aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSiyuan Zhou <siyuanzhou@google.com>2018-03-15 11:43:54 -0700
committerSiyuan Zhou <siyuanzhou@google.com>2018-03-15 11:46:29 -0700
commitfe7f1cda1896e3f6235cc635fb3fac13215ad0e6 (patch)
treee10326f235dffe1b7a38e293c96be70fc1f55a63
parentd5f156e7af964d18a1f10bbc54852531fe8b7ad0 (diff)
parente30e3bea7a788d8c61ff005b1551cfd9f53f6c28 (diff)
Merge branch 'android-msm-bullhead-3.10-security-next' into android-msm-bullhead-3.10android-8.1.0_r0.53
May 2018.1 Bug: 74404153 Signed-off-by: Siyuan Zhou <siyuanzhou@google.com> Change-Id: I98e7e3bb405048e971437d2487fa90f332609523
Diffstat
-rw-r--r--drivers/block/loop.c10
-rw-r--r--drivers/input/tablet/gtco.c17
-rw-r--r--[-rwxr-xr-x]drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c69
-rw-r--r--drivers/misc/qcom/qdsp6v2/audio_hwacc_effects.c5
-rw-r--r--drivers/platform/msm/msm_bus/msm_bus_dbg_voter.c13
-rw-r--r--drivers/staging/qcacld-2.0/CORE/CLD_TXRX/HTT/htt.h3
-rw-r--r--drivers/staging/qcacld-2.0/CORE/CLD_TXRX/HTT/htt_t2h.c31
-rw-r--r--drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_txrx.c80
-rw-r--r--drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_txrx_types.h4
-rw-r--r--drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_assoc.c10
-rw-r--r--drivers/staging/qcacld-2.0/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c4
-rw-r--r--drivers/staging/qcacld-2.0/CORE/SAP/src/sapChSelect.c215
-rw-r--r--drivers/staging/qcacld-2.0/CORE/SERVICES/COMMON/ol_txrx_dbg.h7
-rw-r--r--drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c56
-rw-r--r--drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma_nan_datapath.c2
-rw-r--r--drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/include/pktlog_ac_api.h4
-rw-r--r--drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/linux_ac.c59
-rw-r--r--drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/pktlog_ac.c62
-rw-r--r--drivers/video/msm/mdss/mdss_mdp_util.c3
19 files changed, 535 insertions, 119 deletions
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
index 4a8116547873..333458ca1bdd 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -1511,9 +1511,8 @@ out:
return err;
}
-static void lo_release(struct gendisk *disk, fmode_t mode)
+static void __lo_release(struct loop_device *lo)
{
- struct loop_device *lo = disk->private_data;
int err;
mutex_lock(&lo->lo_ctl_mutex);
@@ -1541,6 +1540,13 @@ out:
mutex_unlock(&lo->lo_ctl_mutex);
}
+static void lo_release(struct gendisk *disk, fmode_t mode)
+{
+ mutex_lock(&loop_index_mutex);
+ __lo_release(disk->private_data);
+ mutex_unlock(&loop_index_mutex);
+}
+
static const struct block_device_operations lo_fops = {
.owner = THIS_MODULE,
.open = lo_open,
diff --git a/drivers/input/tablet/gtco.c b/drivers/input/tablet/gtco.c
index 29e01ab6859f..89a77018eeec 100644
--- a/drivers/input/tablet/gtco.c
+++ b/drivers/input/tablet/gtco.c
@@ -232,13 +232,17 @@ static void parse_hid_report_descriptor(struct gtco *device, char * report,
/* Walk this report and pull out the info we need */
while (i < length) {
- prefix = report[i];
-
- /* Skip over prefix */
- i++;
+ prefix = report[i++];
/* Determine data size and save the data in the proper variable */
- size = PREF_SIZE(prefix);
+ size = (1U << PREF_SIZE(prefix)) >> 1;
+ if (i + size > length) {
+ dev_err(ddev,
+ "Not enough data (need %d, have %d)\n",
+ i + size, length);
+ break;
+ }
+
switch (size) {
case 1:
data = report[i];
@@ -246,8 +250,7 @@ static void parse_hid_report_descriptor(struct gtco *device, char * report,
case 2:
data16 = get_unaligned_le16(&report[i]);
break;
- case 3:
- size = 4;
+ case 4:
data32 = get_unaligned_le32(&report[i]);
break;
}
diff --git a/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c b/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c
index 5b077c9195a7..b79540f477cc 100755..100644
--- a/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c
+++ b/drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2011-2015, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2011-2015, 2018 The Linux Foundation. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 and
@@ -52,6 +52,11 @@ static int32_t msm_actuator_piezo_set_default_focus(
struct msm_camera_i2c_reg_setting reg_setting;
CDBG("Enter\n");
+ if (a_ctrl->i2c_reg_tbl == NULL) {
+ pr_err("failed. i2c reg tabl is NULL");
+ return -EFAULT;
+ }
+
if (a_ctrl->curr_step_pos != 0) {
a_ctrl->i2c_tbl_index = 0;
a_ctrl->func_tbl->actuator_parse_i2c_params(a_ctrl,
@@ -79,13 +84,25 @@ static int32_t msm_actuator_piezo_set_default_focus(
static void msm_actuator_parse_i2c_params(struct msm_actuator_ctrl_t *a_ctrl,
int16_t next_lens_position, uint32_t hw_params, uint16_t delay)
{
- struct msm_actuator_reg_params_t *write_arr = a_ctrl->reg_tbl;
+ struct msm_actuator_reg_params_t *write_arr = NULL;
uint32_t hw_dword = hw_params;
uint16_t i2c_byte1 = 0, i2c_byte2 = 0;
uint16_t value = 0;
- uint32_t size = a_ctrl->reg_tbl_size, i = 0;
- struct msm_camera_i2c_reg_array *i2c_tbl = a_ctrl->i2c_reg_tbl;
+ uint32_t size = 0, i = 0;
+ struct msm_camera_i2c_reg_array *i2c_tbl = NULL;
CDBG("Enter\n");
+
+ if ((!a_ctrl) ||
+ (!a_ctrl->reg_tbl) ||
+ (!a_ctrl->i2c_reg_tbl)) {
+ pr_err("failed. NULL actuator pointers");
+ return;
+ }
+
+ size = a_ctrl->reg_tbl_size;
+ write_arr = a_ctrl->reg_tbl;
+ i2c_tbl = a_ctrl->i2c_reg_tbl;
+
for (i = 0; i < size; i++) {
if (write_arr[i].reg_write_type == MSM_ACTUATOR_WRITE_DAC) {
value = (next_lens_position <<
@@ -513,6 +530,17 @@ static int32_t msm_actuator_piezo_move_focus(
return -EFAULT;
}
+ if (a_ctrl->i2c_reg_tbl == NULL) {
+ pr_err("failed. i2c reg tabl is NULL");
+ return -EFAULT;
+ }
+
+ if (dest_step_position > a_ctrl->total_steps) {
+ pr_err("Step pos greater than total steps = %d\n",
+ dest_step_position);
+ return -EFAULT;
+ }
+
a_ctrl->i2c_tbl_index = 0;
a_ctrl->func_tbl->actuator_parse_i2c_params(a_ctrl,
(num_steps *
@@ -577,6 +605,10 @@ static int32_t msm_actuator_move_focus(
pr_err("Invalid direction = %d\n", dir);
return -EFAULT;
}
+ if (a_ctrl->i2c_reg_tbl == NULL) {
+ pr_err("failed. i2c reg tabl is NULL");
+ return -EFAULT;
+ }
if (dest_step_pos > a_ctrl->total_steps) {
pr_err("Step pos greater than total steps = %d\n",
dest_step_pos);
@@ -588,6 +620,8 @@ static int32_t msm_actuator_move_focus(
a_ctrl->curr_step_pos, dest_step_pos, curr_lens_pos);
while (a_ctrl->curr_step_pos != dest_step_pos) {
+ if (a_ctrl->curr_region_index >= a_ctrl->region_size)
+ break;
step_boundary =
a_ctrl->region_params[a_ctrl->curr_region_index].
