lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250716075100.1447352-11-alexander.wilhelm@westermo.com>
Date: Wed, 16 Jul 2025 09:50:59 +0200
From: Alexander Wilhelm <alexander.wilhelm@...termo.com>
To: Jeff Johnson <jjohnson@...nel.org>, Bjorn Andersson <andersson@...nel.org>,
        Konrad Dybcio <konradybcio@...nel.org>
Cc: linux-wireless@...r.kernel.org, ath12k@...ts.infradead.org,
        linux-kernel@...r.kernel.org, linux-arm-msm@...r.kernel.org
Subject: [PATCH 10/11] wifi: ath12k: fix endianness handling in QMI wlan configuration

Ensure proper endianness support for big-endian platforms by correcting
data types in the QMI firmware wlan configuration request message and
its associated structures as well. Add missing byte swaps wherever these
structures are accessed or modified.

Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices")
Signed-off-by: Alexander Wilhelm <alexander.wilhelm@...termo.com>
---
 drivers/net/wireless/ath/ath12k/qmi.c | 22 ++++++++++++----------
 drivers/net/wireless/ath/ath12k/qmi.h | 14 +++++++-------
 2 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/drivers/net/wireless/ath/ath12k/qmi.c b/drivers/net/wireless/ath/ath12k/qmi.c
index 2fdd5eb128d2..71cf6408c6fb 100644
--- a/drivers/net/wireless/ath/ath12k/qmi.c
+++ b/drivers/net/wireless/ath/ath12k/qmi.c
@@ -3291,7 +3291,7 @@ static int ath12k_qmi_wlanfw_wlan_cfg_send(struct ath12k_base *ab)
 	struct ce_pipe_config *ce_cfg;
 	struct service_to_pipe *svc_cfg;
 	struct qmi_txn txn;
-	int ret = 0, pipe_num;
+	int ret = 0, pipe_num, sr, len;
 
 	ce_cfg	= (struct ce_pipe_config *)ab->qmi.ce_cfg.tgt_ce;
 	svc_cfg	= (struct service_to_pipe *)ab->qmi.ce_cfg.svc_to_ce_map;
@@ -3306,8 +3306,8 @@ static int ath12k_qmi_wlanfw_wlan_cfg_send(struct ath12k_base *ab)
 
 	req->tgt_cfg_valid = 1;
 	/* This is number of CE configs */
-	req->tgt_cfg_len = ab->qmi.ce_cfg.tgt_ce_len;
-	for (pipe_num = 0; pipe_num < req->tgt_cfg_len ; pipe_num++) {
+	req->tgt_cfg_len = cpu_to_le32(ab->qmi.ce_cfg.tgt_ce_len);
+	for (pipe_num = 0; pipe_num < ab->qmi.ce_cfg.tgt_ce_len; pipe_num++) {
 		req->tgt_cfg[pipe_num].pipe_num = ce_cfg[pipe_num].pipenum;
 		req->tgt_cfg[pipe_num].pipe_dir = ce_cfg[pipe_num].pipedir;
 		req->tgt_cfg[pipe_num].nentries = ce_cfg[pipe_num].nentries;
@@ -3317,8 +3317,8 @@ static int ath12k_qmi_wlanfw_wlan_cfg_send(struct ath12k_base *ab)
 
 	req->svc_cfg_valid = 1;
 	/* This is number of Service/CE configs */
-	req->svc_cfg_len = ab->qmi.ce_cfg.svc_to_ce_map_len;
-	for (pipe_num = 0; pipe_num < req->svc_cfg_len; pipe_num++) {
+	req->svc_cfg_len = cpu_to_le32(ab->qmi.ce_cfg.svc_to_ce_map_len);
+	for (pipe_num = 0; pipe_num < ab->qmi.ce_cfg.svc_to_ce_map_len; pipe_num++) {
 		req->svc_cfg[pipe_num].service_id = svc_cfg[pipe_num].service_id;
 		req->svc_cfg[pipe_num].pipe_dir = svc_cfg[pipe_num].pipedir;
 		req->svc_cfg[pipe_num].pipe_num = svc_cfg[pipe_num].pipenum;
@@ -3327,11 +3327,13 @@ static int ath12k_qmi_wlanfw_wlan_cfg_send(struct ath12k_base *ab)
 	/* set shadow v3 configuration */
 	if (ab->hw_params->supports_shadow_regs) {
 		req->shadow_reg_v3_valid = 1;
-		req->shadow_reg_v3_len = min_t(u32,
-					       ab->qmi.ce_cfg.shadow_reg_v3_len,
-					       QMI_WLANFW_MAX_NUM_SHADOW_REG_V3_V01);
-		memcpy(&req->shadow_reg_v3, ab->qmi.ce_cfg.shadow_reg_v3,
-		       sizeof(u32) * req->shadow_reg_v3_len);
+		len = min_t(u32,
+			    ab->qmi.ce_cfg.shadow_reg_v3_len,
+			    QMI_WLANFW_MAX_NUM_SHADOW_REG_V3_V01);
+		req->shadow_reg_v3_len = cpu_to_le32(len);
+
+		for (sr = 0; sr < len; sr++)
+			req->shadow_reg_v3[sr].addr = cpu_to_le32(ab->qmi.ce_cfg.shadow_reg_v3[sr]);
 	} else {
 		req->shadow_reg_v3_valid = 0;
 	}
diff --git a/drivers/net/wireless/ath/ath12k/qmi.h b/drivers/net/wireless/ath/ath12k/qmi.h
index d05cd9b47911..37840d015a5c 100644
--- a/drivers/net/wireless/ath/ath12k/qmi.h
+++ b/drivers/net/wireless/ath/ath12k/qmi.h
@@ -406,12 +406,12 @@ struct qmi_wlanfw_ce_svc_pipe_cfg_s_v01 {
 };
 
 struct qmi_wlanfw_shadow_reg_cfg_s_v01 {
-	u16 id;
-	u16 offset;
+	__le16 id;
+	__le16 offset;
 };
 
 struct qmi_wlanfw_shadow_reg_v3_cfg_s_v01 {
-	u32 addr;
+	__le32 addr;
 };
 
 struct qmi_wlanfw_memory_region_info_s_v01 {
@@ -565,19 +565,19 @@ struct qmi_wlanfw_wlan_cfg_req_msg_v01 {
 	u8 host_version_valid;
 	char host_version[QMI_WLANFW_MAX_STR_LEN_V01 + 1];
 	u8  tgt_cfg_valid;
-	u32  tgt_cfg_len;
+	__le32 tgt_cfg_len;
 	struct qmi_wlanfw_ce_tgt_pipe_cfg_s_v01
 			tgt_cfg[QMI_WLANFW_MAX_NUM_CE_V01];
 	u8  svc_cfg_valid;
-	u32 svc_cfg_len;
+	__le32 svc_cfg_len;
 	struct qmi_wlanfw_ce_svc_pipe_cfg_s_v01
 			svc_cfg[QMI_WLANFW_MAX_NUM_SVC_V01];
 	u8 shadow_reg_valid;
-	u32 shadow_reg_len;
+	__le32 shadow_reg_len;
 	struct qmi_wlanfw_shadow_reg_cfg_s_v01
 		shadow_reg[QMI_WLANFW_MAX_NUM_SHADOW_REG_V01];
 	u8 shadow_reg_v3_valid;
-	u32 shadow_reg_v3_len;
+	__le32 shadow_reg_v3_len;
 	struct qmi_wlanfw_shadow_reg_v3_cfg_s_v01
 		shadow_reg_v3[QMI_WLANFW_MAX_NUM_SHADOW_REG_V3_V01];
 };
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