samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

qcacmn: Initialized pdev id with default value 0xFF

Browse Source 
pdev_id is being initialized with 0. Since 0 is valid pdev_id, though
pdev is not present for that id, it is being accessed.

Initialized pdev_id to 0xFF by default. Added checks on API to
detect valid pdev_id value corresponding to lmac_id

Change-Id: I2b2a38783615494ccc08e265702815f7e562214b
This commit is contained in:
Pavankumar Nandeshwar
2020-02-26 18:24:52 +05:30
committed by nshrivas
parent 2eb8560c88
commit 9b0c1271ed
10 changed files with 102 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dp/inc/cdp_txrx_cmn.h
View File

@@ -1925,7 +1925,7 @@ cdp_soc_handle_mode_change(ol_txrx_soc_handle soc, uint8_t pdev_id,
}
if (!soc->ops->cmn_drv_ops ||
!soc->ops->cmn_drv_ops->map_pdev_to_lmac)
!soc->ops->cmn_drv_ops->handle_mode_change)
return QDF_STATUS_E_FAILURE;
return soc->ops->cmn_drv_ops->handle_mode_change(soc, pdev_id,

10
dp/wifi3.0/dp_htt.c
View File

@@ -3596,6 +3596,10 @@ static bool dp_txrx_ppdu_stats_handler(struct dp_soc *soc,
struct ppdu_info *ppdu_info = NULL;
bool free_buf = true;
if (pdev_id >= MAX_PDEV_CNT)
return true;
pdev = soc->pdev_list[pdev_id];
if (!pdev)
return true;
@@ -3900,6 +3904,12 @@ static void dp_htt_bkp_event_alert(u_int32_t *msg_word, struct htt_soc *soc)
target_pdev_id = HTT_T2H_RX_BKPRESSURE_PDEV_ID_GET(*msg_word);
pdev_id = dp_get_host_pdev_id_for_target_pdev_id(soc->dp_soc,
target_pdev_id);
if (pdev_id >= MAX_PDEV_CNT) {
QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
"pdev id %d is invalid", pdev_id);
return;
}
pdev = (struct dp_pdev *)dpsoc->pdev_list[pdev_id];
ring_id = HTT_T2H_RX_BKPRESSURE_RINGID_GET(*msg_word);
hp_idx = HTT_T2H_RX_BKPRESSURE_HEAD_IDX_GET(*(msg_word + 1));

8
dp/wifi3.0/dp_internal.h
View File

@@ -1377,13 +1377,11 @@ dp_get_lmac_id_for_pdev_id
static inline struct dp_pdev *
dp_get_pdev_for_lmac_id(struct dp_soc *soc, uint32_t lmac_id)
{
int i = 0;
uint8_t i = 0;
if (wlan_cfg_per_pdev_lmac_ring(soc->wlan_cfg_ctx)) {
i = wlan_cfg_get_pdev_idx(soc->wlan_cfg_ctx, lmac_id);
qdf_assert_always(i < MAX_PDEV_CNT);
return soc->pdev_list[i];
return ((i < MAX_PDEV_CNT) ? soc->pdev_list[i] : NULL);
}
/* Typically for MCL as there only 1 PDEV*/
@@ -1449,7 +1447,7 @@ dp_get_host_pdev_id_for_target_pdev_id
/*Get host pdev from lmac*/
pdev = dp_get_pdev_for_lmac_id(soc, lmac_id);
return pdev->pdev_id;
return pdev ? pdev->pdev_id : INVALID_PDEV_ID;
}
/*

15
dp/wifi3.0/dp_main.c
View File

@@ -10962,6 +10962,17 @@ dp_soc_attach_wifi3(struct cdp_ctrl_objmgr_psoc *ctrl_psoc,
#endif
static inline void dp_soc_set_def_pdev(struct dp_soc *soc)
{
int lmac_id;
for (lmac_id = 0; lmac_id < MAX_NUM_LMAC_HW; lmac_id++) {
/*Set default host PDEV ID for lmac_id*/
wlan_cfg_set_pdev_idx(soc->wlan_cfg_ctx,
INVALID_PDEV_ID, lmac_id);
}
}
/**
* dp_soc_attach() - Attach txrx SOC
* @ctrl_psoc: Opaque SOC handle from control plane
@@ -11017,6 +11028,8 @@ dp_soc_attach(struct cdp_ctrl_objmgr_psoc *ctrl_psoc,
if (htt_soc_htc_prealloc(htt_soc) != QDF_STATUS_SUCCESS)
goto fail2;
dp_soc_set_def_pdev(soc);
return soc;
fail2:
htt_soc_detach(htt_soc);
@@ -11200,7 +11213,7 @@ void *dp_soc_init_wifi3(struct cdp_soc_t *soc,
void *dp_get_pdev_for_mac_id(struct dp_soc *soc, uint32_t mac_id)
{
if (wlan_cfg_per_pdev_lmac_ring(soc->wlan_cfg_ctx))
return soc->pdev_list[mac_id];
return (mac_id < MAX_PDEV_CNT) ? soc->pdev_list[mac_id] : NULL;
/* Typically for MCL as there only 1 PDEV*/
return soc->pdev_list[0];