step_bound[dir];
@@ -678,6 +712,10 @@ static int32_t msm_actuator_bivcm_move_focus(
pr_err("Invalid direction = %d\n", dir);
return -EFAULT;
}
+ if (a_ctrl->i2c_reg_tbl == NULL) {
+ pr_err("failed. i2c reg tabl is NULL");
+ return -EFAULT;
+ }
if (dest_step_pos > a_ctrl->total_steps) {
pr_err("Step pos greater than total steps = %d\n",
dest_step_pos);
@@ -689,6 +727,8 @@ static int32_t msm_actuator_bivcm_move_focus(
a_ctrl->curr_step_pos, dest_step_pos, curr_lens_pos);
while (a_ctrl->curr_step_pos != dest_step_pos) {
+ if (a_ctrl->curr_region_index >= a_ctrl->region_size)
+ break;
step_boundary =
a_ctrl->region_params[a_ctrl->curr_region_index].
step_bound[dir];
@@ -1076,6 +1116,18 @@ static int32_t msm_actuator_set_position(
return -EFAULT;
}
+ if (!a_ctrl || !a_ctrl->func_tbl ||
+ !a_ctrl->func_tbl->actuator_parse_i2c_params ||
+ !a_ctrl->i2c_reg_tbl) {
+ pr_err("failed. NULL actuator pointers.");
+ return -EFAULT;
+ }
+
+ if (a_ctrl->actuator_state != ACT_OPS_ACTIVE) {
+ pr_err("failed. Invalid actuator state.");
+ return -EFAULT;
+ }
+
a_ctrl->i2c_tbl_index = 0;
for (index = 0; index < set_pos->number_of_steps; index++) {
next_lens_position = set_pos->pos[index];
@@ -1165,13 +1217,13 @@ static int32_t msm_actuator_set_param(struct msm_actuator_ctrl_t *a_ctrl,
a_ctrl->region_size = set_info->af_tuning_params.region_size;
a_ctrl->pwd_step = set_info->af_tuning_params.pwd_step;
- a_ctrl->total_steps = set_info->af_tuning_params.total_steps;
if (copy_from_user(&a_ctrl->region_params,
(void *)set_info->af_tuning_params.region_params,
- a_ctrl->region_size * sizeof(struct region_params_t)))
+ a_ctrl->region_size * sizeof(struct region_params_t))) {
+ pr_err("Error copying region_params\n");
return -EFAULT;
-
+ }
if (a_ctrl->act_device_type == MSM_CAMERA_PLATFORM_DEVICE) {
cci_client = a_ctrl->i2c_client.cci_client;
cci_client->sid =
@@ -1199,6 +1251,7 @@ static int32_t msm_actuator_set_param(struct msm_actuator_ctrl_t *a_ctrl,
(a_ctrl->i2c_reg_tbl != NULL)) {
kfree(a_ctrl->i2c_reg_tbl);
}
+
a_ctrl->i2c_reg_tbl = NULL;
a_ctrl->i2c_reg_tbl =
kzalloc(sizeof(struct msm_camera_i2c_reg_array) *
@@ -1208,6 +1261,8 @@ static int32_t msm_actuator_set_param(struct msm_actuator_ctrl_t *a_ctrl,
return -ENOMEM;
}
+ a_ctrl->total_steps = set_info->af_tuning_params.total_steps;
+
if (copy_from_user(&a_ctrl->reg_tbl,
(void *)set_info->actuator_params.reg_tbl_params,
a_ctrl->reg_tbl_size *
diff --git a/drivers/misc/qcom/qdsp6v2/audio_hwacc_effects.c b/drivers/misc/qcom/qdsp6v2/audio_hwacc_effects.c
index abda82a7f8c0..42f4a67fc533 100644
--- a/drivers/misc/qcom/qdsp6v2/audio_hwacc_effects.c
+++ b/drivers/misc/qcom/qdsp6v2/audio_hwacc_effects.c
@@ -189,7 +189,6 @@ static int audio_effects_shared_ioctl(struct file *file, unsigned cmd,
pr_err("%s: Read buffer Allocation failed rc = %d\n",
__func__, rc);
rc = -ENOMEM;
- mutex_unlock(&effects->lock);
goto readbuf_fail;
}
atomic_set(&effects->out_count, effects->config.output.num_buf);
@@ -204,7 +203,6 @@ static int audio_effects_shared_ioctl(struct file *file, unsigned cmd,
if (rc < 0) {
pr_err("%s: pcm read block config failed\n", __func__);
rc = -EINVAL;
- mutex_unlock(&effects->lock);
goto cfg_fail;
}
pr_debug("%s: dec: sample_rate: %d, num_channels: %d, bit_width: %d\n",
@@ -219,7 +217,6 @@ static int audio_effects_shared_ioctl(struct file *file, unsigned cmd,
pr_err("%s: pcm write format block config failed\n",
__func__);
rc = -EINVAL;
- mutex_unlock(&effects->lock);
goto cfg_fail;
}
@@ -353,6 +350,7 @@ ioctl_fail:
readbuf_fail:
q6asm_audio_client_buf_free_contiguous(IN,
effects->ac);
+ mutex_unlock(&effects->lock);
return rc;
cfg_fail:
q6asm_audio_client_buf_free_contiguous(IN,
@@ -360,6 +358,7 @@ cfg_fail:
q6asm_audio_client_buf_free_contiguous(OUT,
effects->ac);
effects->buf_alloc = 0;
+ mutex_unlock(&effects->lock);
return rc;
}
diff --git a/drivers/platform/msm/msm_bus/msm_bus_dbg_voter.c b/drivers/platform/msm/msm_bus/msm_bus_dbg_voter.c
index 87e28bfddc69..5c613eeb7f11 100644
--- a/drivers/platform/msm/msm_bus/msm_bus_dbg_voter.c
