samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Förgrening 0
Kod Ärenden Pull-förfrågningar Actions Packages Projekt Släpp Wiki Aktiviteter

qcacmn: Retrieve peer from mac based search

Bläddra i källkod 
Use mac based search to avoid use after free Peer.

Change-Id: Ie6c3e82f3bb95cdf4c6504e95704e821bbd19e24
This commit is contained in:
Ankit Kumar
2020-03-04 13:13:35 +05:30
committad av nshrivas
förälder 06c7cbb878
incheckning 673a66042b
1 ändrade filer med 53 tillägg och 13 borttagningar
Download Patch File Download Diff File Expand all files Collapse all files

66
dp/wifi3.0/dp_htt.c
Visa fil

@@ -2323,10 +2323,15 @@ static void dp_process_ppdu_stats_user_rate_tlv(struct dp_pdev *pdev,
ppdu_desc->vdev_id);
if (!vdev)
return;
qdf_mem_copy(ppdu_user_desc->mac_addr, vdev->mac_addr.raw,
QDF_MAC_ADDR_SIZE);
} else {
peer = dp_peer_find_by_id(pdev->soc, peer_id);
if (!peer)
return;
ppdu_desc->vdev_id = peer->vdev->vdev_id;
qdf_mem_copy(ppdu_user_desc->mac_addr, peer->mac_addr.raw,
QDF_MAC_ADDR_SIZE);
dp_peer_unref_del_find_by_id(peer);
}
@@ -2397,6 +2402,7 @@ static void dp_process_ppdu_stats_enq_mpdu_bitmap_64_tlv(
struct cdp_tx_completion_ppdu_user *ppdu_user_desc;
uint8_t curr_user_index = 0;
uint16_t peer_id;
struct dp_peer *peer;
uint32_t size = CDP_BA_64_BIT_MAP_SIZE_DWORDS;
ppdu_desc = (struct cdp_tx_completion_ppdu *)qdf_nbuf_data(ppdu_info->nbuf);
@@ -2406,12 +2412,17 @@ static void dp_process_ppdu_stats_enq_mpdu_bitmap_64_tlv(
peer_id =
HTT_PPDU_STATS_ENQ_MPDU_BITMAP_TLV_SW_PEER_ID_GET(*tag_buf);
if (!dp_peer_find_by_id_valid(pdev->soc, peer_id))
peer = dp_peer_find_by_id(pdev->soc, peer_id);
if (!peer)
return;
curr_user_index = dp_get_ppdu_info_user_index(pdev, peer_id, ppdu_info);
ppdu_user_desc = &ppdu_desc->user[curr_user_index];
ppdu_desc->vdev_id = peer->vdev->vdev_id;
qdf_mem_copy(ppdu_user_desc->mac_addr,
peer->mac_addr.raw, QDF_MAC_ADDR_SIZE);
dp_peer_unref_del_find_by_id(peer);
ppdu_user_desc->peer_id = peer_id;
ppdu_user_desc->start_seq = dp_stats_buf->start_seq;
@@ -2444,6 +2455,7 @@ static void dp_process_ppdu_stats_enq_mpdu_bitmap_256_tlv(
struct cdp_tx_completion_ppdu_user *ppdu_user_desc;
uint8_t curr_user_index = 0;
uint16_t peer_id;
struct dp_peer *peer;
uint32_t size = CDP_BA_256_BIT_MAP_SIZE_DWORDS;
ppdu_desc = (struct cdp_tx_completion_ppdu *)qdf_nbuf_data(ppdu_info->nbuf);
@@ -2453,12 +2465,16 @@ static void dp_process_ppdu_stats_enq_mpdu_bitmap_256_tlv(
peer_id =
HTT_PPDU_STATS_ENQ_MPDU_BITMAP_TLV_SW_PEER_ID_GET(*tag_buf);
if (!dp_peer_find_by_id_valid(pdev->soc, peer_id))
