Merge "qcacmn: Sanity check on the incoming PTT cmd"

umac/cmn_services/policy_mgr/src/wlan_policy_mgr_action.c

@@ -591,9 +591,11 @@ static bool policy_mgr_is_restart_sap_allowed(
 {
 	if ((mcc_to_scc_switch == QDF_MCC_TO_SCC_SWITCH_DISABLE) ||
 	    !(policy_mgr_concurrent_open_sessions_running(psoc) &&
+	      ((policy_mgr_get_concurrency_mode(psoc) ==
+	       (QDF_STA_MASK | QDF_SAP_MASK)) ||
 	      (policy_mgr_get_concurrency_mode(psoc) ==
-	       (QDF_STA_MASK | QDF_SAP_MASK)))) {
-		policy_mgr_err("MCC switch disabled or not concurrent STA/SAP");
+	       (QDF_STA_MASK | QDF_P2P_GO_MASK))))) {
+		policy_mgr_err("MCC switch disabled or not concurrent STA/SAP, STA/GO");
 		return false;
 	}
 	return true;
@@ -631,10 +633,20 @@ void policy_mgr_check_sta_ap_concurrent_ch_intf(void *data)
 	if (!policy_mgr_is_restart_sap_allowed(psoc, mcc_to_scc_switch))
 		return;
 
-	if (!policy_mgr_get_sap_conn_info(psoc,
-					  &operating_channel,
-					  &vdev_id)) {
-		policy_mgr_err("Could not retrieve SAP channel & vdev id");
+	if (policy_mgr_get_mode_specific_conn_info(psoc,
+						   &operating_channel,
+						   &vdev_id,
+						   PM_SAP_MODE)) {
+		policy_mgr_debug("SAP operating at channel:%d",
+				 operating_channel);
+	} else if (policy_mgr_get_mode_specific_conn_info(psoc,
+							  &operating_channel,
+							  &vdev_id,
+							  PM_P2P_GO_MODE)) {
+		policy_mgr_debug("GO operating at channel:%d",
+				 operating_channel);
+	} else {
+		policy_mgr_err("Could not retrieve SAP/GO operating channel&vdevid");
 		return;
 	}
 
@@ -680,10 +692,20 @@ void policy_mgr_check_concurrent_intf_and_restart_sap(
 		return;
 	}
 
-	if (!policy_mgr_get_sap_conn_info(psoc,
-					  &operating_channel,
-					  &vdev_id)) {
-		policy_mgr_err("Could not retrieve SAP channel & vdev id");
+	if (policy_mgr_get_mode_specific_conn_info(psoc,
+						   &operating_channel,
+						   &vdev_id,
+						   PM_SAP_MODE)) {
+		policy_mgr_debug("SAP operating at channel:%d",
+				 operating_channel);
+	} else if (policy_mgr_get_mode_specific_conn_info(psoc,
+							  &operating_channel,
+							  &vdev_id,
+							  PM_P2P_GO_MODE)) {
+		policy_mgr_debug("GO operating at channel:%d",
+				 operating_channel);
+	} else {
+		policy_mgr_err("Could not get SAP/GO operating channel&vdevid");
 		return;
 	}
 

umac/cmn_services/policy_mgr/src/wlan_policy_mgr_get_set_utils.c

@@ -1443,15 +1443,6 @@ bool policy_mgr_get_mode_specific_conn_info(struct wlan_objmgr_psoc *psoc,
 	return status;
 }
 
-bool policy_mgr_get_sap_conn_info(struct wlan_objmgr_psoc *psoc,
-				  uint8_t *channel, uint8_t *vdev_id)
-{
-	return policy_mgr_get_mode_specific_conn_info(psoc,
-					  channel,
-					  vdev_id,
-					  PM_SAP_MODE);
-}
-
 bool policy_mgr_max_concurrent_connections_reached(
 		struct wlan_objmgr_psoc *psoc)
 {

umac/cmn_services/policy_mgr/src/wlan_policy_mgr_i.h

@@ -385,20 +385,6 @@ enum policy_mgr_conc_next_action
 QDF_STATUS policy_mgr_reset_sap_mandatory_channels(
 		struct policy_mgr_psoc_priv_obj *pm_ctx);
 
-/**
- * policy_mgr_get_sap_conn_info() - Get active SAP channel and
- * vdev id
- * @psoc: PSOC object information
- * @channel: SAP channel
- * @vdev_id: SAP vdev id
- *
- * Get active SAP channel and vdev id
- *
- * Return: true for success, else false
- */
-bool policy_mgr_get_sap_conn_info(struct wlan_objmgr_psoc *psoc,
-				uint8_t *channel, uint8_t *vdev_id);
-
 /**
  * policy_mgr_get_mode_specific_conn_info() - Get active mode specific
  * channel and vdev id

umac/scan/core/src/wlan_scan_cache_db_ops.c

@@ -418,7 +418,7 @@ static bool scm_is_wep_security(struct scan_filter *filter,
 	enum wlan_enc_type neg_mccipher = WLAN_ENCRYPT_TYPE_NONE;
 
 	/* If privacy bit is not set, consider no match */
-	if (db_entry->cap_info.wlan_caps.privacy)
+	if (!db_entry->cap_info.wlan_caps.privacy)
 		return false;
 
 	for (i = 0; i < filter->num_of_mc_enc_type; i++) {

utils/ptt/src/wlan_ptt_sock_svc.c

@@ -268,6 +268,10 @@ static void ptt_cmd_handler(const void *data, int data_len, void *ctx, int pid)
 	ptt_app_reg_req *payload;
 	struct nlattr *tb[CLD80211_ATTR_MAX + 1];
 
+	/*
+	 * audit note: it is ok to pass a NULL policy here since a
+	 * length check on the data is added later already
+	 */
 	if (nla_parse(tb, CLD80211_ATTR_MAX, data, data_len, NULL)) {
 		PTT_TRACE(QDF_TRACE_LEVEL_ERROR, "Invalid ATTR");
 		return;
@@ -278,6 +282,12 @@ static void ptt_cmd_handler(const void *data, int data_len, void *ctx, int pid)
 		return;
 	}
 
+	if (nla_len(tb[CLD80211_ATTR_DATA]) < sizeof(struct ptt_app_reg_req)) {
+		PTT_TRACE(QDF_TRACE_LEVEL_ERROR, "%s:attr length check fails\n",
+			__func__);
+		return;
+	}
+
 	payload = (ptt_app_reg_req *)(nla_data(tb[CLD80211_ATTR_DATA]));
 	switch (payload->wmsg.type) {
 	case ANI_MSG_APP_REG_REQ: