qcacld-3.0: Relocate key adapter fields

This is a qcacld-2.0 to qcacld-3.0 propagation. A crash was observed internally where wlan_hdd_ipv6_changed() was accessing unmapped memory. This function has logic which looks at key fields in the netdev's private data area to make sure the netdev belongs to this driver before it further utilizes the netdev. The problem with this logic is when it is invoked with non-wlan netdevs, if those netdevs were created with small private data areas, then the offsets at which the key fields would exist in the wlan netdev may fall outside the memory mapped for those other netdevs. In order to avoid accessing unmapped memory in those cases, relocate the key wlan netdev fields to the beginning of the wlan adapter structure. Change-Id: Idb830fd18e5724a684505c9d110f6f1de5622eac CRs-Fixed: 946373
2015-12-17 15:17:02 -08:00
parent 19caeb103e
commit d399e90f96
1 changed files with 9 additions and 4 deletions
--- a/core/hdd/inc/wlan_hdd_main.h
+++ b/core/hdd/inc/wlan_hdd_main.h
@@ -810,13 +810,20 @@ struct hdd_netif_queue_history {


 struct hdd_adapter_s {
-	void *pHddCtx;
+	/* Magic cookie for adapter sanity verification.  Note that this
+	 * needs to be at the beginning of the private data structure so
+	 * that it will exists at the beginning of dev->priv and hence
+	 * will always be in mapped memory
+	 */
+	uint32_t magic;

-	device_mode_t device_mode;
+	void *pHddCtx;

 	/** Handle to the network device */
 	struct net_device *dev;

+	device_mode_t device_mode;
+
 	/** IPv4 notifier callback for handling ARP offload on change in IP */
 	struct work_struct ipv4NotifierWorkQueue;
 #ifdef WLAN_NS_OFFLOAD
@@ -936,8 +943,6 @@ struct hdd_adapter_s {
 #endif
 	uint8_t addr_filter_pattern;

-	/* Magic cookie for adapter sanity verification */
-	uint32_t magic;
 	bool higherDtimTransition;
 	bool survey_idx;