首页 发现 帮助
登录
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

qcacmn: Add check to validate length of packet buffer

Add check to validate length of the packet
buffer before adding to skb.

Change-Id: I78cf436c4bf6a00b1aa08ef82cb790c2b3478733
CRs-Fixed: 3553974
Sushant Butta 1 年之前
父节点
9d048b9e4d
当前提交
8b9b8a9a16
共有 2 个文件被更改,包括 13 次插入0 次删除
分列视图 显示文件统计
  1. 2 0
      dp/inc/cdp_txrx_mon_struct.h
  2. 11 0
      dp/wifi3.0/monitor/2.0/dp_rx_mon_2.0.c

+ 2 - 0
dp/inc/cdp_txrx_mon_struct.h
查看文件 

@@ -433,6 +433,7 @@ enum cdp_mon_phyrx_abort_reason_code {
 
  * @rx_undecoded_count: Received undecoded frame count
 
  * @rx_undecoded_error: Rx undecoded errors
 
  * @rx_hdr_not_received: Rx HDR not received for MPDU
 
+ * @invalid_dma_length: Invalid length received for packet buffer
 
  * @parent_buf_alloc: Numder of parent nbuf allocated for MPDU
 
  * @parent_buf_free: Number of parent nbuf freed
 
  * @pkt_buf_count: Number of packet buffers received
 
@@ -493,6 +494,7 @@ struct cdp_pdev_mon_stats {
 
 	uint32_t rx_undecoded_error[CDP_PHYRX_ERR_MAX];
 
 #endif
 
 	uint32_t rx_hdr_not_received;
 
+	uint32_t invalid_dma_length;
 
 	uint32_t parent_buf_alloc;
 
 	uint32_t parent_buf_free;
 
 	uint32_t pkt_buf_count;

+ 11 - 0
dp/wifi3.0/monitor/2.0/dp_rx_mon_2.0.c
查看文件 

@@ -1647,6 +1647,15 @@ uint8_t dp_rx_mon_process_tlv_status(struct dp_pdev *pdev,
 
 			return num_buf_reaped;
 
 		}
 
 
+		if (packet_info->dma_length >
 
+		    (DP_MON_DATA_BUFFER_SIZE - DP_RX_MON_PACKET_OFFSET)) {
 
+			/* WAR: Invalid DMA length is received for this MPDU */
 
+			mon_pdev->rx_mon_stats.invalid_dma_length++;
 
+			DP_STATS_INC(mon_soc, frag_free, 1);
 
+			qdf_frag_free(addr);
 
+			return num_buf_reaped;
 
+		}
 
+
 
 		nbuf = qdf_nbuf_queue_last(&ppdu_info->mpdu_q[user_id]);
 
 		if (qdf_unlikely(!nbuf)) {
 
 			dp_mon_debug("nbuf is NULL");
 
@@ -2590,6 +2599,8 @@ void dp_mon_rx_print_advanced_stats_2_0(struct dp_soc *soc,
 
 		       mon_pdev->rx_mon_stats.tlv_drop_cnt);
 
 	DP_PRINT_STATS("rx_hdr_invalid_cnt = %d",
 
 		       rx_mon_stats->rx_hdr_invalid_cnt);
 
+	DP_PRINT_STATS("invalid_dma_length Received = %d",
 
+		       rx_mon_stats->invalid_dma_length);
 
 }
 
 #endif