qcacld-3.0: Add data length in oem data request msg

Add data length information in oem data request
messages.

Change-Id: Ibc132d31dd4345c4168dad23b4acf699f2a8c8e6
CRs-Fixed: 942260

core/hdd/src/wlan_hdd_oemdata.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2015 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2016 The Linux Foundation. All rights reserved.
  *
  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
  *
@@ -374,7 +374,14 @@ static CDF_STATUS oem_process_data_req_msg(int oemDataLen, char *oemData)
 
 	cdf_mem_zero(&oemDataReqConfig, sizeof(tOemDataReqConfig));
 
-	cdf_mem_copy((&oemDataReqConfig)->oemDataReq, oemData, oemDataLen);
+	oemDataReqConfig.data = cdf_mem_malloc(oemDataLen);
+	if (!oemDataReqConfig.data) {
+		hddLog(LOGE, FL("malloc failed for data req buffer"));
+		return CDF_STATUS_E_NOMEM;
+	}
+
+	oemDataReqConfig.data_len = oemDataLen;
+	cdf_mem_copy(oemDataReqConfig.data, oemData, oemDataLen);
 
 	CDF_TRACE(CDF_MODULE_ID_HDD, CDF_TRACE_LEVEL_INFO,
 		  "%s: calling sme_oem_data_req", __func__);
@@ -383,6 +390,10 @@ static CDF_STATUS oem_process_data_req_msg(int oemDataLen, char *oemData)
 				  pAdapter->sessionId,
 				  &oemDataReqConfig,
 				  &oemDataReqID);
+
+	cdf_mem_free(oemDataReqConfig.data);
+	oemDataReqConfig.data = NULL;
+
 	return status;
 }
 

core/mac/inc/sir_api.h

@@ -875,7 +875,8 @@ typedef struct sSirOemDataReq {
 	uint16_t messageType;   /* eWNI_SME_OEM_DATA_REQ */
 	uint16_t messageLen;
 	struct cdf_mac_addr selfMacAddr;
-	uint8_t oemDataReq[OEM_DATA_REQ_SIZE];
+	uint8_t data_len;
+	uint8_t *data;
 } tSirOemDataReq, *tpSirOemDataReq;
 
 typedef struct sSirOemDataRsp {

core/mac/src/pe/include/lim_global.h

@@ -307,7 +307,8 @@ struct tLimScanResultNode {
 /* OEM Data related structure definitions */
 typedef struct sLimMlmOemDataReq {
 	struct cdf_mac_addr selfMacAddr;
-	uint8_t oemDataReq[OEM_DATA_REQ_SIZE];
+	uint8_t data_len;
+	uint8_t *data;
 } tLimMlmOemDataReq, *tpLimMlmOemDataReq;
 
 typedef struct sLimMlmOemDataRsp {

core/mac/src/pe/lim/lim_api.c

@@ -260,6 +260,8 @@ static void __lim_init_vars(tpAniSirGlobal pMac)
 	pMac->lim.gScanInPowersave = 0;
 	pMac->lim.probeCounter = 0;
 	pMac->lim.maxProbe = 0;
+
+	pMac->lim.gpLimMlmOemDataReq = NULL;
 }
 
 static void __lim_init_assoc_vars(tpAniSirGlobal pMac)
@@ -818,6 +820,11 @@ tSirRetStatus pe_close(tpAniSirGlobal pMac)
 	pMac->lim.limTimers.gpLimCnfWaitTimer = NULL;
 
 	if (pMac->lim.gpLimMlmOemDataReq) {
+		if (pMac->lim.gpLimMlmOemDataReq->data) {
+			cdf_mem_free(
+				pMac->lim.gpLimMlmOemDataReq->data);
+			pMac->lim.gpLimMlmOemDataReq->data = NULL;
+		}
 		cdf_mem_free(pMac->lim.gpLimMlmOemDataReq);
 		pMac->lim.gpLimMlmOemDataReq = NULL;
 	}

