From d82dc29fe62da392fa5d4922ff79a5c85e961426 Mon Sep 17 00:00:00 2001 From: Venkata Sharath Chandra Manchala Date: Sun, 14 Jul 2019 16:16:46 -0700 Subject: [PATCH] qcacmn: Fix skb overflow in wlan_pkt_stats_to_logger_thread When wlan logging is turned on in developer options wlan logging verbosity level is set to active and pktlog buffer will also be passed to wlan_pkt_stats_to_logger_thread. In this API we call skb_put multiple times to copy ath_pktlog_hdr(16 bytes) and pktlog buffer (2048 bytes) = 2064bytes which is leading to skb_over_panic as the skb length is set to 2048 bytes. Increase the skb size to 2112 bytes which can accommodate 2048 bytes (pktlog buffer size) + 16 bytes(ath_pktlog_hdr) + 8 bytes (pkt_dump) + 40 bytes (future use) to avoid overflow. Change-Id: Ia8bda14f45d2eb77357bf7e46a12c1062d56d8e1 CRs-Fixed: 2489338 --- utils/logging/src/wlan_logging_sock_svc.c | 31 ++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/utils/logging/src/wlan_logging_sock_svc.c b/utils/logging/src/wlan_logging_sock_svc.c index e7be61cf2a..dffeee0efb 100644 --- a/utils/logging/src/wlan_logging_sock_svc.c +++ b/utils/logging/src/wlan_logging_sock_svc.c @@ -30,9 +30,11 @@ #include "csr_api.h" #include "wma.h" #include "ol_txrx_api.h" -#include "pktlog_ac.h" #include #endif +#if defined(FEATURE_PKTLOG) && !defined(REMOVE_PKT_LOG) +#include +#endif /* FEATURE_PKTLOG */ #include #include #include @@ -63,9 +65,32 @@ #endif #define MAX_LOGMSG_LENGTH 2048 #define MAX_SKBMSG_LENGTH 4096 -#define MAX_PKTSTATS_LENGTH 2048 -#define MAX_PKTSTATS_BUFF 16 +#define WLAN_LOG_BUFFER_SIZE 2048 +#if defined(FEATURE_PKTLOG) && !defined(REMOVE_PKT_LOG) +/** + * Buffer to accommodate - + * pktlog buffer (2048 bytes) + * ath_pktlog_hdr (16 bytes) + * pkt_dump (8 bytes) + * extra padding (40 bytes) + * + * Note: pktlog buffer size is dependent on RX_BUFFER_SIZE and + * HTT_T2H_MAX_MSG_SIZE. Adjust WLAN_LOG_BUFFER_SIZE + * based on the above mentioned macros. + */ +#define ATH_PKTLOG_HDR_SIZE (sizeof(struct ath_pktlog_hdr)) +#define PKT_DUMP_HDR_SIZE (sizeof(struct packet_dump)) +#define EXTRA_PADDING 40 + +#define MAX_PKTSTATS_LENGTH \ + ((WLAN_LOG_BUFFER_SIZE) + (ATH_PKTLOG_HDR_SIZE) + \ + (PKT_DUMP_HDR_SIZE) + (EXTRA_PADDING)) +#else +#define MAX_PKTSTATS_LENGTH WLAN_LOG_BUFFER_SIZE +#endif /* FEATURE_PKTLOG */ + +#define MAX_PKTSTATS_BUFF 16 #define HOST_LOG_DRIVER_MSG 0x001 #define HOST_LOG_PER_PKT_STATS 0x002 #define HOST_LOG_FW_FLUSH_COMPLETE 0x003