|
|
@@ -741,6 +741,17 @@ void pktlog_process_fw_msg(uint32_t *buff)
|
|
|
}
|
|
|
|
|
|
#if defined(QCA_WIFI_3_0_ADRASTEA)
|
|
|
+static inline int pktlog_nbuf_check_sanity(qdf_nbuf_t nbuf)
|
|
|
+{
|
|
|
+ int rc = 0; /* sane */
|
|
|
+
|
|
|
+ if ((!nbuf) ||
|
|
|
+ (nbuf->data < nbuf->head) ||
|
|
|
+ ((nbuf->data + skb_headlen(nbuf)) > skb_end_pointer(nbuf)))
|
|
|
+ rc = -EINVAL;
|
|
|
+
|
|
|
+ return rc;
|
|
|
+}
|
|
|
/**
|
|
|
* pktlog_t2h_msg_handler() - Target to host message handler
|
|
|
* @context: pdev context
|
|
|
@@ -754,6 +765,15 @@ static void pktlog_t2h_msg_handler(void *context, HTC_PACKET *pkt)
|
|
|
qdf_nbuf_t pktlog_t2h_msg = (qdf_nbuf_t) pkt->pPktContext;
|
|
|
uint32_t *msg_word;
|
|
|
|
|
|
+ /* check for sanity of the packet, have seen corrupted pkts */
|
|
|
+ if (pktlog_nbuf_check_sanity(pktlog_t2h_msg)) {
|
|
|
+ qdf_print("%s: packet 0x%p corrupted? Leaking...",
|
|
|
+ __func__, pktlog_t2h_msg);
|
|
|
+ /* do not free; may crash! */
|
|
|
+ QDF_ASSERT(0);
|
|
|
+ return;
|
|
|
+ }
|
|
|
+
|
|
|
/* check for successful message reception */
|
|
|
if (pkt->Status != QDF_STATUS_SUCCESS) {
|
|
|
if (pkt->Status != QDF_STATUS_E_CANCELED)
|
Orhan K AKYILDIZ