From c6fcd2aa36fdd01cc9bb73309ed3e256046e380b Mon Sep 17 00:00:00 2001 From: Bala Venkatesh Date: Wed, 20 Feb 2019 20:48:03 +0530 Subject: [PATCH] qcacld-3.0: Remove vdev chk_frame structure Chk frame member of the tdls_mgmt_req is declared locally inside of the local function wlan_cfg80211_tdls_mgmt and address is copied in the mgmt request, and posted to scheduler thread. But, the validity of the chk frame variable is lost once returned from the wlan_cfg80211_tdls_mgmt function. And the chk_frame is used when processing the tdls_mgmt_req in scheduler thread. And the stale data of chk_frame can be used. Hence, make the chk_frame as a variable instead pointer inside tdls_action_frame_request request. Change-Id: Ib2a8a81e8f6db5550b1d0abee31d9f7ea5dacd9b CRs-Fixed: 2402124 --- tdls/core/src/wlan_tdls_cmds_process.c | 19 ++++++++----------- tdls/core/src/wlan_tdls_mgmt.c | 6 +++--- .../dispatcher/inc/wlan_tdls_public_structs.h | 8 ++------ 3 files changed, 13 insertions(+), 20 deletions(-) diff --git a/tdls/core/src/wlan_tdls_cmds_process.c b/tdls/core/src/wlan_tdls_cmds_process.c index c34494ad0d..2337eb70f0 100644 --- a/tdls/core/src/wlan_tdls_cmds_process.c +++ b/tdls/core/src/wlan_tdls_cmds_process.c @@ -659,8 +659,7 @@ static int tdls_validate_setup_frames(struct tdls_soc_priv_obj *tdls_soc, tdls_soc->connected_peer_count, tdls_soc->max_num_tdls_sta); - tdls_validate->max_sta_failed = -EPERM; - return 0; + return -EPERM; } int tdls_validate_mgmt_request(struct tdls_action_frame_request *tdls_mgmt_req) @@ -672,13 +671,11 @@ int tdls_validate_mgmt_request(struct tdls_action_frame_request *tdls_mgmt_req) QDF_STATUS status; uint8_t vdev_id; + struct wlan_objmgr_vdev *vdev = tdls_mgmt_req->vdev; struct tdls_validate_action_req *tdls_validate = - tdls_mgmt_req->chk_frame; + &tdls_mgmt_req->chk_frame; - if (!tdls_validate || !tdls_validate->vdev) - return -EINVAL; - - if (QDF_STATUS_SUCCESS != tdls_get_vdev_objects(tdls_validate->vdev, + if (QDF_STATUS_SUCCESS != tdls_get_vdev_objects(vdev, &tdls_vdev, &tdls_soc)) return -ENOTSUPP; @@ -687,15 +684,15 @@ int tdls_validate_mgmt_request(struct tdls_action_frame_request *tdls_mgmt_req) * STA or P2P client should be connected and authenticated before * sending any TDLS frames */ - if (!tdls_is_vdev_connected(tdls_validate->vdev) || - !tdls_is_vdev_authenticated(tdls_validate->vdev)) { + if (!tdls_is_vdev_connected(vdev) || + !tdls_is_vdev_authenticated(vdev)) { tdls_err("STA is not connected or not authenticated."); return -EAGAIN; } /* other than teardown frame, mgmt frames are not sent if disabled */ if (TDLS_TEARDOWN != tdls_validate->action_code) { - if (!tdls_check_is_tdls_allowed(tdls_validate->vdev)) { + if (!tdls_check_is_tdls_allowed(vdev)) { tdls_err("TDLS not allowed, reject MGMT, action = %d", tdls_validate->action_code); return -EPERM; @@ -730,7 +727,7 @@ int tdls_validate_mgmt_request(struct tdls_action_frame_request *tdls_mgmt_req) } /* call hdd_wmm_is_acm_allowed() */ - vdev_id = wlan_vdev_get_id(tdls_validate->vdev); + vdev_id = wlan_vdev_get_id(vdev); if (!tdls_soc->tdls_wmm_cb(vdev_id)) { tdls_debug("admission ctrl set to VI, send the frame with least AC (BK) for action %d", tdls_validate->action_code); diff --git a/tdls/core/src/wlan_tdls_mgmt.c b/tdls/core/src/wlan_tdls_mgmt.c index a19984defd..c3d3cb6ba4 100644 --- a/tdls/core/src/wlan_tdls_mgmt.c +++ b/tdls/core/src/wlan_tdls_mgmt.c @@ -319,7 +319,7 @@ static QDF_STATUS tdls_activate_send_mgmt_request( release_cmd: /*update tdls nss infornation based on action code */ - tdls_reset_nss(tdls_soc_obj, action_req->chk_frame->action_code); + tdls_reset_nss(tdls_soc_obj, action_req->chk_frame.action_code); if (QDF_IS_STATUS_ERROR(status)) { tdls_internal_send_mgmt_tx_done(action_req, status); tdls_release_serialization_command(action_req->vdev, @@ -397,9 +397,9 @@ QDF_STATUS tdls_process_mgmt_req( * after the cmd validation */ tdls_mgmt_req->tdls_mgmt.responder = - !tdls_mgmt_req->chk_frame->responder; + !tdls_mgmt_req->chk_frame.responder; tdls_mgmt_req->tdls_mgmt.status_code = - tdls_mgmt_req->chk_frame->status_code; + tdls_mgmt_req->chk_frame.status_code; cmd.cmd_type = WLAN_SER_CMD_TDLS_SEND_MGMT; /* Cmd Id not applicable for non scan cmds */ diff --git a/tdls/dispatcher/inc/wlan_tdls_public_structs.h b/tdls/dispatcher/inc/wlan_tdls_public_structs.h index a2c1e7b9d7..f16d47e007 100644 --- a/tdls/dispatcher/inc/wlan_tdls_public_structs.h +++ b/tdls/dispatcher/inc/wlan_tdls_public_structs.h @@ -975,24 +975,20 @@ struct tdls_send_mgmt { /** * struct tdls_validate_action_req - tdls validate mgmt request - * @vdev: vdev object * @action_code: action code * @peer_mac: peer mac address * @dialog_token: dialog code * @status_code: status code to add * @len: len of the frame * @responder: whether to respond or not - * @max_sta_failed: mgmt failure reason */ struct tdls_validate_action_req { - struct wlan_objmgr_vdev *vdev; uint8_t action_code; uint8_t peer_mac[QDF_MAC_ADDR_SIZE]; uint8_t dialog_token; uint8_t status_code; size_t len; int responder; - int max_sta_failed; }; /** @@ -1010,7 +1006,7 @@ struct tdls_get_all_peers { /** * struct tdls_send_action_frame_request - tdls send mgmt request * @vdev: vdev object - * @chk_frame: frame validation structure + * @chk_frame: This struct used to validate mgmt frame * @session_id: session id * @vdev_id: vdev id * @cmd_buf: cmd buffer @@ -1020,7 +1016,7 @@ struct tdls_get_all_peers { */ struct tdls_action_frame_request { struct wlan_objmgr_vdev *vdev; - struct tdls_validate_action_req *chk_frame; + struct tdls_validate_action_req chk_frame; uint8_t session_id; uint8_t vdev_id; const uint8_t *cmd_buf;