diff options
author | PixelBot AutoMerger <android-nexus-securitybot@system.gserviceaccount.com> | 2021-02-28 18:08:23 -0800 |
---|---|---|
committer | SecurityBot <android-nexus-securitybot@system.gserviceaccount.com> | 2021-02-28 18:08:23 -0800 |
commit | 0a78a0f16cf6ea46d2b0b10752eb0bff619cd777 (patch) | |
tree | 1704cc063732e87e5638e692d95440850aca7159 | |
parent | 7d3856ef91419c9c33aa37452e01a583960c9329 (diff) | |
parent | e6a83b9cd78b8f2bc537488ae443677dc3e1c2b4 (diff) | |
download | qca-wfi-host-cmn-0a78a0f16cf6ea46d2b0b10752eb0bff619cd777.tar.gz |
Merge android-msm-pixel-4.14-rvc-qpr3 into android-msm-pixel-4.14android-s-preview-3_r0.4android-s-preview-3_r0.3android-s-beta-1_r0.4android-s-beta-1_r0.3android-msm-sunfish-4.14-s-preview-3android-msm-sunfish-4.14-s-beta-1android-msm-coral-4.14-s-preview-3android-msm-coral-4.14-s-beta-1
SBMerger: 351186807
Change-Id: I51a8548649a40524cbaf7cacda7ccacdbbbdc40c
Signed-off-by: SecurityBot <android-nexus-securitybot@system.gserviceaccount.com>
-rw-r--r-- | os_if/linux/scan/src/wlan_cfg80211_scan.c | 80 | ||||
-rw-r--r-- | umac/cmn_services/cmn_defs/inc/wlan_cmn_ieee80211.h | 5 | ||||
-rw-r--r-- | umac/cmn_services/policy_mgr/src/wlan_policy_mgr_action.c | 8 | ||||
-rw-r--r-- | umac/scan/dispatcher/inc/wlan_scan_ucfg_api.h | 8 | ||||
-rw-r--r-- | umac/scan/dispatcher/src/wlan_scan_ucfg_api.c | 6 | ||||
-rw-r--r-- | umac/scan/dispatcher/src/wlan_scan_utils_api.c | 8 |
6 files changed, 81 insertions, 34 deletions
diff --git a/os_if/linux/scan/src/wlan_cfg80211_scan.c b/os_if/linux/scan/src/wlan_cfg80211_scan.c index a14b80e07..7aebe837e 100644 --- a/os_if/linux/scan/src/wlan_cfg80211_scan.c +++ b/os_if/linux/scan/src/wlan_cfg80211_scan.c @@ -663,20 +663,22 @@ wlan_copy_bssid_scan_request(struct scan_start_request *scan_req, #endif /** - * wlan_scan_request_enqueue() - enqueue Scan Request + * wlan_schedule_scan_start_request() - Schedule scan start request * @pdev: pointer to pdev object * @req: Pointer to the scan request * @source: source of the scan request - * @scan_id: scan identifier + * @scan_start_req: pointer to scan start request * - * Enqueue scan request in the global scan list.This list - * stores the active scan request information. + * Schedule scan start request and enqueue scan request in the global scan + * list. This list stores the active scan request information. * - * Return: 0 on success, error number otherwise + * Return: QDF_STATUS */ -static int wlan_scan_request_enqueue(struct wlan_objmgr_pdev *pdev, - struct cfg80211_scan_request *req, - uint8_t source, uint32_t scan_id) +static QDF_STATUS +wlan_schedule_scan_start_request(struct wlan_objmgr_pdev *pdev, + struct cfg80211_scan_request *req, + uint8_t source, + struct scan_start_request *scan_start_req) { struct scan_req *scan_req; QDF_STATUS status; @@ -686,7 +688,8 @@ static int wlan_scan_request_enqueue(struct wlan_objmgr_pdev *pdev, scan_req = qdf_mem_malloc(sizeof(*scan_req)); if (NULL == scan_req) { cfg80211_alert("malloc failed for Scan req"); - return -ENOMEM; + ucfg_scm_scan_free_scan_request_mem(scan_start_req); + return QDF_STATUS_E_NOMEM; } /* Get NL global context from objmgr*/ @@ -694,20 +697,32 @@ static int wlan_scan_request_enqueue(struct wlan_objmgr_pdev *pdev, osif_scan = osif_ctx->osif_scan; scan_req->scan_request = req; scan_req->source = source; - scan_req->scan_id = scan_id; + scan_req->scan_id = scan_start_req->scan_req.scan_id; scan_req->dev = req->wdev->netdev; qdf_mutex_acquire(&osif_scan->scan_req_q_lock); - status = qdf_list_insert_back(&osif_scan->scan_req_q, - &scan_req->node); + if (qdf_list_size(&osif_scan->scan_req_q) < WLAN_MAX_SCAN_COUNT) { + status = ucfg_scan_start(scan_start_req); + if (QDF_IS_STATUS_SUCCESS(status)) { + qdf_list_insert_back(&osif_scan->scan_req_q, + &scan_req->node); + } else { + cfg80211_err("scan req failed with error %d", status); + if (status == QDF_STATUS_E_RESOURCES) + cfg80211_err("HO is in progress.So defer the scan by informing busy"); + } + } else { + ucfg_scm_scan_free_scan_request_mem(scan_start_req); + status = QDF_STATUS_E_RESOURCES; + } + qdf_mutex_release(&osif_scan->scan_req_q_lock); if (QDF_STATUS_SUCCESS != status) { cfg80211_err("Failed to enqueue Scan Req"); qdf_mem_free(scan_req); - return -EINVAL; } - return 0; + return status; } /** @@ -746,12 +761,13 @@ static QDF_STATUS wlan_scan_request_dequeue( } scan_priv = osif_ctx->osif_scan; + qdf_mutex_acquire(&scan_priv->scan_req_q_lock); if (qdf_list_empty(&scan_priv->scan_req_q)) { cfg80211_info("Scan List is empty"); + qdf_mutex_release(&scan_priv->scan_req_q_lock); return QDF_STATUS_E_FAILURE; } - qdf_mutex_acquire(&scan_priv->scan_req_q_lock); if (QDF_STATUS_SUCCESS != qdf_list_peek_front(&scan_priv->scan_req_q, &next_node)) { qdf_mutex_release(&scan_priv->scan_req_q_lock); @@ -1037,9 +1053,11 @@ static void wlan_cfg80211_scan_done_callback( wlan_objmgr_vdev_release_ref(vdev, WLAN_OSIF_ID); allow_suspend: osif_priv = wlan_pdev_get_ospriv(pdev); + qdf_mutex_acquire(&osif_priv->osif_scan->scan_req_q_lock); if (qdf_list_empty(&osif_priv->osif_scan->scan_req_q)) { struct wlan_objmgr_psoc *psoc; + qdf_mutex_release(&osif_priv->osif_scan->scan_req_q_lock); qdf_runtime_pm_allow_suspend( &osif_priv->osif_scan->runtime_pm_lock); @@ -1056,6 +1074,8 @@ allow_suspend: wlan_scan_acquire_wake_lock_timeout(psoc, &osif_priv->osif_scan->scan_wake_lock, SCAN_WAKE_LOCK_CONNECT_DURATION); + } else { + qdf_mutex_release(&osif_priv->osif_scan->scan_req_q_lock); } } @@ -1310,7 +1330,6 @@ int wlan_cfg80211_scan(struct wlan_objmgr_pdev *pdev, wlan_scan_id scan_id; bool is_p2p_scan = false; enum wlan_band band; - struct net_device *netdev = NULL; QDF_STATUS qdf_status; /* Get the vdev object */ @@ -1338,13 +1357,17 @@ int wlan_cfg80211_scan(struct wlan_objmgr_pdev *pdev, * If a scan is already going on i.e the qdf_list ( scan que) is not * empty, and the simultaneous scan is disabled, dont allow 2nd scan */ + qdf_mutex_acquire(&osif_priv->osif_scan->scan_req_q_lock); if (!wlan_cfg80211_allow_simultaneous_scan(psoc) && !qdf_list_empty(&osif_priv->osif_scan->scan_req_q) && wlan_vdev_mlme_get_opmode(vdev) != QDF_SAP_MODE) { wlan_objmgr_vdev_release_ref(vdev, WLAN_OSIF_ID); cfg80211_err("Simultaneous scan disabled, reject scan"); + qdf_mutex_release(&osif_priv->osif_scan->scan_req_q_lock); return -EBUSY; } + qdf_mutex_release(&osif_priv->osif_scan->scan_req_q_lock); + req = qdf_mem_malloc(sizeof(*req)); if (!req) { wlan_objmgr_vdev_release_ref(vdev, WLAN_OSIF_ID); @@ -1539,10 +1562,6 @@ int wlan_cfg80211_scan(struct wlan_objmgr_pdev *pdev, if (request->flags & NL80211_SCAN_FLAG_FLUSH) ucfg_scan_flush_results(pdev, NULL); - /* Enqueue the scan request */ - wlan_scan_request_enqueue(pdev, request, params->source, - req->scan_req.scan_id); - /* * Acquire wakelock to handle the case where APP's send scan to connect. * If suspend is received during scan scan will be aborted and APP will @@ -1556,18 +1575,21 @@ int wlan_cfg80211_scan(struct wlan_objmgr_pdev *pdev, qdf_runtime_pm_prevent_suspend( &osif_priv->osif_scan->runtime_pm_lock); - qdf_status = ucfg_scan_start(req); + qdf_status = wlan_schedule_scan_start_request(pdev, request, + params->source, req); if (QDF_IS_STATUS_ERROR(qdf_status)) { - cfg80211_err("ucfg_scan_start returned error %d", qdf_status); - if (qdf_status == QDF_STATUS_E_RESOURCES) - cfg80211_err("HO is in progress.So defer the scan by informing busy"); - wlan_scan_request_dequeue(pdev, scan_id, &request, - ¶ms->source, &netdev); + qdf_mutex_acquire(&osif_priv->osif_scan->scan_req_q_lock); if (qdf_list_empty(&osif_priv->osif_scan->scan_req_q)) { + qdf_mutex_release( + &osif_priv->osif_scan->scan_req_q_lock); qdf_runtime_pm_allow_suspend( - &osif_priv->osif_scan->runtime_pm_lock); - wlan_scan_release_wake_lock(psoc, - &osif_priv->osif_scan->scan_wake_lock); + &osif_priv->osif_scan->runtime_pm_lock); + wlan_scan_release_wake_lock( + psoc, + &osif_priv->osif_scan->scan_wake_lock); + } else { + qdf_mutex_release( + &osif_priv->osif_scan->scan_req_q_lock); } } ret = qdf_status_to_os_return(qdf_status); diff --git a/umac/cmn_services/cmn_defs/inc/wlan_cmn_ieee80211.h b/umac/cmn_services/cmn_defs/inc/wlan_cmn_ieee80211.h index 966718ffa..39617ab13 100644 --- a/umac/cmn_services/cmn_defs/inc/wlan_cmn_ieee80211.h +++ b/umac/cmn_services/cmn_defs/inc/wlan_cmn_ieee80211.h @@ -1324,6 +1324,8 @@ is_bwnss_oui(uint8_t *frm) ((ATH_OUI_BW_NSS_MAP_TYPE << 24) | ATH_OUI)); } +#define WLAN_BWNSS_MAP_OFFSET 6 + /** * is_he_cap_oui() - If vendor IE is HE CAP OUI * @frm: vendor IE pointer @@ -1655,9 +1657,12 @@ static inline void wlan_parse_wapi_ie(uint8_t *wapi_ie, len -= WLAN_OUI_SIZE; } + if (len < 2) + return; wapi->uc_cipher_count = LE_READ_2(ie); ie += 2; len -= 2; + if ((wapi->uc_cipher_count > WLAN_MAX_CIPHER) || len < (wapi->uc_cipher_count * WLAN_OUI_SIZE + 2)) return; diff --git a/umac/cmn_services/policy_mgr/src/wlan_policy_mgr_action.c b/umac/cmn_services/policy_mgr/src/wlan_policy_mgr_action.c index c311169e1..890fd9c26 100644 --- a/umac/cmn_services/policy_mgr/src/wlan_policy_mgr_action.c +++ b/umac/cmn_services/policy_mgr/src/wlan_policy_mgr_action.