peer = dp_peer_find_by_id(pdev->soc, peer_id);
if (!peer)
return;
curr_user_index = dp_get_ppdu_info_user_index(pdev, peer_id, ppdu_info);
ppdu_user_desc = &ppdu_desc->user[curr_user_index];
ppdu_desc->vdev_id = peer->vdev->vdev_id;
qdf_mem_copy(ppdu_user_desc->mac_addr,
peer->mac_addr.raw, QDF_MAC_ADDR_SIZE);
dp_peer_unref_del_find_by_id(peer);
ppdu_user_desc->peer_id = peer_id;
ppdu_user_desc->start_seq = dp_stats_buf->start_seq;
@@ -2485,6 +2501,7 @@ static void dp_process_ppdu_stats_user_cmpltn_common_tlv(
struct ppdu_info *ppdu_info)
{
uint16_t peer_id;
struct dp_peer *peer;
struct cdp_tx_completion_ppdu *ppdu_desc;
struct cdp_tx_completion_ppdu_user *ppdu_user_desc;
uint8_t curr_user_index = 0;
@@ -2498,13 +2515,18 @@ static void dp_process_ppdu_stats_user_cmpltn_common_tlv(
peer_id =
HTT_PPDU_STATS_USER_CMPLTN_COMMON_TLV_SW_PEER_ID_GET(*tag_buf);
if (!dp_peer_find_by_id_valid(pdev->soc, peer_id))
peer = dp_peer_find_by_id(pdev->soc, peer_id);
if (!peer)
return;
curr_user_index = dp_get_ppdu_info_user_index(pdev, peer_id, ppdu_info);
ppdu_user_desc = &ppdu_desc->user[curr_user_index];
ppdu_user_desc->peer_id = peer_id;
ppdu_desc->last_usr_index = curr_user_index;
ppdu_desc->vdev_id = peer->vdev->vdev_id;
qdf_mem_copy(ppdu_user_desc->mac_addr,
peer->mac_addr.raw, QDF_MAC_ADDR_SIZE);
dp_peer_unref_del_find_by_id(peer);
ppdu_user_desc->peer_id = peer_id;
ppdu_user_desc->completion_status =
HTT_PPDU_STATS_USER_CMPLTN_COMMON_TLV_COMPLETION_STATUS_GET(
@@ -2617,6 +2639,7 @@ static void dp_process_ppdu_stats_user_compltn_ba_bitmap_64_tlv(
struct cdp_tx_completion_ppdu *ppdu_desc;
uint8_t curr_user_index = 0;
uint16_t peer_id;
struct dp_peer *peer;
ppdu_desc = (struct cdp_tx_completion_ppdu *)qdf_nbuf_data(ppdu_info->nbuf);
@@ -2625,12 +2648,17 @@ static void dp_process_ppdu_stats_user_compltn_ba_bitmap_64_tlv(
peer_id =
HTT_PPDU_STATS_USER_CMPLTN_BA_BITMAP_TLV_SW_PEER_ID_GET(*tag_buf);
if (!dp_peer_find_by_id_valid(pdev->soc, peer_id))
peer = dp_peer_find_by_id(pdev->soc, peer_id);
if (!peer)
return;
curr_user_index = dp_get_ppdu_info_user_index(pdev, peer_id, ppdu_info);
ppdu_user_desc = &ppdu_desc->user[curr_user_index];
ppdu_desc->vdev_id = peer->vdev->vdev_id;
qdf_mem_copy(ppdu_user_desc->mac_addr,
peer->mac_addr.raw, QDF_MAC_ADDR_SIZE);
dp_peer_unref_del_find_by_id(peer);
ppdu_user_desc->peer_id = peer_id;
ppdu_user_desc->ba_seq_no = dp_stats_buf->ba_seq_no;
@@ -2658,6 +2686,7 @@ static void dp_process_ppdu_stats_user_compltn_ba_bitmap_256_tlv(
struct cdp_tx_completion_ppdu *ppdu_desc;
uint8_t curr_user_index = 0;
uint16_t peer_id;
struct dp_peer *peer;
