<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/net/wireless/quantenna, branch linux-4.15.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts</title>
<updated>2017-11-22T00:35:54+00:00</updated>
<author>
<name>Kees Cook</name>
<email>keescook@chromium.org</email>
</author>
<published>2017-10-23T07:40:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=841b86f3289dbe858daeceec36423d4ea286fac2'/>
<id>841b86f3289dbe858daeceec36423d4ea286fac2</id>
<content type='text'>
With all callbacks converted, and the timer callback prototype
switched over, the TIMER_FUNC_TYPE cast is no longer needed,
so remove it. Conversion was done with the following scripts:

    perl -pi -e 's|\(TIMER_FUNC_TYPE\)||g' \
        $(git grep TIMER_FUNC_TYPE | cut -d: -f1 | sort -u)

    perl -pi -e 's|\(TIMER_DATA_TYPE\)||g' \
        $(git grep TIMER_DATA_TYPE | cut -d: -f1 | sort -u)

The now unused macros are also dropped from include/linux/timer.h.

Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
With all callbacks converted, and the timer callback prototype
switched over, the TIMER_FUNC_TYPE cast is no longer needed,
so remove it. Conversion was done with the following scripts:

    perl -pi -e 's|\(TIMER_FUNC_TYPE\)||g' \
        $(git grep TIMER_FUNC_TYPE | cut -d: -f1 | sort -u)

    perl -pi -e 's|\(TIMER_DATA_TYPE\)||g' \
        $(git grep TIMER_DATA_TYPE | cut -d: -f1 | sort -u)

The now unused macros are also dropped from include/linux/timer.h.

Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>treewide: setup_timer() -&gt; timer_setup()</title>
<updated>2017-11-21T23:57:07+00:00</updated>
<author>
<name>Kees Cook</name>
<email>keescook@chromium.org</email>
</author>
<published>2017-10-16T21:43:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e99e88a9d2b067465adaa9c111ada99a041bef9a'/>
<id>e99e88a9d2b067465adaa9c111ada99a041bef9a</id>
<content type='text'>
This converts all remaining cases of the old setup_timer() API into using
timer_setup(), where the callback argument is the structure already
holding the struct timer_list. These should have no behavioral changes,
since they just change which pointer is passed into the callback with
the same available pointers after conversion. It handles the following
examples, in addition to some other variations.

Casting from unsigned long:

    void my_callback(unsigned long data)
    {
        struct something *ptr = (struct something *)data;
    ...
    }
    ...
    setup_timer(&amp;ptr-&gt;my_timer, my_callback, ptr);

and forced object casts:

    void my_callback(struct something *ptr)
    {
    ...
    }
    ...
    setup_timer(&amp;ptr-&gt;my_timer, my_callback, (unsigned long)ptr);

become:

    void my_callback(struct timer_list *t)
    {
        struct something *ptr = from_timer(ptr, t, my_timer);
    ...
    }
    ...
    timer_setup(&amp;ptr-&gt;my_timer, my_callback, 0);

Direct function assignments:

    void my_callback(unsigned long data)
    {
        struct something *ptr = (struct something *)data;
    ...
    }
    ...
    ptr-&gt;my_timer.function = my_callback;

have a temporary cast added, along with converting the args:

    void my_callback(struct timer_list *t)
    {
        struct something *ptr = from_timer(ptr, t, my_timer);
    ...
    }
    ...
    ptr-&gt;my_timer.function = (TIMER_FUNC_TYPE)my_callback;

And finally, callbacks without a data assignment:

    void my_callback(unsigned long data)
    {
    ...
    }
    ...
    setup_timer(&amp;ptr-&gt;my_timer, my_callback, 0);

have their argument renamed to verify they're unused during conversion:

    void my_callback(struct timer_list *unused)
    {
    ...
    }
    ...
    timer_setup(&amp;ptr-&gt;my_timer, my_callback, 0);

The conversion is done with the following Coccinelle script:

spatch --very-quiet --all-includes --include-headers \
	-I ./arch/x86/include -I ./arch/x86/include/generated \
	-I ./include -I ./arch/x86/include/uapi \
	-I ./arch/x86/include/generated/uapi -I ./include/uapi \
	-I ./include/generated/uapi --include ./include/linux/kconfig.h \
	--dir . \
	--cocci-file ~/src/data/timer_setup.cocci

@fix_address_of@
expression e;
@@

 setup_timer(
-&amp;(e)
+&amp;e
 , ...)