6
dp/wifi3.0/dp_rx_defrag.c
View File

@@ -1720,6 +1720,12 @@ uint32_t dp_rx_frag_handle(struct dp_soc *soc, hal_ring_desc_t ring_desc,
/* all buffers in MSDU link belong to same pdev */
pdev = dp_get_pdev_for_lmac_id(soc, rx_desc->pool_id);
if (!pdev) {
QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
"pdev is null for pool_id = %d", rx_desc->pool_id);
return rx_bufs_used;
}
*mac_id = rx_desc->pool_id;
msdu = rx_desc->nbuf;

30
dp/wifi3.0/dp_rx_err.c
View File

@@ -279,6 +279,12 @@ dp_rx_msdus_drop(struct dp_soc *soc, hal_ring_desc_t ring_desc,
/* all buffers from a MSDU link link belong to same pdev */
*mac_id = rx_desc->pool_id;
pdev = dp_get_pdev_for_lmac_id(soc, rx_desc->pool_id);
if (!pdev) {
QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
"pdev is null for pool_id = %d",
rx_desc->pool_id);
return rx_bufs_used;
}
if (!dp_rx_desc_check_magic(rx_desc)) {
QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_ERROR,
@@ -435,6 +441,11 @@ dp_rx_chain_msdus(struct dp_soc *soc, qdf_nbuf_t nbuf,
*/
struct dp_pdev *dp_pdev = dp_get_pdev_for_lmac_id(soc, mac_id);
if (!dp_pdev) {
QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
"pdev is null for mac_id = %d", mac_id);
return mpdu_done;
}
/* if invalid peer SG list has max values free the buffers in list
* and treat current buffer as start of list
*
@@ -644,6 +655,11 @@ dp_rx_null_q_handle_invalid_peer_id_exception(struct dp_soc *soc,
struct dp_pdev *pdev = dp_get_pdev_for_lmac_id(soc, pool_id);
struct ieee80211_frame *wh = (struct ieee80211_frame *)rx_pkt_hdr;
if (!pdev) {
QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
"pdev is null for pool_id = %d", pool_id);
return false;
}
/*
* WAR- In certain types of packets if peer_id is not correct then
* driver may not be able find. Try finding peer by addr_2 of
@@ -788,6 +804,11 @@ dp_rx_null_q_desc_handle(struct dp_soc *soc, qdf_nbuf_t nbuf,
bool mpdu_done = false;
struct dp_pdev *pdev = dp_get_pdev_for_lmac_id(soc, pool_id);
if (!pdev) {
dp_err_rl("pdev is null for pool_id = %d", pool_id);
return QDF_STATUS_E_FAILURE;
}
dp_err_rl("peer is NULL");
DP_STATS_INC_PKT(soc, rx.err.rx_invalid_peer, 1,
qdf_nbuf_len(nbuf));
@@ -1522,7 +1543,6 @@ done:
for (mac_id = 0; mac_id < MAX_PDEV_CNT; mac_id++) {
if (rx_bufs_reaped[mac_id]) {
dp_pdev = dp_get_pdev_for_lmac_id(soc, mac_id);
dp_rxdma_srng = &soc->rx_refill_buf_ring[mac_id];
rx_desc_pool = &soc->rx_desc_buf[mac_id];
@@ -1765,6 +1785,12 @@ dp_rx_err_mpdu_pop(struct dp_soc *soc, uint32_t mac_id,
uint32_t rx_link_buf_info[HAL_RX_BUFFINFO_NUM_DWORDS];
hal_rxdma_desc_t ring_desc;
if (!pdev) {
QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
"pdev is null for mac_id = %d", mac_id);
return rx_bufs_used;
}
msdu = 0;
last = NULL;
@@ -2029,7 +2055,6 @@ dp_handle_wbm_internal_error(struct dp_soc *soc, void *hal_desc,
uint32_t buf_type)
{
struct hal_buf_info buf_info = {0};
struct dp_pdev *dp_pdev;
struct dp_rx_desc *rx_desc = NULL;
uint32_t rx_buf_cookie;
uint32_t rx_bufs_reaped = 0;
@@ -2075,7 +2100,6 @@ dp_handle_wbm_internal_error(struct dp_soc *soc, void *hal_desc,
struct dp_srng *dp_rxdma_srng;
DP_STATS_INC(soc, tx.wbm_internal_error[WBM_INT_ERROR_REO_BUFF_REAPED], 1);
dp_pdev = dp_get_pdev_for_lmac_id(soc, pool_id);
dp_rxdma_srng = &soc->rx_refill_buf_ring[pool_id];
rx_desc_pool = &soc->rx_desc_buf[pool_id];

