzo Bianconi]

Use proper buffer size for mcu messages in mt7615_mcu_set_sta since
MT7615_WTBL_UPDATE_MAX_SIZE takes into account just wtbl headers while
the mcu message contains even sta related headers.
Use proper buffer size for mcu messages in mt7615_mcu_set_rx_ba,
mt7615_mcu_set_tx_ba and mt7615_mcu_set_bmc routines

Lorenzo Bianconi (4):
  mt76: mt7615: use proper size for mcu msg in mt7615_mcu_set_tx_ba
  mt76: mt7615: use proper size for mcu msg in mt7615_mcu_set_rx_ba
  mt76: mt7615: use proper size for mcu msg in mt7615_mcu_set_sta
  mt76: mt7615: use proper size for mcu msg in mt7615_mcu_set_bmc

 .../net/wireless/mediatek/mt76/mt7615/mcu.c   | 354 ++++++++++--------
 .../net/wireless/mediatek/mt76/mt7615/mcu.h   |  20 +
 2 files changed, 213 insertions(+), 161 deletions(-)

-- 
2.24.1

[PATCH 1/4] mt76: mt7615: use proper size for mcu msg in mt7615_mcu_set_tx_ba

[Lorenzo Bianconi]

Use proper buffer size for mcu messages in mt7615_mcu_set_tx_ba routine.
Allocate the mcu buffer relying on kmalloc instead of putting it on the
stack

Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
---
 .../net/wireless/mediatek/mt76/mt7615/mcu.c   | 77 +++++++++++--------
 .../net/wireless/mediatek/mt76/mt7615/mcu.h   |  6 ++
 2 files changed, 49 insertions(+), 34 deletions(-)

diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
index 7218a3041ead..fd01c24c48e2 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
@@ -1696,49 +1696,54 @@ int mt7615_mcu_set_tx_ba(struct mt7615_dev *dev,
 {
 	struct mt7615_sta *msta = (struct mt7615_sta *)params->sta->drv_priv;
 	struct mt7615_vif *mvif = msta->vif;
-	struct {
-		struct sta_req_hdr hdr;
-		struct sta_rec_ba ba;
-		u8 buf[MT7615_WTBL_UPDATE_MAX_SIZE];
-	} __packed req = {
-		.hdr = {
-			.bss_idx = mvif->idx,
-			.wlan_idx = msta->wcid.idx,
-			.tlv_num = cpu_to_le16(1),
-			.is_tlv_append = 1,
-			.muar_idx = mvif->omac_idx,
-		},
-		.ba = {
-			.tag = cpu_to_le16(STA_REC_BA),
-			.len = cpu_to_le16(sizeof(struct sta_rec_ba)),
-			.tid = params->tid,
-			.ba_type = MT_BA_TYPE_ORIGINATOR,
-			.amsdu = params->amsdu,
-			.ba_en = add << params->tid,
-			.ssn = cpu_to_le16(params->ssn),
-			.winsize = cpu_to_le16(params->buf_size),
-		},
-	};
 	struct sta_rec_wtbl *wtbl = NULL;
 	struct wtbl_req_hdr *wtbl_hdr;
+	struct sta_req_hdr *sta_hdr;
+	struct sta_rec_ba *sta_ba;
 	struct wtbl_ba *wtbl_ba;
-	u8 *buf = req.buf;
+	int wtbl_len, err;
+	u8 *data, *buf;
+
+	buf = kzalloc(MT7615_MCU_BA_BUF_SIZE, GFP_KERNEL);
+	if (!buf)
+		return -ENOMEM;
+
+	data = buf;
+	sta_hdr = (struct sta_req_hdr *)data;
+	data += sizeof(*sta_hdr);
+	sta_hdr->bss_idx = mvif->idx;
+	sta_hdr->wlan_idx = msta->wcid.idx;
+	sta_hdr->tlv_num = cpu_to_le16(1);
+	sta_hdr->is_tlv_append = 1;
+	sta_hdr->muar_idx = mvif->omac_idx;
+
+	sta_ba = (struct sta_rec_ba *)data;
+	data += sizeof(*sta_ba);
+	sta_ba->tag = cpu_to_le16(STA_REC_BA);
+	sta_ba->len = cpu_to_le16(sizeof(*sta_ba));
+	sta_ba->tid = params->tid;
+	sta_ba->ba_type = MT_BA_TYPE_ORIGINATOR;
+	sta_ba->amsdu = params->amsdu;
+	sta_ba->ba_en = add << params->tid;
+	sta_ba->ssn = cpu_to_le16(params->ssn);
+	sta_ba->winsize = cpu_to_le16(params->buf_size);
 
 	if (dev->fw_ver > MT7615_FIRMWARE_V1) {
-		req.hdr.tlv_num = cpu_to_le16(2);
-		wtbl = (struct sta_rec_wtbl *)buf;
+		sta_hdr->tlv_num = cpu_to_le16(2);
+
+		wtbl = (struct sta_rec_wtbl *)data;
+		data += sizeof(*wtbl);
 		wtbl->tag = cpu_to_le16(STA_REC_WTBL);
-		buf += sizeof(*wtbl);
 	}
 