// Update any raw setup_timer() usages that have a NULL callback, but
// would otherwise match change_timer_function_usage, since the latter
// will update all function assignments done in the face of a NULL
// function initialization in setup_timer().
@change_timer_function_usage_NULL@
expression _E;
identifier _timer;
type _cast_data;
@@

(
-setup_timer(&amp;_E-&gt;_timer, NULL, _E);
+timer_setup(&amp;_E-&gt;_timer, NULL, 0);
|
-setup_timer(&amp;_E-&gt;_timer, NULL, (_cast_data)_E);
+timer_setup(&amp;_E-&gt;_timer, NULL, 0);
|
-setup_timer(&amp;_E._timer, NULL, &amp;_E);
+timer_setup(&amp;_E._timer, NULL, 0);
|
-setup_timer(&amp;_E._timer, NULL, (_cast_data)&amp;_E);
+timer_setup(&amp;_E._timer, NULL, 0);
)

@change_timer_function_usage@
expression _E;
identifier _timer;
struct timer_list _stl;
identifier _callback;
type _cast_func, _cast_data;
@@

(
-setup_timer(&amp;_E-&gt;_timer, _callback, _E);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E-&gt;_timer, &amp;_callback, _E);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E-&gt;_timer, _callback, (_cast_data)_E);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E-&gt;_timer, &amp;_callback, (_cast_data)_E);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E-&gt;_timer, (_cast_func)_callback, _E);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E-&gt;_timer, (_cast_func)&amp;_callback, _E);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E-&gt;_timer, (_cast_func)_callback, (_cast_data)_E);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E-&gt;_timer, (_cast_func)&amp;_callback, (_cast_data)_E);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, _callback, (_cast_data)_E);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, _callback, (_cast_data)&amp;_E);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, &amp;_callback, (_cast_data)_E);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, &amp;_callback, (_cast_data)&amp;_E);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, (_cast_func)_callback, (_cast_data)_E);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, (_cast_func)_callback, (_cast_data)&amp;_E);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, (_cast_func)&amp;_callback, (_cast_data)_E);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, (_cast_func)&amp;_callback, (_cast_data)&amp;_E);
+timer_setup(&amp;_E._timer, _callback, 0);
|
 _E-&gt;_timer@_stl.function = _callback;
|
 _E-&gt;_timer@_stl.function = &amp;_callback;
|
 _E-&gt;_timer@_stl.function = (_cast_func)_callback;
|
 _E-&gt;_timer@_stl.function = (_cast_func)&amp;_callback;
|
 _E._timer@_stl.function = _callback;
|
 _E._timer@_stl.function = &amp;_callback;
|
 _E._timer@_stl.function = (_cast_func)_callback;
|
 _E._timer@_stl.function = (_cast_func)&amp;_callback;
)

// callback(unsigned long arg)
@change_callback_handle_cast
 depends on change_timer_function_usage@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _origtype;
identifier _origarg;
type _handletype;
identifier _handle;
@@

 void _callback(
-_origtype _origarg
+struct timer_list *t
 )
 {
(
	... when != _origarg
	_handletype *_handle =
-(_handletype *)_origarg;
+from_timer(_handle, t, _timer);
	... when != _origarg
|
	... when != _origarg
	_handletype *_handle =
-(void *)_origarg;
+from_timer(_handle, t, _timer);
	... when != _origarg
|
	... when != _origarg
	_handletype *_handle;
	... when != _handle
	_handle =
-(_handletype *)_origarg;
+from_timer(_handle, t, _timer);
	... when != _origarg
|
	... when != _origarg
	_handletype *_handle;
	... when != _handle
	_handle =
-(void *)_origarg;
+from_timer(_handle, t, _timer);
	... when != _origarg
)
 }

// callback(unsigned long arg) without existing variable
@change_callback_handle_cast_no_arg
 depends on change_timer_function_usage &amp;&amp;
                     !change_callback_handle_cast@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _origtype;
identifier _origarg;
type _handletype;
@@

 void _callback(
-_origtype _origarg
+struct timer_list *t
 )
 {
+	_handletype *_origarg = from_timer(_origarg, t, _timer);
+
	... when != _origarg
-	(_handletype *)_origarg
+	_origarg
	... when != _origarg
 }