+++ b/drivers/platform/msm/msm_bus/msm_bus_dbg_voter.c
@@ -27,6 +27,7 @@ struct msm_bus_floor_client_type {
};
static struct class *bus_floor_class;
+static DEFINE_RT_MUTEX(msm_bus_floor_vote_lock);
#define MAX_VOTER_NAME (50)
#define DEFAULT_NODE_WIDTH (8)
#define DBG_NAME(s) (strnstr(s, "-", 7) + 1)
@@ -64,18 +65,22 @@ static ssize_t bus_floor_active_only_store(struct device *dev,
{
struct msm_bus_floor_client_type *cl;
+ rt_mutex_lock(&msm_bus_floor_vote_lock);
cl = dev_get_drvdata(dev);
if (!cl) {
pr_err("%s: Can't find cl", __func__);
+ rt_mutex_unlock(&msm_bus_floor_vote_lock);
return 0;
}
if (sscanf(buf, "%d", &cl->active_only) != 1) {
pr_err("%s:return error", __func__);
+ rt_mutex_unlock(&msm_bus_floor_vote_lock);
return -EINVAL;
}
+ rt_mutex_unlock(&msm_bus_floor_vote_lock);
return n;
}
@@ -100,20 +105,24 @@ static ssize_t bus_floor_vote_store(struct device *dev,
struct msm_bus_floor_client_type *cl;
int ret = 0;
+ rt_mutex_lock(&msm_bus_floor_vote_lock);
cl = dev_get_drvdata(dev);
if (!cl) {
pr_err("%s: Can't find cl", __func__);
+ rt_mutex_unlock(&msm_bus_floor_vote_lock);
return 0;
}
if (sscanf(buf, "%llu", &cl->cur_vote_hz) != 1) {
pr_err("%s:return error", __func__);
+ rt_mutex_unlock(&msm_bus_floor_vote_lock);
return -EINVAL;
}
ret = msm_bus_floor_vote_context(dev_name(dev), cl->cur_vote_hz,
cl->active_only);
+ rt_mutex_unlock(&msm_bus_floor_vote_lock);
return n;
}
@@ -126,15 +135,18 @@ static ssize_t bus_floor_vote_store_api(struct device *dev,
char name[10];
u64 vote_khz = 0;
+ rt_mutex_lock(&msm_bus_floor_vote_lock);
cl = dev_get_drvdata(dev);
if (!cl) {
pr_err("%s: Can't find cl", __func__);
+ rt_mutex_unlock(&msm_bus_floor_vote_lock);
return 0;
}
if (sscanf(buf, "%9s %llu", name, &vote_khz) != 2) {
pr_err("%s:return error", __func__);
+ rt_mutex_unlock(&msm_bus_floor_vote_lock);
return -EINVAL;
}
name[9] = '\0';
@@ -143,6 +155,7 @@ static ssize_t bus_floor_vote_store_api(struct device *dev,
__func__, name, vote_khz);
ret = msm_bus_floor_vote(name, vote_khz);
+ rt_mutex_unlock(&msm_bus_floor_vote_lock);
return n;
}
diff --git a/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/HTT/htt.h b/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/HTT/htt.h
index c608cf59413a..129443fe84b2 100644
--- a/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/HTT/htt.h
+++ b/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/HTT/htt.h
@@ -6315,6 +6315,9 @@ PREPACK struct htt_txq_group {
#define HTT_TX_COMPL_IND_APPEND_GET(_info) \
(((_info) & HTT_TX_COMPL_IND_APPEND_M) >> HTT_TX_COMPL_IND_APPEND_S)
+#define HTT_TX_COMPL_HEAD_SZ 4
+#define HTT_TX_COMPL_BYTES_PER_MSDU_ID 2
+
#define HTT_TX_COMPL_CTXT_SZ sizeof(A_UINT16)
#define HTT_TX_COMPL_CTXT_NUM(_bytes) ((_bytes) >> 1)
diff --git a/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/HTT/htt_t2h.c b/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/HTT/htt_t2h.c
index e09636ad49fb..0c74af80d900 100644
--- a/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/HTT/htt_t2h.c
+++ b/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/HTT/htt_t2h.c
@@ -613,10 +613,26 @@ if (adf_os_unlikely(pdev->rx_ring.rx_reset)) {
{
int num_msdus;
enum htt_tx_status status;
+ int msg_len = adf_nbuf_len(htt_t2h_msg);
/* status - no enum translation needed */
status = HTT_TX_COMPL_IND_STATUS_GET(*msg_word);
num_msdus = HTT_TX_COMPL_IND_NUM_GET(*msg_word);
+
+ /*
+ * each desc id will occupy 2 bytes.
+ * the 4 is for htt msg header
+ */
+ if ((num_msdus * HTT_TX_COMPL_BYTES_PER_MSDU_ID +
+ HTT_TX_COMPL_HEAD_SZ) > msg_len) {
+ adf_os_print("%s: num_msdus(%d) is invalid,"
+ "adf_nbuf_len = %d\n",
+ __FUNCTION__,
+ num_msdus,
+ msg_len);
+ break;
+ }
+
if (num_msdus & 0x1) {
struct htt_tx_compl_ind_base *compl = (void *)msg_word;
@@ -685,8 +701,23 @@ if (adf_os_unlikely(pdev->rx_ring.rx_reset)) {
case HTT_T2H_MSG_TYPE_TX_INSPECT_IND:
{
int num_msdus;
+ int msg_len = adf_nbuf_len(htt_t2h_msg);
num_msdus = HTT_TX_COMPL_IND_NUM_GET(*msg_word);
+ /*
+ * each desc id will occupy 2 bytes.
