qcacmn: Replace QDF_MAX_NUM_CHAN with NUM_CHANNELS to aviod OOB access

Currently QDF_MAX_NUM_CHAN and NUM_CHANNELS aren't aligned, this unalignment may cause many potential OOB access. So replace QDF_MAX_NUM_CHAN with NUM_CHANNELS to keep unified. Change-Id: I7bf7829d776f7caf5b2afbd2c9fd0c20d608e630 CRs-Fixed: 2644073
2020-03-18 16:10:10 +08:00
parent cd48f1cca3
commit 4bc614dd0c
7 changed files with 16 additions and 23 deletions
--- a/qdf/inc/qdf_types.h
+++ b/qdf/inc/qdf_types.h
@@ -953,8 +953,6 @@ QDF_STATUS qdf_uint16_array_parse(const char *in_str, uint16_t *out_array,
 QDF_STATUS qdf_uint8_array_parse(const char *in_str, uint8_t *out_array,
 				 qdf_size_t array_size, qdf_size_t *out_size);

-#define QDF_MAX_NUM_CHAN   (128)
-
 #define QDF_BCAST_MAC_ADDR (0xFF)
 #define QDF_MCAST_IPV4_MAC_ADDR (0x01)
 #define QDF_MCAST_IPV6_MAC_ADDR (0x33)
--- a/umac/dfs/core/src/dfs_random_chan_sel.h
+++ b/umac/dfs/core/src/dfs_random_chan_sel.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2019 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2020 The Linux Foundation. All rights reserved.
 *
 * Permission to use, copy, modify, and/or distribute this software for
 * any purpose with or without fee is hereby granted, provided that the
@@ -93,9 +93,6 @@
 /* Start channel and center channel freq diff in 80Mhz */
 #define DFS_80MHZ_START_CENTER_CH_FREQ_DIFF     30

-/* Max number of channels */
-#define DFS_MAX_NUM_CHAN                        128
-
 /* Bitmap mask for 80MHz */
 #define DFS_80MHZ_MASK                          0x0F

--- a/umac/dfs/core/src/misc/dfs_random_chan_sel.c
+++ b/umac/dfs/core/src/misc/dfs_random_chan_sel.c
@@ -1414,7 +1414,7 @@ static uint8_t dfs_find_ch_with_fallback(
 	struct  chan_bonding_bitmap ch_map = { { {0} } };
 	uint8_t count = 0, i, index = 0, final_cnt = 0, target_channel = 0;
 	uint8_t primary_seg_start_ch = 0, sec_seg_ch = 0, new_160_start_ch = 0;
-	uint8_t final_lst[DFS_MAX_NUM_CHAN] = {0};
+	uint8_t final_lst[NUM_CHANNELS] = {0};

 	/* initialize ch_map for all 80 MHz bands: we have 6 80MHz bands */
 	ch_map.chan_bonding_set[0].start_chan = 36;
@@ -1564,7 +1564,7 @@ static uint16_t dfs_find_ch_with_fallback_for_freq(struct wlan_dfs *dfs,
 	uint8_t count = 0, i, index = 0, final_cnt = 0;
 	uint16_t target_channel = 0;
 	uint16_t primary_seg_start_ch = 0, sec_seg_ch = 0, new_160_start_ch = 0;
-	uint16_t final_lst[DFS_MAX_NUM_CHAN] = {0};
+	uint16_t final_lst[NUM_CHANNELS] = {0};

