4 年之前 · 52aec7a272
--- a/Kbuild
+++ b/Kbuild
@@ -3364,6 +3364,7 @@ ccflags-y += -DHIF_CE_HISTORY_MAX=$(CONFIG_HIF_LARGE_CE_RING_HISTORY)
 
				 endif
			
 
				 
			
 
				 cppflags-$(CONFIG_WLAN_HANG_EVENT) += -DHIF_CE_LOG_INFO
			
 
				+cppflags-$(CONFIG_WLAN_HANG_EVENT) += -DHIF_BUS_LOG_INFO
			
 
				 cppflags-$(CONFIG_WLAN_HANG_EVENT) += -DDP_SUPPORT_RECOVERY_NOTIFY
			
 
				 #endof dummy flags
			
 
				 
			
--- a/components/pmo/core/src/wlan_pmo_suspend_resume.c
+++ b/components/pmo/core/src/wlan_pmo_suspend_resume.c
@@ -849,7 +849,7 @@ pmo_core_enable_wow_in_fw(struct wlan_objmgr_psoc *psoc,
 
				 		pmo_err("No Credits after HTC ACK:%d, pending_cmds:%d,"
			
 
				 			 "cannot resume back", host_credits, wmi_pending_cmds);
			
 
				 		htc_dump_counter_info(pmo_core_psoc_get_htc_handle(psoc));
			
 
				-		qdf_trigger_self_recovery(psoc, QDF_SUSPEND_TIMEOUT);
			
 
				+		qdf_trigger_self_recovery(psoc, QDF_SUSPEND_NO_CREDIT);
			
 
				 	}
			
 
				 	pmo_debug("WOW enabled successfully in fw: credits:%d pending_cmds: %d",
			
 
				 		host_credits, wmi_pending_cmds);
			
--- a/core/cds/src/cds_api.c
+++ b/core/cds/src/cds_api.c
@@ -576,10 +576,9 @@ static int cds_hang_event_notifier_call(struct notifier_block *block,
 
				 	if (!cds_hang_evt_buff)
			
 
				 		return NOTIFY_STOP_MASK;
			
 
				 
			
 
				-	if (cds_hang_data->offset >= QDF_WLAN_MAX_HOST_OFFSET)
			
 
				-		return NOTIFY_STOP_MASK;
			
 
				-
			
 
				 	total_len = sizeof(*cmd);
			
 
				+	if (cds_hang_data->offset + total_len > QDF_WLAN_HANG_FW_OFFSET)
			
 
				+		return NOTIFY_STOP_MASK;
			
 
				 
			
 
				 	cds_hang_evt_buff = cds_hang_data->hang_data + cds_hang_data->offset;
			
 
				 	cmd = (struct cds_hang_event_fixed_param *)cds_hang_evt_buff;
			
--- a/core/dp/txrx/ol_txrx.c
+++ b/core/dp/txrx/ol_txrx.c
@@ -138,7 +138,8 @@ int ol_peer_recovery_notifier_cb(struct notifier_block *block,
 
				 	if (!peer)
			
 
				 		return -EINVAL;
			
 
				 
			
 
				-	if (notif_data->offset >= QDF_WLAN_MAX_HOST_OFFSET)
			
 
				+	if (notif_data->offset + sizeof(struct peer_hang_data) >
			
 
				+			QDF_WLAN_HANG_FW_OFFSET)
			
 
				 		return NOTIFY_STOP_MASK;
			
 
				 
			
 
				 	QDF_HANG_EVT_SET_HDR(&hang_data.tlv_header,
			
--- a/core/hdd/src/wlan_hdd_hang_event.c
+++ b/core/hdd/src/wlan_hdd_hang_event.c
@@ -58,12 +58,11 @@ static int wlan_hdd_recovery_notifier_call(struct notifier_block *block,
 
				 	if (!hdd_ctx)
			
 
				 		return NOTIFY_STOP_MASK;
			
 
				 
			
 
