@@ -297,13 +297,16 @@ static int ath11k_tm_cmd_testmode_start(struct ath11k *ar, struct nlattr *tb[])
return ret;
}
-static int ath11k_tm_cmd_wmi(struct ath11k *ar, struct nlattr *tb[])
+static int ath11k_tm_cmd_wmi(struct ath11k *ar, struct nlattr *tb[],
+ struct ieee80211_vif *vif)
{
struct ath11k_pdev_wmi *wmi = ar->wmi;
struct sk_buff *skb;
+ struct ath11k_vif *arvif;
u32 cmd_id, buf_len;
- int ret;
+ int ret, tag;
void *buf;
+ u32 *ptr;
mutex_lock(&ar->conf_mutex);
@@ -327,6 +330,34 @@ static int ath11k_tm_cmd_wmi(struct ath11k *ar, struct nlattr *tb[])
cmd_id = nla_get_u32(tb[ATH11K_TM_ATTR_WMI_CMDID]);
+ /* Make sure that the buffer length is long enough to
+ * hold TLV and pdev/vdev id.
+ */
+ if (buf_len < sizeof(struct wmi_tlv) + sizeof(u32)) {
+ ret = -EINVAL;
+ goto out;
+ }
+
+ ptr = buf;
+ tag = FIELD_GET(WMI_TLV_TAG, *ptr);
+
+ /* pdev/vdev id start after TLV header */
+ ptr++;
+
+ if (tag == WMI_TAG_PDEV_SET_PARAM_CMD)
+ *ptr = ar->pdev->pdev_id;
+
+ if (ar->ab->fw_mode != ATH11K_FIRMWARE_MODE_FTM &&
+ (tag == WMI_TAG_VDEV_SET_PARAM_CMD || tag == WMI_TAG_UNIT_TEST_CMD)) {
+ if (vif) {
+ arvif = (struct ath11k_vif *)vif->drv_priv;
+ *ptr = arvif->vdev_id;
+ } else {
+ ret = -EINVAL;
+ goto out;
+ }
+ }
+
ath11k_dbg(ar->ab, ATH11K_DBG_TESTMODE,
"cmd wmi cmd_id %d buf length %d\n",
cmd_id, buf_len);
@@ -460,7 +491,7 @@ int ath11k_tm_cmd(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
case ATH11K_TM_CMD_GET_VERSION:
return ath11k_tm_cmd_get_version(ar, tb);
case ATH11K_TM_CMD_WMI:
- return ath11k_tm_cmd_wmi(ar, tb);
+ return ath11k_tm_cmd_wmi(ar, tb, vif);
case ATH11K_TM_CMD_TESTMODE_START:
return ath11k_tm_cmd_testmode_start(ar, tb);
case ATH11K_TM_CMD_WMI_FTM: