Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

qcacmn: Fix tdls KW issues

Fix static code analysis issues in tdls component:

NULL pointer dereference
    - tdls_process_antenna_switch
    - tdls_antenna_switch_flush_callback
    - tdls_indicate_teardown
    - ucfg_tdls_notify_sta_connect
    - ucfg_tdls_notify_sta_disconnect
    - ucfg_tdls_set_operating_mode

Change-Id: I3bb72658dcd3116f6f64da15a7039f49157a0f3f
CRs-Fixed: 2169736
Frank Liu 7 years ago
parent
c116a01322
commit
37243d354a
3 changed files with 25 additions and 19 deletions
Split View Show Diff Stats
  1. 12 8
      umac/tdls/core/src/wlan_tdls_cmds_process.c
  2. 9 4
      umac/tdls/core/src/wlan_tdls_ct.c
  3. 4 7
      umac/tdls/dispatcher/src/wlan_tdls_ucfg_api.c

+ 12 - 8
umac/tdls/core/src/wlan_tdls_cmds_process.c
View File 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright (c) 2017 The Linux Foundation. All rights reserved.
 
+ * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
 
  *
 
  * Permission to use, copy, modify, and/or distribute this software for
 
  * any purpose with or without fee is hereby granted, provided that the
 
@@ -2249,16 +2249,18 @@ QDF_STATUS tdls_process_antenna_switch(struct tdls_antenna_switch_request *req)
 
 	struct tdls_osif_indication ind;
 
 
 	if (!req || !req->vdev) {
 
-		tdls_err("req: %p", req);
 
-		status = QDF_STATUS_E_INVAL;
 
-		goto error;
 
+		tdls_err("Invalid input params req: %p", req);
 
+		if (req)
 
+			qdf_mem_free(req);
 
+
 
+		return QDF_STATUS_E_INVAL;
 
 	}
 
 
 	vdev = req->vdev;
 
 	status = tdls_get_vdev_objects(vdev, &vdev_obj, &soc_obj);
 
 	if (QDF_IS_STATUS_ERROR(status)) {
 
 		tdls_err("can't get vdev_obj & soc_obj");
 
-		goto error;
 
+		goto get_obj_err;
 
 	}
 
 
 	if (soc_obj->connected_peer_count == 0)
 
@@ -2267,7 +2269,7 @@ QDF_STATUS tdls_process_antenna_switch(struct tdls_antenna_switch_request *req)
 
 	if (soc_obj->tdls_nss_switch_in_progress) {
 
 		if (!soc_obj->tdls_nss_teardown_complete) {
 
 			tdls_err("TDLS antenna switch is in progress");
 
-			goto error;
 
+			goto ant_sw_in_progress;
 
 		} else {
 
 			goto ant_sw_done;
 
 		}
 
@@ -2291,7 +2293,7 @@ QDF_STATUS tdls_process_antenna_switch(struct tdls_antenna_switch_request *req)
 
 	if (tdls_teardown_links(soc_obj, req->mode) == 0)
 
 		goto ant_sw_done;
 
 
-error:
 
+ant_sw_in_progress:
 
 	ant_switch_state = -EAGAIN;
 
 ant_sw_done:
 
 	if (soc_obj->tdls_event_cb) {
 
@@ -2310,8 +2312,10 @@ ant_sw_done:
 
 		   soc_obj->tdls_nss_switch_in_progress,
 
 		   soc_obj->tdls_nss_teardown_complete);
 
 
+get_obj_err:
 
 	wlan_objmgr_vdev_release_ref(vdev, WLAN_TDLS_NB_ID);
 
 	qdf_mem_free(req);
 
+
 
 	return status;
 
 }
 
 
@@ -2320,7 +2324,7 @@ QDF_STATUS tdls_antenna_switch_flush_callback(struct scheduler_msg *msg)
 
 	struct tdls_antenna_switch_request *req;
 
 
 	if (!msg || !msg->bodyptr) {
 
-		tdls_err("msg: 0x%pK, bodyptr: 0x%pK", msg, msg->bodyptr);
 
+		tdls_err("msg: 0x%pK", msg);
 
 		return QDF_STATUS_E_NULL_VALUE;
 
 	}
 
 	req = msg->bodyptr;

+ 9 - 4
umac/tdls/core/src/wlan_tdls_ct.c
View File 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright (c) 2017 The Linux Foundation. All rights reserved.
 
+ * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
 
  *
 
  * Permission to use, copy, modify, and/or distribute this software for
 
  * any purpose with or without fee is hereby granted, provided that the
 
@@ -509,10 +509,15 @@ void tdls_indicate_teardown(struct tdls_vdev_priv_obj *tdls_vdev,
 
 	struct tdls_soc_priv_obj *tdls_soc;
 
 	struct tdls_osif_indication indication;
 
 
+	if (!tdls_vdev || !curr_peer) {
 
+		tdls_err("tdls_vdev: %pK, curr_peer: %pK",
 
+			 tdls_vdev, curr_peer);
 
+		return;
 
+	}
 
+
 
 	tdls_soc = wlan_vdev_get_tdls_soc_obj(tdls_vdev->vdev);
 
-	if (!tdls_soc || !tdls_vdev || !curr_peer) {
 
-		tdls_err("tdls_soc: %pK, tdls_vdev: %pK, curr_peer: %pK",
 
-			 tdls_soc, tdls_vdev, curr_peer);
 
+	if (!tdls_soc) {
 
+		tdls_err("tdls_soc: %pK", tdls_soc);
 
 		return;
 
 	}

+ 4 - 7
umac/tdls/dispatcher/src/wlan_tdls_ucfg_api.c
View File 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright (c) 2017 The Linux Foundation. All rights reserved.
 
+ * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved.
 
  *
 
  * Permission to use, copy, modify, and/or distribute this software for
 
  * any purpose with or without fee is hereby granted, provided that the
 
@@ -624,8 +624,7 @@ QDF_STATUS ucfg_tdls_notify_sta_connect(
 
 	struct tdls_sta_notify_params *notify;
 
 
 	if (!notify_info || !notify_info->vdev) {
 
-		tdls_err("notify_info->vdev: %pK, notify_info %pK",
 
-				notify_info->vdev, notify_info);
 
+		tdls_err("notify_info %pK", notify_info);
 
 		return QDF_STATUS_E_NULL_VALUE;
 
 	}
 
 	tdls_debug("Enter ");
 
@@ -656,8 +655,7 @@ QDF_STATUS ucfg_tdls_notify_sta_disconnect(
 
 	struct tdls_sta_notify_params *notify;
 
 
 	if (!notify_info || !notify_info->vdev) {
 
-		tdls_err("notify_info->vdev: %pK, notify_info %pK",
 
-				notify_info->vdev, notify_info);
 
+		tdls_err("notify_info %pK", notify_info);
 
 		return QDF_STATUS_E_NULL_VALUE;
 
 	}
 
 
@@ -691,8 +689,7 @@ QDF_STATUS ucfg_tdls_set_operating_mode(
 
 	struct tdls_set_mode_params *set_mode;
 
 
 	if (!set_mode_params || !set_mode_params->vdev) {
 
-		tdls_err("vdev: %pK, set_mode_params %pK",
 
-				set_mode_params->vdev, set_mode_params);
 
+		tdls_err("set_mode_params %pK", set_mode_params);
 
 		return QDF_STATUS_E_NULL_VALUE;
 
 	}