Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

qcacld-3.0: Sanitize the session id before issuing scan

Ensure that the session id is sanitized before issuing
the scan request. During the transient stages of a new
interface when no session exists for that interface and
if a scan is received for that particular interface, it
would result in scan with invalid vdev id. Validate the
session id to avoid the same.

Change-Id: Ib22262493a141491d1d86ae682b14113d303685d
CRs-Fixed: 973773
Chandrasekaran, Manishekar 9 years ago
parent
41ab6b0036
commit
2859de43af
3 changed files with 38 additions and 0 deletions
Split View Show Diff Stats
  1. 3 0
      core/hdd/src/wlan_hdd_scan.c
  2. 2 0
      core/sme/inc/sme_api.h
  3. 33 0
      core/sme/src/common/sme_api.c

+ 3 - 0
core/hdd/src/wlan_hdd_scan.c
View File 

@@ -1254,6 +1254,9 @@ static int __wlan_hdd_cfg80211_scan(struct wiphy *wiphy,
 
 			 TRACE_CODE_HDD_CFG80211_SCAN,
 
 			 pAdapter->sessionId, request->n_channels));
 
 
+	if (!sme_is_session_id_valid(pHddCtx->hHal, pAdapter->sessionId))
 
+		return -EINVAL;
 
+
 
 	hddLog(LOG1, FL("Device_mode %s(%d)"),
 
 		hdd_device_mode_to_string(pAdapter->device_mode),
 
 		pAdapter->device_mode);

+ 2 - 0
core/sme/inc/sme_api.h
View File 

@@ -1042,6 +1042,8 @@ bool sme_validate_sap_channel_switch(tHalHandle hal,
 
 		uint16_t sap_ch, eCsrPhyMode sap_phy_mode,
 
 		uint8_t cc_switch_mode, uint8_t session_id);
 
 
+bool sme_is_session_id_valid(tHalHandle hal, uint32_t session_id);
 
+
 
 #ifdef FEATURE_WLAN_TDLS
 
 void sme_get_opclass(tHalHandle hal, uint8_t channel, uint8_t bw_offset,
 
 		uint8_t *opclass);

+ 33 - 0
core/sme/src/common/sme_api.c
View File 

@@ -2959,6 +2959,13 @@ QDF_STATUS sme_scan_request(tHalHandle hal, uint8_t session_id,
 
 	MTRACE(qdf_trace(QDF_MODULE_ID_SME,
 
 		 TRACE_CODE_SME_RX_HDD_MSG_SCAN_REQ, session_id,
 
 		 scan_req->scanType));
 
+
 
+	if (!CSR_IS_SESSION_VALID(mac_ctx, session_id)) {
 
+		sms_log(mac_ctx, LOGE, FL("Invalid session id:%d"),
 
+				session_id);
 
+		return status;
 
+	}
 
+
 
 	if (!mac_ctx->scan.fScanEnable) {
 
 		sms_log(mac_ctx, LOGE, FL("fScanEnable false"));
 
 		return status;
 
@@ -14785,6 +14792,32 @@ void sme_update_tgt_services(tHalHandle hal, struct wma_tgt_services *cfg)
 
 	return;
 
 }
 
 
+/**
 
+ * sme_is_session_id_valid() - Check if the session id is valid
 
+ * @hal: Pointer to HAL
 
+ * @session_id: Session id
 
+ *
 
+ * Checks if the session id is valid or not
 
+ *
 
+ * Return: True is the session id is valid, false otherwise
 
+ */
 
+bool sme_is_session_id_valid(tHalHandle hal, uint32_t session_id)
 
+{
 
+	tpAniSirGlobal mac = PMAC_STRUCT(hal);
 
+	if (!mac) {
 
+		sms_log(mac, LOGE, FL("null mac pointer"));
 
+		return false;
 
+	}
 
+
 
+	if (CSR_IS_SESSION_VALID(mac, session_id)) {
 
+		return true;
 
+	} else {
 
+		sms_log(mac, LOGE,
 
+			FL("invalid session id:%d"), session_id);
 
+		return false;
 
+	}
 
+}
 
+
 
 #ifdef FEATURE_WLAN_TDLS
 
 
 /**