// Avoid already converted callbacks.
@match_callback_converted
 depends on change_timer_function_usage &amp;&amp;
            !change_callback_handle_cast &amp;&amp;
	    !change_callback_handle_cast_no_arg@
identifier change_timer_function_usage._callback;
identifier t;
@@

 void _callback(struct timer_list *t)
 { ... }

// callback(struct something *handle)
@change_callback_handle_arg
 depends on change_timer_function_usage &amp;&amp;
	    !match_callback_converted &amp;&amp;
            !change_callback_handle_cast &amp;&amp;
            !change_callback_handle_cast_no_arg@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _handletype;
identifier _handle;
@@

 void _callback(
-_handletype *_handle
+struct timer_list *t
 )
 {
+	_handletype *_handle = from_timer(_handle, t, _timer);
	...
 }

// If change_callback_handle_arg ran on an empty function, remove
// the added handler.
@unchange_callback_handle_arg
 depends on change_timer_function_usage &amp;&amp;
	    change_callback_handle_arg@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _handletype;
identifier _handle;
identifier t;
@@

 void _callback(struct timer_list *t)
 {
-	_handletype *_handle = from_timer(_handle, t, _timer);
 }

// We only want to refactor the setup_timer() data argument if we've found
// the matching callback. This undoes changes in change_timer_function_usage.
@unchange_timer_function_usage
 depends on change_timer_function_usage &amp;&amp;
            !change_callback_handle_cast &amp;&amp;
            !change_callback_handle_cast_no_arg &amp;&amp;
	    !change_callback_handle_arg@
expression change_timer_function_usage._E;
identifier change_timer_function_usage._timer;
identifier change_timer_function_usage._callback;
type change_timer_function_usage._cast_data;
@@

(
-timer_setup(&amp;_E-&gt;_timer, _callback, 0);
+setup_timer(&amp;_E-&gt;_timer, _callback, (_cast_data)_E);
|
-timer_setup(&amp;_E._timer, _callback, 0);
+setup_timer(&amp;_E._timer, _callback, (_cast_data)&amp;_E);
)

// If we fixed a callback from a .function assignment, fix the
// assignment cast now.
@change_timer_function_assignment
 depends on change_timer_function_usage &amp;&amp;
            (change_callback_handle_cast ||
             change_callback_handle_cast_no_arg ||
             change_callback_handle_arg)@
expression change_timer_function_usage._E;
identifier change_timer_function_usage._timer;
identifier change_timer_function_usage._callback;
type _cast_func;
typedef TIMER_FUNC_TYPE;
@@

(
 _E-&gt;_timer.function =
-_callback
+(TIMER_FUNC_TYPE)_callback
 ;
|
 _E-&gt;_timer.function =
-&amp;_callback
+(TIMER_FUNC_TYPE)_callback
 ;
|
 _E-&gt;_timer.function =
-(_cast_func)_callback;
+(TIMER_FUNC_TYPE)_callback
 ;
|
 _E-&gt;_timer.function =
-(_cast_func)&amp;_callback
+(TIMER_FUNC_TYPE)_callback
 ;
|
 _E._timer.function =
-_callback
+(TIMER_FUNC_TYPE)_callback
 ;
|
 _E._timer.function =
-&amp;_callback;
+(TIMER_FUNC_TYPE)_callback
 ;
|
 _E._timer.function =
-(_cast_func)_callback
+(TIMER_FUNC_TYPE)_callback
 ;
|
 _E._timer.function =
-(_cast_func)&amp;_callback
+(TIMER_FUNC_TYPE)_callback
 ;
)

// Sometimes timer functions are called directly. Replace matched args.
@change_timer_function_calls
 depends on change_timer_function_usage &amp;&amp;
            (change_callback_handle_cast ||
             change_callback_handle_cast_no_arg ||
             change_callback_handle_arg)@
expression _E;
identifier change_timer_function_usage._timer;
identifier change_timer_function_usage._callback;
type _cast_data;
@@

 _callback(
(
-(_cast_data)_E
+&amp;_E-&gt;_timer
|
-(_cast_data)&amp;_E
+&amp;_E._timer
|
-_E
+&amp;_E-&gt;_timer
)
 )

// If a timer has been configured without a data argument, it can be
// converted without regard to the callback argument, since it is unused.
@match_timer_function_unused_data@
expression _E;
identifier _timer;
identifier _callback;
@@