core/mac/src/pe/lim/lim_process_mlm_req_messages.c

@@ -367,31 +367,36 @@ void lim_send_hal_oem_data_req(tpAniSirGlobal mac_ctx)
 	tpStartOemDataReq start_oem_data_req = NULL;
 	tSirRetStatus rc = eSIR_SUCCESS;
 	tpLimMlmOemDataRsp mlm_oem_data_rsp;
-	uint32_t reqlen = 0;
 
 	if (NULL == mac_ctx->lim.gpLimMlmOemDataReq) {
 		lim_log(mac_ctx, LOGE, FL("Null pointer"));
 		goto error;
 	}
 
-	reqlen = sizeof(tStartOemDataReq);
-
-	start_oem_data_req = cdf_mem_malloc(reqlen);
+	start_oem_data_req = cdf_mem_malloc(sizeof(*start_oem_data_req));
 	if (NULL == start_oem_data_req) {
 		lim_log(mac_ctx, LOGE, FL
 			("Could not allocate memory for start_oem_data_req"));
 		goto error;
 	}
 
-	cdf_mem_set((uint8_t *) (start_oem_data_req), reqlen, 0);
+	start_oem_data_req->data =
+		cdf_mem_malloc(mac_ctx->lim.gpLimMlmOemDataReq->data_len);
+	if (!start_oem_data_req->data) {
+		lim_log(mac_ctx, LOGE, FL("memory allocation failed"));
+		cdf_mem_free(start_oem_data_req);
+		goto error;
+	}
 
 	/* Now copy over the information to the OEM DATA REQ to HAL */
 	cdf_copy_macaddr(&start_oem_data_req->selfMacAddr,
 			 &mac_ctx->lim.gpLimMlmOemDataReq->selfMacAddr);
 
-	cdf_mem_copy(start_oem_data_req->oemDataReq,
-		     mac_ctx->lim.gpLimMlmOemDataReq->oemDataReq,
-		     OEM_DATA_REQ_SIZE);
+	start_oem_data_req->data_len =
+			mac_ctx->lim.gpLimMlmOemDataReq->data_len;
+	cdf_mem_copy(start_oem_data_req->data,
+		     mac_ctx->lim.gpLimMlmOemDataReq->data,
+		     mac_ctx->lim.gpLimMlmOemDataReq->data_len);
 
 	/* Create the message to be passed to HAL */
 	msg.type = WMA_START_OEM_DATA_REQ;
@@ -406,6 +411,7 @@ void lim_send_hal_oem_data_req(tpAniSirGlobal mac_ctx)
 		return;
 
 	SET_LIM_PROCESS_DEFD_MESGS(mac_ctx, true);
+	cdf_mem_free(start_oem_data_req->data);
 	cdf_mem_free(start_oem_data_req);
 	lim_log(mac_ctx, LOGE,
 		FL("OEM_DATA: posting WMA_START_OEM_DATA_REQ to HAL failed"));
@@ -424,6 +430,11 @@ error:
 	mlm_oem_data_rsp->target_rsp = false;
 
 	if (NULL != mac_ctx->lim.gpLimMlmOemDataReq) {
+		if (NULL != mac_ctx->lim.gpLimMlmOemDataReq->data) {
+			cdf_mem_free(
+				mac_ctx->lim.gpLimMlmOemDataReq->data);
+			mac_ctx->lim.gpLimMlmOemDataReq->data = NULL;
+		}
 		cdf_mem_free(mac_ctx->lim.gpLimMlmOemDataReq);
 		mac_ctx->lim.gpLimMlmOemDataReq = NULL;
 	}
@@ -789,6 +800,7 @@ static void lim_process_mlm_oem_data_req(tpAniSirGlobal mac_ctx,
 					 uint32_t *msg_buf)
 {
 	tLimMlmOemDataRsp *mlm_oem_data_rsp;
+	tLimMlmOemDataReq *data_req = (tLimMlmOemDataReq *) msg_buf;
 
