diff options
author | Siyuan Zhou <siyuanzhou@google.com> | 2018-03-15 11:43:54 -0700 |
---|---|---|
committer | Siyuan Zhou <siyuanzhou@google.com> | 2018-03-15 11:46:29 -0700 |
commit | fe7f1cda1896e3f6235cc635fb3fac13215ad0e6 (patch) | |
tree | e10326f235dffe1b7a38e293c96be70fc1f55a63 | |
parent | d5f156e7af964d18a1f10bbc54852531fe8b7ad0 (diff) | |
parent | e30e3bea7a788d8c61ff005b1551cfd9f53f6c28 (diff) |
Merge branch 'android-msm-bullhead-3.10-security-next' into android-msm-bullhead-3.10android-8.1.0_r0.53
May 2018.1
Bug: 74404153
Signed-off-by: Siyuan Zhou <siyuanzhou@google.com>
Change-Id: I98e7e3bb405048e971437d2487fa90f332609523
19 files changed, 535 insertions, 119 deletions
diff --git a/drivers/block/loop.c b/drivers/block/loop.c index 4a8116547873..333458ca1bdd 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -1511,9 +1511,8 @@ out: return err; } -static void lo_release(struct gendisk *disk, fmode_t mode) +static void __lo_release(struct loop_device *lo) { - struct loop_device *lo = disk->private_data; int err; mutex_lock(&lo->lo_ctl_mutex); @@ -1541,6 +1540,13 @@ out: mutex_unlock(&lo->lo_ctl_mutex); } +static void lo_release(struct gendisk *disk, fmode_t mode) +{ + mutex_lock(&loop_index_mutex); + __lo_release(disk->private_data); + mutex_unlock(&loop_index_mutex); +} + static const struct block_device_operations lo_fops = { .owner = THIS_MODULE, .open = lo_open, diff --git a/drivers/input/tablet/gtco.c b/drivers/input/tablet/gtco.c index 29e01ab6859f..89a77018eeec 100644 --- a/drivers/input/tablet/gtco.c +++ b/drivers/input/tablet/gtco.c @@ -232,13 +232,17 @@ static void parse_hid_report_descriptor(struct gtco *device, char * report, /* Walk this report and pull out the info we need */ while (i < length) { - prefix = report[i]; - - /* Skip over prefix */ - i++; + prefix = report[i++]; /* Determine data size and save the data in the proper variable */ - size = PREF_SIZE(prefix); + size = (1U << PREF_SIZE(prefix)) >> 1; + if (i + size > length) { + dev_err(ddev, + "Not enough data (need %d, have %d)\n", + i + size, length); + break; + } + switch (size) { case 1: data = report[i]; @@ -246,8 +250,7 @@ static void parse_hid_report_descriptor(struct gtco *device, char * report, case 2: data16 = get_unaligned_le16(&report[i]); break; - case 3: - size = 4; + case 4: data32 = get_unaligned_le32(&report[i]); break; } diff --git a/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c b/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c index 5b077c9195a7..b79540f477cc 100755..100644 --- a/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c +++ b/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2011-2015, The Linux Foundation. All rights reserved. +/* Copyright (c) 2011-2015, 2018 The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -52,6 +52,11 @@ static int32_t msm_actuator_piezo_set_default_focus( struct msm_camera_i2c_reg_setting reg_setting; CDBG("Enter\n"); + if (a_ctrl->i2c_reg_tbl == NULL) { + pr_err("failed. i2c reg tabl is NULL"); + return -EFAULT; + } + if (a_ctrl->curr_step_pos != 0) { a_ctrl->i2c_tbl_index = 0; a_ctrl->func_tbl->actuator_parse_i2c_params(a_ctrl, @@ -79,13 +84,25 @@ static int32_t msm_actuator_piezo_set_default_focus( static void msm_actuator_parse_i2c_params(struct msm_actuator_ctrl_t *a_ctrl, int16_t next_lens_position, uint32_t hw_params, uint16_t delay) { - struct msm_actuator_reg_params_t *write_arr = a_ctrl->reg_tbl; + struct msm_actuator_reg_params_t *write_arr = NULL; uint32_t hw_dword = hw_params; uint16_t i2c_byte1 = 0, i2c_byte2 = 0; uint16_t value = 0; - uint32_t size = a_ctrl->reg_tbl_size, i = 0; - struct msm_camera_i2c_reg_array *i2c_tbl = a_ctrl->i2c_reg_tbl; + uint32_t size = 0, i = 0; + struct msm_camera_i2c_reg_array *i2c_tbl = NULL; CDBG("Enter\n"); + + if ((!a_ctrl) || + (!a_ctrl->reg_tbl) || + (!a_ctrl->i2c_reg_tbl)) { + pr_err("failed. NULL actuator pointers"); + return; + } + + size = a_ctrl->reg_tbl_size; + write_arr = a_ctrl->reg_tbl; + i2c_tbl = a_ctrl->i2c_reg_tbl; + for (i = 0; i < size; i++) { if (write_arr[i].reg_write_type == MSM_ACTUATOR_WRITE_DAC) { value = (next_lens_position << @@ -513,6 +530,17 @@ static int32_t msm_actuator_piezo_move_focus( return -EFAULT; } + if (a_ctrl->i2c_reg_tbl == NULL) { + pr_err("failed. i2c reg tabl is NULL"); + return -EFAULT; + } + + if (dest_step_position > a_ctrl->total_steps) { + pr_err("Step pos greater than total steps = %d\n", + dest_step_position); + return -EFAULT; + } + a_ctrl->i2c_tbl_index = 0; a_ctrl->func_tbl->actuator_parse_i2c_params(a_ctrl, (num_steps * @@ -577,6 +605,10 @@ static int32_t msm_actuator_move_focus( pr_err("Invalid direction = %d\n", dir); return -EFAULT; } + if (a_ctrl->i2c_reg_tbl == NULL) { + pr_err("failed. i2c reg tabl is NULL"); + return -EFAULT; + } if (dest_step_pos > a_ctrl->total_steps) { pr_err("Step pos greater than total steps = %d\n", dest_step_pos); @@ -588,6 +620,8 @@ static int32_t msm_actuator_move_focus( a_ctrl->curr_step_pos, dest_step_pos, curr_lens_pos); while (a_ctrl->curr_step_pos != dest_step_pos) { + if (a_ctrl->curr_region_index >= a_ctrl->region_size) + break; step_boundary = a_ctrl->region_params[a_ctrl->curr_region_index]. step_bound[dir]; @@ -678,6 +712,10 @@ static int32_t msm_actuator_bivcm_move_focus( pr_err("Invalid direction = %d\n", dir); return -EFAULT; } + if (a_ctrl->i2c_reg_tbl == NULL) { + pr_err("failed. i2c reg tabl is NULL"); + return -EFAULT; + } if (dest_step_pos > a_ctrl->total_steps) { pr_err("Step pos greater than total steps = %d\n", dest_step_pos); @@ -689,6 +727,8 @@ static int32_t msm_actuator_bivcm_move_focus( a_ctrl->curr_step_pos, dest_step_pos, curr_lens_pos); while (a_ctrl->curr_step_pos != dest_step_pos) { + if (a_ctrl->curr_region_index >= a_ctrl->region_size) + break; step_boundary = a_ctrl->region_params[a_ctrl->curr_region_index]. step_bound[dir]; @@ -1076,6 +1116,18 @@ static int32_t msm_actuator_set_position( return -EFAULT; } + if (!a_ctrl || !a_ctrl->func_tbl || + !a_ctrl->func_tbl->actuator_parse_i2c_params || + !a_ctrl->i2c_reg_tbl) { + pr_err("failed. NULL actuator pointers."); + return -EFAULT; + } + + if (a_ctrl->actuator_state != ACT_OPS_ACTIVE) { + pr_err("failed. Invalid actuator state."); + return -EFAULT; + } + a_ctrl->i2c_tbl_index = 0; for (index = 0; index < set_pos->number_of_steps; index++) { next_lens_position = set_pos->pos[index]; @@ -1165,13 +1217,13 @@ static int32_t msm_actuator_set_param(struct msm_actuator_ctrl_t *a_ctrl, a_ctrl->region_size = set_info->af_tuning_params.region_size; a_ctrl->pwd_step = set_info->af_tuning_params.pwd_step; - a_ctrl->total_steps = set_info->af_tuning_params.total_steps; if (copy_from_user(&a_ctrl->region_params, (void *)set_info->af_tuning_params.region_params, - a_ctrl->region_size * sizeof(struct region_params_t))) + a_ctrl->region_size * sizeof(struct region_params_t))) { + pr_err("Error copying region_params\n"); return -EFAULT; - + } if (a_ctrl->act_device_type == MSM_CAMERA_PLATFORM_DEVICE) { cci_client = a_ctrl->i2c_client.cci_client; cci_client->sid = @@ -1199,6 +1251,7 @@ static int32_t msm_actuator_set_param(struct msm_actuator_ctrl_t *a_ctrl, (a_ctrl->i2c_reg_tbl != NULL)) { kfree(a_ctrl->i2c_reg_tbl); } + a_ctrl->i2c_reg_tbl = NULL; a_ctrl->i2c_reg_tbl = kzalloc(sizeof(struct msm_camera_i2c_reg_array) * @@ -1208,6 +1261,8 @@ static int32_t msm_actuator_set_param(struct msm_actuator_ctrl_t *a_ctrl, return -ENOMEM; } + a_ctrl->total_steps = set_info->af_tuning_params.total_steps; + if (copy_from_user(&a_ctrl->reg_tbl, (void *)set_info->actuator_params.reg_tbl_params, a_ctrl->reg_tbl_size * diff --git a/drivers/misc/qcom/qdsp6v2/audio_hwacc_effects.c b/drivers/misc/qcom/qdsp6v2/audio_hwacc_effects.c index abda82a7f8c0..42f4a67fc533 100644 --- a/drivers/misc/qcom/qdsp6v2/audio_hwacc_effects.c +++ b/drivers/misc/qcom/qdsp6v2/audio_hwacc_effects.c @@ -189,7 +189,6 @@ static int audio_effects_shared_ioctl(struct file *file, unsigned cmd, pr_err("%s: Read buffer Allocation failed rc = %d\n", __func__, rc); rc = -ENOMEM; - mutex_unlock(&effects->lock); goto readbuf_fail; } atomic_set(&effects->out_count, effects->config.output.num_buf); @@ -204,7 +203,6 @@ static int audio_effects_shared_ioctl(struct file *file, unsigned cmd, if (rc < 0) { pr_err("%s: pcm read block config failed\n", __func__); rc = -EINVAL; - mutex_unlock(&effects->lock); goto cfg_fail; } pr_debug("%s: dec: sample_rate: %d, num_channels: %d, bit_width: %d\n", @@ -219,7 +217,6 @@ static int audio_effects_shared_ioctl(struct file *file, unsigned cmd, pr_err("%s: pcm write format block config failed\n", __func__); rc = -EINVAL; - mutex_unlock(&effects->lock); goto cfg_fail; } @@ -353,6 +350,7 @@ ioctl_fail: readbuf_fail: q6asm_audio_client_buf_free_contiguous(IN, effects->ac); + mutex_unlock(&effects->lock); return rc; cfg_fail: q6asm_audio_client_buf_free_contiguous(IN, @@ -360,6 +358,7 @@ cfg_fail: q6asm_audio_client_buf_free_contiguous(OUT, effects->ac); effects->buf_alloc = 0; + mutex_unlock(&effects->lock); return rc; } diff --git a/drivers/platform/msm/msm_bus/msm_bus_dbg_voter.c b/drivers/platform/msm/msm_bus/msm_bus_dbg_voter.c index 87e28bfddc69..5c613eeb7f11 100644 --- a/drivers/platform/msm/msm_bus/msm_bus_dbg_voter.c +++ b/drivers/platform/msm/msm_bus/msm_bus_dbg_voter.c @@ -27,6 +27,7 @@ struct msm_bus_floor_client_type { }; static struct class *bus_floor_class; +static DEFINE_RT_MUTEX(msm_bus_floor_vote_lock); #define MAX_VOTER_NAME (50) #define DEFAULT_NODE_WIDTH (8) #define DBG_NAME(s) (strnstr(s, "-", 7) + 1) @@ -64,18 +65,22 @@ static ssize_t bus_floor_active_only_store(struct device *dev, { struct msm_bus_floor_client_type *cl; + rt_mutex_lock(&msm_bus_floor_vote_lock); cl = dev_get_drvdata(dev); if (!cl) { pr_err("%s: Can't find cl", __func__); + rt_mutex_unlock(&msm_bus_floor_vote_lock); return 0; } if (sscanf(buf, "%d", &cl->active_only) != 1) { pr_err("%s:return error", __func__); + rt_mutex_unlock(&msm_bus_floor_vote_lock); return -EINVAL; } + rt_mutex_unlock(&msm_bus_floor_vote_lock); return n; } @@ -100,20 +105,24 @@ static ssize_t bus_floor_vote_store(struct device *dev, struct msm_bus_floor_client_type *cl; int ret = 0; + rt_mutex_lock(&msm_bus_floor_vote_lock); cl = dev_get_drvdata(dev); if (!cl) { pr_err("%s: Can't find cl", __func__); + rt_mutex_unlock(&msm_bus_floor_vote_lock); return 0; } if (sscanf(buf, "%llu", &cl->cur_vote_hz) != 1) { pr_err("%s:return error", __func__); + rt_mutex_unlock(&msm_bus_floor_vote_lock); return -EINVAL; } ret = msm_bus_floor_vote_context(dev_name(dev), cl->cur_vote_hz, cl->active_only); + rt_mutex_unlock(&msm_bus_floor_vote_lock); return n; } @@ -126,15 +135,18 @@ static ssize_t bus_floor_vote_store_api(struct device *dev, char name[10]; u64 vote_khz = 0; + rt_mutex_lock(&msm_bus_floor_vote_lock); cl = dev_get_drvdata(dev); if (!cl) { pr_err("%s: Can't find cl", __func__); + rt_mutex_unlock(&msm_bus_floor_vote_lock); return 0; } if (sscanf(buf, "%9s %llu", name, &vote_khz) != 2) { pr_err("%s:return error", __func__); + rt_mutex_unlock(&msm_bus_floor_vote_lock); return -EINVAL; } name[9] = '\0'; @@ -143,6 +155,7 @@ static ssize_t bus_floor_vote_store_api(struct device *dev, __func__, name, vote_khz); ret = msm_bus_floor_vote(name, vote_khz); + rt_mutex_unlock(&msm_bus_floor_vote_lock); return n; } diff --git a/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/HTT/htt.h b/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/HTT/htt.h index c608cf59413a..129443fe84b2 100644 --- a/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/HTT/htt.h +++ b/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/HTT/htt.h @@ -6315,6 +6315,9 @@ PREPACK struct htt_txq_group { #define HTT_TX_COMPL_IND_APPEND_GET(_info) \ (((_info) & HTT_TX_COMPL_IND_APPEND_M) >> HTT_TX_COMPL_IND_APPEND_S) +#define HTT_TX_COMPL_HEAD_SZ 4 +#define HTT_TX_COMPL_BYTES_PER_MSDU_ID 2 + #define HTT_TX_COMPL_CTXT_SZ sizeof(A_UINT16) #define HTT_TX_COMPL_CTXT_NUM(_bytes) ((_bytes) >> 1) diff --git a/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/HTT/htt_t2h.c b/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/HTT/htt_t2h.c index e09636ad49fb..0c74af80d900 100644 --- a/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/HTT/htt_t2h.c +++ b/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/HTT/htt_t2h.c @@ -613,10 +613,26 @@ if (adf_os_unlikely(pdev->rx_ring.rx_reset)) { { int num_msdus; enum htt_tx_status status; + int msg_len = adf_nbuf_len(htt_t2h_msg); /* status - no enum translation needed */ status = HTT_TX_COMPL_IND_STATUS_GET(*msg_word); num_msdus = HTT_TX_COMPL_IND_NUM_GET(*msg_word); + + /* + * each desc id will occupy 2 bytes. + * the 4 is for htt msg header + */ + if ((num_msdus * HTT_TX_COMPL_BYTES_PER_MSDU_ID + + HTT_TX_COMPL_HEAD_SZ) > msg_len) { + adf_os_print("%s: num_msdus(%d) is invalid," + "adf_nbuf_len = %d\n", + __FUNCTION__, + num_msdus, + msg_len); + break; + } + if (num_msdus & 0x1) { struct htt_tx_compl_ind_base *compl = (void *)msg_word; @@ -685,8 +701,23 @@ if (adf_os_unlikely(pdev->rx_ring.rx_reset)) { case HTT_T2H_MSG_TYPE_TX_INSPECT_IND: { int num_msdus; + int msg_len = adf_nbuf_len(htt_t2h_msg); num_msdus = HTT_TX_COMPL_IND_NUM_GET(*msg_word); + /* + * each desc id will occupy 2 bytes. + * the 4 is for htt msg header + */ + if ((num_msdus * HTT_TX_COMPL_BYTES_PER_MSDU_ID + + HTT_TX_COMPL_HEAD_SZ) > msg_len) { + adf_os_print("%s: num_msdus(%d) is invalid," + "adf_nbuf_len = %d,inspect\n", + __FUNCTION__, + num_msdus, + msg_len); + break; + } + if (num_msdus & 0x1) { struct htt_tx_compl_ind_base *compl = (void *)msg_word; diff --git a/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_txrx.c b/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_txrx.c index 8b35aa45abcd..94068d59fcb0 100644 --- a/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_txrx.c +++ b/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_txrx.c @@ -375,6 +375,9 @@ ol_txrx_pdev_attach( TXRX_STATS_INIT(pdev); TAILQ_INIT(&pdev->vdev_list); + TAILQ_INIT(&pdev->req_list); + pdev->req_list_depth = 0; + adf_os_spinlock_init(&pdev->req_list_spinlock); /* do initial set up of the peer ID -> peer object lookup map */ if (ol_txrx_peer_find_attach(pdev)) { @@ -901,8 +904,9 @@ A_STATUS ol_txrx_pdev_attach_target(ol_txrx_pdev_handle pdev) void ol_txrx_pdev_detach(ol_txrx_pdev_handle pdev, int force) { - int i; + int i = 0; unsigned int page_idx; + struct ol_txrx_stats_req_internal *req; /*checking to ensure txrx pdev structure is not NULL */ if (!pdev) { @@ -915,6 +919,30 @@ ol_txrx_pdev_detach(ol_txrx_pdev_handle pdev, int force) /* check that the pdev has no vdevs allocated */ TXRX_ASSERT1(TAILQ_EMPTY(&pdev->vdev_list)); + adf_os_spin_lock_bh(&pdev->req_list_spinlock); + if (pdev->req_list_depth > 0) + TXRX_PRINT(TXRX_PRINT_LEVEL_ERR, + "Warning: the txrx req list is not empty, depth=%d\n", + pdev->req_list_depth + ); + TAILQ_FOREACH(req, &pdev->req_list, req_list_elem) { + TAILQ_REMOVE(&pdev->req_list, req, req_list_elem); + pdev->req_list_depth--; + TXRX_PRINT(TXRX_PRINT_LEVEL_ERR, + "%d: %p,verbose(%d), concise(%d), up_m(0x%x), reset_m(0x%x)\n", + i++, + req, + req->base.print.verbose, + req->base.print.concise, + req->base.stats_type_upload_mask, + req->base.stats_type_reset_mask + ); + adf_os_mem_free(req); + } + adf_os_spin_unlock_bh(&pdev->req_list_spinlock); + + adf_os_spinlock_destroy(&pdev->req_list_spinlock); + OL_RX_REORDER_TIMEOUT_CLEANUP(pdev); if (ol_cfg_is_high_latency(pdev->ctrl_pdev)) { @@ -1977,12 +2005,6 @@ void ol_txrx_print_level_set(unsigned level) #endif } -struct ol_txrx_stats_req_internal { - struct ol_txrx_stats_req base; - int serviced; /* state of this request */ - int offset; -}; - static inline u_int64_t OL_TXRX_STATS_PTR_TO_U64(struct ol_txrx_stats_req_internal *req) { @@ -2044,6 +2066,11 @@ ol_txrx_fw_stats_get( /* use the non-volatile request object's address as the cookie */ cookie = OL_TXRX_STATS_PTR_TO_U64(non_volatile_req); + adf_os_spin_lock_bh(&pdev->req_list_spinlock); + TAILQ_INSERT_TAIL(&pdev->req_list, non_volatile_req, req_list_elem); + pdev->req_list_depth++; + adf_os_spin_unlock_bh(&pdev->req_list_spinlock); + if (htt_h2t_dbg_stats_get( pdev->htt_pdev, req->stats_type_upload_mask, @@ -2051,14 +2078,15 @@ ol_txrx_fw_stats_get( HTT_H2T_STATS_REQ_CFG_STAT_TYPE_INVALID, 0, cookie)) { + adf_os_spin_lock_bh(&pdev->req_list_spinlock); + TAILQ_REMOVE(&pdev->req_list, non_volatile_req, req_list_elem); + pdev->req_list_depth--; + adf_os_spin_unlock_bh(&pdev->req_list_spinlock); + adf_os_mem_free(non_volatile_req); return A_ERROR; } - if (req->wait.blocking) { - while (adf_os_mutex_acquire(pdev->osdev, req->wait.sem_ptr)) {} - } - return A_OK; } #endif @@ -2072,11 +2100,27 @@ ol_txrx_fw_stats_handler( enum htt_dbg_stats_status status; int length; u_int8_t *stats_data; - struct ol_txrx_stats_req_internal *req; + struct ol_txrx_stats_req_internal *req, *tmp; int more = 0; + int found = 0; req = OL_TXRX_U64_TO_STATS_PTR(cookie); + adf_os_spin_lock_bh(&pdev->req_list_spinlock); + TAILQ_FOREACH(tmp, &pdev->req_list, req_list_elem) { + if (req == tmp) { + found = 1; + break; + } + } + adf_os_spin_unlock_bh(&pdev->req_list_spinlock); + + if (!found) { + TXRX_PRINT(TXRX_PRINT_LEVEL_ERR, + "req(%p) from firmware can't be found in the list\n", req); + return; + } + do { htt_t2h_dbg_stats_hdr_parse( stats_info_list, &type, &status, &length, &stats_data); @@ -2200,10 +2244,16 @@ ol_txrx_fw_stats_handler( } while (1); if (! more) { - if (req->base.wait.blocking) { - adf_os_mutex_release(pdev->osdev, req->base.wait.sem_ptr); + adf_os_spin_lock_bh(&pdev->req_list_spinlock); + TAILQ_FOREACH(tmp, &pdev->req_list, req_list_elem) { + if (req == tmp) { + TAILQ_REMOVE(&pdev->req_list, req, req_list_elem); + pdev->req_list_depth--; + adf_os_mem_free(req); + break; + } } - adf_os_mem_free(req); + adf_os_spin_unlock_bh(&pdev->req_list_spinlock); } } diff --git a/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_txrx_types.h b/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_txrx_types.h index beee134bedd7..3ccd9f54c7bd 100644 --- a/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_txrx_types.h +++ b/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_txrx_types.h @@ -540,6 +540,10 @@ struct ol_txrx_pdev_t { /* ol_txrx_vdev list */ TAILQ_HEAD(, ol_txrx_vdev_t) vdev_list; + TAILQ_HEAD(, ol_txrx_stats_req_internal) req_list; + int req_list_depth; + adf_os_spinlock_t req_list_spinlock; + /* peer ID to peer object map (array of pointers to peer objects) */ struct ol_txrx_peer_t **peer_id_to_obj_map; diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_assoc.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_assoc.c index 2991836b49ec..e4ef0ef99ed7 100644 --- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_assoc.c +++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_assoc.c @@ -4272,6 +4272,7 @@ static tANI_S32 hdd_ProcessGENIE(hdd_adapter_t *pAdapter, tDot11fIERSN dot11RSNIE; tDot11fIEWPA dot11WPAIE; tANI_U32 i; + tANI_U32 status; tANI_U8 *pRsnIe; tANI_U16 RSNIeLen; tPmkidCacheInfo PMKIDCache[4]; // Local transfer memory @@ -4297,10 +4298,17 @@ static tANI_S32 hdd_ProcessGENIE(hdd_adapter_t *pAdapter, pRsnIe = gen_ie + 2; RSNIeLen = gen_ie_len - 2; // Unpack the RSN IE - dot11fUnpackIeRSN((tpAniSirGlobal) halHandle, + status = dot11fUnpackIeRSN((tpAniSirGlobal) halHandle, pRsnIe, RSNIeLen, &dot11RSNIE); + if (DOT11F_FAILED(status)) + { + hddLog(LOGE, + FL("Parse failure in hdd_ProcessGENIE (0x%08x)"), + status); + return -EINVAL; + } // Copy out the encryption and authentication types hddLog(LOG1, FL("%s: pairwise cipher suite count: %d"), __func__, dot11RSNIE.pwise_cipher_suite_count ); diff --git a/drivers/staging/qcacld-2.0/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c b/drivers/staging/qcacld-2.0/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c index a00327363d16..0c106d8d781f 100644 --- a/drivers/staging/qcacld-2.0/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c +++ b/drivers/staging/qcacld-2.0/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c @@ -727,6 +727,10 @@ limSendSmeProbeReqInd(tpAniSirGlobal pMac, MTRACE(macTrace(pMac, TRACE_CODE_TX_SME_MSG, psessionEntry->peSessionId, msgQ.type)); + + if (ProbeReqIELen > sizeof(pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIE)) + ProbeReqIELen = sizeof(pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIE); + pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIELen = (tANI_U16)ProbeReqIELen; vos_mem_copy(pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIE, pProbeReqIE, ProbeReqIELen); diff --git a/drivers/staging/qcacld-2.0/CORE/SAP/src/sapChSelect.c b/drivers/staging/qcacld-2.0/CORE/SAP/src/sapChSelect.c index ac74e57c6100..09694b47a309 100644 --- a/drivers/staging/qcacld-2.0/CORE/SAP/src/sapChSelect.c +++ b/drivers/staging/qcacld-2.0/CORE/SAP/src/sapChSelect.c @@ -767,7 +767,9 @@ v_U32_t sapweightRssiCount(v_S7_t rssi, v_U16_t count) SIDE EFFECTS ============================================================================*/ -void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) +void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh, + tSapSpectChInfo *spect_ch_strt_addr, + tSapSpectChInfo *spect_ch_end_addr) { tSapSpectChInfo *pExtSpectCh = NULL; v_S31_t rssi; @@ -783,7 +785,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) { case CHANNEL_1: pExtSpectCh = (pSpectCh + 1); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -796,7 +800,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 2); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -809,7 +815,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 3); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -822,7 +830,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 4); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -838,7 +848,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) case CHANNEL_2: pExtSpectCh = (pSpectCh - 1); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -851,7 +863,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 1); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -864,7 +878,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 2); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -877,7 +893,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 3); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -890,7 +908,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 4); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -905,7 +925,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) break; case CHANNEL_3: pExtSpectCh = (pSpectCh - 2); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -918,7 +940,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh - 1); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -931,7 +955,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 1); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -944,7 +970,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 2); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -957,7 +985,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 3); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -970,7 +1000,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 4); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -985,7 +1017,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) break; case CHANNEL_4: pExtSpectCh = (pSpectCh - 3); - if(pExtSpectCh != NULL) + if(pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -998,7 +1032,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh - 2); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1011,7 +1047,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh - 1); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1024,7 +1062,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 1); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1037,7 +1077,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 2); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1050,7 +1092,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 3); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1063,7 +1107,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 4); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1084,7 +1130,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) case CHANNEL_9: case CHANNEL_10: pExtSpectCh = (pSpectCh - 4); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1097,7 +1145,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh - 3); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1110,7 +1160,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh - 2); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1123,7 +1175,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh - 1); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1136,7 +1190,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 1); - if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14)) + if ((pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr))) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1149,7 +1205,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 2); - if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14)) + if ((pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr))) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1162,7 +1220,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 3); - if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14)) + if ((pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr))) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1175,7 +1235,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 4); - if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14)) + if ((pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr))) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1191,7 +1253,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) case CHANNEL_11: pExtSpectCh = (pSpectCh - 4); - if(pExtSpectCh != NULL) + if(pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1205,7 +1269,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) } pExtSpectCh = (pSpectCh - 3); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1218,7 +1284,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh - 2); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1231,7 +1299,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh - 1); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1244,7 +1314,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 1); - if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14)) + if ((pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr))) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1257,7 +1329,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 2); - if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14)) + if ((pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr))) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1270,7 +1344,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 3); - if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14)) + if ((pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr))) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1286,7 +1362,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) case CHANNEL_12: pExtSpectCh = (pSpectCh - 4); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1300,7 +1378,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) } pExtSpectCh = (pSpectCh - 3); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1313,7 +1393,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh - 2); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1326,7 +1408,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh - 1); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1339,7 +1423,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 1); - if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14)) + if ((pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr))) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1352,7 +1438,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 2); - if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14)) + if ((pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr))) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1368,7 +1456,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) case CHANNEL_13: pExtSpectCh = (pSpectCh - 4); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1382,7 +1472,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) } pExtSpectCh = (pSpectCh - 3); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1395,7 +1487,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh - 2); - if(pExtSpectCh != NULL) + if(pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1408,7 +1502,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh - 1); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1421,7 +1517,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh + 1); - if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14)) + if ((pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr))) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1437,7 +1535,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) case CHANNEL_14: pExtSpectCh = (pSpectCh - 1); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1450,7 +1550,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh - 2); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1463,7 +1565,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh - 3); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1476,7 +1580,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh) pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI; } pExtSpectCh = (pSpectCh - 4); - if (pExtSpectCh != NULL) + if (pExtSpectCh != NULL && + (pExtSpectCh >= spect_ch_strt_addr && + pExtSpectCh < spect_ch_end_addr)) { ++pExtSpectCh->bssCount; rssi = pSpectCh->rssiAgr + @@ -1847,7 +1953,8 @@ void sapComputeSpectWeight( tSapChSelSpectInfo* pSpectInfoParams, if(operatingBand == eCSR_DOT11_MODE_11g) { - sapInterferenceRssiCount(pSpectCh); + sapInterferenceRssiCount(pSpectCh, pSpectChStartAddr, + pSpectChEndAddr); } VOS_TRACE(VOS_MODULE_ID_SAP, VOS_TRACE_LEVEL_INFO_HIGH, diff --git a/drivers/staging/qcacld-2.0/CORE/SERVICES/COMMON/ol_txrx_dbg.h b/drivers/staging/qcacld-2.0/CORE/SERVICES/COMMON/ol_txrx_dbg.h index 7309db33dc86..517bf5f4b317 100644 --- a/drivers/staging/qcacld-2.0/CORE/SERVICES/COMMON/ol_txrx_dbg.h +++ b/drivers/staging/qcacld-2.0/CORE/SERVICES/COMMON/ol_txrx_dbg.h @@ -76,6 +76,13 @@ struct ol_txrx_stats_req { } wait; }; +struct ol_txrx_stats_req_internal { + struct ol_txrx_stats_req base; + TAILQ_ENTRY(ol_txrx_stats_req_internal) req_list_elem; + int serviced; /* state of this request */ + int offset; +}; + #ifndef TXRX_DEBUG_LEVEL #define TXRX_DEBUG_LEVEL 0 /* no debug info */ #endif diff --git a/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c b/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c index c3a9e89ba98d..010db5898cd4 100644 --- a/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c +++ b/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013-2016 The Linux Foundation. All rights reserved. + * Copyright (c) 2013-2018 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -493,7 +493,7 @@ static bool wma_is_vdev_in_ap_mode(tp_wma_handle wma, u_int8_t vdev_id) { struct wma_txrx_node *intf = wma->interfaces; - if (vdev_id > wma->max_bssid) { + if (vdev_id >= wma->max_bssid) { WMA_LOGP("%s: Invalid vdev_id %hu", __func__, vdev_id); VOS_ASSERT(0); return false; @@ -519,7 +519,7 @@ static bool wma_is_vdev_in_ibss_mode(tp_wma_handle wma, u_int8_t vdev_id) { struct wma_txrx_node *intf = wma->interfaces; - if (vdev_id > wma->max_bssid) { + if (vdev_id >= wma->max_bssid) { WMA_LOGP("%s: Invalid vdev_id %hu", __func__, vdev_id); VOS_ASSERT(0); return false; @@ -1294,9 +1294,15 @@ static int wma_vdev_start_rsp_ind(tp_wma_handle wma, u_int8_t *buf) return -EINVAL; } + if (resp_event->vdev_id >= wma->max_bssid) { + WMA_LOGE("%s: received invalid vdev_id %d", + __func__, resp_event->vdev_id); + return -EINVAL; + } + iface = &wma->interfaces[resp_event->vdev_id]; - if ((resp_event->vdev_id <= wma->max_bssid) && + if ((resp_event->vdev_id < wma->max_bssid) && (adf_os_atomic_read( &wma->interfaces[resp_event->vdev_id].vdev_restart_params.hidden_ssid_restart_in_progress)) && (wma_is_vdev_in_ap_mode(wma, resp_event->vdev_id) == true)) { @@ -1889,7 +1895,7 @@ static void wma_delete_all_ibss_peers(tp_wma_handle wma, A_UINT32 vdev_id) ol_txrx_vdev_handle vdev; ol_txrx_peer_handle peer, temp; - if (!wma || vdev_id > wma->max_bssid) + if (!wma || vdev_id >= wma->max_bssid) return; vdev = wma->interfaces[vdev_id].handle; @@ -1931,7 +1937,7 @@ static void wma_delete_all_ap_remote_peers(tp_wma_handle wma, A_UINT32 vdev_id) ol_txrx_vdev_handle vdev; ol_txrx_peer_handle peer, temp; - if (!wma || vdev_id > wma->max_bssid) + if (!wma || vdev_id >= wma->max_bssid) return; vdev = wma->interfaces[vdev_id].handle; @@ -2190,7 +2196,7 @@ static int wma_vdev_stop_ind(tp_wma_handle wma, u_int8_t *buf) resp_event = (wmi_vdev_stopped_event_fixed_param *)buf; - if ((resp_event->vdev_id <= wma->max_bssid) && + if ((resp_event->vdev_id < wma->max_bssid) && (adf_os_atomic_read(&wma->interfaces[resp_event->vdev_id].vdev_restart_params.hidden_ssid_restart_in_progress)) && ((wma->interfaces[resp_event->vdev_id].type == WMI_VDEV_TYPE_AP) && (wma->interfaces[resp_event->vdev_id].sub_type == 0))) { @@ -2229,7 +2235,7 @@ static int wma_vdev_stop_ind(tp_wma_handle wma, u_int8_t *buf) tpDeleteBssParams params = (tpDeleteBssParams)req_msg->user_data; struct beacon_info *bcn; - if (resp_event->vdev_id > wma->max_bssid) { + if (resp_event->vdev_id >= wma->max_bssid) { WMA_LOGE("%s: Invalid vdev_id %d", __func__, resp_event->vdev_id); vos_mem_free(params); @@ -3935,6 +3941,11 @@ static int wma_extscan_hotlist_match_event_handler(void *handle, dest_ap->ieLength = src_hotlist-> ie_length; WMI_MAC_ADDR_TO_CHAR_ARRAY(&src_hotlist->bssid, dest_ap->bssid); + if (src_hotlist->ssid.ssid_len > SIR_MAC_MAX_SSID_LENGTH) { + WMA_LOGE("%s Invalid SSID len %d, truncating", + __func__, src_hotlist->ssid.ssid_len); + src_hotlist->ssid.ssid_len = SIR_MAC_MAX_SSID_LENGTH; + } vos_mem_copy(dest_ap->ssid, src_hotlist->ssid.ssid, src_hotlist->ssid.ssid_len); dest_ap->ssid[src_hotlist->ssid.ssid_len] = '\0'; @@ -4109,6 +4120,13 @@ static int wma_group_num_bss_to_scan_id(const u_int8_t *cmd_param_info, WMI_MAC_ADDR_TO_CHAR_ARRAY(&src_hotlist->bssid, ap->bssid); + if (src_hotlist->ssid.ssid_len > + SIR_MAC_MAX_SSID_LENGTH) { + WMA_LOGD("%s Invalid SSID len %d, truncating", + __func__, src_hotlist->ssid.ssid_len); + src_hotlist->ssid.ssid_len = + SIR_MAC_MAX_SSID_LENGTH; + } vos_mem_copy(ap->ssid, src_hotlist->ssid.ssid, src_hotlist->ssid.ssid_len); ap->ssid[src_hotlist->ssid.ssid_len] = '\0'; @@ -4421,10 +4439,13 @@ static int wma_passpoint_match_event_handler(void *handle, WMA_SVC_MSG_MAX_SIZE) { WMA_LOGE("IE Length: %d or ANQP Length: %d is huge", event->ie_length, event->anqp_length); - VOS_ASSERT(0); return -EINVAL; } - + if (event->ssid.ssid_len > SIR_MAC_MAX_SSID_LENGTH) { + WMA_LOGD("%s: Invalid ssid len %d, truncating", + __func__, event->ssid.ssid_len); + event->ssid.ssid_len = SIR_MAC_MAX_SSID_LENGTH; + } dest_match = vos_mem_malloc(sizeof(*dest_match) + event->ie_length + event->anqp_length); if (!dest_match) { @@ -4516,6 +4537,11 @@ static int wma_unified_link_iface_stats_event_handler(void *handle, WMA_LOGA("%s: Invalid param_tlvs for Iface Stats", __func__); return -EINVAL; } + if (link_stats->num_ac > WIFI_AC_MAX) { + WMA_LOGE("%s: Excess data received from firmware num_ac %d", + __func__, link_stats->num_ac); + return -EINVAL; + } link_stats_size = sizeof(tSirWifiIfaceStat); iface_info_size = sizeof(tSirWifiInterfaceInfo); @@ -9805,7 +9831,7 @@ VOS_STATUS wma_start_scan(tp_wma_handle wma_handle, int len; tSirScanOffloadEvent *scan_event; - if (scan_req->sessionId > wma_handle->max_bssid) { + if (scan_req->sessionId >= wma_handle->max_bssid) { WMA_LOGE("%s: Invalid vdev_id %d, msg_type : 0x%x", __func__, scan_req->sessionId, msg_type); goto error1; @@ -12712,7 +12738,7 @@ void wma_vdev_resp_timer(void *data) struct beacon_info *bcn; struct wma_txrx_node *iface; - if (tgt_req->vdev_id > wma->max_bssid) { + if (tgt_req->vdev_id >= wma->max_bssid) { WMA_LOGE("%s: Invalid vdev_id %d", __func__, tgt_req->vdev_id); vos_mem_free(params); @@ -23142,7 +23168,7 @@ static VOS_STATUS wma_wow_enter(tp_wma_handle wma, WMA_LOGD("wow enable req received for vdev id: %d", info->sessionId); - if (info->sessionId > wma->max_bssid) { + if (info->sessionId >= wma->max_bssid) { WMA_LOGE("Invalid vdev id (%d)", info->sessionId); vos_mem_free(info); return VOS_STATUS_E_INVAL; @@ -23169,7 +23195,7 @@ static VOS_STATUS wma_wow_exit(tp_wma_handle wma, WMA_LOGD("wow disable req received for vdev id: %d", info->sessionId); - if (info->sessionId > wma->max_bssid) { + if (info->sessionId >= wma->max_bssid) { WMA_LOGE("Invalid vdev id (%d)", info->sessionId); vos_mem_free(info); return VOS_STATUS_E_INVAL; @@ -23202,7 +23228,7 @@ static VOS_STATUS wma_suspend_req(tp_wma_handle wma, tpSirWlanSuspendParam info) wma->no_of_suspend_ind++; - if (info->sessionId > wma->max_bssid) { + if (info->sessionId >= wma->max_bssid) { WMA_LOGE("Invalid vdev id (%d)", info->sessionId); vos_mem_free(info); return VOS_STATUS_E_INVAL; diff --git a/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma_nan_datapath.c b/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma_nan_datapath.c index c2cd54c2c268..6dccfcc7a9e3 100644 --- a/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma_nan_datapath.c +++ b/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma_nan_datapath.c @@ -490,7 +490,7 @@ void wma_delete_all_nan_remote_peers(tp_wma_handle wma, uint32_t vdev_id) ol_txrx_vdev_handle vdev; ol_txrx_peer_handle peer, temp; - if (!wma || vdev_id > wma->max_bssid) + if (!wma || vdev_id >= wma->max_bssid) return; vdev = wma->interfaces[vdev_id].handle; diff --git a/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/include/pktlog_ac_api.h b/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/include/pktlog_ac_api.h index a30aaab2b07b..5fdc83c575b5 100644 --- a/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/include/pktlog_ac_api.h +++ b/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/include/pktlog_ac_api.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2013 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2017 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -72,7 +72,7 @@ struct ath_pktlog_info { /* Size of buffer in bytes */ int32_t buf_size; spinlock_t log_lock; - + struct mutex pktlog_mutex; /* Threshold of TCP SACK packets for triggered stop */ int sack_thr; diff --git a/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/linux_ac.c b/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/linux_ac.c index ec61b77e827c..6054306de0f5 100644 --- a/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/linux_ac.c +++ b/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/linux_ac.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2016 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -78,6 +78,8 @@ static struct ath_pktlog_info *g_pktlog_info; static struct proc_dir_entry *g_pktlog_pde; +static DEFINE_MUTEX(proc_mutex); + static int pktlog_attach(struct ol_softc *sc); static void pktlog_detach(struct ol_softc *sc); static int pktlog_open(struct inode *i, struct file *f); @@ -120,6 +122,7 @@ int pktlog_alloc_buf(struct ol_softc *scn) unsigned long vaddr; struct page *vpg; struct ath_pktlog_info *pl_info; + struct ath_pktlog_buf *buffer; if (!scn || !scn->pdev_txrx_handle->pl_dev) { printk(PKTLOG_TAG @@ -133,19 +136,28 @@ int pktlog_alloc_buf(struct ol_softc *scn) page_cnt = (sizeof(*(pl_info->buf)) + pl_info->buf_size) / PAGE_SIZE; - if ((pl_info->buf = vmalloc((page_cnt + 2) * PAGE_SIZE)) == NULL) { + spin_lock_bh(&pl_info->log_lock); + if(pl_info->buf != NULL) { + printk("Buffer is already in use\n"); + spin_unlock_bh(&pl_info->log_lock); + return -EINVAL; + } + spin_unlock_bh(&pl_info->log_lock); + + if ((buffer = vmalloc((page_cnt + 2) * PAGE_SIZE)) == NULL) { printk(PKTLOG_TAG "%s: Unable to allocate buffer " "(%d pages)\n", __func__, page_cnt); return -ENOMEM; } - pl_info->buf = (struct ath_pktlog_buf *) - (((unsigned long) (pl_info->buf) + PAGE_SIZE - 1) + + buffer = (struct ath_pktlog_buf *) + (((unsigned long) (buffer) + PAGE_SIZE - 1) & PAGE_MASK); - for (vaddr = (unsigned long) (pl_info->buf); - vaddr < ((unsigned long) (pl_info->buf) + (page_cnt * PAGE_SIZE)); + for (vaddr = (unsigned long) (buffer); + vaddr < ((unsigned long) (buffer) + (page_cnt * PAGE_SIZE)); vaddr += PAGE_SIZE) { #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)) vpg = vmalloc_to_page((const void *) vaddr); @@ -155,6 +167,12 @@ int pktlog_alloc_buf(struct ol_softc *scn) SetPageReserved(vpg); } + spin_lock_bh(&pl_info->log_lock); + if(pl_info->buf != NULL) + pktlog_release_buf(scn); + + pl_info->buf = buffer; + spin_unlock_bh(&pl_info->log_lock); return 0; } @@ -198,6 +216,7 @@ pktlog_cleanup(struct ath_pktlog_info *pl_info) { pl_info->log_state = 0; PKTLOG_LOCK_DESTROY(pl_info); + mutex_destroy(&pl_info->pktlog_mutex); } /* sysctl procfs handler to enable pktlog */ @@ -209,9 +228,11 @@ ATH_SYSCTL_DECL(ath_sysctl_pktlog_enable, ctl, write, filp, buffer, lenp, ol_ath_generic_softc_handle scn; struct ol_pktlog_dev_t *pl_dev; + mutex_lock(&proc_mutex); scn = (ol_ath_generic_softc_handle) ctl->extra1; if (!scn) { + mutex_unlock(&proc_mutex); printk("%s: Invalid scn context\n", __func__); ASSERT(0); return -EINVAL; @@ -220,6 +241,7 @@ ATH_SYSCTL_DECL(ath_sysctl_pktlog_enable, ctl, write, filp, buffer, lenp, pl_dev = get_pl_handle((struct ol_softc *)scn); if (!pl_dev) { + mutex_unlock(&proc_mutex); printk("%s: Invalid pktlog context\n", __func__); ASSERT(0); return -ENODEV; @@ -249,6 +271,7 @@ ATH_SYSCTL_DECL(ath_sysctl_pktlog_enable, ctl, write, filp, buffer, lenp, ctl->data = NULL; ctl->maxlen = 0; + mutex_unlock(&proc_mutex); return ret; } @@ -266,9 +289,11 @@ ATH_SYSCTL_DECL(ath_sysctl_pktlog_size, ctl, write, filp, buffer, lenp, ol_ath_generic_softc_handle scn; struct ol_pktlog_dev_t *pl_dev; + mutex_lock(&proc_mutex); scn = (ol_ath_generic_softc_handle) ctl->extra1; if (!scn) { + mutex_unlock(&proc_mutex); printk("%s: Invalid scn context\n", __func__); ASSERT(0); return -EINVAL; @@ -277,6 +302,7 @@ ATH_SYSCTL_DECL(ath_sysctl_pktlog_size, ctl, write, filp, buffer, lenp, pl_dev = get_pl_handle((struct ol_softc *)scn); if (!pl_dev) { + mutex_unlock(&proc_mutex); printk("%s: Invalid pktlog handle\n", __func__); ASSERT(0); return -ENODEV; @@ -301,6 +327,7 @@ ATH_SYSCTL_DECL(ath_sysctl_pktlog_size, ctl, write, filp, buffer, lenp, ctl->data = NULL; ctl->maxlen = 0; + mutex_unlock(&proc_mutex); return ret; } @@ -732,7 +759,7 @@ rd_done: } static ssize_t -pktlog_read(struct file *file, char *buf, size_t nbytes, loff_t *ppos) +__pktlog_read(struct file *file, char *buf, size_t nbytes, loff_t *ppos) { size_t bufhdr_size; size_t count = 0, ret_val = 0; @@ -870,6 +897,24 @@ rd_done: return ret_val; } +static ssize_t +pktlog_read(struct file *file, char *buf, size_t nbytes, loff_t *ppos) +{ + size_t ret_val = 0; +#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,0) + struct ath_pktlog_info *pl_info = (struct ath_pktlog_info *) + PDE_DATA(file->f_path.dentry->d_inode); +#else + struct proc_dir_entry *proc_entry = PDE(file->f_dentry->d_inode); + struct ath_pktlog_info *pl_info = (struct ath_pktlog_info *) + proc_entry->data; +#endif + mutex_lock(&pl_info->pktlog_mutex); + ret_val = __pktlog_read(file, buf, nbytes, ppos); + mutex_unlock(&pl_info->pktlog_mutex); + return ret_val; +} + #ifndef VMALLOC_VMADDR #define VMALLOC_VMADDR(x) ((unsigned long)(x)) #endif diff --git a/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/pktlog_ac.c b/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/pktlog_ac.c index 542ff90ba595..cad8b0e1aedd 100644 --- a/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/pktlog_ac.c +++ b/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/pktlog_ac.c @@ -280,6 +280,7 @@ pktlog_init(struct ol_softc *scn) OS_MEMZERO(pl_info, sizeof(*pl_info)); PKTLOG_LOCK_INIT(pl_info); + mutex_init(&pl_info->pktlog_mutex); pl_info->buf_size = PKTLOG_DEFAULT_BUFSIZE; pl_info->buf = NULL; @@ -301,8 +302,9 @@ pktlog_init(struct ol_softc *scn) PKTLOG_RCUPDATE_SUBSCRIBER.callback = pktlog_callback; } -int -pktlog_enable(struct ol_softc *scn, int32_t log_state) + +static int +__pktlog_enable(struct ol_softc *scn, int32_t log_state) { struct ol_pktlog_dev_t *pl_dev; struct ath_pktlog_info *pl_info; @@ -392,8 +394,39 @@ pktlog_enable(struct ol_softc *scn, int32_t log_state) #define ONE_MEGABYTE (1024 * 1024) #define MAX_ALLOWED_PKTLOG_SIZE (16 * ONE_MEGABYTE) -int -pktlog_setsize(struct ol_softc *scn, int32_t size) +int pktlog_enable(struct ol_softc *scn, int32_t log_state) +{ + struct ol_pktlog_dev_t *pl_dev; + struct ath_pktlog_info *pl_info; + int error; + + if (!scn) { + printk("%s: Invalid scn context\n", __func__); + ASSERT(0); + return A_ERROR; + } + + pl_dev = scn->pdev_txrx_handle->pl_dev; + if (!pl_dev) { + printk("%s: Invalid pktlog context\n", __func__); + ASSERT(0); + return A_ERROR; + } + + pl_info = pl_dev->pl_info; + + if (!pl_info) + return 0; + + mutex_lock(&pl_info->pktlog_mutex); + error = __pktlog_enable(scn, log_state); + mutex_unlock(&pl_info->pktlog_mutex); + return error; +} + + +static int +__pktlog_setsize(struct ol_softc *scn, int32_t size) { struct ol_pktlog_dev_t *pl_dev = scn->pdev_txrx_handle->pl_dev; struct ath_pktlog_info *pl_info = pl_dev->pl_info; @@ -424,4 +457,25 @@ pktlog_setsize(struct ol_softc *scn, int32_t size) return 0; } +int +pktlog_setsize(struct ol_softc *scn, int32_t size) +{ + struct ol_pktlog_dev_t *pl_dev; + struct ath_pktlog_info *pl_info; + int status; + + if (!scn) { + printk("%s: Invalid scn context\n", __func__); + ASSERT(0); + return A_ERROR; + } + + pl_dev = scn->pdev_txrx_handle->pl_dev; + pl_info = pl_dev->pl_info; + + mutex_lock(&pl_info->pktlog_mutex); + status = __pktlog_setsize(scn, size); + mutex_unlock(&pl_info->pktlog_mutex); + return status; +} #endif /* REMOVE_PKT_LOG */ diff --git a/drivers/video/msm/mdss/mdss_mdp_util.c b/drivers/video/msm/mdss/mdss_mdp_util.c index 30a960d32923..936b72b6e72f 100644 --- a/drivers/video/msm/mdss/mdss_mdp_util.c +++ b/drivers/video/msm/mdss/mdss_mdp_util.c @@ -438,6 +438,8 @@ int mdss_mdp_get_plane_sizes(u32 format, u32 w, u32 h, if (ps == NULL) return -EINVAL; + memset(ps, 0, sizeof(struct mdss_mdp_plane_sizes)); + if ((w > MAX_IMG_WIDTH) || (h > MAX_IMG_HEIGHT)) return -ERANGE; @@ -446,7 +448,6 @@ int mdss_mdp_get_plane_sizes(u32 format, u32 w, u32 h, return -EINVAL; bpp = fmt->bpp; - memset(ps, 0, sizeof(struct mdss_mdp_plane_sizes)); if (bwc_mode) { u32 height, meta_size; |