qcacld-3.0: Add frame length in T2LM api

Pass frame length in t2lm api's and
add boundary check while parsing.

Change-Id: Id48cd77710e6f0ea922e2dea989dc599dc9325c5
CRs-Fixed: 3579186

components/umac/mlme/mlo_mgr/inc/wlan_t2lm_api.h

@@ -71,6 +71,7 @@ enum wlan_t2lm_evt {
  * @peer: pointer to peer
  * @event: T2LM event
  * @event_data: T2LM event data pointer
+ * @frame_len: Received T2LM Frame length
  * @dialog_token: Dialog token
  *
  * This api will be called from lim  layers, to process T2LM event
@@ -81,6 +82,7 @@ QDF_STATUS t2lm_deliver_event(struct wlan_objmgr_vdev *vdev,
 			      struct wlan_objmgr_peer *peer,
 			      enum wlan_t2lm_evt event,
 			      void *event_data,
+			      uint32_t frame_len,
 			      uint8_t *dialog_token);
 
 /**
@@ -88,6 +90,7 @@ QDF_STATUS t2lm_deliver_event(struct wlan_objmgr_vdev *vdev,
  * @vdev: vdev pointer
  * @peer: pointer to peer
  * @event_data: T2LM event data pointer
+ * @frame_len: Received Frame length
  * @token: Dialog token
  *
  * This api will be called from lim  layers, after T2LM action frame
@@ -97,7 +100,8 @@ QDF_STATUS t2lm_deliver_event(struct wlan_objmgr_vdev *vdev,
  */
 QDF_STATUS t2lm_handle_rx_req(struct wlan_objmgr_vdev *vdev,
 			      struct wlan_objmgr_peer *peer,
-			      void *event_data, uint8_t *token);
+			      void *event_data, uint32_t frame_len,
+			      uint8_t *token);
 
 /**
  * t2lm_handle_tx_resp - Handler for populating T2LM action frame
@@ -132,6 +136,7 @@ QDF_STATUS t2lm_handle_tx_req(struct wlan_objmgr_vdev *vdev,
  * @vdev: vdev pointer
  * @peer: peer pointer
  * @event_data: T2LM event data pointer
+ * @frame_len: Frame length
  * @token: Dialog token
  *
  * This api will be called to parsing T2LM response action frame.
@@ -140,7 +145,8 @@ QDF_STATUS t2lm_handle_tx_req(struct wlan_objmgr_vdev *vdev,
  */
 QDF_STATUS t2lm_handle_rx_resp(struct wlan_objmgr_vdev *vdev,
 			       struct wlan_objmgr_peer *peer,
-			       void *event_data, uint8_t *token);
+			       void *event_data, uint32_t frame_len,
+			       uint8_t *token);
 
 /**
  * t2lm_handle_rx_teardown - Handler for parsing T2LM action frame
@@ -188,6 +194,7 @@ wlan_t2lm_validate_candidate(struct cnx_mgr *cm_ctx,
  * @peer: pointer to peer
  * @event: T2LM event
  * @event_data: T2LM event data
+ * @frame_len: received T2LM frame len
  * @dialog_token: Dialog token
  *
  * Return: QDF_STATUS
@@ -196,6 +203,7 @@ QDF_STATUS wlan_t2lm_deliver_event(struct wlan_objmgr_vdev *vdev,
 				   struct wlan_objmgr_peer *peer,
 				   enum wlan_t2lm_evt event,
 				   void *event_data,
+				   uint32_t frame_len,
 				   uint8_t *dialog_token);
 
 /**
@@ -249,7 +257,7 @@ wlan_populate_link_disable_t2lm_frame(struct wlan_objmgr_vdev *vdev,
 static inline QDF_STATUS
 t2lm_handle_rx_req(struct wlan_objmgr_vdev *vdev,
 		   struct wlan_objmgr_peer *peer,
-		   void *event_data, uint8_t *token)
+		   void *event_data, uint32_t frame_len, uint8_t *token)
 {
 	return QDF_STATUS_E_NOSUPPORT;
 }
@@ -272,7 +280,7 @@ t2lm_handle_tx_req(struct wlan_objmgr_vdev *vdev,
 static inline QDF_STATUS
 t2lm_handle_rx_resp(struct wlan_objmgr_vdev *vdev,
 		    struct wlan_objmgr_peer *peer,
-		    void *event_data, uint8_t *token)
+		    void *event_data, uint32_t frame_len, uint8_t *token)
 {
 	return QDF_STATUS_E_NOSUPPORT;
 }
@@ -316,6 +324,7 @@ QDF_STATUS wlan_t2lm_deliver_event(struct wlan_objmgr_vdev *vdev,
 				   struct wlan_objmgr_peer *peer,
 				   enum wlan_t2lm_evt event,
 				   void *event_data,
+				   uint32_t frame_len,
 				   uint8_t *dialog_token)
 {
 	return QDF_STATUS_E_NOSUPPORT;

components/umac/mlme/mlo_mgr/src/wlan_t2lm_api.c

@@ -134,7 +134,8 @@ t2lm_gen_dialog_token(struct wlan_mlo_peer_t2lm_policy *t2lm_policy)
 
 QDF_STATUS t2lm_handle_rx_req(struct wlan_objmgr_vdev *vdev,
 			      struct wlan_objmgr_peer *peer,
-			      void *event_data, uint8_t *token)
+			      void *event_data, uint32_t frame_len,
+			      uint8_t *token)
 {
 	struct wlan_t2lm_onging_negotiation_info t2lm_req = {0};
 	struct wlan_t2lm_info *t2lm_info;
@@ -148,6 +149,7 @@ QDF_STATUS t2lm_handle_rx_req(struct wlan_objmgr_vdev *vdev,
 		return QDF_STATUS_E_FAILURE;
 
 	status = wlan_mlo_parse_t2lm_action_frame(&t2lm_req, event_data,
+						  frame_len,
 						  WLAN_T2LM_CATEGORY_REQUEST);
 	if (status != QDF_STATUS_SUCCESS) {
 		mlme_err("Unable to parse T2LM request action frame");
@@ -231,7 +233,8 @@ QDF_STATUS t2lm_handle_tx_req(struct wlan_objmgr_vdev *vdev,
 