 	if (((mac_ctx->lim.gLimMlmState == eLIM_MLM_IDLE_STATE) ||
 	     (mac_ctx->lim.gLimMlmState == eLIM_MLM_JOINED_STATE) ||
@@ -801,11 +813,19 @@ static void lim_process_mlm_oem_data_req(tpAniSirGlobal mac_ctx,
 		 * second OEM data request
 		 */
 		if (mac_ctx->lim.gpLimMlmOemDataReq) {
+			if (mac_ctx->lim.gpLimMlmOemDataReq->data) {
+				cdf_mem_free(
+				 mac_ctx->lim.gpLimMlmOemDataReq->data);
+				mac_ctx->lim.gpLimMlmOemDataReq->data =
+				 NULL;
+			}
 			cdf_mem_free(mac_ctx->lim.gpLimMlmOemDataReq);
 			mac_ctx->lim.gpLimMlmOemDataReq = NULL;
 		}
 
-		mac_ctx->lim.gpLimMlmOemDataReq = (tLimMlmOemDataReq *) msg_buf;
+		mac_ctx->lim.gpLimMlmOemDataReq = data_req;
+		mac_ctx->lim.gpLimMlmOemDataReq->data =
+			data_req->data;
 		mac_ctx->lim.gLimPrevMlmState = mac_ctx->lim.gLimMlmState;
 
 		lim_log(mac_ctx, LOG2, FL("Calling lim_send_hal_oem_data_req"));

core/mac/src/pe/lim/lim_process_sme_req_messages.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2015 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2016 The Linux Foundation. All rights reserved.
  *
  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
  *
@@ -1495,19 +1495,24 @@ static void __lim_process_sme_oem_data_req(tpAniSirGlobal pMac, uint32_t *pMsgBu
 	pOemDataReq = (tpSirOemDataReq) pMsgBuf;
 
 	/* post the lim mlm message now */
-	pMlmOemDataReq = cdf_mem_malloc(sizeof(tLimMlmOemDataReq));
+	pMlmOemDataReq = cdf_mem_malloc(sizeof(*pMlmOemDataReq));
 	if (NULL == pMlmOemDataReq) {
 		lim_log(pMac, LOGP,
 			FL("AllocateMemory failed for mlmOemDataReq"));
 		return;
 	}
-	/* Initialize this buffer */
-	cdf_mem_set(pMlmOemDataReq, (sizeof(tLimMlmOemDataReq)), 0);
+	pMlmOemDataReq->data = cdf_mem_malloc(pOemDataReq->data_len);
+	if (!pMlmOemDataReq->data) {
+		lim_log(pMac, LOGP, FL("memory allocation failed"));
+		cdf_mem_free(pMlmOemDataReq);
+		return;
+	}
 
 	cdf_copy_macaddr(&pMlmOemDataReq->selfMacAddr,
 			 &pOemDataReq->selfMacAddr);
-	cdf_mem_copy(pMlmOemDataReq->oemDataReq, pOemDataReq->oemDataReq,
-		     OEM_DATA_REQ_SIZE);
+	pMlmOemDataReq->data_len = pOemDataReq->data_len;
+	cdf_mem_copy(pMlmOemDataReq->data, pOemDataReq->data,
+		     pOemDataReq->data_len);
 
 	/* Issue LIM_MLM_OEM_DATA_REQ to MLM */
 	lim_post_mlm_message(pMac, LIM_MLM_OEM_DATA_REQ,

core/sme/inc/oem_data_api.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2015 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2013-2016 The Linux Foundation. All rights reserved.
  *
  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
  *
@@ -53,7 +53,8 @@
 /* Structure for defining req sent to the PE */
 typedef struct tagOemDataReq {
 	uint8_t sessionId;
-	uint8_t oemDataReq[OEM_DATA_REQ_SIZE];
+	uint8_t data_len;
+	uint8_t *data;
 } tOemDataReq, tOemDataReqConfig;
 
 typedef struct tagOemDataRsp {

core/sme/src/oem_data/oem_data_api.c

@@ -89,6 +89,7 @@ CDF_STATUS oem_data_oem_data_req_close(tHalHandle hHal)
 