-	wtbl_hdr = (struct wtbl_req_hdr *)buf;
-	buf += sizeof(*wtbl_hdr);
+	wtbl_hdr = (struct wtbl_req_hdr *)data;
+	data += sizeof(*wtbl_hdr);
 	wtbl_hdr->wlan_idx = msta->wcid.idx;
 	wtbl_hdr->operation = WTBL_SET;
 	wtbl_hdr->tlv_num = cpu_to_le16(1);
 
-	wtbl_ba = (struct wtbl_ba *)buf;
-	buf += sizeof(*wtbl_ba);
+	wtbl_ba = (struct wtbl_ba *)data;
+	data += sizeof(*wtbl_ba);
 	wtbl_ba->tag = cpu_to_le16(WTBL_BA);
 	wtbl_ba->len = cpu_to_le16(sizeof(*wtbl_ba));
 	wtbl_ba->tid = params->tid;
@@ -1757,11 +1762,15 @@ int mt7615_mcu_set_tx_ba(struct mt7615_dev *dev,
 		wtbl_ba->ba_winsize_idx = idx;
 	}
 
+	wtbl_len = sizeof(*wtbl_hdr) + sizeof(*wtbl_ba);
 	if (wtbl)
-		wtbl->len = cpu_to_le16(buf - (u8 *)wtbl_hdr);
+		wtbl->len = cpu_to_le16(wtbl_len);
 
-	return mt7615_mcu_send_sta_rec(dev, (u8 *)&req, (u8 *)wtbl_hdr,
-				       buf - (u8 *)wtbl_hdr, true);
+	err = mt7615_mcu_send_sta_rec(dev, buf, (u8 *)wtbl_hdr, wtbl_len,
+				      true);
+	kfree(buf);
+
+	return err;
 }
 
 int mt7615_mcu_set_rx_ba(struct mt7615_dev *dev,
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.h b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.h
index db0199e60cb8..62da62981138 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.h
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.h
@@ -496,6 +496,12 @@ struct wtbl_raw {
 				     sizeof(struct wtbl_pn) + \
 				     sizeof(struct wtbl_spe))
 
+#define MT7615_MCU_BA_BUF_SIZE	(sizeof(struct sta_req_hdr) +	\
+				 sizeof(struct sta_rec_ba) +	\
+				 sizeof(struct sta_rec_wtbl) +	\
+				 sizeof(struct wtbl_req_hdr) +	\
+				 sizeof(struct wtbl_ba))
+
 enum {
 	WTBL_GENERIC,
 	WTBL_RX,
-- 
2.24.1

[PATCH 2/4] mt76: mt7615: use proper size for mcu msg in mt7615_mcu_set_rx_ba

[Lorenzo Bianconi]

Use proper buffer size for mcu messages in mt7615_mcu_set_rx_ba routine.
Allocate the mcu buffer relying on kmalloc instead of putting it on the
stack

Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
---
 .../net/wireless/mediatek/mt76/mt7615/mcu.c   | 77 +++++++++++--------
 1 file changed, 43 insertions(+), 34 deletions(-)

diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
index fd01c24c48e2..70bf84b31772 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
@@ -1779,49 +1779,54 @@ int mt7615_mcu_set_rx_ba(struct mt7615_dev *dev,
 {
 	struct mt7615_sta *msta = (struct mt7615_sta *)params->sta->drv_priv;
 	struct mt7615_vif *mvif = msta->vif;
-	struct {
-		struct sta_req_hdr hdr;
-		struct sta_rec_ba ba;
-		u8 buf[MT7615_WTBL_UPDATE_MAX_SIZE];
-	} __packed req = {
-		.hdr = {
-			.bss_idx = mvif->idx,
-			.wlan_idx = msta->wcid.idx,
-			.tlv_num = cpu_to_le16(1),
-			.is_tlv_append = 1,
-			.muar_idx = mvif->omac_idx,
-		},
-		.ba = {
-			.tag = cpu_to_le16(STA_REC_BA),
-			.len = cpu_to_le16(sizeof(struct sta_rec_ba)),
-			.tid = params->tid,
-			.ba_type = MT_BA_TYPE_RECIPIENT,
-			.amsdu = params->amsdu,
-			.ba_en = add << params->tid,
-			.ssn = cpu_to_le16(params->ssn),
-			.winsize = cpu_to_le16(params->buf_size),
-		},
-	};
 	struct sta_rec_wtbl *wtbl = NULL;
 	struct wtbl_req_hdr *wtbl_hdr;
+	struct sta_req_hdr *sta_hdr;
+	struct sta_rec_ba *sta_ba;
 	struct wtbl_ba *wtbl_ba;
-	u8 *buf = req.buf;
+	int wtbl_len, err;
+	u8 *data, *buf;
+
+	buf = kzalloc(MT7615_MCU_BA_BUF_SIZE, GFP_KERNEL);
+	if (!buf)
+		return -ENOMEM;
+
+	data = buf;
+	sta_hdr = (struct sta_req_hdr *)data;
+	data += sizeof(*sta_hdr);
+	sta_hdr->bss_idx = mvif->idx;
+	sta_hdr->wlan_idx = msta->wcid.idx;
+	sta_hdr->tlv_num = cpu_to_le16(1);
+	sta_hdr->is_tlv_append = 1;
+	sta_hdr->muar_idx = mvif->omac_idx;
+
+	sta_ba = (struct sta_rec_ba *)data;
+	data += sizeof(*sta_ba);
+	sta_ba->tag = cpu_to_le16(STA_REC_BA);
+	sta_ba->len = cpu_to_le16(sizeof(*sta_ba));
+	sta_ba->tid = params->tid;
+	sta_ba->ba_type = MT_BA_TYPE_RECIPIENT;
+	sta_ba->amsdu = params->amsdu;
+	sta_ba->ba_en = add << params->tid;
+	sta_ba->ssn = cpu_to_le16(params->ssn);
+	sta_ba->winsize = cpu_to_le16(params->buf_size);
 
 	if (dev->fw_ver > MT7615_FIRMWARE_V1) {
-		req.hdr.tlv_num = cpu_to_le16(2);
-		wtbl = (struct sta_rec_wtbl *)buf;
+		sta_hdr->tlv_num = cpu_to_le16(2);
+
+		wtbl = (struct sta_rec_wtbl *)data;
+		data += sizeof(*wtbl);
 		wtbl->tag = cpu_to_le16(STA_REC_WTBL);
-		buf += sizeof(*wtbl);
 	}
 
-	wtbl_hdr = (struct wtbl_req_hdr *)buf;
-	buf += sizeof(*wtbl_hdr);
+	wtbl_hdr = (struct wtbl_req_hdr *)data;
+	data += sizeof(*wtbl_hdr);
 	wtbl_hdr->wlan_idx = msta->wcid.idx;
 	wtbl_hdr->operation = WTBL_SET;
 	wtbl_hdr->tlv_num = cpu_to_le16(1);
 
-	wtbl_ba = (struct wtbl_ba *)buf;
-	buf += sizeof(*wtbl_ba);
+	wtbl_ba = (struct wtbl_ba *)data;
+	data += sizeof(*wtbl_ba);
 	wtbl_ba->tag = cpu_to_le16(WTBL_BA);
 	wtbl_ba->len = cpu_to_le16(sizeof(*wtbl_ba));
 	wtbl_ba->tid = params->tid;
@@ -1832,11 +1837,15 @@ int mt7615_mcu_set_rx_ba(struct mt7615_dev *dev,
 
 	memcpy(wtbl_ba->peer_addr, params->sta->addr, ETH_ALEN);
 
+	wtbl_len = sizeof(*wtbl_hdr) + sizeof(*wtbl_ba);
 	if (wtbl)
-		wtbl->len = cpu_to_le16(buf - (u8 *)wtbl_hdr);
+		wtbl->len = cpu_to_le16(wtbl_len);
 
-	return mt7615_mcu_send_sta_rec(dev, (u8 *)&req, (u8 *)wtbl_hdr,
-				       buf - (u8 *)wtbl_hdr, add);
+	err = mt7615_mcu_send_sta_rec(dev, buf, (u8 *)wtbl_hdr, wtbl_len,
+				      add);
+	kfree(buf);
+
+	return err;
 }
 
 int mt7615_mcu_get_temperature(struct mt7615_dev *dev, int index)
-- 
2.24.1

[PATCH 3/4] mt76: mt7615: use proper size for mcu msg in mt7615_mcu_set_sta

[Lorenzo Bianconi]

Use proper buffer size for mcu messages in mt7615_mcu_set_sta since
MT7615_WTBL_UPDATE_MAX_SIZE takes into account just wtbl headers while
the mcu message contains even sta related headers. This is not a real
issue at the moment since the message size is less than
MT7615_WTBL_UPDATE_MAX_SIZE but it is not formally correct.
Allocate the mcu buffer relying on kmalloc instead of the putting it
on the stack.

Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
---
 .../net/wireless/mediatek/mt76/mt7615/mcu.c   | 118 +++++++++---------
 .../net/wireless/mediatek/mt76/mt7615/mcu.h   |   7 ++
 2 files changed, 69 insertions(+), 56 deletions(-)

diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
index 70bf84b31772..27dd0c13e43e 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
@@ -1234,44 +1234,46 @@ int mt7615_mcu_set_sta(struct mt7615_dev *dev, struct ieee80211_vif *vif,
 {
 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
 	struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv;
-
-	struct {
-		struct sta_req_hdr hdr;
-		struct sta_rec_basic basic;
-		u8 buf[MT7615_WTBL_UPDATE_MAX_SIZE];
-	} __packed req = {
-		.hdr = {
-			.bss_idx = mvif->idx,
-			.wlan_idx = msta->wcid.idx,
-			.is_tlv_append = 1,
-			.muar_idx = mvif->omac_idx,
-		},
-		.basic = {
-			.tag = cpu_to_le16(STA_REC_BASIC),
-			.len = cpu_to_le16(sizeof(struct sta_rec_basic)),
-			.qos = sta->wme,
-			.aid = cpu_to_le16(sta->aid),
-		},
-	};
+	u8 wtlv = 0, stlv = 1, *data, *buf;
 	struct sta_rec_wtbl *wtbl = NULL;
+	struct sta_rec_basic *sta_basic;
 	struct wtbl_req_hdr *wtbl_hdr;
 	struct wtbl_generic *wtbl_g;
+	struct sta_req_hdr *sta_hdr;
 	struct wtbl_rx *wtbl_rx;
-	u8 *buf = req.buf;
-	u8 wtlv = 0, stlv = 1;
+	int err, wtbl_len;
+
+	buf = kzalloc(MT7615_MCU_STA_BUF_SIZE, GFP_KERNEL);
+	if (!buf)
+		return -ENOMEM;
+
+	data = buf;
+	sta_hdr = (struct sta_req_hdr *)data;
+	data += sizeof(*sta_hdr);
+	sta_hdr->bss_idx = mvif->idx;
+	sta_hdr->wlan_idx = msta->wcid.idx;
+	sta_hdr->is_tlv_append = 1;
+	sta_hdr->muar_idx = mvif->omac_idx;
+
+	sta_basic = (struct sta_rec_basic *)data;
+	data += sizeof(*sta_basic);
+	sta_basic->tag = cpu_to_le16(STA_REC_BASIC);
+	sta_basic->len = cpu_to_le16(sizeof(*sta_basic));
+	sta_basic->qos = sta->wme;
+	sta_basic->aid = cpu_to_le16(sta->aid);
 
-	memcpy(req.basic.peer_addr, sta->addr, ETH_ALEN);
+	memcpy(sta_basic->peer_addr, sta->addr, ETH_ALEN);
 
 	switch (vif->type) {
 	case NL80211_IFTYPE_AP:
 	case NL80211_IFTYPE_MESH_POINT:
-		req.basic.conn_type = cpu_to_le32(CONNECTION_INFRA_STA);
+		sta_basic->conn_type = cpu_to_le32(CONNECTION_INFRA_STA);
 		break;
 	case NL80211_IFTYPE_STATION:
-		req.basic.conn_type = cpu_to_le32(CONNECTION_INFRA_AP);
+		sta_basic->conn_type = cpu_to_le32(CONNECTION_INFRA_AP);
 		break;
 	case NL80211_IFTYPE_ADHOC:
-		req.basic.conn_type = cpu_to_le32(CONNECTION_IBSS_ADHOC);
+		sta_basic->conn_type = cpu_to_le32(CONNECTION_IBSS_ADHOC);
 		break;
 	default:
 		WARN_ON(1);
@@ -1279,16 +1281,15 @@ int mt7615_mcu_set_sta(struct mt7615_dev *dev, struct ieee80211_vif *vif,
 	}
 
 	if (en) {
-		req.basic.conn_state = CONN_STATE_PORT_SECURE;
-		req.basic.extra_info = cpu_to_le16(EXTRA_INFO_VER |
-						   EXTRA_INFO_NEW);
-
+		sta_basic->conn_state = CONN_STATE_PORT_SECURE;
+		sta_basic->extra_info = cpu_to_le16(EXTRA_INFO_VER |
+						    EXTRA_INFO_NEW);
 		/* sta_rec ht */
 		if (sta->ht_cap.ht_supported) {
 			struct sta_rec_ht *sta_ht;
 