(
-setup_timer(&amp;_E-&gt;_timer, _callback, 0);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E-&gt;_timer, _callback, 0L);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E-&gt;_timer, _callback, 0UL);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, _callback, 0);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, _callback, 0L);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, _callback, 0UL);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_timer, _callback, 0);
+timer_setup(&amp;_timer, _callback, 0);
|
-setup_timer(&amp;_timer, _callback, 0L);
+timer_setup(&amp;_timer, _callback, 0);
|
-setup_timer(&amp;_timer, _callback, 0UL);
+timer_setup(&amp;_timer, _callback, 0);
|
-setup_timer(_timer, _callback, 0);
+timer_setup(_timer, _callback, 0);
|
-setup_timer(_timer, _callback, 0L);
+timer_setup(_timer, _callback, 0);
|
-setup_timer(_timer, _callback, 0UL);
+timer_setup(_timer, _callback, 0);
)

@change_callback_unused_data
 depends on match_timer_function_unused_data@
identifier match_timer_function_unused_data._callback;
type _origtype;
identifier _origarg;
@@

 void _callback(
-_origtype _origarg
+struct timer_list *unused
 )
 {
	... when != _origarg
 }

Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This converts all remaining cases of the old setup_timer() API into using
timer_setup(), where the callback argument is the structure already
holding the struct timer_list. These should have no behavioral changes,
since they just change which pointer is passed into the callback with
the same available pointers after conversion. It handles the following
examples, in addition to some other variations.

Casting from unsigned long:

    void my_callback(unsigned long data)
    {
        struct something *ptr = (struct something *)data;
    ...
    }
    ...
    setup_timer(&amp;ptr-&gt;my_timer, my_callback, ptr);

and forced object casts:

    void my_callback(struct something *ptr)
    {
    ...
    }
    ...
    setup_timer(&amp;ptr-&gt;my_timer, my_callback, (unsigned long)ptr);

become:

    void my_callback(struct timer_list *t)
    {
        struct something *ptr = from_timer(ptr, t, my_timer);
    ...
    }
    ...
    timer_setup(&amp;ptr-&gt;my_timer, my_callback, 0);

Direct function assignments:

    void my_callback(unsigned long data)
    {
        struct something *ptr = (struct something *)data;
    ...
    }
    ...
    ptr-&gt;my_timer.function = my_callback;

have a temporary cast added, along with converting the args:

    void my_callback(struct timer_list *t)
    {
        struct something *ptr = from_timer(ptr, t, my_timer);
    ...
    }
    ...
    ptr-&gt;my_timer.function = (TIMER_FUNC_TYPE)my_callback;

And finally, callbacks without a data assignment:

    void my_callback(unsigned long data)
    {
    ...
    }
    ...
    setup_timer(&amp;ptr-&gt;my_timer, my_callback, 0);

have their argument renamed to verify they're unused during conversion:

    void my_callback(struct timer_list *unused)
    {
    ...
    }
    ...
    timer_setup(&amp;ptr-&gt;my_timer, my_callback, 0);

The conversion is done with the following Coccinelle script:

spatch --very-quiet --all-includes --include-headers \
	-I ./arch/x86/include -I ./arch/x86/include/generated \
	-I ./include -I ./arch/x86/include/uapi \
	-I ./arch/x86/include/generated/uapi -I ./include/uapi \
	-I ./include/generated/uapi --include ./include/linux/kconfig.h \
	--dir . \
	--cocci-file ~/src/data/timer_setup.cocci

@fix_address_of@
expression e;
@@

 setup_timer(
-&amp;(e)
+&amp;e
 , ...)

// Update any raw setup_timer() usages that have a NULL callback, but
// would otherwise match change_timer_function_usage, since the latter
// will update all function assignments done in the face of a NULL
// function initialization in setup_timer().
@change_timer_function_usage_NULL@
expression _E;
identifier _timer;
type _cast_data;
@@

(
-setup_timer(&amp;_E-&gt;_timer, NULL, _E);
+timer_setup(&amp;_E-&gt;_timer, NULL, 0);
|
-setup_timer(&amp;_E-&gt;_timer, NULL, (_cast_data)_E);
+timer_setup(&amp;_E-&gt;_timer, NULL, 0);
|
-setup_timer(&amp;_E._timer, NULL, &amp;_E);
+timer_setup(&amp;_E._timer, NULL, 0);
|
-setup_timer(&amp;_E._timer, NULL, (_cast_data)&amp;_E);
+timer_setup(&amp;_E._timer, NULL, 0);
)

@change_timer_function_usage@
expression _E;
identifier _timer;
struct timer_list _stl;
identifier _callback;
type _cast_func, _cast_data;
@@

