From 2ee149738c121480b1c55aacabb173406fd39ae4 Mon Sep 17 00:00:00 2001 From: Bala Venkatesh Date: Wed, 20 Feb 2019 20:48:03 +0530 Subject: [PATCH] qcacld-3.0: Remove vdev chk_frame structure Chk frame member of the tdls_mgmt_req is declared locally inside of the local function wlan_cfg80211_tdls_mgmt and address is copied in the mgmt request, and posted to scheduler thread. But, the validity of the chk frame variable is lost once returned from the wlan_cfg80211_tdls_mgmt function. And the chk_frame is used when processing the tdls_mgmt_req in scheduler thread. And the stale data of chk_frame can be used. Hence, make the chk_frame as a variable instead pointer inside tdls_action_frame_request request. Change-Id: Ib2a8a81e8f6db5550b1d0abee31d9f7ea5dacd9b CRs-Fixed: 2402124 --- .../tdls/core/src/wlan_tdls_cmds_process.c | 19 ++++++-------- components/tdls/core/src/wlan_tdls_mgmt.c | 6 ++--- .../dispatcher/inc/wlan_tdls_public_structs.h | 8 ++---- os_if/tdls/src/wlan_cfg80211_tdls.c | 25 ++++++------------- 4 files changed, 20 insertions(+), 38 deletions(-) diff --git a/components/tdls/core/src/wlan_tdls_cmds_process.c b/components/tdls/core/src/wlan_tdls_cmds_process.c index c34494ad0d..2337eb70f0 100644 --- a/components/tdls/core/src/wlan_tdls_cmds_process.c +++ b/components/tdls/core/src/wlan_tdls_cmds_process.c @@ -659,8 +659,7 @@ static int tdls_validate_setup_frames(struct tdls_soc_priv_obj *tdls_soc, tdls_soc->connected_peer_count, tdls_soc->max_num_tdls_sta); - tdls_validate->max_sta_failed = -EPERM; - return 0; + return -EPERM; } int tdls_validate_mgmt_request(struct tdls_action_frame_request *tdls_mgmt_req) @@ -672,13 +671,11 @@ int tdls_validate_mgmt_request(struct tdls_action_frame_request *tdls_mgmt_req) QDF_STATUS status; uint8_t vdev_id; + struct wlan_objmgr_vdev *vdev = tdls_mgmt_req->vdev; struct tdls_validate_action_req *tdls_validate = - tdls_mgmt_req->chk_frame; + &tdls_mgmt_req->chk_frame; - if (!tdls_validate || !tdls_validate->vdev) - return -EINVAL; - - if (QDF_STATUS_SUCCESS != tdls_get_vdev_objects(tdls_validate->vdev, + if (QDF_STATUS_SUCCESS != tdls_get_vdev_objects(vdev, &tdls_vdev, &tdls_soc)) return -ENOTSUPP; @@ -687,15 +684,15 @@ int tdls_validate_mgmt_request(struct tdls_action_frame_request *tdls_mgmt_req) * STA or P2P client should be connected and authenticated before * sending any TDLS frames */ - if (!tdls_is_vdev_connected(tdls_validate->vdev) || - !tdls_is_vdev_authenticated(tdls_validate->vdev)) { + if (!tdls_is_vdev_connected(vdev) || + !tdls_is_vdev_authenticated(vdev)) { tdls_err("STA is not connected or not authenticated."); return -EAGAIN; } /* other than teardown frame, mgmt frames are not sent if disabled */ if (TDLS_TEARDOWN != tdls_validate->action_code) { - if (!tdls_check_is_tdls_allowed(tdls_validate->vdev)) { + if (!tdls_check_is_tdls_allowed(vdev)) { tdls_err("TDLS not allowed, reject MGMT, action = %d", tdls_validate->action_code); return -EPERM; @@ -730,7 +727,7 @@ int tdls_validate_mgmt_request(struct tdls_action_frame_request *tdls_mgmt_req) } /* call hdd_wmm_is_acm_allowed() */ - vdev_id = wlan_vdev_get_id(tdls_validate->vdev); + vdev_id = wlan_vdev_get_id(vdev); if (!tdls_soc->tdls_wmm_cb(vdev_id)) { tdls_debug("admission ctrl set to VI, send the frame with least AC (BK) for action %d", tdls_validate->action_code); diff --git a/components/tdls/core/src/wlan_tdls_mgmt.c b/components/tdls/core/src/wlan_tdls_mgmt.c index a19984defd..c3d3cb6ba4 100644 --- a/components/tdls/core/src/wlan_tdls_mgmt.c +++ b/components/tdls/core/src/wlan_tdls_mgmt.c @@ -319,7 +319,7 @@ static QDF_STATUS tdls_activate_send_mgmt_request( release_cmd: /*update tdls nss infornation based on action code */ - tdls_reset_nss(tdls_soc_obj, action_req->chk_frame->action_code); + tdls_reset_nss(tdls_soc_obj, action_req->chk_frame.action_code); if (QDF_IS_STATUS_ERROR(status)) { tdls_internal_send_mgmt_tx_done(action_req, status); tdls_release_serialization_command(action_req->vdev, @@ -397,9 +397,9 @@ QDF_STATUS