-			sta_ht = (struct sta_rec_ht *)buf;
-			buf += sizeof(*sta_ht);
+			sta_ht = (struct sta_rec_ht *)data;
+			data += sizeof(*sta_ht);
 			sta_ht->tag = cpu_to_le16(STA_REC_HT);
 			sta_ht->len = cpu_to_le16(sizeof(*sta_ht));
 			sta_ht->ht_cap = cpu_to_le16(sta->ht_cap.cap);
@@ -1298,8 +1299,8 @@ int mt7615_mcu_set_sta(struct mt7615_dev *dev, struct ieee80211_vif *vif,
 			if (sta->vht_cap.vht_supported) {
 				struct sta_rec_vht *sta_vht;
 
-				sta_vht = (struct sta_rec_vht *)buf;
-				buf += sizeof(*sta_vht);
+				sta_vht = (struct sta_rec_vht *)data;
+				data += sizeof(*sta_vht);
 				sta_vht->tag = cpu_to_le16(STA_REC_VHT);
 				sta_vht->len = cpu_to_le16(sizeof(*sta_vht));
 				sta_vht->vht_cap =
@@ -1312,28 +1313,28 @@ int mt7615_mcu_set_sta(struct mt7615_dev *dev, struct ieee80211_vif *vif,
 			}
 		}
 	} else {
-		req.basic.conn_state = CONN_STATE_DISCONNECT;
-		req.basic.extra_info = cpu_to_le16(EXTRA_INFO_VER);
+		sta_basic->conn_state = CONN_STATE_DISCONNECT;
+		sta_basic->extra_info = cpu_to_le16(EXTRA_INFO_VER);
 	}
 
 	/* wtbl */
 	if (dev->fw_ver > MT7615_FIRMWARE_V1) {
-		wtbl = (struct sta_rec_wtbl *)buf;
+		wtbl = (struct sta_rec_wtbl *)data;
 		wtbl->tag = cpu_to_le16(STA_REC_WTBL);
-		buf += sizeof(*wtbl);
+		data += sizeof(*wtbl);
 		stlv++;
 	}
 
-	wtbl_hdr = (struct wtbl_req_hdr *)buf;
-	buf += sizeof(*wtbl_hdr);
+	wtbl_hdr = (struct wtbl_req_hdr *)data;
+	data += sizeof(*wtbl_hdr);
 	wtbl_hdr->wlan_idx = msta->wcid.idx;
 	wtbl_hdr->operation = WTBL_RESET_AND_SET;
 
 	if (!en)
 		goto out;
 
-	wtbl_g = (struct wtbl_generic *)buf;
-	buf += sizeof(*wtbl_g);
+	wtbl_g = (struct wtbl_generic *)data;
+	data += sizeof(*wtbl_g);
 	wtbl_g->tag = cpu_to_le16(WTBL_GENERIC);
 	wtbl_g->len = cpu_to_le16(sizeof(*wtbl_g));
 	wtbl_g->muar_idx = mvif->omac_idx;
@@ -1342,8 +1343,8 @@ int mt7615_mcu_set_sta(struct mt7615_dev *dev, struct ieee80211_vif *vif,
 	memcpy(wtbl_g->peer_addr, sta->addr, ETH_ALEN);
 	wtlv++;
 
-	wtbl_rx = (struct wtbl_rx *)buf;
-	buf += sizeof(*wtbl_rx);
+	wtbl_rx = (struct wtbl_rx *)data;
+	data += sizeof(*wtbl_rx);
 	wtbl_rx->tag = cpu_to_le16(WTBL_RX);
 	wtbl_rx->len = cpu_to_le16(sizeof(*wtbl_rx));
 	wtbl_rx->rv = 1;
@@ -1357,8 +1358,8 @@ int mt7615_mcu_set_sta(struct mt7615_dev *dev, struct ieee80211_vif *vif,
 		struct wtbl_raw *wtbl_raw;
 		u32 val = 0, msk;
 