 QDF_STATUS t2lm_handle_rx_resp(struct wlan_objmgr_vdev *vdev,
 			       struct wlan_objmgr_peer *peer,
-			       void *event_data, uint8_t *token)
+			       void *event_data, uint32_t frame_len,
+			       uint8_t *token)
 {
 	struct wlan_t2lm_onging_negotiation_info t2lm_rsp = {0};
 	struct wlan_t2lm_onging_negotiation_info *t2lm_req;
@@ -256,6 +259,7 @@ QDF_STATUS t2lm_handle_rx_resp(struct wlan_objmgr_vdev *vdev,
 		return QDF_STATUS_SUCCESS;
 
 	status = wlan_mlo_parse_t2lm_action_frame(&t2lm_rsp, event_data,
+						  frame_len,
 						  WLAN_T2LM_CATEGORY_RESPONSE);
 	if (status != QDF_STATUS_SUCCESS) {
 		mlme_err("Unable to parse T2LM request action frame");
@@ -342,7 +346,8 @@ QDF_STATUS t2lm_handle_tx_teardown(struct wlan_objmgr_vdev *vdev,
 QDF_STATUS t2lm_deliver_event(struct wlan_objmgr_vdev *vdev,
 			      struct wlan_objmgr_peer *peer,
 			      enum wlan_t2lm_evt event,
-			      void *event_data, uint8_t *token)
+			      void *event_data, uint32_t frame_len,
+			      uint8_t *token)
 {
 	struct wlan_objmgr_psoc *psoc;
 	QDF_STATUS status;
@@ -356,7 +361,8 @@ QDF_STATUS t2lm_deliver_event(struct wlan_objmgr_vdev *vdev,
 
 	switch (event) {
 	case WLAN_T2LM_EV_ACTION_FRAME_RX_REQ:
-		status = t2lm_handle_rx_req(vdev, peer, event_data, token);
+		status = t2lm_handle_rx_req(vdev, peer, event_data,
+					    frame_len, token);
 		break;
 	case WLAN_T2LM_EV_ACTION_FRAME_TX_RESP:
 		status = t2lm_handle_tx_resp(vdev, event_data, token);
@@ -365,7 +371,8 @@ QDF_STATUS t2lm_deliver_event(struct wlan_objmgr_vdev *vdev,
 		status = t2lm_handle_tx_req(vdev, peer, event_data, token);
 		break;
 	case WLAN_T2LM_EV_ACTION_FRAME_RX_RESP:
-		status = t2lm_handle_rx_resp(vdev, peer, event_data, token);
+		status = t2lm_handle_rx_resp(vdev, peer, event_data,
+					     frame_len, token);
 		break;
 	case WLAN_T2LM_EV_ACTION_FRAME_RX_TEARDOWN:
 		status = t2lm_handle_rx_teardown(vdev, peer, event_data);
@@ -703,6 +710,7 @@ wlan_populate_link_disable_t2lm_frame(struct wlan_objmgr_vdev *vdev,
 	status = t2lm_deliver_event(vdev, peer,
 				    WLAN_T2LM_EV_ACTION_FRAME_TX_REQ,
 				    &t2lm_neg,
+				    0,
 				    &t2lm_neg.dialog_token);
 
 	wlan_objmgr_peer_release_ref(peer, WLAN_MLO_MGR_ID);
@@ -713,7 +721,9 @@ QDF_STATUS wlan_t2lm_deliver_event(struct wlan_objmgr_vdev *vdev,
 				   struct wlan_objmgr_peer *peer,
 				   enum wlan_t2lm_evt event,
 				   void *event_data,
+				   uint32_t frame_len,
 				   uint8_t *dialog_token)
 {
-	return t2lm_deliver_event(vdev, peer, event, event_data, dialog_token);
+	return t2lm_deliver_event(vdev, peer, event, event_data,
+				  frame_len, dialog_token);
 }

core/mac/src/pe/lim/lim_process_action_frame.c

@@ -2168,7 +2168,8 @@ void lim_process_action_frame(struct mac_context *mac_ctx,
 			if (wlan_t2lm_deliver_event(
 				session->vdev, peer,
 				WLAN_T2LM_EV_ACTION_FRAME_RX_REQ,
-				(void *)body_ptr, &token) == QDF_STATUS_SUCCESS)
+				(void *)body_ptr, frame_len,
+				&token) == QDF_STATUS_SUCCESS)
 				status_code = WLAN_T2LM_RESP_TYPE_SUCCESS;
 			else
 				status_code =
@@ -2187,13 +2188,13 @@ void lim_process_action_frame(struct mac_context *mac_ctx,
 			wlan_t2lm_deliver_event(
 					session->vdev, peer,
 					WLAN_T2LM_EV_ACTION_FRAME_RX_RESP,
-					(void *)body_ptr, &token);
+					(void *)body_ptr, frame_len, &token);
 			break;
 		case EHT_T2LM_TEARDOWN:
 			wlan_t2lm_deliver_event(
 					session->vdev, peer,
 					WLAN_T2LM_EV_ACTION_FRAME_RX_TEARDOWN,
-					(void *)body_ptr, NULL);
+					(void *)body_ptr, frame_len, NULL);
 			break;
 		case EHT_EPCS_REQUEST:
 			wlan_epcs_deliver_event(