(
-setup_timer(&amp;_E-&gt;_timer, _callback, _E);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E-&gt;_timer, &amp;_callback, _E);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E-&gt;_timer, _callback, (_cast_data)_E);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E-&gt;_timer, &amp;_callback, (_cast_data)_E);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E-&gt;_timer, (_cast_func)_callback, _E);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E-&gt;_timer, (_cast_func)&amp;_callback, _E);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E-&gt;_timer, (_cast_func)_callback, (_cast_data)_E);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E-&gt;_timer, (_cast_func)&amp;_callback, (_cast_data)_E);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, _callback, (_cast_data)_E);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, _callback, (_cast_data)&amp;_E);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, &amp;_callback, (_cast_data)_E);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, &amp;_callback, (_cast_data)&amp;_E);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, (_cast_func)_callback, (_cast_data)_E);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, (_cast_func)_callback, (_cast_data)&amp;_E);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, (_cast_func)&amp;_callback, (_cast_data)_E);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, (_cast_func)&amp;_callback, (_cast_data)&amp;_E);
+timer_setup(&amp;_E._timer, _callback, 0);
|
 _E-&gt;_timer@_stl.function = _callback;
|
 _E-&gt;_timer@_stl.function = &amp;_callback;
|
 _E-&gt;_timer@_stl.function = (_cast_func)_callback;
|
 _E-&gt;_timer@_stl.function = (_cast_func)&amp;_callback;
|
 _E._timer@_stl.function = _callback;
|
 _E._timer@_stl.function = &amp;_callback;
|
 _E._timer@_stl.function = (_cast_func)_callback;
|
 _E._timer@_stl.function = (_cast_func)&amp;_callback;
)

// callback(unsigned long arg)
@change_callback_handle_cast
 depends on change_timer_function_usage@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _origtype;
identifier _origarg;
type _handletype;
identifier _handle;
@@

 void _callback(
-_origtype _origarg
+struct timer_list *t
 )
 {
(
	... when != _origarg
	_handletype *_handle =
-(_handletype *)_origarg;
+from_timer(_handle, t, _timer);
	... when != _origarg
|
	... when != _origarg
	_handletype *_handle =
-(void *)_origarg;
+from_timer(_handle, t, _timer);
	... when != _origarg
|
	... when != _origarg
	_handletype *_handle;
	... when != _handle
	_handle =
-(_handletype *)_origarg;
+from_timer(_handle, t, _timer);
	... when != _origarg
|
	... when != _origarg
	_handletype *_handle;
	... when != _handle
	_handle =
-(void *)_origarg;
+from_timer(_handle, t, _timer);
	... when != _origarg
)
 }

// callback(unsigned long arg) without existing variable
@change_callback_handle_cast_no_arg
 depends on change_timer_function_usage &amp;&amp;
                     !change_callback_handle_cast@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _origtype;
identifier _origarg;
type _handletype;
@@

 void _callback(
-_origtype _origarg
+struct timer_list *t
 )
 {
+	_handletype *_origarg = from_timer(_origarg, t, _timer);
+
	... when != _origarg
-	(_handletype *)_origarg
+	_origarg
	... when != _origarg
 }

// Avoid already converted callbacks.
@match_callback_converted
 depends on change_timer_function_usage &amp;&amp;
            !change_callback_handle_cast &amp;&amp;
	    !change_callback_handle_cast_no_arg@
identifier change_timer_function_usage._callback;
identifier t;
@@

 void _callback(struct timer_list *t)
 { ... }

// callback(struct something *handle)
@change_callback_handle_arg
 depends on change_timer_function_usage &amp;&amp;
	    !match_callback_converted &amp;&amp;
            !change_callback_handle_cast &amp;&amp;
            !change_callback_handle_cast_no_arg@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _handletype;
identifier _handle;
@@

 void _callback(
-_handletype *_handle
+struct timer_list *t
 )
 {
+	_handletype *_handle = from_timer(_handle, t, _timer);
	...
 }

// If change_callback_handle_arg ran on an empty function, remove
// the added handler.
@unchange_callback_handle_arg
 depends on change_timer_function_usage &amp;&amp;
	    change_callback_handle_arg@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _handletype;
identifier _handle;
identifier t;
@@

 void _callback(struct timer_list *t)
 {
-	_handletype *_handle = from_timer(_handle, t, _timer);
 }