ppdu_desc = (struct cdp_tx_completion_ppdu *)qdf_nbuf_data(ppdu_info->nbuf);
@@ -2666,12 +2695,17 @@ static void dp_process_ppdu_stats_user_compltn_ba_bitmap_256_tlv(
peer_id =
HTT_PPDU_STATS_USER_CMPLTN_BA_BITMAP_TLV_SW_PEER_ID_GET(*tag_buf);
if (!dp_peer_find_by_id_valid(pdev->soc, peer_id))
peer = dp_peer_find_by_id(pdev->soc, peer_id);
if (!peer)
return;
curr_user_index = dp_get_ppdu_info_user_index(pdev, peer_id, ppdu_info);
ppdu_user_desc = &ppdu_desc->user[curr_user_index];
ppdu_desc->vdev_id = peer->vdev->vdev_id;
qdf_mem_copy(ppdu_user_desc->mac_addr,
peer->mac_addr.raw, QDF_MAC_ADDR_SIZE);
dp_peer_unref_del_find_by_id(peer);
ppdu_user_desc->peer_id = peer_id;
ppdu_user_desc->ba_seq_no = dp_stats_buf->ba_seq_no;
@@ -2694,6 +2728,7 @@ static void dp_process_ppdu_stats_user_compltn_ack_ba_status_tlv(
struct ppdu_info *ppdu_info)
{
uint16_t peer_id;
struct dp_peer *peer;
struct cdp_tx_completion_ppdu *ppdu_desc;
struct cdp_tx_completion_ppdu_user *ppdu_user_desc;
uint8_t curr_user_index = 0;
@@ -2704,12 +2739,16 @@ static void dp_process_ppdu_stats_user_compltn_ack_ba_status_tlv(
peer_id =
HTT_PPDU_STATS_USER_CMPLTN_ACK_BA_STATUS_TLV_SW_PEER_ID_GET(*tag_buf);
if (!dp_peer_find_by_id_valid(pdev->soc, peer_id))
peer = dp_peer_find_by_id(pdev->soc, peer_id);
if (!peer)
return;
curr_user_index = dp_get_ppdu_info_user_index(pdev, peer_id, ppdu_info);
ppdu_user_desc = &ppdu_desc->user[curr_user_index];
ppdu_desc->vdev_id = peer->vdev->vdev_id;
qdf_mem_copy(ppdu_user_desc->mac_addr,
peer->mac_addr.raw, QDF_MAC_ADDR_SIZE);
dp_peer_unref_del_find_by_id(peer);
ppdu_user_desc->peer_id = peer_id;
tag_buf++;
@@ -3117,8 +3156,9 @@ dp_ppdu_desc_user_stats_update(struct dp_pdev *pdev,
ppdu_desc->num_mpdu += ppdu_desc->user[i].num_mpdu;
ppdu_desc->num_msdu += ppdu_desc->user[i].num_msdu;
peer = dp_peer_find_by_id(pdev->soc,
ppdu_desc->user[i].peer_id);
peer = dp_peer_find_hash_find(pdev->soc,
ppdu_desc->user[i].mac_addr,
0, ppdu_desc->vdev_id);
/**
* This check is to make sure peer is not deleted
* after processing the TLVs.
@@ -3145,7 +3185,7 @@ dp_ppdu_desc_user_stats_update(struct dp_pdev *pdev,
(1 << HTT_PPDU_STATS_USR_COMPLTN_ACK_BA_STATUS_TLV)) &&
(ppdu_desc->user[i].completion_status ==
HTT_PPDU_STATS_USER_STATUS_OK))) {
dp_peer_unref_del_find_by_id(peer);
dp_peer_unref_delete(peer);
continue;
}
@@ -3166,7 +3206,7 @@ dp_ppdu_desc_user_stats_update(struct dp_pdev *pdev,
dp_tx_rate_stats_update(peer, &ppdu_desc->user[i]);
}
dp_peer_unref_del_find_by_id(peer);
dp_peer_unref_delete(peer);
tlv_bitmap_expected = tlv_bitmap_default;
}
}