-		wtbl_ht = (struct wtbl_ht *)buf;
-		buf += sizeof(*wtbl_ht);
+		wtbl_ht = (struct wtbl_ht *)data;
+		data += sizeof(*wtbl_ht);
 		wtbl_ht->tag = cpu_to_le16(WTBL_HT);
 		wtbl_ht->len = cpu_to_le16(sizeof(*wtbl_ht));
 		wtbl_ht->ht = 1;
@@ -1371,27 +1372,28 @@ int mt7615_mcu_set_sta(struct mt7615_dev *dev, struct ieee80211_vif *vif,
 		if (sta->vht_cap.vht_supported) {
 			struct wtbl_vht *wtbl_vht;
 
-			wtbl_vht = (struct wtbl_vht *)buf;
-			buf += sizeof(*wtbl_vht);
+			wtbl_vht = (struct wtbl_vht *)data;
+			data += sizeof(*wtbl_vht);
 			wtbl_vht->tag = cpu_to_le16(WTBL_VHT);
 			wtbl_vht->len = cpu_to_le16(sizeof(*wtbl_vht));
 			wtbl_vht->vht = 1;
 			wtbl_vht->ldpc = sta->vht_cap.cap &
 					 IEEE80211_VHT_CAP_RXLDPC;
-			wtlv++;
 
 			if (sta->vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_80)
 				val |= MT_WTBL_W5_SHORT_GI_80;
 			if (sta->vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_160)
 				val |= MT_WTBL_W5_SHORT_GI_160;
+
+			wtlv++;
 		}
 
 		/* wtbl smps */
 		if (sta->smps_mode == IEEE80211_SMPS_DYNAMIC) {
 			struct wtbl_smps *wtbl_smps;
 
-			wtbl_smps = (struct wtbl_smps *)buf;
-			buf += sizeof(*wtbl_smps);
+			wtbl_smps = (struct wtbl_smps *)data;
+			data += sizeof(*wtbl_smps);
 			wtbl_smps->tag = cpu_to_le16(WTBL_SMPS);
 			wtbl_smps->len = cpu_to_le16(sizeof(*wtbl_smps));
 			wtbl_smps->smps = 1;
@@ -1407,8 +1409,8 @@ int mt7615_mcu_set_sta(struct mt7615_dev *dev, struct ieee80211_vif *vif,
 		if (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_40)
 			val |= MT_WTBL_W5_SHORT_GI_40;
 
-		wtbl_raw = (struct wtbl_raw *)buf;
-		buf += sizeof(*wtbl_raw);
+		wtbl_raw = (struct wtbl_raw *)data;
+		data += sizeof(*wtbl_raw);
 		wtbl_raw->tag = cpu_to_le16(WTBL_RAW_DATA);
 		wtbl_raw->len = cpu_to_le16(sizeof(*wtbl_raw));
 		wtbl_raw->wtbl_idx = 1;
@@ -1419,14 +1421,18 @@ int mt7615_mcu_set_sta(struct mt7615_dev *dev, struct ieee80211_vif *vif,
 	}
 
 out:
+	wtbl_len = data - (u8 *)wtbl_hdr;
 	if (wtbl)
-		wtbl->len = cpu_to_le16(buf - (u8 *)wtbl_hdr);
+		wtbl->len = cpu_to_le16(wtbl_len);
 
 	wtbl_hdr->tlv_num = cpu_to_le16(wtlv);
-	req.hdr.tlv_num = cpu_to_le16(stlv);
+	sta_hdr->tlv_num = cpu_to_le16(stlv);
 
-	return mt7615_mcu_send_sta_rec(dev, (u8 *)&req, (u8 *)wtbl_hdr,
-				       buf - (u8 *)wtbl_hdr, en);
+	err = mt7615_mcu_send_sta_rec(dev, buf, (u8 *)wtbl_hdr, wtbl_len, en);
+
+	kfree(buf);
+
+	return err;
 }
 
 int mt7615_mcu_set_bcn(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.h b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.h
index 62da62981138..bddfe69de752 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.h
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.h
@@ -502,6 +502,13 @@ struct wtbl_raw {
 				 sizeof(struct wtbl_req_hdr) +	\
 				 sizeof(struct wtbl_ba))
 
+#define MT7615_MCU_STA_BUF_SIZE	(sizeof(struct sta_req_hdr) +	\
+				 sizeof(struct sta_rec_basic) +	\
+				 sizeof(struct sta_rec_ht) +	\
+				 sizeof(struct sta_rec_vht) +	\
+				 sizeof(struct sta_rec_wtbl) +	\
+				 MT7615_WTBL_UPDATE_MAX_SIZE)
+
 enum {
 	WTBL_GENERIC,
 	WTBL_RX,
-- 
2.24.1