+ * the 4 is for htt msg header
+ */
+ if ((num_msdus * HTT_TX_COMPL_BYTES_PER_MSDU_ID +
+ HTT_TX_COMPL_HEAD_SZ) > msg_len) {
+ adf_os_print("%s: num_msdus(%d) is invalid,"
+ "adf_nbuf_len = %d,inspect\n",
+ __FUNCTION__,
+ num_msdus,
+ msg_len);
+ break;
+ }
+
if (num_msdus & 0x1) {
struct htt_tx_compl_ind_base *compl = (void *)msg_word;
diff --git a/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_txrx.c b/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_txrx.c
index 8b35aa45abcd..94068d59fcb0 100644
--- a/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_txrx.c
+++ b/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_txrx.c
@@ -375,6 +375,9 @@ ol_txrx_pdev_attach(
TXRX_STATS_INIT(pdev);
TAILQ_INIT(&pdev->vdev_list);
+ TAILQ_INIT(&pdev->req_list);
+ pdev->req_list_depth = 0;
+ adf_os_spinlock_init(&pdev->req_list_spinlock);
/* do initial set up of the peer ID -> peer object lookup map */
if (ol_txrx_peer_find_attach(pdev)) {
@@ -901,8 +904,9 @@ A_STATUS ol_txrx_pdev_attach_target(ol_txrx_pdev_handle pdev)
void
ol_txrx_pdev_detach(ol_txrx_pdev_handle pdev, int force)
{
- int i;
+ int i = 0;
unsigned int page_idx;
+ struct ol_txrx_stats_req_internal *req;
/*checking to ensure txrx pdev structure is not NULL */
if (!pdev) {
@@ -915,6 +919,30 @@ ol_txrx_pdev_detach(ol_txrx_pdev_handle pdev, int force)
/* check that the pdev has no vdevs allocated */
TXRX_ASSERT1(TAILQ_EMPTY(&pdev->vdev_list));
+ adf_os_spin_lock_bh(&pdev->req_list_spinlock);
+ if (pdev->req_list_depth > 0)
+ TXRX_PRINT(TXRX_PRINT_LEVEL_ERR,
+ "Warning: the txrx req list is not empty, depth=%d\n",
+ pdev->req_list_depth
+ );
+ TAILQ_FOREACH(req, &pdev->req_list, req_list_elem) {
+ TAILQ_REMOVE(&pdev->req_list, req, req_list_elem);
+ pdev->req_list_depth--;
+ TXRX_PRINT(TXRX_PRINT_LEVEL_ERR,
+ "%d: %p,verbose(%d), concise(%d), up_m(0x%x), reset_m(0x%x)\n",
+ i++,
+ req,
+ req->base.print.verbose,
+ req->base.print.concise,
+ req->base.stats_type_upload_mask,
+ req->base.stats_type_reset_mask
+ );
+ adf_os_mem_free(req);
+ }
+ adf_os_spin_unlock_bh(&pdev->req_list_spinlock);
+
+ adf_os_spinlock_destroy(&pdev->req_list_spinlock);
+
OL_RX_REORDER_TIMEOUT_CLEANUP(pdev);
if (ol_cfg_is_high_latency(pdev->ctrl_pdev)) {
@@ -1977,12 +2005,6 @@ void ol_txrx_print_level_set(unsigned level)
#endif
}
-struct ol_txrx_stats_req_internal {
- struct ol_txrx_stats_req base;
- int serviced; /* state of this request */
- int offset;
-};
-
static inline
u_int64_t OL_TXRX_STATS_PTR_TO_U64(struct ol_txrx_stats_req_internal *req)
{
@@ -2044,6 +2066,11 @@ ol_txrx_fw_stats_get(
/* use the non-volatile request object's address as the cookie */
cookie = OL_TXRX_STATS_PTR_TO_U64(non_volatile_req);
+ adf_os_spin_lock_bh(&pdev->req_list_spinlock);
+ TAILQ_INSERT_TAIL(&pdev->req_list, non_volatile_req, req_list_elem);
+ pdev->req_list_depth++;
+ adf_os_spin_unlock_bh(&pdev->req_list_spinlock);
+
if (htt_h2t_dbg_stats_get(
pdev->htt_pdev,
req->stats_type_upload_mask,
@@ -2051,14 +2078,15 @@ ol_txrx_fw_stats_get(
HTT_H2T_STATS_REQ_CFG_STAT_TYPE_INVALID, 0,
cookie))
{
+ adf_os_spin_lock_bh(&pdev->req_list_spinlock);
+ TAILQ_REMOVE(&pdev->req_list, non_volatile_req, req_list_elem);
+ pdev->req_list_depth--;
+ adf_os_spin_unlock_bh(&pdev->req_list_spinlock);
+
adf_os_mem_free(non_volatile_req);
return A_ERROR;
}
- if (req->wait.blocking) {
- while (adf_os_mutex_acquire(pdev->osdev, req->wait.sem_ptr)) {}
- }
-
return A_OK;
}
#endif
@@ -2072,11 +2100,27 @@ ol_txrx_fw_stats_handler(
enum htt_dbg_stats_status status;
int length;
u_int8_t *stats_data;
- struct ol_txrx_stats_req_internal *req;
+ struct ol_txrx_stats_req_internal *req, *tmp;
int more = 0;
+ int found = 0;
req = OL_TXRX_U64_TO_STATS_PTR(cookie);
+ adf_os_spin_lock_bh(&pdev->req_list_spinlock);
+ TAILQ_FOREACH(tmp, &pdev->req_list, req_list_elem) {
+ if (req == tmp) {
+ found = 1;
+ break;
+ }
+ }
+ adf_os_spin_unlock_bh(&pdev->req_list_spinlock);
+
+ if (!found) {
+ TXRX_PRINT(TXRX_PRINT_LEVEL_ERR,
+ "req(%p) from firmware can't be found in the list\n", req);
+ return;
+ }
+
do {
htt_t2h_dbg_stats_hdr_parse(
stats_info_list, &type, &status, &length, &stats_data);
@@ -2200,10 +2244,16 @@ ol_txrx_fw_stats_handler(
} while (1);
if (! more) {
- if (req->base.wait.blocking) {
- adf_os_mutex_release(pdev->osdev, req->base.wait.sem_ptr);
+ adf_os_spin_lock_bh(&pdev->req_list_spinlock);
+ TAILQ_FOREACH(tmp, &pdev->req_list, req_list_elem) {
+ if (req == tmp) {
+ TAILQ_REMOVE(&pdev->req_list, req, req_list_elem);
+ pdev->req_list_depth--;
+ adf_os_mem_free(req);
+ break;
+ }
}
- adf_os_mem_free(req);
+ adf_os_spin_unlock_bh(&pdev->req_list_spinlock);
}
}
diff --git a/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_txrx_types.h b/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_txrx_types.h
index beee134bedd7..3ccd9f54c7bd 100644
--- a/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_txrx_types.h
+++ b/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_txrx_types.h
@@ -540,6 +540,10 @@ struct ol_txrx_pdev_t {
/* ol_txrx_vdev list */
TAILQ_HEAD(, ol_txrx_vdev_t) vdev_list;
+ TAILQ_HEAD(, ol_txrx_stats_req_internal) req_list;
+ int req_list_depth;
+ adf_os_spinlock_t req_list_spinlock;
+
/* peer ID to peer object map (array of pointers to peer objects) */
struct ol_txrx_peer_t **peer_id_to_obj_map;
diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_assoc.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_assoc.c
index 2991836b49ec..e4ef0ef99ed7 100644
--- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_assoc.c
+++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_assoc.c
@@ -4272,6 +4272,7 @@ static tANI_S32 hdd_ProcessGENIE(hdd_adapter_t *pAdapter,
tDot11fIERSN dot11RSNIE;
tDot11fIEWPA dot11WPAIE;
tANI_U32 i;
+ tANI_U32 status;
tANI_U8 *pRsnIe;
tANI_U16 RSNIeLen;
tPmkidCacheInfo PMKIDCache[4]; // Local transfer memory
@@ -4297,10 +4298,17 @@ static tANI_S32 hdd_ProcessGENIE(hdd_adapter_t *pAdapter,
pRsnIe = gen_ie + 2;
RSNIeLen = gen_ie_len - 2;
// Unpack the RSN IE
- dot11fUnpackIeRSN((tpAniSirGlobal) halHandle,
+ status = dot11fUnpackIeRSN((tpAniSirGlobal) halHandle,
pRsnIe,
RSNIeLen,
&dot11RSNIE);
+ if (DOT11F_FAILED(status))
+ {
+ hddLog(LOGE,
+ FL("Parse failure in hdd_ProcessGENIE (0x%08x)"),
+ status);
+ return -EINVAL;
+ }
// Copy out the encryption and authentication types
hddLog(LOG1, FL("%s: pairwise cipher suite count: %d"),
__func__, dot11RSNIE.pwise_cipher_suite_count );
diff --git a/drivers/staging/qcacld-2.0/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c b/drivers/staging/qcacld-2.0/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c
index a00327363d16..0c106d8d781f 100644
--- a/drivers/staging/qcacld-2.0/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c