 		/* initialize all the variables to null */
 		cdf_mem_set(&(pMac->oemData), sizeof(tOemDataStruct), 0);
+
 	} while (0);
 
 	return CDF_STATUS_SUCCESS;
@@ -108,8 +109,13 @@ void oem_data_release_oem_data_req_command(tpAniSirGlobal pMac,
 	/* First take this command out of the active list */
 	if (csr_ll_remove_entry
 		    (&pMac->sme.smeCmdActiveList, &pOemDataCmd->Link, LL_ACCESS_LOCK)) {
-		cdf_mem_set(&(pOemDataCmd->u.oemDataCmd), sizeof(tOemDataCmd),
-			    0);
+		if (pOemDataCmd->u.oemDataCmd.oemDataReq.data) {
+			cdf_mem_free(
+			    pOemDataCmd->u.oemDataCmd.oemDataReq.data);
+			pOemDataCmd->u.oemDataCmd.oemDataReq.data =
+			    NULL;
+		}
+		cdf_mem_zero(&(pOemDataCmd->u.oemDataCmd), sizeof(tOemDataCmd));
 
 		/* Now put this command back on the avilable command list */
 		sme_release_command(pMac, pOemDataCmd);
@@ -134,6 +140,7 @@ CDF_STATUS oem_data_oem_data_req(tHalHandle hHal,
 	CDF_STATUS status = CDF_STATUS_SUCCESS;
 	tpAniSirGlobal pMac = PMAC_STRUCT(hHal);
 	tSmeCmd *pOemDataCmd = NULL;
+	tOemDataReq *cmd_req, *mac_req;
 
 	do {
 		if (!CSR_IS_SESSION_VALID(pMac, sessionId)) {
@@ -144,10 +151,25 @@ CDF_STATUS oem_data_oem_data_req(tHalHandle hHal,
 		pMac->oemData.oemDataReqConfig.sessionId = sessionId;
 		pMac->oemData.oemDataReqID = *(pOemDataReqID);
 
-		cdf_mem_copy((void *)(pMac->oemData.oemDataReqConfig.
-				      oemDataReq),
-			     (void *)(oemDataReqConfig->oemDataReq),
-			     OEM_DATA_REQ_SIZE);
+		pMac->oemData.oemDataReqConfig.data_len =
+				oemDataReqConfig->data_len;
+
+		if (pMac->oemData.oemDataReqConfig.data) {
+			cdf_mem_free(pMac->oemData.oemDataReqConfig.data);
+			pMac->oemData.oemDataReqConfig.data = NULL;
+		}
+
+		pMac->oemData.oemDataReqConfig.data =
+			cdf_mem_malloc(pMac->oemData.oemDataReqConfig.data_len);
+		if (!pMac->oemData.oemDataReqConfig.data) {
+			sms_log(pMac, LOGE, FL("memory alloc failed"));
+			status = CDF_STATUS_E_NOMEM;
+			break;
+		}
+
+		cdf_mem_copy((void *)(pMac->oemData.oemDataReqConfig.data),
+			     (void *)(oemDataReqConfig->data),
+			     oemDataReqConfig->data_len);
 
 		pMac->oemData.oemDataReqActive = false;
 
@@ -159,13 +181,23 @@ CDF_STATUS oem_data_oem_data_req(tHalHandle hHal,
 			pOemDataCmd->u.oemDataCmd.oemDataReqID =
 				pMac->oemData.oemDataReqID;
 