// We only want to refactor the setup_timer() data argument if we've found
// the matching callback. This undoes changes in change_timer_function_usage.
@unchange_timer_function_usage
 depends on change_timer_function_usage &amp;&amp;
            !change_callback_handle_cast &amp;&amp;
            !change_callback_handle_cast_no_arg &amp;&amp;
	    !change_callback_handle_arg@
expression change_timer_function_usage._E;
identifier change_timer_function_usage._timer;
identifier change_timer_function_usage._callback;
type change_timer_function_usage._cast_data;
@@

(
-timer_setup(&amp;_E-&gt;_timer, _callback, 0);
+setup_timer(&amp;_E-&gt;_timer, _callback, (_cast_data)_E);
|
-timer_setup(&amp;_E._timer, _callback, 0);
+setup_timer(&amp;_E._timer, _callback, (_cast_data)&amp;_E);
)

// If we fixed a callback from a .function assignment, fix the
// assignment cast now.
@change_timer_function_assignment
 depends on change_timer_function_usage &amp;&amp;
            (change_callback_handle_cast ||
             change_callback_handle_cast_no_arg ||
             change_callback_handle_arg)@
expression change_timer_function_usage._E;
identifier change_timer_function_usage._timer;
identifier change_timer_function_usage._callback;
type _cast_func;
typedef TIMER_FUNC_TYPE;
@@

(
 _E-&gt;_timer.function =
-_callback
+(TIMER_FUNC_TYPE)_callback
 ;
|
 _E-&gt;_timer.function =
-&amp;_callback
+(TIMER_FUNC_TYPE)_callback
 ;
|
 _E-&gt;_timer.function =
-(_cast_func)_callback;
+(TIMER_FUNC_TYPE)_callback
 ;
|
 _E-&gt;_timer.function =
-(_cast_func)&amp;_callback
+(TIMER_FUNC_TYPE)_callback
 ;
|
 _E._timer.function =
-_callback
+(TIMER_FUNC_TYPE)_callback
 ;
|
 _E._timer.function =
-&amp;_callback;
+(TIMER_FUNC_TYPE)_callback
 ;
|
 _E._timer.function =
-(_cast_func)_callback
+(TIMER_FUNC_TYPE)_callback
 ;
|
 _E._timer.function =
-(_cast_func)&amp;_callback
+(TIMER_FUNC_TYPE)_callback
 ;
)

// Sometimes timer functions are called directly. Replace matched args.
@change_timer_function_calls
 depends on change_timer_function_usage &amp;&amp;
            (change_callback_handle_cast ||
             change_callback_handle_cast_no_arg ||
             change_callback_handle_arg)@
expression _E;
identifier change_timer_function_usage._timer;
identifier change_timer_function_usage._callback;
type _cast_data;
@@

 _callback(
(
-(_cast_data)_E
+&amp;_E-&gt;_timer
|
-(_cast_data)&amp;_E
+&amp;_E._timer
|
-_E
+&amp;_E-&gt;_timer
)
 )

// If a timer has been configured without a data argument, it can be
// converted without regard to the callback argument, since it is unused.
@match_timer_function_unused_data@
expression _E;
identifier _timer;
identifier _callback;
@@

(
-setup_timer(&amp;_E-&gt;_timer, _callback, 0);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E-&gt;_timer, _callback, 0L);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E-&gt;_timer, _callback, 0UL);
+timer_setup(&amp;_E-&gt;_timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, _callback, 0);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, _callback, 0L);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_E._timer, _callback, 0UL);
+timer_setup(&amp;_E._timer, _callback, 0);
|
-setup_timer(&amp;_timer, _callback, 0);
+timer_setup(&amp;_timer, _callback, 0);
|
-setup_timer(&amp;_timer, _callback, 0L);
+timer_setup(&amp;_timer, _callback, 0);
|
-setup_timer(&amp;_timer, _callback, 0UL);
+timer_setup(&amp;_timer, _callback, 0);
|
-setup_timer(_timer, _callback, 0);
+timer_setup(_timer, _callback, 0);
|
-setup_timer(_timer, _callback, 0L);
+timer_setup(_timer, _callback, 0);
|
-setup_timer(_timer, _callback, 0UL);
+timer_setup(_timer, _callback, 0);
)

@change_callback_unused_data
 depends on match_timer_function_unused_data@
identifier match_timer_function_unused_data._callback;
type _origtype;
identifier _origarg;
@@

 void _callback(
-_origtype _origarg
+struct timer_list *unused
 )
 {
	... when != _origarg
 }