[PATCH 4/4] mt76: mt7615: use proper size for mcu msg in mt7615_mcu_set_bmc

[Lorenzo Bianconi]

Use proper buffer size for mcu messages in mt7615_mcu_set_bmc routine.
Allocate the mcu buffer relying on kmalloc instead of putting it on the
stack

Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
---
 .../net/wireless/mediatek/mt76/mt7615/mcu.c   | 82 ++++++++++---------
 .../net/wireless/mediatek/mt76/mt7615/mcu.h   |  7 ++
 2 files changed, 52 insertions(+), 37 deletions(-)

diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
index 27dd0c13e43e..b76f32eaaf22 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c
@@ -1156,63 +1156,67 @@ int mt7615_mcu_set_bmc(struct mt7615_dev *dev,
 		       struct ieee80211_vif *vif, bool en)
 {
 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
-	struct {
-		struct sta_req_hdr hdr;
-		struct sta_rec_basic basic;
-		u8 buf[MT7615_WTBL_UPDATE_MAX_SIZE];
-	} __packed req = {
-		.hdr = {
-			.bss_idx = mvif->idx,
-			.wlan_idx = mvif->sta.wcid.idx,
-			.tlv_num = cpu_to_le16(1),
-			.is_tlv_append = 1,
-			.muar_idx = mvif->omac_idx,
-		},
-		.basic = {
-			.tag = cpu_to_le16(STA_REC_BASIC),
-			.len = cpu_to_le16(sizeof(struct sta_rec_basic)),
-			.conn_type = cpu_to_le32(CONNECTION_INFRA_BC),
-		},
-	};
 	struct sta_rec_wtbl *wtbl = NULL;
+	struct sta_rec_basic *sta_basic;
 	struct wtbl_req_hdr *wtbl_hdr;
 	struct wtbl_generic *wtbl_g;
+	struct sta_req_hdr *sta_hdr;
 	struct wtbl_rx *wtbl_rx;
-	u8 *buf = req.buf;
+	int wtbl_len, err;
+	u8 *data, *buf;
 
-	eth_broadcast_addr(req.basic.peer_addr);
+	buf = kzalloc(MT7615_MCU_BMC_BUF_SIZE, GFP_KERNEL);
+	if (!buf)
+		return -ENOMEM;
+
+	data = buf;
+	sta_hdr = (struct sta_req_hdr *)data;
+	data += sizeof(*sta_hdr);
+	sta_hdr->bss_idx = mvif->idx;
+	sta_hdr->wlan_idx = mvif->sta.wcid.idx;
+	sta_hdr->tlv_num = cpu_to_le16(1);
+	sta_hdr->is_tlv_append = 1;
+	sta_hdr->muar_idx = mvif->omac_idx;
+
+	sta_basic = (struct sta_rec_basic *)data;
+	data += sizeof(*sta_basic);
+	sta_basic->tag = cpu_to_le16(STA_REC_BASIC);
+	sta_basic->len = cpu_to_le16(sizeof(*sta_basic));
+	sta_basic->conn_type = cpu_to_le32(CONNECTION_INFRA_BC);
+	eth_broadcast_addr(sta_basic->peer_addr);
 
 	if (dev->fw_ver > MT7615_FIRMWARE_V1) {
-		req.hdr.tlv_num = cpu_to_le16(2);
-		wtbl = (struct sta_rec_wtbl *)buf;
+		sta_hdr->tlv_num = cpu_to_le16(2);
+
+		wtbl = (struct sta_rec_wtbl *)data;
+		data += sizeof(*wtbl);
 		wtbl->tag = cpu_to_le16(STA_REC_WTBL);
-		buf += sizeof(*wtbl);
 	}
 
-	wtbl_hdr = (struct wtbl_req_hdr *)buf;
-	buf += sizeof(*wtbl_hdr);
+	wtbl_hdr = (struct wtbl_req_hdr *)data;
+	data += sizeof(*wtbl_hdr);
 	wtbl_hdr->wlan_idx = mvif->sta.wcid.idx;
 	wtbl_hdr->operation = WTBL_RESET_AND_SET;
 
 	if (en) {
-		req.basic.conn_state = CONN_STATE_PORT_SECURE;
-		req.basic.extra_info = cpu_to_le16(EXTRA_INFO_VER |
-						   EXTRA_INFO_NEW);
+		sta_basic->conn_state = CONN_STATE_PORT_SECURE;
+		sta_basic->extra_info = cpu_to_le16(EXTRA_INFO_VER |
+						    EXTRA_INFO_NEW);
 	} else {
-		req.basic.conn_state = CONN_STATE_DISCONNECT;
-		req.basic.extra_info = cpu_to_le16(EXTRA_INFO_VER);
+		sta_basic->conn_state = CONN_STATE_DISCONNECT;
+		sta_basic->extra_info = cpu_to_le16(EXTRA_INFO_VER);
 		goto out;
 	}
 