+++ b/drivers/staging/qcacld-2.0/CORE/MAC/src/pe/lim/limProcessProbeReqFrame.c
@@ -727,6 +727,10 @@ limSendSmeProbeReqInd(tpAniSirGlobal pMac,
MTRACE(macTrace(pMac, TRACE_CODE_TX_SME_MSG, psessionEntry->peSessionId,
msgQ.type));
+
+ if (ProbeReqIELen > sizeof(pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIE))
+ ProbeReqIELen = sizeof(pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIE);
+
pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIELen = (tANI_U16)ProbeReqIELen;
vos_mem_copy(pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIE, pProbeReqIE, ProbeReqIELen);
diff --git a/drivers/staging/qcacld-2.0/CORE/SAP/src/sapChSelect.c b/drivers/staging/qcacld-2.0/CORE/SAP/src/sapChSelect.c
index ac74e57c6100..09694b47a309 100644
--- a/drivers/staging/qcacld-2.0/CORE/SAP/src/sapChSelect.c
+++ b/drivers/staging/qcacld-2.0/CORE/SAP/src/sapChSelect.c
@@ -767,7 +767,9 @@ v_U32_t sapweightRssiCount(v_S7_t rssi, v_U16_t count)
SIDE EFFECTS
============================================================================*/
-void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
+void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh,
+ tSapSpectChInfo *spect_ch_strt_addr,
+ tSapSpectChInfo *spect_ch_end_addr)
{
tSapSpectChInfo *pExtSpectCh = NULL;
v_S31_t rssi;
@@ -783,7 +785,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
{
case CHANNEL_1:
pExtSpectCh = (pSpectCh + 1);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -796,7 +800,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 2);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -809,7 +815,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 3);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -822,7 +830,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 4);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -838,7 +848,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
case CHANNEL_2:
pExtSpectCh = (pSpectCh - 1);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -851,7 +863,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 1);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -864,7 +878,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 2);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -877,7 +893,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 3);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -890,7 +908,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 4);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -905,7 +925,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
break;
case CHANNEL_3:
pExtSpectCh = (pSpectCh - 2);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -918,7 +940,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 1);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -931,7 +955,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 1);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -944,7 +970,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 2);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -957,7 +985,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 3);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -970,7 +1000,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 4);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -985,7 +1017,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
break;
case CHANNEL_4:
pExtSpectCh = (pSpectCh - 3);
- if(pExtSpectCh != NULL)
+ if(pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -998,7 +1032,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 2);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1011,7 +1047,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 1);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1024,7 +1062,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 1);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1037,7 +1077,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 2);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1050,7 +1092,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 3);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1063,7 +1107,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 4);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1084,7 +1130,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
case CHANNEL_9:
case CHANNEL_10:
pExtSpectCh = (pSpectCh - 4);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1097,7 +1145,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 3);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1110,7 +1160,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 2);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1123,7 +1175,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 1);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1136,7 +1190,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 1);
- if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14))
+ if ((pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr)))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1149,7 +1205,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 2);
- if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14))
+ if ((pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr)))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1162,7 +1220,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 3);
- if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14))
+ if ((pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr)))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1175,7 +1235,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 4);
- if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14))
+ if ((pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr)))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1191,7 +1253,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
case CHANNEL_11:
pExtSpectCh = (pSpectCh - 4);
- if(pExtSpectCh != NULL)
+ if(pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1205,7 +1269,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
}
pExtSpectCh = (pSpectCh - 3);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1218,7 +1284,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 2);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1231,7 +1299,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 1);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1244,7 +1314,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 1);
- if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14))
+ if ((pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr)))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1257,7 +1329,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 2);