Signed-off-by: Kees Cook &lt;keescook@chromium.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>qtnfmac: pass all CONNECT cmd params to wireless card for processing</title>
<updated>2017-11-10T02:30:58+00:00</updated>
<author>
<name>Igor Mitsyanko</name>
<email>igor.mitsyanko.os@quantenna.com</email>
</author>
<published>2017-10-31T01:04:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c9889671736cbc6324aa31cffab5fed0e3f74a2f'/>
<id>c9889671736cbc6324aa31cffab5fed0e3f74a2f</id>
<content type='text'>
Specifically, following parameters are needed for wireless device
configuration but were not available to it before:
- HT/VHT capabilities and capabilities masks.
- full channel info (not just IEEE number)
- BSSID hint
- previous BSSID for reassoc request

Move Management Frame Protection setting from common encr info
structure into STA-specific .connect command parameters.

Make sure that all new qlink structure definitions are alignment-safe.

Signed-off-by: Igor Mitsyanko &lt;igor.mitsyanko.os@quantenna.com&gt;
Reviewed-by: Sergey Matyukevich &lt;sergey.matyukevich.os@quantenna.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Specifically, following parameters are needed for wireless device
configuration but were not available to it before:
- HT/VHT capabilities and capabilities masks.
- full channel info (not just IEEE number)
- BSSID hint
- previous BSSID for reassoc request

Move Management Frame Protection setting from common encr info
structure into STA-specific .connect command parameters.

Make sure that all new qlink structure definitions are alignment-safe.

Signed-off-by: Igor Mitsyanko &lt;igor.mitsyanko.os@quantenna.com&gt;
Reviewed-by: Sergey Matyukevich &lt;sergey.matyukevich.os@quantenna.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>qtnfmac: include HTCAP and VHTCAP into config AP command</title>
<updated>2017-11-10T02:30:58+00:00</updated>
<author>
<name>Igor Mitsyanko</name>
<email>igor.mitsyanko.os@quantenna.com</email>
</author>
<published>2017-10-31T01:04:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a3945f43761c3e15bebe56e5eb5674caf00f0d32'/>
<id>a3945f43761c3e15bebe56e5eb5674caf00f0d32</id>
<content type='text'>
Include HT/VHT caps directly into command so that they won't have
to be searched for in IEs.

Signed-off-by: Igor Mitsyanko &lt;igor.mitsyanko.os@quantenna.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Include HT/VHT caps directly into command so that they won't have
to be searched for in IEs.

Signed-off-by: Igor Mitsyanko &lt;igor.mitsyanko.os@quantenna.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>qtnfmac: configure and start AP interface with a single command</title>
<updated>2017-11-10T02:30:57+00:00</updated>
<author>
<name>Igor Mitsyanko</name>
<email>igor.mitsyanko.os@quantenna.com</email>
</author>
<published>2017-10-31T01:04:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=17011da0b8f079b1f6458893d4140cf65a265536'/>
<id>17011da0b8f079b1f6458893d4140cf65a265536</id>
<content type='text'>
Current logic artificially divides "start AP" procedure into three
stages:
- generic interface configuration (security, channel etc)
- IE's processing
- enable AP mode on interface

This separation would not allow to do a proper device configuration as
first stage needs to use information from IEs that are processed on
a second stage. Which means first and second stages have to be meged.
In that case there is no point anymore to keep third stage either, so
merge all three into a single command.

This new command carries all the same info as contained in
"struct cfg80211_ap_settings".

Signed-off-by: Igor Mitsyanko &lt;igor.mitsyanko.os@quantenna.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Current logic artificially divides "start AP" procedure into three
stages:
- generic interface configuration (security, channel etc)
- IE's processing
- enable AP mode on interface

This separation would not allow to do a proper device configuration as
first stage needs to use information from IEs that are processed on
a second stage. Which means first and second stages have to be meged.
In that case there is no point anymore to keep third stage either, so
merge all three into a single command.

This new command carries all the same info as contained in
"struct cfg80211_ap_settings".

Signed-off-by: Igor Mitsyanko &lt;igor.mitsyanko.os@quantenna.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>qtnfmac: convert "Append IEs" command to QTN_TLV_ID_IE_SET usage</title>
<updated>2017-11-10T02:30:57+00:00</updated>
<author>
<name>Igor Mitsyanko</name>
<email>igor.mitsyanko.os@quantenna.com</email>
</author>
<published>2017-10-31T01:04:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4d1f0fabdc4515db1b57da2dfdfdeb931cd49e92'/>
<id>4d1f0fabdc4515db1b57da2dfdfdeb931cd49e92</id>
<content type='text'>
Data contained within "Append IEs" command (QLINK_CMD_MGMT_SET_APPIE)
duplicates QTN_TLV_ID_IE_SET TLV. Convert the command to use that TLV
instead.

Signed-off-by: Igor Mitsyanko &lt;igor.mitsyanko.os@quantenna.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Data contained within "Append IEs" command (QLINK_CMD_MGMT_SET_APPIE)
duplicates QTN_TLV_ID_IE_SET TLV. Convert the command to use that TLV
instead.

Signed-off-by: Igor Mitsyanko &lt;igor.mitsyanko.os@quantenna.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>qtnfmac: SCAN results: retreive frame type information from "IE set" TLV</title>
<updated>2017-11-10T02:30:56+00:00</updated>
<author>
<name>Igor Mitsyanko</name>
<email>igor.mitsyanko.os@quantenna.com</email>
</author>
<published>2017-10-31T01:04:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=5face518d4467868e7a82a321955236b2bb65bdc'/>
<id>5face518d4467868e7a82a321955236b2bb65bdc</id>
<content type='text'>
"IE set" TLV carries the same information as
qlink_event_scan_result::frame_type. Convert the event to make use of
TLV and drop frame_type member.
While at it, make qlink_event_scan_result structure alignement-safe.

Signed-off-by: Igor Mitsyanko &lt;igor.mitsyanko.os@quantenna.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
"IE set" TLV carries the same information as
qlink_event_scan_result::frame_type. Convert the event to make use of
TLV and drop frame_type member.
While at it, make qlink_event_scan_result structure alignement-safe.

Signed-off-by: Igor Mitsyanko &lt;igor.mitsyanko.os@quantenna.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>qtnfmac: extend "IE set" TLV to include frame type info</title>
<updated>2017-11-10T02:30:56+00:00</updated>
<author>
<name>Igor Mitsyanko</name>
<email>igor.mitsyanko.os@quantenna.com</email>
</author>
<published>2017-10-31T01:04:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=18b7470f92dfbea3e5ef82cab70edfc559d46735'/>
<id>18b7470f92dfbea3e5ef82cab70edfc559d46735</id>
<content type='text'>
Specifying frame type for "IE set" TLV will allow to use several
TLVs in a single message.
Modify users accordingly.

Signed-off-by: Igor Mitsyanko &lt;igor.mitsyanko.os@quantenna.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Specifying frame type for "IE set" TLV will allow to use several
TLVs in a single message.
Modify users accordingly.

Signed-off-by: Igor Mitsyanko &lt;igor.mitsyanko.os@quantenna.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>qtnfmac: get rid of PHYMODE capabilities flags</title>
<updated>2017-11-10T02:30:55+00:00</updated>
<author>
<name>Igor Mitsyanko</name>
<email>igor.mitsyanko.os@quantenna.com</email>
</author>
<published>2017-10-31T01:04:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=d1398b5b34cca945cadf75f29833785cf6a675b1'/>
<id>d1398b5b34cca945cadf75f29833785cf6a675b1</id>
<content type='text'>
Supported WiFi operation modes are now identified per-band based on
HT/VHT capabilities of each band.

Signed-off-by: Igor Mitsyanko &lt;igor.mitsyanko.os@quantenna.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Supported WiFi operation modes are now identified per-band based on
HT/VHT capabilities of each band.

Signed-off-by: Igor Mitsyanko &lt;igor.mitsyanko.os@quantenna.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>qtnfmac: initialize HT/VHT caps "can override" masks</title>
<updated>2017-11-10T02:30:55+00:00</updated>
<author>
<name>Igor Mitsyanko</name>
<email>igor.mitsyanko.os@quantenna.com</email>
</author>
<published>2017-10-31T01:04:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=d42df85f7d853ae155d7708cc57118a0d6925d4f'/>
<id>d42df85f7d853ae155d7708cc57118a0d6925d4f</id>
<content type='text'>
Information on which HT/VHT capabilities can be overridden is reported
per-MAC by wireless device.

Signed-off-by: Igor Mitsyanko &lt;igor.mitsyanko.os@quantenna.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Information on which HT/VHT capabilities can be overridden is reported
per-MAC by wireless device.

Signed-off-by: Igor Mitsyanko &lt;igor.mitsyanko.os@quantenna.com&gt;
Signed-off-by: Kalle Valo &lt;kvalo@codeaurora.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
