diff options
| author | Damon Kim <taekhun.kim@broadcom.corp-partner.google.com> | 2022-06-02 17:59:16 +0900 |
|---|---|---|
| committer | Roger Wang <wangroger@google.com> | 2022-11-14 07:43:42 +0000 |
| commit | 8cb56c4fd716df5848352043986a0cf53d615c92 (patch) | |
| tree | 4762f1f586a6dafd55414825e15ad11703a1f1fd | |
| parent | 40f2f718afa50ea028c35217daa8efd8249f127f (diff) | |
| download | bcm4389-8cb56c4fd716df5848352043986a0cf53d615c92.tar.gz | |
bcmdhd: Added protection logic to avoid unwanted KP at roam scan completion contextandroid-t-qpr2-beta-1_r0.5android-t-qpr2-beta-1_r0.4android-gs-raviole-5.10-t-qpr2-beta-1android-gs-bluejay-5.10-t-qpr2-beta-1
KP happened due to out-of-index accessing during roam scan completion.
According to the host ramdump, all of data(roam_log_scan_cmplt_v2_t *) looks corrupted.
There are several possibilities:
- Dongle send-up the wrong information.
- Host driver parsed the event data incorrectly.
- Memory doesn't update properly by the abnormal DMA operation.
However, we have nothing to check more as of now due to a lack of debug info.
So, we assume that FW sent the wrong data to the host(not sure),
and we'd like to add a protection code to avoid KP if it comes again.
Even though the memory corrupted again in the same path, KP will not happen if this protection code is applied.
Bug: 233622771
Test: Any issue is not seen during basic sanity
Signed-off-by: Damon Kim <taekhun.kim@broadcom.corp-partner.google.com>
Change-Id: I040ba05d5c390abf0cbc2b09ca35df1b975fb580
| -rw-r--r-- | dhd_debug.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/dhd_debug.c b/dhd_debug.c index 392844b..79878a4 100644 --- a/dhd_debug.c +++ b/dhd_debug.c @@ -2863,6 +2863,7 @@ void pr_roam_scan_cmpl_v2(prcd_event_log_hdr_t *plog_hdr) int i; roam_log_scan_cmplt_v2_t *log = (roam_log_scan_cmplt_v2_t *)plog_hdr->log_ptr; char chanspec_buf[CHANSPEC_STR_LEN]; + uint8 scan_list_size; DHD_ERROR_ROAM(("ROAM_LOG_SCAN_CMPL: time:%d version:%d" "scan_count:%d score_delta:%d\n", @@ -2873,7 +2874,9 @@ void pr_roam_scan_cmpl_v2(prcd_event_log_hdr_t *plog_hdr) log->cur_info.rssi, log->cur_info.score, wf_chspec_ntoa_ex(log->cur_info.chanspec, chanspec_buf))); - for (i = 0; i < log->scan_list_size; i++) { + + scan_list_size = MIN(log->scan_list_size, ROAM_LOG_RPT_SCAN_LIST_SIZE); + for (i = 0; i < scan_list_size; i++) { DHD_ERROR_ROAM((" ROAM_LOG_CANDIDATE %d: " MACDBG "rssi:%d score:%d cu :%d channel:%s TPUT:%dkbps\n", i, MAC2STRDBG((uint8 *)&log->scan_list[i].addr), |