- if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14))
+ if ((pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr)))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1270,7 +1344,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 3);
- if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14))
+ if ((pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr)))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1286,7 +1362,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
case CHANNEL_12:
pExtSpectCh = (pSpectCh - 4);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1300,7 +1378,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
}
pExtSpectCh = (pSpectCh - 3);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1313,7 +1393,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 2);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1326,7 +1408,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 1);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1339,7 +1423,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 1);
- if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14))
+ if ((pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr)))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1352,7 +1438,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 2);
- if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14))
+ if ((pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr)))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1368,7 +1456,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
case CHANNEL_13:
pExtSpectCh = (pSpectCh - 4);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1382,7 +1472,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
}
pExtSpectCh = (pSpectCh - 3);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1395,7 +1487,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 2);
- if(pExtSpectCh != NULL)
+ if(pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1408,7 +1502,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 1);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1421,7 +1517,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 1);
- if ((pExtSpectCh != NULL) && (pExtSpectCh->chNum <= CHANNEL_14))
+ if ((pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr)))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1437,7 +1535,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
case CHANNEL_14:
pExtSpectCh = (pSpectCh - 1);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1450,7 +1550,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 2);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1463,7 +1565,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 3);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1476,7 +1580,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 4);
- if (pExtSpectCh != NULL)
+ if (pExtSpectCh != NULL &&
+ (pExtSpectCh >= spect_ch_strt_addr &&
+ pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr +
@@ -1847,7 +1953,8 @@ void sapComputeSpectWeight( tSapChSelSpectInfo* pSpectInfoParams,
if(operatingBand == eCSR_DOT11_MODE_11g)
{
- sapInterferenceRssiCount(pSpectCh);
+ sapInterferenceRssiCount(pSpectCh, pSpectChStartAddr,
+ pSpectChEndAddr);
}
VOS_TRACE(VOS_MODULE_ID_SAP, VOS_TRACE_LEVEL_INFO_HIGH,
diff --git a/drivers/staging/qcacld-2.0/CORE/SERVICES/COMMON/ol_txrx_dbg.h b/drivers/staging/qcacld-2.0/CORE/SERVICES/COMMON/ol_txrx_dbg.h
index 7309db33dc86..517bf5f4b317 100644
--- a/drivers/staging/qcacld-2.0/CORE/SERVICES/COMMON/ol_txrx_dbg.h
+++ b/drivers/staging/qcacld-2.0/CORE/SERVICES/COMMON/ol_txrx_dbg.h
@@ -76,6 +76,13 @@ struct ol_txrx_stats_req {
} wait;
};
+struct ol_txrx_stats_req_internal {
+ struct ol_txrx_stats_req base;
+ TAILQ_ENTRY(ol_txrx_stats_req_internal) req_list_elem;
+ int serviced; /* state of this request */
+ int offset;
+};
+
#ifndef TXRX_DEBUG_LEVEL
#define TXRX_DEBUG_LEVEL 0 /* no debug info */
#endif
diff --git a/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c b/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c
index c3a9e89ba98d..010db5898cd4 100644
--- a/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c
+++ b/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2016 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2013-2018 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -493,7 +493,7 @@ static bool wma_is_vdev_in_ap_mode(tp_wma_handle wma, u_int8_t vdev_id)
{
struct wma_txrx_node *intf = wma->interfaces;
- if (vdev_id > wma->max_bssid) {
+ if (vdev_id >= wma->max_bssid) {
WMA_LOGP("%s: Invalid vdev_id %hu", __func__, vdev_id);
VOS_ASSERT(0);
return false;
@@ -519,7 +519,7 @@ static bool wma_is_vdev_in_ibss_mode(tp_wma_handle wma, u_int8_t vdev_id)
{
struct wma_txrx_node *intf = wma->interfaces;
- if (vdev_id > wma->max_bssid) {
+ if (vdev_id >= wma->max_bssid) {
WMA_LOGP("%s: Invalid vdev_id %hu", __func__, vdev_id);
VOS_ASSERT(0);
return false;
@@ -1294,9 +1294,15 @@ static int wma_vdev_start_rsp_ind(tp_wma_handle wma, u_int8_t *buf)
return -EINVAL;
}
+ if (resp_event->vdev_id >= wma->max_bssid) {
+ WMA_LOGE("%s: received invalid vdev_id %d",
+ __func__, resp_event->vdev_id);
+ return -EINVAL;
+ }
+
iface = &wma->interfaces[resp_event->vdev_id];
- if ((resp_event->vdev_id <= wma->max_bssid) &&
+ if ((resp_event->vdev_id < wma->max_bssid) &&
(adf_os_atomic_read(
&wma->interfaces[resp_event->vdev_id].vdev_restart_params.hidden_ssid_restart_in_progress)) &&
(wma_is_vdev_in_ap_mode(wma, resp_event->vdev_id) == true)) {
@@ -1889,7 +1895,7 @@ static void wma_delete_all_ibss_peers(tp_wma_handle wma, A_UINT32 vdev_id)
ol_txrx_vdev_handle vdev;
ol_txrx_peer_handle peer, temp;
- if (!wma || vdev_id > wma->max_bssid)
+ if (!wma || vdev_id >= wma->max_bssid)
return;
vdev = wma->interfaces[vdev_id].handle;
@@ -1931,7 +1937,7 @@ static void wma_delete_all_ap_remote_peers(tp_wma_handle wma, A_UINT32 vdev_id)
ol_txrx_vdev_handle vdev;
ol_txrx_peer_handle peer, temp;
- if (!wma || vdev_id > wma->max_bssid)
+ if (!wma || vdev_id >= wma->max_bssid)
return;
vdev = wma->interfaces[vdev_id].handle;
@@ -2190,7 +2196,7 @@ static int wma_vdev_stop_ind(tp_wma_handle wma, u_int8_t *buf)
resp_event = (wmi_vdev_stopped_event_fixed_param *)buf;
- if ((resp_event->vdev_id <= wma->max_bssid) &&
+ if ((resp_event->vdev_id < wma->max_bssid) &&
(adf_os_atomic_read(&wma->interfaces[resp_event->vdev_id].vdev_restart_params.hidden_ssid_restart_in_progress)) &&
((wma->interfaces[resp_event->vdev_id].type == WMI_VDEV_TYPE_AP) &&
(wma->interfaces[resp_event->vdev_id].sub_type == 0))) {
@@ -2229,7 +2235,7 @@ static int wma_vdev_stop_ind(tp_wma_handle wma, u_int8_t *buf)
tpDeleteBssParams params =
(tpDeleteBssParams)req_msg->user_data;