				-	if (hdd_hang_data->offset >= QDF_WLAN_MAX_HOST_OFFSET)
			
 
				-		return NOTIFY_STOP_MASK;
			
 
				-
			
 
				 	if (state == QDF_SCAN_ATTEMPT_FAILURES) {
			
 
				 		total_len = sizeof(*cmd_scan);
			
 
				 		hdd_buf_ptr = hdd_hang_data->hang_data + hdd_hang_data->offset;
			
 
				+		if (hdd_hang_data->offset + total_len > QDF_WLAN_HANG_FW_OFFSET)
			
 
				+			return NOTIFY_STOP_MASK;
			
 
				 		cmd_scan = (struct hdd_scan_fixed_param *)hdd_buf_ptr;
			
 
				 		QDF_HANG_EVT_SET_HDR(&cmd_scan->tlv_header,
			
 
				 				     HANG_EVT_TAG_OS_IF_SCAN,
			
@@ -85,6 +84,12 @@ static int wlan_hdd_recovery_notifier_call(struct notifier_block *block,
 
				 		}
			
 
				 		total_len = sizeof(*cmd);
			
 
				 		hdd_buf_ptr = hdd_hang_data->hang_data + hdd_hang_data->offset;
			
 
				+		if (hdd_hang_data->offset + total_len >
			
 
				+				QDF_WLAN_HANG_FW_OFFSET) {
			
 
				+			hdd_objmgr_put_vdev(vdev);
			
 
				+			dev_put(adapter->dev);
			
 
				+			return NOTIFY_STOP_MASK;
			
 
				+		}
			
 
				 		cmd = (struct hdd_hang_event_fixed_param *)hdd_buf_ptr;
			
 
				 		QDF_HANG_EVT_SET_HDR(&cmd->tlv_header,
			
 
				 				     HANG_EVT_TAG_OS_IF,
			
--- a/core/mac/src/pe/lim/lim_api.c
+++ b/core/mac/src/pe/lim/lim_api.c
@@ -759,6 +759,7 @@ static int pe_hang_event_notifier_call(struct notifier_block *block,
 
				 	uint8_t *pe_data;
			
 
				 	uint8_t i;
			
 
				 	struct pe_hang_event_fixed_param *cmd;
			
 
				+	size_t size;
			
 
				 
			
 
				 	if (!data)
			
 
				 		return NOTIFY_STOP_MASK;
			
@@ -767,13 +768,13 @@ static int pe_hang_event_notifier_call(struct notifier_block *block,
 
				 	if (!mac)
			
 
				 		return NOTIFY_STOP_MASK;
			
 
				 
			
 
				-	if (pe_hang_data->offset >= QDF_WLAN_MAX_HOST_OFFSET)
			
 
				-		return NOTIFY_STOP_MASK;
			
 
				-
			
 
				+	size = sizeof(*cmd);
			
 
				 	for (i = 0; i < mac->lim.maxBssId; i++) {
			
 
				 		session = &mac->lim.gpSession[i];
			
 
				 		if (!session->valid)
			
 
				 			continue;
			
 
				+		if (pe_hang_data->offset + size > QDF_WLAN_HANG_FW_OFFSET)
			
 
				+			return NOTIFY_STOP_MASK;
			
 
				 
			
 
				 		pe_data = (pe_hang_data->hang_data + pe_hang_data->offset);
			
 
				 		cmd = (struct pe_hang_event_fixed_param *)pe_data;
			
@@ -784,7 +785,7 @@ static int pe_hang_event_notifier_call(struct notifier_block *block,
 
				 		cmd->limprevmlmstate = session->limPrevMlmState;
			
 
				 		cmd->limsmestate = session->limSmeState;
			
 
				 		cmd->limprevsmestate = session->limPrevSmeState;
			
 
				-		pe_hang_data->offset += sizeof(*cmd);
			
 
				+		pe_hang_data->offset += size;
			
 
				 	}
			
 
				 
			
 
				 	return NOTIFY_OK;