22
dp/wifi3.0/dp_rx_mon_dest.c
View File

@@ -185,6 +185,12 @@ dp_rx_mon_mpdu_pop(struct dp_soc *soc, uint32_t mac_id,
uint64_t nbuf_paddr = 0;
uint32_t rx_link_buf_info[HAL_RX_BUFFINFO_NUM_DWORDS];
if (qdf_unlikely(!dp_pdev)) {
QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
"pdev is null for mac_id = %d", mac_id);
return rx_bufs_used;
}
msdu = 0;
last = NULL;
@@ -471,6 +477,12 @@ qdf_nbuf_t dp_rx_mon_restitch_mpdu_from_msdus(struct dp_soc *soc,
head_frag_list = NULL;
mpdu_buf = NULL;
if (qdf_unlikely(!dp_pdev)) {
QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
"pdev is null for mac_id = %d", mac_id);
return NULL;
}
/* The nbuf has been pulled just beyond the status and points to the
* payload
*/
@@ -851,7 +863,7 @@ QDF_STATUS dp_rx_mon_deliver(struct dp_soc *soc, uint32_t mac_id,
qdf_nbuf_t mon_skb, skb_next;
qdf_nbuf_t mon_mpdu = NULL;
if (!pdev->monitor_vdev && !pdev->mcopy_mode)
if (!pdev || (!pdev->monitor_vdev && !pdev->mcopy_mode))
goto mon_deliver_fail;
/* restitch mon MPDU for delivery via monitor interface */
@@ -928,7 +940,7 @@ QDF_STATUS dp_rx_mon_deliver_non_std(struct dp_soc *soc,
qdf_nbuf_t dummy_msdu;
/* Sanity checking */
if ((!pdev->monitor_vdev) || (!pdev->monitor_vdev->osif_rx_mon))
if (!pdev || !pdev->monitor_vdev || !pdev->monitor_vdev->osif_rx_mon)
goto mon_deliver_non_std_fail;
/* Generate a dummy skb_buff */
@@ -998,6 +1010,12 @@ void dp_rx_mon_dest_process(struct dp_soc *soc, uint32_t mac_id, uint32_t quota)
int mac_for_pdev = mac_id;
struct cdp_pdev_mon_stats *rx_mon_stats;
if (!pdev) {
QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
"pdev is null for mac_id = %d", mac_id);
return;
}
mon_dst_srng = dp_rxdma_get_mon_dst_ring(pdev, mac_for_pdev);
if (!mon_dst_srng || !hal_srng_initialized(mon_dst_srng)) {

17
dp/wifi3.0/dp_rx_mon_status.c
View File

@@ -1474,6 +1474,11 @@ dp_rx_mon_status_process_tlv(struct dp_soc *soc, uint32_t mac_id,
bool nbuf_used;
uint32_t rx_enh_capture_mode;
if (!pdev) {
QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
"pdev is null for mac_id = %d", mac_id);
return;
}
ppdu_info = &pdev->ppdu_info;
rx_mon_stats = &pdev->rx_mon_stats;
@@ -1621,6 +1626,12 @@ dp_rx_mon_status_srng_process(struct dp_soc *soc, uint32_t mac_id,
QDF_STATUS status;
uint32_t work_done = 0;
if (!pdev) {
QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
"pdev is null for mac_id = %d", mac_id);
return work_done;
}
mon_status_srng = soc->rxdma_mon_status_ring[mac_id].hal_srng;
qdf_assert(mon_status_srng);
@@ -1875,6 +1886,12 @@ QDF_STATUS dp_rx_mon_status_buffers_replenish(struct dp_soc *dp_soc,
void *rxdma_srng;
struct dp_pdev *dp_pdev = dp_get_pdev_for_lmac_id(dp_soc, mac_id);
if (!dp_pdev) {
QDF_TRACE(QDF_MODULE_ID_DP, QDF_TRACE_LEVEL_DEBUG,
"pdev is null for mac_id = %d", mac_id);
return QDF_STATUS_E_FAILURE;
}
rxdma_srng = dp_rxdma_srng->hal_srng;
qdf_assert(rxdma_srng);

4
wlan_cfg/wlan_cfg.c
View File

@@ -725,9 +725,9 @@ int wlan_cfg_get_target_pdev_id(struct wlan_cfg_dp_soc_ctxt *cfg,
void wlan_cfg_set_pdev_idx(struct wlan_cfg_dp_soc_ctxt *cfg, int pdev_idx,
int hw_macid)
{
qdf_assert_always(pdev_idx < MAX_PDEV_CNT);
qdf_assert_always((pdev_idx < MAX_PDEV_CNT) ||
(pdev_idx == INVALID_PDEV_ID));
qdf_assert_always(hw_macid < MAX_NUM_LMAC_HW);
cfg->hw_macid_pdev_id_map[hw_macid] = pdev_idx;
}

2
wlan_cfg/wlan_cfg.h
View File

@@ -83,6 +83,8 @@
#define WLAN_CFG_RX_FST_MAX_SEARCH 2
#define WLAN_CFG_RX_FST_TOEPLITZ_KEYLEN 40
#define INVALID_PDEV_ID 0xFF
struct wlan_cfg_dp_pdev_ctxt;
/**