+
+			cmd_req = &(pOemDataCmd->u.oemDataCmd.oemDataReq);
+			mac_req = &(pMac->oemData.oemDataReqConfig);
 			/* set the oem data request */
-			pOemDataCmd->u.oemDataCmd.oemDataReq.sessionId =
-				pMac->oemData.oemDataReqConfig.sessionId;
-			cdf_mem_copy((void *)(pOemDataCmd->u.oemDataCmd.
-					      oemDataReq.oemDataReq),
-				     (void *)(pMac->oemData.oemDataReqConfig.
-					      oemDataReq), OEM_DATA_REQ_SIZE);
+			cmd_req->sessionId = mac_req->sessionId;
+			cmd_req->data_len =  mac_req->data_len;
+			cmd_req->data = cdf_mem_malloc(cmd_req->data_len);
+
+			if (!cmd_req->data) {
+				sms_log(pMac, LOGE, FL("memory alloc failed"));
+				status = CDF_STATUS_E_NOMEM;
+				break;
+			}
+
+			cdf_mem_copy((void *)(cmd_req->data),
+				     (void *)(mac_req->data),
+				     cmd_req->data_len);
 		} else {
 			status = CDF_STATUS_E_FAILURE;
 			break;
@@ -199,25 +231,36 @@ CDF_STATUS oem_data_send_mb_oem_data_req(tpAniSirGlobal pMac,
 {
 	CDF_STATUS status = CDF_STATUS_SUCCESS;
 	tSirOemDataReq *pMsg;
-	uint16_t msgLen;
 	tCsrRoamSession *pSession =
 		CSR_GET_SESSION(pMac, pOemDataReq->sessionId);
+	uint16_t msgLen;
 
 	sms_log(pMac, LOGW, "OEM_DATA: entering Function %s", __func__);
 
-	msgLen = (uint16_t) (sizeof(tSirOemDataReq));
+	if (!pOemDataReq) {
+		sms_log(pMac, LOGE, FL("oem data req is NULL"));
+		return CDF_STATUS_E_INVAL;
+	}
 
-	pMsg = cdf_mem_malloc(msgLen);
+	pMsg = cdf_mem_malloc(sizeof(*pMsg));
 	if (NULL == pMsg) {
 		sms_log(pMac, LOGP, FL("cdf_mem_malloc failed"));
 		return CDF_STATUS_E_NOMEM;
 	}
-	cdf_mem_set(pMsg, msgLen, 0);
+	pMsg->data = cdf_mem_malloc(pOemDataReq->data_len);
+	if (!pMsg->data) {
+		sms_log(pMac, LOGP, FL("cdf_mem_malloc failed"));
+		cdf_mem_free(pMsg);
+		return CDF_STATUS_E_NOMEM;
+	}
+
+	msgLen = (uint16_t) (sizeof(*pMsg) + pOemDataReq->data_len);
 	pMsg->messageType = eWNI_SME_OEM_DATA_REQ;
 	pMsg->messageLen = msgLen;
 	cdf_copy_macaddr(&pMsg->selfMacAddr, &pSession->selfMacAddr);
-	cdf_mem_copy(pMsg->oemDataReq, pOemDataReq->oemDataReq,
-		     OEM_DATA_REQ_SIZE);
+	pMsg->data_len = pOemDataReq->data_len;
+	cdf_mem_copy(pMsg->data, pOemDataReq->data,
+		     pOemDataReq->data_len);
 	sms_log(pMac, LOGW, "OEM_DATA: sending message to pe%s", __func__);
 	status = cds_send_mb_message_to_mac(pMsg);
 
@@ -290,6 +333,7 @@ CDF_STATUS sme_handle_oem_data_rsp(tHalHandle hHal, uint8_t *pMsg)
 	tListElem *pEntry = NULL;
 	tSmeCmd *pCommand = NULL;
 	tSirOemDataRsp *pOemDataRsp = NULL;
+	tOemDataReq *req;
 
 	pMac = PMAC_STRUCT(hHal);
 
