Acasă Explorează Ajutor
Autentificare
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Bifurcare 0
Fisiere Probleme 0 Trageți solicitările 0 Wiki
Răsfoiți Sursa

qcacld-3.0: Fix fragile code in dphInitStaState

qcacld-2.0 to qcacld-3.0 propagation

In dphInitStaState function, it will implicitly assume that, the last
member of structure tDphHashNode is *next* pointer, which is fragile and
risky.

Save the *next* pointer in local variant and restore after whole
structure zeroed.
This will need additional CPU ticks but eliminate the risk.

CRs-Fixed: 2055505
Change-Id: I6baf3eddea965eda4e7f7ca88fef54709964febc
Lin Bai 7 ani în urmă
părinte
77bf407f75
comite
ceb4d64b3e
2 a modificat fișierele cu 5 adăugiri și 8 ștergeri
Vizualizare divizată Arată Statisticile Diff
  1. 5 4
      core/mac/src/dph/dph_hash_table.c
  2. 0 4
      core/mac/src/pe/lim/lim_process_tdls.c

+ 5 - 4
core/mac/src/dph/dph_hash_table.c
Vizualizați fișierul 

@@ -240,7 +240,7 @@ tpDphHashNode dph_init_sta_state(tpAniSirGlobal pMac, tSirMacAddr staAddr,
 
 {
 
 	uint32_t val;
 
 
-	tpDphHashNode pStaDs;
 
+	tpDphHashNode pStaDs, pnext;
 
 	uint16_t staIdx = STA_INVALID_IDX;
 
 
 	if (assocId >= pDphHashTable->size) {
 
@@ -250,10 +250,11 @@ tpDphHashNode dph_init_sta_state(tpAniSirGlobal pMac, tSirMacAddr staAddr,
 
 
 	pStaDs = get_node(pMac, (uint8_t) assocId, pDphHashTable);
 
 	staIdx = pStaDs->staIndex;
 
+	pnext = pStaDs->next;
 
 
-	/* Clear the STA node except for the next pointer (last 4 bytes) */
 
-	qdf_mem_set((uint8_t *) pStaDs,
 
-		    sizeof(tDphHashNode) - sizeof(tpDphHashNode), 0);
 
+	/* Clear the STA node except for the next pointer */
 
+	qdf_mem_set((uint8_t *)pStaDs, sizeof(tDphHashNode), 0);
 
+	pStaDs->next = pnext;
 
 
 	/* Initialize the assocId */
 
 	pStaDs->assocId = assocId;

+ 0 - 4
core/mac/src/pe/lim/lim_process_tdls.c
Vizualizați fișierul 

@@ -2416,8 +2416,6 @@ static void lim_tdls_update_hash_node_info(tpAniSirGlobal pMac,
 
 	tDot11fIEVHTCaps *pVhtCaps_txbf = NULL;
 
 	tDot11fIEVHTCaps vhtCap;
 
 	uint8_t cbMode;
 
-	tpDphHashNode pSessStaDs = NULL;
 
-	uint16_t aid;
 
 
 	if (pTdlsAddStaReq->tdlsAddOper == TDLS_OPER_ADD) {
 
 		populate_dot11f_ht_caps(pMac, psessionEntry, &htCap);
 
@@ -2516,8 +2514,6 @@ static void lim_tdls_update_hash_node_info(tpAniSirGlobal pMac,
 
 		else
 
 			pStaDs->htSecondaryChannelOffset = cbMode;
 
 	}
 
-	pSessStaDs = dph_lookup_hash_entry(pMac, psessionEntry->bssId, &aid,
 
-					   &psessionEntry->dph.dphHashTable);
 
 	/* Lets enable QOS parameter */
 
 	pStaDs->qosMode = (pTdlsAddStaReq->capability & CAPABILITIES_QOS_OFFSET)
 
 				|| pTdlsAddStaReq->htcap_present;