-	wtbl_g = (struct wtbl_generic *)buf;
-	buf += sizeof(*wtbl_g);
+	wtbl_g = (struct wtbl_generic *)data;
+	data += sizeof(*wtbl_g);
 	wtbl_g->tag = cpu_to_le16(WTBL_GENERIC);
 	wtbl_g->len = cpu_to_le16(sizeof(*wtbl_g));
 	wtbl_g->muar_idx = 0xe;
 	eth_broadcast_addr(wtbl_g->peer_addr);
 
-	wtbl_rx = (struct wtbl_rx *)buf;
-	buf += sizeof(*wtbl_rx);
+	wtbl_rx = (struct wtbl_rx *)data;
+	data += sizeof(*wtbl_rx);
 	wtbl_rx->tag = cpu_to_le16(WTBL_RX);
 	wtbl_rx->len = cpu_to_le16(sizeof(*wtbl_rx));
 	wtbl_rx->rv = 1;
@@ -1222,11 +1226,15 @@ int mt7615_mcu_set_bmc(struct mt7615_dev *dev,
 	wtbl_hdr->tlv_num = cpu_to_le16(2);
 
 out:
+	wtbl_len = data - (u8 *)wtbl_hdr;
 	if (wtbl)
-		wtbl->len = cpu_to_le16(buf - (u8 *)wtbl_hdr);
+		wtbl->len = cpu_to_le16(wtbl_len);
+
+	err = mt7615_mcu_send_sta_rec(dev, buf, (u8 *)wtbl_hdr, wtbl_len, en);
 
-	return mt7615_mcu_send_sta_rec(dev, (u8 *)&req, (u8 *)wtbl_hdr,
-				       buf - (u8 *)wtbl_hdr, en);
+	kfree(buf);
+
+	return err;
 }
 
 int mt7615_mcu_set_sta(struct mt7615_dev *dev, struct ieee80211_vif *vif,
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.h b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.h
index bddfe69de752..4e296784a1ba 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/mcu.h
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/mcu.h
@@ -509,6 +509,13 @@ struct wtbl_raw {
 				 sizeof(struct sta_rec_wtbl) +	\
 				 MT7615_WTBL_UPDATE_MAX_SIZE)
 
+#define MT7615_MCU_BMC_BUF_SIZE	(sizeof(struct sta_req_hdr) +	\
+				 sizeof(struct sta_rec_basic) +	\
+				 sizeof(struct sta_rec_wtbl) +	\
+				 sizeof(struct wtbl_req_hdr) +	\
+				 sizeof(struct wtbl_generic) +	\
+				 sizeof(struct wtbl_rx))
+
 enum {
 	WTBL_GENERIC,
 	WTBL_RX,
-- 
2.24.1

Re: [PATCH 0/4] use proper size for mt7615 sta mcu commands

[Lorenzo Bianconi]

[-- Attachment #1: Type: text/plain, Size: 938 bytes --]

> Use proper buffer size for mcu messages in mt7615_mcu_set_sta since
> MT7615_WTBL_UPDATE_MAX_SIZE takes into account just wtbl headers while
> the mcu message contains even sta related headers.
> Use proper buffer size for mcu messages in mt7615_mcu_set_rx_ba,
> mt7615_mcu_set_tx_ba and mt7615_mcu_set_bmc routines
> 
> Lorenzo Bianconi (4):
>   mt76: mt7615: use proper size for mcu msg in mt7615_mcu_set_tx_ba
>   mt76: mt7615: use proper size for mcu msg in mt7615_mcu_set_rx_ba
>   mt76: mt7615: use proper size for mcu msg in mt7615_mcu_set_sta
>   mt76: mt7615: use proper size for mcu msg in mt7615_mcu_set_bmc
> 

Please drop this series, I will post an update version soon.

Regards,
Lorenzo

>  .../net/wireless/mediatek/mt76/mt7615/mcu.c   | 354 ++++++++++--------
>  .../net/wireless/mediatek/mt76/mt7615/mcu.h   |  20 +
>  2 files changed, 213 insertions(+), 161 deletions(-)
> 
> -- 
> 2.24.1
> 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]