samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacld-3.0: Remove vdev chk_frame structure

Browse Source 
Chk frame member of the tdls_mgmt_req is declared locally inside of
the local function wlan_cfg80211_tdls_mgmt and address is copied
in the mgmt request, and posted to scheduler thread.
But, the validity of the chk frame variable is lost once returned
from the wlan_cfg80211_tdls_mgmt function. And the chk_frame
is used when processing the tdls_mgmt_req in scheduler thread.
And the stale data of chk_frame can be used.

Hence, make the chk_frame as a variable instead pointer inside
tdls_action_frame_request request.

Change-Id: Ib2a8a81e8f6db5550b1d0abee31d9f7ea5dacd9b
CRs-Fixed: 2402124
This commit is contained in:
Bala Venkatesh
2019-02-20 20:48:03 +05:30
committed by nshrivas
parent 373f731a6b
commit 2ee149738c
4 changed files with 20 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
components/tdls/core/src/wlan_tdls_cmds_process.c
View File

@@ -659,8 +659,7 @@ static int tdls_validate_setup_frames(struct tdls_soc_priv_obj *tdls_soc,
tdls_soc->connected_peer_count, tdls_soc->connected_peer_count,
tdls_soc->max_num_tdls_sta); tdls_soc->max_num_tdls_sta);
tdls_validate->max_sta_failed = -EPERM; return -EPERM;
return 0;
} }
int tdls_validate_mgmt_request(struct tdls_action_frame_request *tdls_mgmt_req) int tdls_validate_mgmt_request(struct tdls_action_frame_request *tdls_mgmt_req)
@@ -672,13 +671,11 @@ int tdls_validate_mgmt_request(struct tdls_action_frame_request *tdls_mgmt_req)
QDF_STATUS status; QDF_STATUS status;
uint8_t vdev_id; uint8_t vdev_id;
struct wlan_objmgr_vdev *vdev = tdls_mgmt_req->vdev;
struct tdls_validate_action_req *tdls_validate = struct tdls_validate_action_req *tdls_validate =
tdls_mgmt_req->chk_frame; &tdls_mgmt_req->chk_frame;
if (!tdls_validate || !tdls_validate->vdev) if (QDF_STATUS_SUCCESS != tdls_get_vdev_objects(vdev,
return -EINVAL;
if (QDF_STATUS_SUCCESS != tdls_get_vdev_objects(tdls_validate->vdev,
&tdls_vdev, &tdls_vdev,
&tdls_soc)) &tdls_soc))
return -ENOTSUPP; return -ENOTSUPP;
@@ -687,15 +684,15 @@ int tdls_validate_mgmt_request(struct tdls_action_frame_request *tdls_mgmt_req)
* STA or P2P client should be connected and authenticated before * STA or P2P client should be connected and authenticated before
* sending any TDLS frames * sending any TDLS frames
*/ */
if (!tdls_is_vdev_connected(tdls_validate->vdev) || if (!tdls_is_vdev_connected(vdev) ||
!tdls_is_vdev_authenticated(tdls_validate->vdev)) { !tdls_is_vdev_authenticated(vdev)) {
tdls_err("STA is not connected or not authenticated."); tdls_err("STA is not connected or not authenticated.");
return -EAGAIN; return -EAGAIN;
} }
/* other than teardown frame, mgmt frames are not sent if disabled */ /* other than teardown frame, mgmt frames are not sent if disabled */
if (TDLS_TEARDOWN != tdls_validate->action_code) { if (TDLS_TEARDOWN != tdls_validate->action_code) {
if (!tdls_check_is_tdls_allowed(tdls_validate->vdev)) { if (!tdls_check_is_tdls_allowed(vdev)) {
tdls_err("TDLS not allowed, reject MGMT, action = %d", tdls_err("TDLS not allowed, reject MGMT, action = %d",
tdls_validate->action_code); tdls_validate->action_code);
return -EPERM; return -EPERM;
@@ -730,7 +727,7 @@ int tdls_validate_mgmt_request(struct tdls_action_frame_request *tdls_mgmt_req)
} }
/* call hdd_wmm_is_acm_allowed() */ /* call hdd_wmm_is_acm_allowed() */
vdev_id = wlan_vdev_get_id(tdls_validate->vdev); vdev_id = wlan_vdev_get_id(vdev);
if (!tdls_soc->tdls_wmm_cb(vdev_id)) { if (!tdls_soc->tdls_wmm_cb(vdev_id)) {
tdls_debug("admission ctrl set to VI, send the frame with least AC (BK) for action %d", tdls_debug("admission ctrl set to VI, send the frame with least AC (BK) for action %d",
tdls_validate->action_code); tdls_validate->action_code);