struct beacon_info *bcn;
- if (resp_event->vdev_id > wma->max_bssid) {
+ if (resp_event->vdev_id >= wma->max_bssid) {
WMA_LOGE("%s: Invalid vdev_id %d", __func__,
resp_event->vdev_id);
vos_mem_free(params);
@@ -3935,6 +3941,11 @@ static int wma_extscan_hotlist_match_event_handler(void *handle,
dest_ap->ieLength = src_hotlist-> ie_length;
WMI_MAC_ADDR_TO_CHAR_ARRAY(&src_hotlist->bssid,
dest_ap->bssid);
+ if (src_hotlist->ssid.ssid_len > SIR_MAC_MAX_SSID_LENGTH) {
+ WMA_LOGE("%s Invalid SSID len %d, truncating",
+ __func__, src_hotlist->ssid.ssid_len);
+ src_hotlist->ssid.ssid_len = SIR_MAC_MAX_SSID_LENGTH;
+ }
vos_mem_copy(dest_ap->ssid, src_hotlist->ssid.ssid,
src_hotlist->ssid.ssid_len);
dest_ap->ssid[src_hotlist->ssid.ssid_len] = '\0';
@@ -4109,6 +4120,13 @@ static int wma_group_num_bss_to_scan_id(const u_int8_t *cmd_param_info,
WMI_MAC_ADDR_TO_CHAR_ARRAY(&src_hotlist->bssid,
ap->bssid);
+ if (src_hotlist->ssid.ssid_len >
+ SIR_MAC_MAX_SSID_LENGTH) {
+ WMA_LOGD("%s Invalid SSID len %d, truncating",
+ __func__, src_hotlist->ssid.ssid_len);
+ src_hotlist->ssid.ssid_len =
+ SIR_MAC_MAX_SSID_LENGTH;
+ }
vos_mem_copy(ap->ssid, src_hotlist->ssid.ssid,
src_hotlist->ssid.ssid_len);
ap->ssid[src_hotlist->ssid.ssid_len] = '\0';
@@ -4421,10 +4439,13 @@ static int wma_passpoint_match_event_handler(void *handle,
WMA_SVC_MSG_MAX_SIZE) {
WMA_LOGE("IE Length: %d or ANQP Length: %d is huge",
event->ie_length, event->anqp_length);
- VOS_ASSERT(0);
return -EINVAL;
}
-
+ if (event->ssid.ssid_len > SIR_MAC_MAX_SSID_LENGTH) {
+ WMA_LOGD("%s: Invalid ssid len %d, truncating",
+ __func__, event->ssid.ssid_len);
+ event->ssid.ssid_len = SIR_MAC_MAX_SSID_LENGTH;
+ }
dest_match = vos_mem_malloc(sizeof(*dest_match) +
event->ie_length + event->anqp_length);
if (!dest_match) {
@@ -4516,6 +4537,11 @@ static int wma_unified_link_iface_stats_event_handler(void *handle,
WMA_LOGA("%s: Invalid param_tlvs for Iface Stats", __func__);
return -EINVAL;
}
+ if (link_stats->num_ac > WIFI_AC_MAX) {
+ WMA_LOGE("%s: Excess data received from firmware num_ac %d",
+ __func__, link_stats->num_ac);
+ return -EINVAL;
+ }
link_stats_size = sizeof(tSirWifiIfaceStat);
iface_info_size = sizeof(tSirWifiInterfaceInfo);
@@ -9805,7 +9831,7 @@ VOS_STATUS wma_start_scan(tp_wma_handle wma_handle,
int len;
tSirScanOffloadEvent *scan_event;
- if (scan_req->sessionId > wma_handle->max_bssid) {
+ if (scan_req->sessionId >= wma_handle->max_bssid) {
WMA_LOGE("%s: Invalid vdev_id %d, msg_type : 0x%x", __func__,
scan_req->sessionId, msg_type);
goto error1;
@@ -12712,7 +12738,7 @@ void wma_vdev_resp_timer(void *data)
struct beacon_info *bcn;
struct wma_txrx_node *iface;
- if (tgt_req->vdev_id > wma->max_bssid) {
+ if (tgt_req->vdev_id >= wma->max_bssid) {
WMA_LOGE("%s: Invalid vdev_id %d", __func__,
tgt_req->vdev_id);
vos_mem_free(params);
@@ -23142,7 +23168,7 @@ static VOS_STATUS wma_wow_enter(tp_wma_handle wma,
WMA_LOGD("wow enable req received for vdev id: %d", info->sessionId);
- if (info->sessionId > wma->max_bssid) {
+ if (info->sessionId >= wma->max_bssid) {
WMA_LOGE("Invalid vdev id (%d)", info->sessionId);
vos_mem_free(info);
return VOS_STATUS_E_INVAL;
@@ -23169,7 +23195,7 @@ static VOS_STATUS wma_wow_exit(tp_wma_handle wma,
WMA_LOGD("wow disable req received for vdev id: %d", info->sessionId);
- if (info->sessionId > wma->max_bssid) {
+ if (info->sessionId >= wma->max_bssid) {
WMA_LOGE("Invalid vdev id (%d)", info->sessionId);
vos_mem_free(info);
return VOS_STATUS_E_INVAL;
@@ -23202,7 +23228,7 @@ static VOS_STATUS wma_suspend_req(tp_wma_handle wma, tpSirWlanSuspendParam info)
wma->no_of_suspend_ind++;
- if (info->sessionId > wma->max_bssid) {
+ if (info->sessionId >= wma->max_bssid) {
WMA_LOGE("Invalid vdev id (%d)", info->sessionId);
vos_mem_free(info);
return VOS_STATUS_E_INVAL;
diff --git a/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma_nan_datapath.c b/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma_nan_datapath.c
index c2cd54c2c268..6dccfcc7a9e3 100644
--- a/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma_nan_datapath.c
+++ b/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma_nan_datapath.c
@@ -490,7 +490,7 @@ void wma_delete_all_nan_remote_peers(tp_wma_handle wma, uint32_t vdev_id)
ol_txrx_vdev_handle vdev;
ol_txrx_peer_handle peer, temp;
- if (!wma || vdev_id > wma->max_bssid)
+ if (!wma || vdev_id >= wma->max_bssid)
return;
vdev = wma->interfaces[vdev_id].handle;
diff --git a/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/include/pktlog_ac_api.h b/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/include/pktlog_ac_api.h
index a30aaab2b07b..5fdc83c575b5 100644
--- a/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/include/pktlog_ac_api.h
+++ b/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/include/pktlog_ac_api.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2013 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2017 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -72,7 +72,7 @@ struct ath_pktlog_info {
/* Size of buffer in bytes */
int32_t buf_size;
spinlock_t log_lock;
-
+ struct mutex pktlog_mutex;
/* Threshold of TCP SACK packets for triggered stop */
int sack_thr;
diff --git a/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/linux_ac.c b/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/linux_ac.c
index ec61b77e827c..6054306de0f5 100644
--- a/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/linux_ac.c
+++ b/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/linux_ac.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2016 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -78,6 +78,8 @@ static struct ath_pktlog_info *g_pktlog_info;
static struct proc_dir_entry *g_pktlog_pde;
+static DEFINE_MUTEX(proc_mutex);
+
static int pktlog_attach(struct ol_softc *sc);
static void pktlog_detach(struct ol_softc *sc);
static int pktlog_open(struct inode *i, struct file *f);
@@ -120,6 +122,7 @@ int pktlog_alloc_buf(struct ol_softc *scn)
unsigned long vaddr;
struct page *vpg;
struct ath_pktlog_info *pl_info;
+ struct ath_pktlog_buf *buffer;
if (!scn || !scn->pdev_txrx_handle->pl_dev) {
printk(PKTLOG_TAG
@@ -133,19 +136,28 @@ int pktlog_alloc_buf(struct ol_softc *scn)
page_cnt = (sizeof(*(pl_info->buf)) + pl_info->buf_size) / PAGE_SIZE;
- if ((pl_info->buf = vmalloc((page_cnt + 2) * PAGE_SIZE)) == NULL) {
+ spin_lock_bh(&pl_info->log_lock);
+ if(pl_info->buf != NULL) {
+ printk("Buffer is already in use\n");
+ spin_unlock_bh(&pl_info->log_lock);
+ return -EINVAL;
+ }
+ spin_unlock_bh(&pl_info->log_lock);
+
+ if ((buffer = vmalloc((page_cnt + 2) * PAGE_SIZE)) == NULL) {
printk(PKTLOG_TAG
"%s: Unable to allocate buffer "
"(%d pages)\n", __func__, page_cnt);