tdls_process_mgmt_req( * after the cmd validation */ tdls_mgmt_req->tdls_mgmt.responder = - !tdls_mgmt_req->chk_frame->responder; + !tdls_mgmt_req->chk_frame.responder; tdls_mgmt_req->tdls_mgmt.status_code = - tdls_mgmt_req->chk_frame->status_code; + tdls_mgmt_req->chk_frame.status_code; cmd.cmd_type = WLAN_SER_CMD_TDLS_SEND_MGMT; /* Cmd Id not applicable for non scan cmds */ diff --git a/components/tdls/dispatcher/inc/wlan_tdls_public_structs.h b/components/tdls/dispatcher/inc/wlan_tdls_public_structs.h index a2c1e7b9d7..f16d47e007 100644 --- a/components/tdls/dispatcher/inc/wlan_tdls_public_structs.h +++ b/components/tdls/dispatcher/inc/wlan_tdls_public_structs.h @@ -975,24 +975,20 @@ struct tdls_send_mgmt { /** * struct tdls_validate_action_req - tdls validate mgmt request - * @vdev: vdev object * @action_code: action code * @peer_mac: peer mac address * @dialog_token: dialog code * @status_code: status code to add * @len: len of the frame * @responder: whether to respond or not - * @max_sta_failed: mgmt failure reason */ struct tdls_validate_action_req { - struct wlan_objmgr_vdev *vdev; uint8_t action_code; uint8_t peer_mac[QDF_MAC_ADDR_SIZE]; uint8_t dialog_token; uint8_t status_code; size_t len; int responder; - int max_sta_failed; }; /** @@ -1010,7 +1006,7 @@ struct tdls_get_all_peers { /** * struct tdls_send_action_frame_request - tdls send mgmt request * @vdev: vdev object - * @chk_frame: frame validation structure + * @chk_frame: This struct used to validate mgmt frame * @session_id: session id * @vdev_id: vdev id * @cmd_buf: cmd buffer @@ -1020,7 +1016,7 @@ struct tdls_get_all_peers { */ struct tdls_action_frame_request { struct wlan_objmgr_vdev *vdev; - struct tdls_validate_action_req *chk_frame; + struct tdls_validate_action_req chk_frame; uint8_t session_id; uint8_t vdev_id; const uint8_t *cmd_buf; diff --git a/os_if/tdls/src/wlan_cfg80211_tdls.c b/os_if/tdls/src/wlan_cfg80211_tdls.c index b237702854..4df29dd75c 100644 --- a/os_if/tdls/src/wlan_cfg80211_tdls.c +++ b/os_if/tdls/src/wlan_cfg80211_tdls.c @@ -688,8 +688,6 @@ int wlan_cfg80211_tdls_mgmt(struct wlan_objmgr_vdev *vdev, struct osif_tdls_vdev *tdls_priv; int status; unsigned long rc; - int max_sta_failed = 0; - struct tdls_validate_action_req chk_frame; struct tdls_set_responder_req set_responder; status = wlan_cfg80211_tdls_validate_mac_addr(peer_mac); @@ -715,16 +713,12 @@ int wlan_cfg80211_tdls_mgmt(struct wlan_objmgr_vdev *vdev, /*prepare the request */ /* Validate the management Request */ - chk_frame.vdev = vdev; - chk_frame.action_code = action_code; - qdf_mem_copy(chk_frame.peer_mac, peer_mac, QDF_MAC_ADDR_SIZE); - chk_frame.dialog_token = dialog_token; - chk_frame.action_code = action_code; - chk_frame.status_code = status_code; - chk_frame.len = len; - chk_frame.max_sta_failed = max_sta_failed; - - mgmt_req.chk_frame = &chk_frame; + mgmt_req.chk_frame.action_code = action_code; + qdf_mem_copy(mgmt_req.chk_frame.peer_mac, peer_mac, QDF_MAC_ADDR_SIZE); + mgmt_req.chk_frame.dialog_token = dialog_token; + mgmt_req.chk_frame.action_code = action_code; + mgmt_req.chk_frame.status_code = status_code; + mgmt_req.chk_frame.len = len; mgmt_req.vdev = vdev; mgmt_req.vdev_id = wlan_vdev_get_id(vdev); @@ -736,7 +730,7 @@ int wlan_cfg80211_tdls_mgmt(struct wlan_objmgr_vdev *vdev, mgmt_req.tdls_mgmt.frame_type = action_code; mgmt_req.tdls_mgmt.len = len; mgmt_req.tdls_mgmt.peer_capability = peer_capability; - mgmt_req.tdls_mgmt.status_code = chk_frame.status_code; + mgmt_req.tdls_mgmt.status_code = mgmt_req.chk_frame.status_code; /*populate the additional IE's */ mgmt_req.cmd_buf = buf; @@ -773,11 +767,6 @@ int wlan_cfg80211_tdls_mgmt(struct wlan_objmgr_vdev *vdev, cfg80211_debug("Mgmt Tx Completion status %ld TxCompletion %u", rc, tdls_priv->mgmt_tx_completion_status); - if (chk_frame.max_sta_failed) { - status = max_sta_failed; - goto error_mgmt_req; - } - if (TDLS_SETUP_RESPONSE == action_code || TDLS_SETUP_CONFIRM == action_code) { qdf_mem_copy(set_responder.peer_mac, peer_mac,