6
components/tdls/core/src/wlan_tdls_mgmt.c
View File

@@ -319,7 +319,7 @@ static QDF_STATUS tdls_activate_send_mgmt_request(
release_cmd: release_cmd:
/*update tdls nss infornation based on action code */ /*update tdls nss infornation based on action code */
tdls_reset_nss(tdls_soc_obj, action_req->chk_frame->action_code); tdls_reset_nss(tdls_soc_obj, action_req->chk_frame.action_code);
if (QDF_IS_STATUS_ERROR(status)) { if (QDF_IS_STATUS_ERROR(status)) {
tdls_internal_send_mgmt_tx_done(action_req, status); tdls_internal_send_mgmt_tx_done(action_req, status);
tdls_release_serialization_command(action_req->vdev, tdls_release_serialization_command(action_req->vdev,
@@ -397,9 +397,9 @@ QDF_STATUS tdls_process_mgmt_req(
* after the cmd validation * after the cmd validation
*/ */
tdls_mgmt_req->tdls_mgmt.responder = tdls_mgmt_req->tdls_mgmt.responder =
!tdls_mgmt_req->chk_frame->responder; !tdls_mgmt_req->chk_frame.responder;
tdls_mgmt_req->tdls_mgmt.status_code = tdls_mgmt_req->tdls_mgmt.status_code =
tdls_mgmt_req->chk_frame->status_code; tdls_mgmt_req->chk_frame.status_code;
cmd.cmd_type = WLAN_SER_CMD_TDLS_SEND_MGMT; cmd.cmd_type = WLAN_SER_CMD_TDLS_SEND_MGMT;
/* Cmd Id not applicable for non scan cmds */ /* Cmd Id not applicable for non scan cmds */

8
components/tdls/dispatcher/inc/wlan_tdls_public_structs.h
View File

@@ -975,24 +975,20 @@ struct tdls_send_mgmt {
/** /**
* struct tdls_validate_action_req - tdls validate mgmt request * struct tdls_validate_action_req - tdls validate mgmt request
* @vdev: vdev object
* @action_code: action code * @action_code: action code
* @peer_mac: peer mac address * @peer_mac: peer mac address
* @dialog_token: dialog code * @dialog_token: dialog code
* @status_code: status code to add * @status_code: status code to add
* @len: len of the frame * @len: len of the frame
* @responder: whether to respond or not * @responder: whether to respond or not
* @max_sta_failed: mgmt failure reason
*/ */
struct tdls_validate_action_req { struct tdls_validate_action_req {
struct wlan_objmgr_vdev *vdev;
uint8_t action_code; uint8_t action_code;
uint8_t peer_mac[QDF_MAC_ADDR_SIZE]; uint8_t peer_mac[QDF_MAC_ADDR_SIZE];
uint8_t dialog_token; uint8_t dialog_token;
uint8_t status_code; uint8_t status_code;
size_t len; size_t len;
int responder; int responder;
int max_sta_failed;
}; };
/** /**
@@ -1010,7 +1006,7 @@ struct tdls_get_all_peers {
/** /**
* struct tdls_send_action_frame_request - tdls send mgmt request * struct tdls_send_action_frame_request - tdls send mgmt request
* @vdev: vdev object * @vdev: vdev object
* @chk_frame: frame validation structure * @chk_frame: This struct used to validate mgmt frame
* @session_id: session id * @session_id: session id
* @vdev_id: vdev id * @vdev_id: vdev id
* @cmd_buf: cmd buffer * @cmd_buf: cmd buffer
@@ -1020,7 +1016,7 @@ struct tdls_get_all_peers {
*/ */
struct tdls_action_frame_request { struct tdls_action_frame_request {
struct wlan_objmgr_vdev *vdev; struct wlan_objmgr_vdev *vdev;
struct tdls_validate_action_req *chk_frame; struct tdls_validate_action_req chk_frame;
uint8_t session_id; uint8_t session_id;
uint8_t vdev_id; uint8_t vdev_id;
const uint8_t *cmd_buf; const uint8_t *cmd_buf;