return -ENOMEM;
}
- pl_info->buf = (struct ath_pktlog_buf *)
- (((unsigned long) (pl_info->buf) + PAGE_SIZE - 1)
+
+ buffer = (struct ath_pktlog_buf *)
+ (((unsigned long) (buffer) + PAGE_SIZE - 1)
& PAGE_MASK);
- for (vaddr = (unsigned long) (pl_info->buf);
- vaddr < ((unsigned long) (pl_info->buf) + (page_cnt * PAGE_SIZE));
+ for (vaddr = (unsigned long) (buffer);
+ vaddr < ((unsigned long) (buffer) + (page_cnt * PAGE_SIZE));
vaddr += PAGE_SIZE) {
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25))
vpg = vmalloc_to_page((const void *) vaddr);
@@ -155,6 +167,12 @@ int pktlog_alloc_buf(struct ol_softc *scn)
SetPageReserved(vpg);
}
+ spin_lock_bh(&pl_info->log_lock);
+ if(pl_info->buf != NULL)
+ pktlog_release_buf(scn);
+
+ pl_info->buf = buffer;
+ spin_unlock_bh(&pl_info->log_lock);
return 0;
}
@@ -198,6 +216,7 @@ pktlog_cleanup(struct ath_pktlog_info *pl_info)
{
pl_info->log_state = 0;
PKTLOG_LOCK_DESTROY(pl_info);
+ mutex_destroy(&pl_info->pktlog_mutex);
}
/* sysctl procfs handler to enable pktlog */
@@ -209,9 +228,11 @@ ATH_SYSCTL_DECL(ath_sysctl_pktlog_enable, ctl, write, filp, buffer, lenp,
ol_ath_generic_softc_handle scn;
struct ol_pktlog_dev_t *pl_dev;
+ mutex_lock(&proc_mutex);
scn = (ol_ath_generic_softc_handle) ctl->extra1;
if (!scn) {
+ mutex_unlock(&proc_mutex);
printk("%s: Invalid scn context\n", __func__);
ASSERT(0);
return -EINVAL;
@@ -220,6 +241,7 @@ ATH_SYSCTL_DECL(ath_sysctl_pktlog_enable, ctl, write, filp, buffer, lenp,
pl_dev = get_pl_handle((struct ol_softc *)scn);
if (!pl_dev) {
+ mutex_unlock(&proc_mutex);
printk("%s: Invalid pktlog context\n", __func__);
ASSERT(0);
return -ENODEV;
@@ -249,6 +271,7 @@ ATH_SYSCTL_DECL(ath_sysctl_pktlog_enable, ctl, write, filp, buffer, lenp,
ctl->data = NULL;
ctl->maxlen = 0;
+ mutex_unlock(&proc_mutex);
return ret;
}
@@ -266,9 +289,11 @@ ATH_SYSCTL_DECL(ath_sysctl_pktlog_size, ctl, write, filp, buffer, lenp,
ol_ath_generic_softc_handle scn;
struct ol_pktlog_dev_t *pl_dev;
+ mutex_lock(&proc_mutex);
scn = (ol_ath_generic_softc_handle) ctl->extra1;
if (!scn) {
+ mutex_unlock(&proc_mutex);
printk("%s: Invalid scn context\n", __func__);
ASSERT(0);
return -EINVAL;
@@ -277,6 +302,7 @@ ATH_SYSCTL_DECL(ath_sysctl_pktlog_size, ctl, write, filp, buffer, lenp,
pl_dev = get_pl_handle((struct ol_softc *)scn);
if (!pl_dev) {
+ mutex_unlock(&proc_mutex);
printk("%s: Invalid pktlog handle\n", __func__);
ASSERT(0);
return -ENODEV;
@@ -301,6 +327,7 @@ ATH_SYSCTL_DECL(ath_sysctl_pktlog_size, ctl, write, filp, buffer, lenp,
ctl->data = NULL;
ctl->maxlen = 0;
+ mutex_unlock(&proc_mutex);
return ret;
}
@@ -732,7 +759,7 @@ rd_done:
}
static ssize_t
-pktlog_read(struct file *file, char *buf, size_t nbytes, loff_t *ppos)
+__pktlog_read(struct file *file, char *buf, size_t nbytes, loff_t *ppos)
{
size_t bufhdr_size;
size_t count = 0, ret_val = 0;
@@ -870,6 +897,24 @@ rd_done:
return ret_val;
}
+static ssize_t
+pktlog_read(struct file *file, char *buf, size_t nbytes, loff_t *ppos)
+{
+ size_t ret_val = 0;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,0)
+ struct ath_pktlog_info *pl_info = (struct ath_pktlog_info *)
+ PDE_DATA(file->f_path.dentry->d_inode);
+#else
+ struct proc_dir_entry *proc_entry = PDE(file->f_dentry->d_inode);
+ struct ath_pktlog_info *pl_info = (struct ath_pktlog_info *)
+ proc_entry->data;
+#endif
+ mutex_lock(&pl_info->pktlog_mutex);
+ ret_val = __pktlog_read(file, buf, nbytes, ppos);
+ mutex_unlock(&pl_info->pktlog_mutex);
+ return ret_val;
+}
+
#ifndef VMALLOC_VMADDR
#define VMALLOC_VMADDR(x) ((unsigned long)(x))
#endif
diff --git a/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/pktlog_ac.c b/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/pktlog_ac.c
index 542ff90ba595..cad8b0e1aedd 100644
--- a/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/pktlog_ac.c
+++ b/drivers/staging/qcacld-2.0/CORE/UTILS/PKTLOG/pktlog_ac.c
@@ -280,6 +280,7 @@ pktlog_init(struct ol_softc *scn)
OS_MEMZERO(pl_info, sizeof(*pl_info));
PKTLOG_LOCK_INIT(pl_info);
+ mutex_init(&pl_info->pktlog_mutex);
pl_info->buf_size = PKTLOG_DEFAULT_BUFSIZE;
pl_info->buf = NULL;
@@ -301,8 +302,9 @@ pktlog_init(struct ol_softc *scn)
PKTLOG_RCUPDATE_SUBSCRIBER.callback = pktlog_callback;
}
-int
-pktlog_enable(struct ol_softc *scn, int32_t log_state)
+
+static int
+__pktlog_enable(struct ol_softc *scn, int32_t log_state)
{
struct ol_pktlog_dev_t *pl_dev;
struct ath_pktlog_info *pl_info;
@@ -392,8 +394,39 @@ pktlog_enable(struct ol_softc *scn, int32_t log_state)
#define ONE_MEGABYTE (1024 * 1024)
#define MAX_ALLOWED_PKTLOG_SIZE (16 * ONE_MEGABYTE)
-int
-pktlog_setsize(struct ol_softc *scn, int32_t size)
+int pktlog_enable(struct ol_softc *scn, int32_t log_state)
+{
+ struct ol_pktlog_dev_t *pl_dev;
+ struct ath_pktlog_info *pl_info;
+ int error;
+
+ if (!scn) {
+ printk("%s: Invalid scn context\n", __func__);
+ ASSERT(0);
+ return A_ERROR;
+ }
+
+ pl_dev = scn->pdev_txrx_handle->pl_dev;
+ if (!pl_dev) {
+ printk("%s: Invalid pktlog context\n", __func__);
+ ASSERT(0);
+ return A_ERROR;
+ }
+
+ pl_info = pl_dev->pl_info;
+
+ if (!pl_info)
+ return 0;
+
+ mutex_lock(&pl_info->pktlog_mutex);
+ error = __pktlog_enable(scn, log_state);
+ mutex_unlock(&pl_info->pktlog_mutex);
+ return error;
+}
+
+
+static int
+__pktlog_setsize(struct ol_softc *scn, int32_t size)
{
struct ol_pktlog_dev_t *pl_dev = scn->pdev_txrx_handle->pl_dev;
struct ath_pktlog_info *pl_info = pl_dev->pl_info;
@@ -424,4 +457,25 @@ pktlog_setsize(struct ol_softc *scn, int32_t size)
return 0;
}
+int
+pktlog_setsize(struct ol_softc *scn, int32_t size)
+{
+ struct ol_pktlog_dev_t *pl_dev;
+ struct ath_pktlog_info *pl_info;
+ int status;
+
+ if (!scn) {
+ printk("%s: Invalid scn context\n", __func__);
+ ASSERT(0);
+ return A_ERROR;
+ }
+
+ pl_dev = scn->pdev_txrx_handle->pl_dev;
+ pl_info = pl_dev->pl_info;
+
+ mutex_lock(&pl_info->pktlog_mutex);
+ status = __pktlog_setsize(scn, size);
+ mutex_unlock(&pl_info->pktlog_mutex);
+ return status;
+}
#endif /* REMOVE_PKT_LOG */
diff --git a/drivers/video/msm/mdss/mdss_mdp_util.c b/drivers/video/msm/mdss/mdss_mdp_util.c
index 30a960d32923..936b72b6e72f 100644
--- a/drivers/video/msm/mdss/mdss_mdp_util.c
+++ b/drivers/video/msm/mdss/mdss_mdp_util.c
@@ -438,6 +438,8 @@ int mdss_mdp_get_plane_sizes(u32 format, u32 w, u32 h,
if (ps == NULL)
return -EINVAL;
+ memset(ps, 0, sizeof(struct mdss_mdp_plane_sizes));
+
if ((w > MAX_IMG_WIDTH) || (h > MAX_IMG_HEIGHT))
return -ERANGE;
@@ -446,7 +448,6 @@ int mdss_mdp_get_plane_sizes(u32 format, u32 w, u32 h,
return -EINVAL;
bpp = fmt->bpp;
- memset(ps, 0, sizeof(struct mdss_mdp_plane_sizes));
if (bwc_mode) {
u32 height, meta_size;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-21 14:06:48 +0000