 	/* initialize ch_map for all 80 MHz bands: we have 6 80MHz bands */
 	ch_map.chan_bonding_set[0].start_chan_freq = 5180;
--- a/umac/dfs/dispatcher/src/wlan_dfs_utils_api.c
+++ b/umac/dfs/dispatcher/src/wlan_dfs_utils_api.c
@@ -908,8 +908,8 @@ static void utils_dfs_get_channel_list(struct wlan_objmgr_pdev *pdev,
 				       struct dfs_channel *chan_list,
 				       uint32_t *num_chan)
 {
-	uint32_t pcl_ch[QDF_MAX_NUM_CHAN] = {0};
-	uint8_t weight_list[QDF_MAX_NUM_CHAN] = {0};
+	uint32_t pcl_ch[NUM_CHANNELS] = {0};
+	uint8_t weight_list[NUM_CHANNELS] = {0};
 	uint32_t len;
 	uint32_t weight_len;
 	int i;
--- a/umac/scan/dispatcher/inc/wlan_scan_public_structs.h
+++ b/umac/scan/dispatcher/inc/wlan_scan_public_structs.h
@@ -671,13 +671,13 @@ struct scan_filter {
 	uint8_t country[3];
 	struct qdf_mac_addr bssid_list[WLAN_SCAN_FILTER_NUM_BSSID];
 	struct wlan_ssid ssid_list[WLAN_SCAN_FILTER_NUM_SSID];
-	uint32_t chan_freq_list[QDF_MAX_NUM_CHAN];
+	uint32_t chan_freq_list[NUM_CHANNELS];
 	enum wlan_auth_type auth_type[WLAN_NUM_OF_SUPPORT_AUTH_TYPE];
 	enum wlan_enc_type enc_type[WLAN_NUM_OF_ENCRYPT_TYPE];
 	enum wlan_enc_type mc_enc_type[WLAN_NUM_OF_ENCRYPT_TYPE];
-	uint32_t pcl_freq_list[QDF_MAX_NUM_CHAN];
+	uint32_t pcl_freq_list[NUM_CHANNELS];
 	struct fils_filter_info fils_scan_filter;
-	uint8_t pcl_weight_list[QDF_MAX_NUM_CHAN];
+	uint8_t pcl_weight_list[NUM_CHANNELS];
 	struct qdf_mac_addr bssid_hint;
 };

@@ -1255,7 +1255,7 @@ enum scan_cb_type {

 /* Set PNO */
 #define SCAN_PNO_MAX_PLAN_REQUEST   2
-#define SCAN_PNO_MAX_NETW_CHANNELS_EX  (QDF_MAX_NUM_CHAN)
+#define SCAN_PNO_MAX_NETW_CHANNELS_EX  (NUM_CHANNELS)
 #define SCAN_PNO_MAX_SUPP_NETWORKS  16
 #define SCAN_PNO_DEF_SLOW_SCAN_MULTIPLIER 6
 #define SCAN_PNO_DEF_SCAN_TIMER_REPEAT 20
--- a/wmi/inc/wmi_unified_param.h
+++ b/wmi/inc/wmi_unified_param.h
@@ -2555,8 +2555,8 @@ struct wmi_wifi_start_log {
 * @pcl_len: Number of channels in the PCL
 */
 struct wmi_pcl_list {
-	uint8_t pcl_list[128];
-	uint8_t weight_list[128];
+	uint8_t pcl_list[NUM_CHANNELS];
+	uint8_t weight_list[NUM_CHANNELS];
 	uint32_t pcl_len;
 };

--- a/wmi/inc/wmi_unified_sta_param.h
+++ b/wmi/inc/wmi_unified_sta_param.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2019 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2013-2020 The Linux Foundation. All rights reserved.
 *
 * Permission to use, copy, modify, and/or distribute this software for
 * any purpose with or without fee is hereby granted, provided that the
@@ -270,8 +270,6 @@ struct flashing_req_params {
 	uint32_t led_x1;
 };

-#define MAX_NUM_CHAN 128
-
 /**
 * struct wmi_pcl_chan_weights - Params to get the valid weighed list
 * @pcl_list: channel freq list sorted in preferred order
@@ -285,12 +283,12 @@ struct flashing_req_params {
 * @weight_list: Weights assigned by policy manager
 */
 struct wmi_pcl_chan_weights {
-	uint32_t pcl_list[MAX_NUM_CHAN];
+	uint32_t pcl_list[NUM_CHANNELS];
 	uint32_t pcl_len;
-	uint32_t saved_chan_list[MAX_NUM_CHAN];
+	uint32_t saved_chan_list[NUM_CHANNELS];
 	uint32_t saved_num_chan;
-	uint8_t weighed_valid_list[MAX_NUM_CHAN];
-	uint8_t weight_list[MAX_NUM_CHAN];
+	uint8_t weighed_valid_list[NUM_CHANNELS];
+	uint8_t weight_list[NUM_CHANNELS];
 };

 /**