Home Explore Help
Sign In
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

qcacld-3.0: Validate TWT setup cmd/request type value

Validate TWT setup request type value obtained from
user space, before sending down to fw

Change-Id: I820f4912bafb84b76583ac9ed1cd88f59ea9fb3d
CRs-Fixed: 2770628
Visweswara Tanuku 4 years ago
parent
95ec1289e5
commit
c9547d2105
3 changed files with 37 additions and 1 deletions
Split View Show Diff Stats
  1. 16 0
      core/hdd/inc/wlan_hdd_twt.h
  2. 5 1
      core/hdd/src/wlan_hdd_cfg80211.c
  3. 16 0
      core/hdd/src/wlan_hdd_twt.c

+ 16 - 0
core/hdd/inc/wlan_hdd_twt.h
View File 

@@ -155,6 +155,16 @@ void wlan_hdd_twt_deinit(struct hdd_context *hdd_ctx);
 
 			      QCA_WLAN_VENDOR_ATTR_CONFIG_TWT_MAX)       \
 
 },
 
 
+/**
 
+ * hdd_twt_setup_req_type_to_cmd() - Converts twt setup request type to twt cmd
 
+ * @req_type: twt setup request type
 
+ * @twt_cmd: pointer to store twt command
 
+ *
 
+ * Return: QDF_STATUS_SUCCESS on success, else other qdf error values
 
+ */
 
+QDF_STATUS
 
+hdd_twt_setup_req_type_to_cmd(u8 req_type, enum WMI_HOST_TWT_COMMAND *twt_cmd);
 
+
 
 #else
 
 static inline void hdd_update_tgt_twt_cap(struct hdd_context *hdd_ctx,
 
 					  struct wma_tgt_cfg *cfg)
 
@@ -178,6 +188,12 @@ static inline void wlan_hdd_twt_deinit(struct hdd_context *hdd_ctx)
 
 {
 
 }
 
 
+enum WMI_HOST_TWT_COMMAND;
 
+static inline QDF_STATUS
 
+hdd_twt_setup_req_type_to_cmd(u8 req_type, enum WMI_HOST_TWT_COMMAND *twt_cmd)
 
+{
 
+	return QDF_STATUS_E_INVAL;
 
+}
 
 #define FEATURE_VENDOR_SUBCMD_WIFI_CONFIG_TWT
 
 
 #endif

+ 5 - 1
core/hdd/src/wlan_hdd_cfg80211.c
View File 

@@ -9430,6 +9430,7 @@ int hdd_twt_get_add_dialog_values(struct nlattr **tb,
 
 {
 
 	uint32_t wake_intvl_exp, result;
 
 	int cmd_id;
 
+	QDF_STATUS qdf_status;
 
 
 	cmd_id = QCA_WLAN_VENDOR_ATTR_TWT_SETUP_FLOW_ID;
 
 	if (tb[cmd_id]) {
 
@@ -9460,7 +9461,10 @@ int hdd_twt_get_add_dialog_values(struct nlattr **tb,
 
 		hdd_err_rl("TWT_SETUP_REQ_TYPE is must");
 
 		return -EINVAL;
 
 	}
 
-	params->twt_cmd = nla_get_u8(tb[cmd_id]);
 
+	qdf_status = hdd_twt_setup_req_type_to_cmd(nla_get_u8(tb[cmd_id]),
 
+						   &params->twt_cmd);
 
+	if (QDF_IS_STATUS_ERROR(qdf_status))
 
+		return qdf_status_to_os_return(qdf_status);
 
 
 	cmd_id = QCA_WLAN_VENDOR_ATTR_TWT_SETUP_TRIGGER;
 
 	params->flag_trigger = nla_get_flag(tb[cmd_id]);

+ 16 - 0
core/hdd/src/wlan_hdd_twt.c
View File 

@@ -115,6 +115,22 @@ wlan_hdd_wifi_twt_config_policy[
 
 			.type = NLA_NESTED},
 
 };
 
 
+QDF_STATUS
 
+hdd_twt_setup_req_type_to_cmd(u8 req_type, enum WMI_HOST_TWT_COMMAND *twt_cmd)
 
+{
 
+	if (req_type == QCA_WLAN_VENDOR_TWT_SETUP_REQUEST) {
 
+		*twt_cmd = WMI_HOST_TWT_COMMAND_REQUEST_TWT;
 
+	} else if (req_type == QCA_WLAN_VENDOR_TWT_SETUP_SUGGEST) {
 
+		*twt_cmd = WMI_HOST_TWT_COMMAND_SUGGEST_TWT;
 
+	} else if (req_type == QCA_WLAN_VENDOR_TWT_SETUP_DEMAND) {
 
+		*twt_cmd = WMI_HOST_TWT_COMMAND_DEMAND_TWT;
 
+	} else {
 
+		hdd_err_rl("Invalid TWT_SETUP_REQ_TYPE %d", req_type);
 
+		return QDF_STATUS_E_INVAL;
 
+	}
 
+	return QDF_STATUS_SUCCESS;
 
+}
 
+
 
 /**
 
  * hdd_twt_get_params_resp_len() - Calculates the length
 
  * of twt get_params nl response