Accueil Explorer Aide
Connexion
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

qcacmn: fix mon vap RX skb size issues

1) for raw mode, drop frames with invalid size
2) for non-raw mode, fixed issue that
frag list data_len's not properly calculated

The length issues will introduce kernel issues
during skb_linearize() at upper OS network stack layer.

Symptoms:
1)
WARNING: at net/core/skbuff.c:1782
PC is at skb_copy_bits+0x1b8/0x230

2)
kernel BU at net/core/skbuff.c:1615!
PC is at __pskb_pull_tail+0x70/0x2e4

CRs-fixed: 2188754

Change-Id: I848ec976cd922708ffd02d8272ea5a6f3bce2a00
Neil Zhao il y a 7 ans
Parent
4ca1bf63ba
commit
0bd967d021
3 fichiers modifiés avec 14 ajouts et 2 suppressions
Vue séparée Afficher les stats Diff
  1. 2 0
      dp/inc/cdp_txrx_stats_struct.h
  2. 2 0
      dp/wifi3.0/dp_main.c
  3. 10 2
      dp/wifi3.0/dp_rx_mon_dest.c

+ 2 - 0
dp/inc/cdp_txrx_stats_struct.h
Voir le fichier 

@@ -742,6 +742,8 @@ struct cdp_pdev_stats {
 
 		uint32_t mec;
 
 		/* Mesh Filtered packets */
 
 		uint32_t mesh_filter;
 
+		/* packets dropped on monitor vap */
 
+		uint32_t mon_rx_drop;
 
 	} dropped;
 
 
 	struct {

+ 2 - 0
dp/wifi3.0/dp_main.c
Voir le fichier 

@@ -4800,6 +4800,8 @@ dp_print_pdev_rx_stats(struct dp_pdev *pdev)
 
 	DP_PRINT_STATS("Dropped:");
 
 	DP_PRINT_STATS("	msdu_not_done = %d",
 
 			pdev->stats.dropped.msdu_not_done);
 
+	DP_PRINT_STATS("        mon_rx_drop = %d",
 
+			pdev->stats.dropped.mon_rx_drop);
 
 	DP_PRINT_STATS("Sent To Stack:");
 
 	DP_PRINT_STATS("	Packets = %d",
 
 			pdev->stats.rx.to_stack.num);

+ 10 - 2
dp/wifi3.0/dp_rx_mon_dest.c
Voir le fichier 

@@ -26,6 +26,7 @@
 
 #include "hal_api_mon.h"
 
 #include "dp_rx_mon.h"
 
 #include "wlan_cfg.h"
 
+#include "dp_internal.h"
 
 
 /**
 
  * dp_rx_mon_link_desc_return() - Return a MPDU link descriptor to HW
 
@@ -374,7 +375,8 @@ qdf_nbuf_t dp_rx_mon_restitch_mpdu_from_msdus(struct dp_soc *soc,
 
 	if (HAL_RX_DESC_GET_MPDU_LENGTH_ERR(rx_desc)) {
 
 		/* It looks like there is some issue on MPDU len err */
 
 		/* Need further investigate if drop the packet */
 
-		/* return NULL; */
 
+		DP_STATS_INC(dp_pdev, dropped.mon_rx_drop, 1);
 
+		return NULL;
 
 	}
 
 
 	rx_desc = qdf_nbuf_data(last_msdu);
 
@@ -439,6 +441,11 @@ qdf_nbuf_t dp_rx_mon_restitch_mpdu_from_msdus(struct dp_soc *soc,
 
 
 		/* If there were more fragments to this RAW frame */
 
 		if (head_frag_list) {
 
+			if (frag_list_sum_len <
 
+				sizeof(struct ieee80211_frame_min_one)) {
 
+				DP_STATS_INC(dp_pdev, dropped.mon_rx_drop, 1);
 
+				return NULL;
 
+			}
 
 			frag_list_sum_len -= HAL_RX_FCS_LEN;
 
 			qdf_nbuf_append_ext_list(mpdu_buf, head_frag_list,
 
 				frag_list_sum_len);
 
@@ -535,7 +542,6 @@ qdf_nbuf_t dp_rx_mon_restitch_mpdu_from_msdus(struct dp_soc *soc,
 
 
 	/* The first LLC len is copied into the MPDU buffer */
 
 	frag_list_sum_len = 0;
 
-	frag_list_sum_len -= msdu_llc_len;
 
 
 	msdu_orig = head_msdu;
 
 	is_first_frag = 1;
 
@@ -599,6 +605,8 @@ qdf_nbuf_t dp_rx_mon_restitch_mpdu_from_msdus(struct dp_soc *soc,
 
 	frag_list_sum_len += HAL_RX_FCS_LEN;
 
 #endif
 
 
+	frag_list_sum_len -= msdu_llc_len;
 
+
 
 	/* TODO: Convert this to suitable adf routines */
 
 	qdf_nbuf_append_ext_list(mpdu_buf, head_frag_list,
 
 			frag_list_sum_len);