25
os_if/tdls/src/wlan_cfg80211_tdls.c
View File

@@ -688,8 +688,6 @@ int wlan_cfg80211_tdls_mgmt(struct wlan_objmgr_vdev *vdev,
struct osif_tdls_vdev *tdls_priv; struct osif_tdls_vdev *tdls_priv;
int status; int status;
unsigned long rc; unsigned long rc;
int max_sta_failed = 0;
struct tdls_validate_action_req chk_frame;
struct tdls_set_responder_req set_responder; struct tdls_set_responder_req set_responder;
status = wlan_cfg80211_tdls_validate_mac_addr(peer_mac); status = wlan_cfg80211_tdls_validate_mac_addr(peer_mac);
@@ -715,16 +713,12 @@ int wlan_cfg80211_tdls_mgmt(struct wlan_objmgr_vdev *vdev,
/*prepare the request */ /*prepare the request */
/* Validate the management Request */ /* Validate the management Request */
chk_frame.vdev = vdev; mgmt_req.chk_frame.action_code = action_code;
chk_frame.action_code = action_code; qdf_mem_copy(mgmt_req.chk_frame.peer_mac, peer_mac, QDF_MAC_ADDR_SIZE);
qdf_mem_copy(chk_frame.peer_mac, peer_mac, QDF_MAC_ADDR_SIZE); mgmt_req.chk_frame.dialog_token = dialog_token;
chk_frame.dialog_token = dialog_token; mgmt_req.chk_frame.action_code = action_code;
chk_frame.action_code = action_code; mgmt_req.chk_frame.status_code = status_code;
chk_frame.status_code = status_code; mgmt_req.chk_frame.len = len;
chk_frame.len = len;
chk_frame.max_sta_failed = max_sta_failed;
mgmt_req.chk_frame = &chk_frame;
mgmt_req.vdev = vdev; mgmt_req.vdev = vdev;
mgmt_req.vdev_id = wlan_vdev_get_id(vdev); mgmt_req.vdev_id = wlan_vdev_get_id(vdev);
@@ -736,7 +730,7 @@ int wlan_cfg80211_tdls_mgmt(struct wlan_objmgr_vdev *vdev,
mgmt_req.tdls_mgmt.frame_type = action_code; mgmt_req.tdls_mgmt.frame_type = action_code;
mgmt_req.tdls_mgmt.len = len; mgmt_req.tdls_mgmt.len = len;
mgmt_req.tdls_mgmt.peer_capability = peer_capability; mgmt_req.tdls_mgmt.peer_capability = peer_capability;
mgmt_req.tdls_mgmt.status_code = chk_frame.status_code; mgmt_req.tdls_mgmt.status_code = mgmt_req.chk_frame.status_code;
/*populate the additional IE's */ /*populate the additional IE's */
mgmt_req.cmd_buf = buf; mgmt_req.cmd_buf = buf;
@@ -773,11 +767,6 @@ int wlan_cfg80211_tdls_mgmt(struct wlan_objmgr_vdev *vdev,
cfg80211_debug("Mgmt Tx Completion status %ld TxCompletion %u", cfg80211_debug("Mgmt Tx Completion status %ld TxCompletion %u",
rc, tdls_priv->mgmt_tx_completion_status); rc, tdls_priv->mgmt_tx_completion_status);
if (chk_frame.max_sta_failed) {
status = max_sta_failed;
goto error_mgmt_req;
}
if (TDLS_SETUP_RESPONSE == action_code || if (TDLS_SETUP_RESPONSE == action_code ||
TDLS_SETUP_CONFIRM == action_code) { TDLS_SETUP_CONFIRM == action_code) {
qdf_mem_copy(set_responder.peer_mac, peer_mac, qdf_mem_copy(set_responder.peer_mac, peer_mac,