From 4bc614dd0cbc294772a546f121f9f75a9d3fd1d0 Mon Sep 17 00:00:00 2001 From: Qun Zhang Date: Wed, 18 Mar 2020 16:10:10 +0800 Subject: [PATCH] qcacmn: Replace QDF_MAX_NUM_CHAN with NUM_CHANNELS to aviod OOB access Currently QDF_MAX_NUM_CHAN and NUM_CHANNELS aren't aligned, this unalignment may cause many potential OOB access. So replace QDF_MAX_NUM_CHAN with NUM_CHANNELS to keep unified. Change-Id: I7bf7829d776f7caf5b2afbd2c9fd0c20d608e630 CRs-Fixed: 2644073 --- qdf/inc/qdf_types.h | 2 -- umac/dfs/core/src/dfs_random_chan_sel.h | 5 +---- umac/dfs/core/src/misc/dfs_random_chan_sel.c | 4 ++-- umac/dfs/dispatcher/src/wlan_dfs_utils_api.c | 4 ++-- umac/scan/dispatcher/inc/wlan_scan_public_structs.h | 8 ++++---- wmi/inc/wmi_unified_param.h | 4 ++-- wmi/inc/wmi_unified_sta_param.h | 12 +++++------- 7 files changed, 16 insertions(+), 23 deletions(-) diff --git a/qdf/inc/qdf_types.h b/qdf/inc/qdf_types.h index fc7ef4dd02..36f6cf0e8b 100644 --- a/qdf/inc/qdf_types.h +++ b/qdf/inc/qdf_types.h @@ -953,8 +953,6 @@ QDF_STATUS qdf_uint16_array_parse(const char *in_str, uint16_t *out_array, QDF_STATUS qdf_uint8_array_parse(const char *in_str, uint8_t *out_array, qdf_size_t array_size, qdf_size_t *out_size); -#define QDF_MAX_NUM_CHAN (128) - #define QDF_BCAST_MAC_ADDR (0xFF) #define QDF_MCAST_IPV4_MAC_ADDR (0x01) #define QDF_MCAST_IPV6_MAC_ADDR (0x33) diff --git a/umac/dfs/core/src/dfs_random_chan_sel.h b/umac/dfs/core/src/dfs_random_chan_sel.h index 694ae88298..bf03f79856 100644 --- a/umac/dfs/core/src/dfs_random_chan_sel.h +++ b/umac/dfs/core/src/dfs_random_chan_sel.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2019 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2020 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -93,9 +93,6 @@ /* Start channel and center channel freq diff in 80Mhz */ #define DFS_80MHZ_START_CENTER_CH_FREQ_DIFF 30 -/* Max number of channels */ -#define DFS_MAX_NUM_CHAN 128 - /* Bitmap mask for 80MHz */ #define DFS_80MHZ_MASK 0x0F diff --git a/umac/dfs/core/src/misc/dfs_random_chan_sel.c b/umac/dfs/core/src/misc/dfs_random_chan_sel.c index 31c08351d5..cc18a935f2 100644 --- a/umac/dfs/core/src/misc/dfs_random_chan_sel.c +++ b/umac/dfs/core/src/misc/dfs_random_chan_sel.c @@ -1414,7 +1414,7 @@ static uint8_t dfs_find_ch_with_fallback( struct chan_bonding_bitmap ch_map = { { {0} } }; uint8_t count = 0, i, index = 0, final_cnt = 0, target_channel = 0; uint8_t primary_seg_start_ch = 0, sec_seg_ch = 0, new_160_start_ch = 0; - uint8_t final_lst[DFS_MAX_NUM_CHAN] = {0}; + uint8_t final_lst[NUM_CHANNELS] = {0}; /* initialize ch_map for all 80 MHz bands: we have 6 80MHz bands */ ch_map.chan_bonding_set[0].start_chan = 36; @@ -1564,7 +1564,7 @@ static uint16_t dfs_find_ch_with_fallback_for_freq(struct wlan_dfs *dfs, uint8_t count = 0, i, index = 0, final_cnt = 0; uint16_t target_channel = 0; uint16_t primary_seg_start_ch = 0, sec_seg_ch = 0, new_160_start_ch = 0; - uint16_t final_lst[DFS_MAX_NUM_CHAN] = {0}; + uint16_t final_lst[NUM_CHANNELS] = {0}; /* initialize ch_map for all 80 MHz bands: we have 6 80MHz bands */ ch_map.chan_bonding_set[0].start_chan_freq = 5180; diff --git a/umac/dfs/dispatcher/src/wlan_dfs_utils_api.c b/umac/dfs/dispatcher/src/wlan_dfs_utils_api.c index e3baeca7ae..2db3db798a 100644 --- a/umac/dfs/dispatcher/src/wlan_dfs_utils_api.c +++ b/umac/dfs/dispatcher/src/wlan_dfs_utils_api.c @@ -908,8 +908,8 @@ static void utils_dfs_get_channel_list(struct wlan_objmgr_pdev *pdev, struct dfs_channel *chan_list, uint32_t *num_chan) { - uint32_t pcl_ch[QDF_MAX_NUM_CHAN] = {0}; - uint8_t weight_list[QDF_MAX_NUM_CHAN] = {0}; + uint32_t pcl_ch[NUM_CHANNELS] = {0}; + uint8_t weight_list[NUM_CHANNELS] = {0}; uint32_t len; uint32_t weight_len; int i; diff --git a/umac/scan/dispatcher/inc/wlan_scan_public_structs.h b/umac/scan/dispatcher/inc/wlan_scan_public_structs.h index ac48775ba1..7952dc2c38 100644 --- a/umac/scan/dispatcher/inc/wlan_scan_public_structs.h +++ b/umac/scan/dispatcher/inc/wlan_scan_public_structs.h @@ -671,13 +671,13 @@ struct scan_filter { uint8_t country[3]; struct qdf_mac_addr bssid_list[WLAN_SCAN_FILTER_NUM_BSSID]; struct wlan_ssid ssid_list[WLAN_SCAN_FILTER_NUM_SSID]; - uint32_t chan_freq_list[QDF_MAX_NUM_CHAN]; + uint32_t chan_freq_list[NUM_CHANNELS]; enum wlan_auth_type auth_type[WLAN_NUM_OF_SUPPORT_AUTH_TYPE]; enum wlan_enc_type enc_type[WLAN_NUM_OF_ENCRYPT_TYPE]; enum wlan_enc_type mc_enc_type[WLAN_NUM_OF_ENCRYPT_TYPE]; - uint32_t pcl_freq_list[QDF_MAX_NUM_CHAN]; + uint32_t pcl_freq_list[NUM_CHANNELS]; struct fils_filter_info fils_scan_filter; - uint8_t pcl_weight_list[QDF_MAX_NUM_CHAN]; + uint8_t pcl_weight_list[NUM_CHANNELS]; struct qdf_mac_addr bssid_hint; }; @@ -1255,7 +1255,7 @@ enum scan_cb_type { /* Set PNO */ #define SCAN_PNO_MAX_PLAN_REQUEST 2 -#define SCAN_PNO_MAX_NETW_CHANNELS_EX (QDF_MAX_NUM_CHAN) +#define SCAN_PNO_MAX_NETW_CHANNELS_EX (NUM_CHANNELS) #define SCAN_PNO_MAX_SUPP_NETWORKS 16 #define SCAN_PNO_DEF_SLOW_SCAN_MULTIPLIER 6 #define SCAN_PNO_DEF_SCAN_TIMER_REPEAT 20 diff --git a/wmi/inc/wmi_unified_param.h b/wmi/inc/wmi_unified_param.h index 8b7b4ff00a..b70ebc65b2 100644 --- a/wmi/inc/wmi_unified_param.h +++ b/wmi/inc/wmi_unified_param.h @@ -2555,8 +2555,8 @@ struct wmi_wifi_start_log { * @pcl_len: Number of channels in the PCL */ struct wmi_pcl_list { - uint8_t pcl_list[128]; - uint8_t weight_list[128]; + uint8_t pcl_list[NUM_CHANNELS]; + uint8_t weight_list[NUM_CHANNELS]; uint32_t pcl_len; }; diff --git a/wmi/inc/wmi_unified_sta_param.h b/wmi/inc/wmi_unified_sta_param.h index 57b5538f15..3febde54e7 100644 --- a/wmi/inc/wmi_unified_sta_param.h +++ b/wmi/inc/wmi_unified_sta_param.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2019 The Linux Foundation. All rights reserved. + * Copyright (c) 2013-2020 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -270,8 +270,6 @@ struct flashing_req_params { uint32_t led_x1; }; -#define MAX_NUM_CHAN 128 - /** * struct wmi_pcl_chan_weights - Params to get the valid weighed list * @pcl_list: channel freq list sorted in preferred order @@ -285,12 +283,12 @@ struct flashing_req_params { * @weight_list: Weights assigned by policy manager */ struct wmi_pcl_chan_weights { - uint32_t pcl_list[MAX_NUM_CHAN]; + uint32_t pcl_list[NUM_CHANNELS]; uint32_t pcl_len; - uint32_t saved_chan_list[MAX_NUM_CHAN]; + uint32_t saved_chan_list[NUM_CHANNELS]; uint32_t saved_num_chan; - uint8_t weighed_valid_list[MAX_NUM_CHAN]; - uint8_t weight_list[MAX_NUM_CHAN]; + uint8_t weighed_valid_list[NUM_CHANNELS]; + uint8_t weight_list[NUM_CHANNELS]; }; /**