@@ -318,6 +362,9 @@ CDF_STATUS sme_handle_oem_data_rsp(tHalHandle hHal, uint8_t *pMsg)
 					    &pCommand->Link, LL_ACCESS_LOCK)) {
 					cdf_mem_set(&(pCommand->u.oemDataCmd),
 						    sizeof(tOemDataCmd), 0);
+					req =
+					   &(pCommand->u.oemDataCmd.oemDataReq);
+					cdf_mem_free(req->data);
 					sme_release_command(pMac, pCommand);
 				}
 			}

core/wma/inc/wma_if.h

@@ -680,7 +680,8 @@ typedef struct {
 typedef struct {
 	struct cdf_mac_addr selfMacAddr;
 	CDF_STATUS status;
-	uint8_t oemDataReq[OEM_DATA_REQ_SIZE];
+	uint8_t data_len;
+	uint8_t *data;
 } tStartOemDataReq, *tpStartOemDataReq;
 
 /**

core/wma/src/wma_features.c

@@ -1902,48 +1902,51 @@ void wma_start_oem_data_req(tp_wma_handle wma_handle,
 	int ret = 0;
 	tStartOemDataRsp *pStartOemDataRsp;
 
-	WMA_LOGD("%s: Send OEM Data Request to target", __func__);
+	WMA_LOGD(FL("Send OEM Data Request to target"));
 
-	if (!startOemDataReq) {
-		WMA_LOGE("%s: startOemDataReq is null", __func__);
+	if (!startOemDataReq && !startOemDataReq->data) {
+		WMA_LOGE(FL("startOemDataReq is null"));
 		goto out;
 	}
 
 	if (!wma_handle || !wma_handle->wmi_handle) {
-		WMA_LOGE("%s: WMA is closed, can not send Oem data request cmd",
-			 __func__);
+		WMA_LOGE(FL("WMA - closed, can not send Oem data request cmd"));
 		return;
 	}
 
 	buf = wmi_buf_alloc(wma_handle->wmi_handle,
-			    (OEM_DATA_REQ_SIZE + WMI_TLV_HDR_SIZE));
+			    (startOemDataReq->data_len + WMI_TLV_HDR_SIZE));
 	if (!buf) {
-		WMA_LOGE("%s:wmi_buf_alloc failed", __func__);
+		WMA_LOGE(FL("wmi_buf_alloc failed"));
 		goto out;
 	}
 
 	cmd = (uint8_t *) wmi_buf_data(buf);
 
-	WMITLV_SET_HDR(cmd, WMITLV_TAG_ARRAY_BYTE, OEM_DATA_REQ_SIZE);
+	WMITLV_SET_HDR(cmd, WMITLV_TAG_ARRAY_BYTE, startOemDataReq->data_len);
 	cmd += WMI_TLV_HDR_SIZE;
-	cdf_mem_copy(cmd, &startOemDataReq->oemDataReq[0], OEM_DATA_REQ_SIZE);
+	cdf_mem_copy(cmd, startOemDataReq->data,
+		     startOemDataReq->data_len);
 
-	WMA_LOGI("%s: Sending OEM Data Request to target, data len (%d)",
-		 __func__, OEM_DATA_REQ_SIZE);
+	WMA_LOGI(FL("Sending OEM Data Request to target, data len %d"),
+		 startOemDataReq->data_len);
 
 	ret = wmi_unified_cmd_send(wma_handle->wmi_handle, buf,
-				   (OEM_DATA_REQ_SIZE +
+				   (startOemDataReq->data_len +
 				    WMI_TLV_HDR_SIZE), WMI_OEM_REQ_CMDID);
 
 	if (ret != EOK) {
-		WMA_LOGE("%s:wmi cmd send failed", __func__);
+		WMA_LOGE(FL(":wmi cmd send failed"));
 		cdf_nbuf_free(buf);
 	}
 
 out:
 	/* free oem data req buffer received from UMAC */
-	if (startOemDataReq)
+	if (startOemDataReq) {
+		if (startOemDataReq->data)
+			cdf_mem_free(startOemDataReq->data);
 		cdf_mem_free(startOemDataReq);
+	}
 
 	/* Now send data resp back to PE/SME with message sub-type of
 	 * WMI_OEM_INTERNAL_RSP. This is required so that PE/SME clears