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2018, 2021 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -288,9 +288,9 @@ QDF_STATUS policy_mgr_update_connection_info(struct wlan_objmgr_psoc *psoc, } conn_index++; } - qdf_mutex_release(&pm_ctx->qdf_conc_list_lock); if (!found) { /* err msg */ + qdf_mutex_release(&pm_ctx->qdf_conc_list_lock); policy_mgr_err("can't find vdev_id %d in pm_conc_connection_list", vdev_id); return status; @@ -299,11 +299,13 @@ QDF_STATUS policy_mgr_update_connection_info(struct wlan_objmgr_psoc *psoc, status = pm_ctx->wma_cbacks.wma_get_connection_info( vdev_id, &conn_table_entry); if (QDF_STATUS_SUCCESS != status) { + qdf_mutex_release(&pm_ctx->qdf_conc_list_lock); policy_mgr_err("can't find vdev_id %d in connection table", vdev_id); return status; } } else { + qdf_mutex_release(&pm_ctx->qdf_conc_list_lock); policy_mgr_err("wma_get_connection_info is NULL"); return QDF_STATUS_E_FAILURE; } @@ -334,6 +336,8 @@ QDF_STATUS policy_mgr_update_connection_info(struct wlan_objmgr_psoc *psoc, chain_mask, nss, vdev_id, true, true); + qdf_mutex_release(&pm_ctx->qdf_conc_list_lock); + return QDF_STATUS_SUCCESS; } diff --git a/umac/scan/dispatcher/inc/wlan_scan_ucfg_api.h b/umac/scan/dispatcher/inc/wlan_scan_ucfg_api.h index 215c6f234..8f1db070b 100644 --- a/umac/scan/dispatcher/inc/wlan_scan_ucfg_api.h +++ b/umac/scan/dispatcher/inc/wlan_scan_ucfg_api.h @@ -188,6 +188,14 @@ ucfg_scan_get_pno_match(struct wlan_objmgr_vdev *vdev) } #endif /* FEATURE_WLAN_SCAN_PNO */ /** + * ucfg_scm_scan_free_scan_request_mem() - Free scan request memory + * @req: scan_start_request object + * + * Return: QDF_STATUS + */ +QDF_STATUS ucfg_scm_scan_free_scan_request_mem(struct scan_start_request *req); + +/** * ucfg_scan_start() - Public API to start a scan * @req: start scan req params * diff --git a/umac/scan/dispatcher/src/wlan_scan_ucfg_api.c b/umac/scan/dispatcher/src/wlan_scan_ucfg_api.c index e3a927f83..edb6259a7 100644 --- a/umac/scan/dispatcher/src/wlan_scan_ucfg_api.c +++ b/umac/scan/dispatcher/src/wlan_scan_ucfg_api.c @@ -1006,6 +1006,12 @@ ucfg_scan_req_update_params(struct wlan_objmgr_vdev *vdev, } QDF_STATUS +ucfg_scm_scan_free_scan_request_mem(struct scan_start_request *req) +{ + return scm_scan_free_scan_request_mem(req); +} + +QDF_STATUS ucfg_scan_start(struct scan_start_request *req) { struct scheduler_msg msg = {0}; diff --git a/umac/scan/dispatcher/src/wlan_scan_utils_api.c b/umac/scan/dispatcher/src/wlan_scan_utils_api.c index 6bdbc91a0..19407dce1 100644 --- a/umac/scan/dispatcher/src/wlan_scan_utils_api.c +++ b/umac/scan/dispatcher/src/wlan_scan_utils_api.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved. + * Copyright (c) 2017-2021 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -457,7 +457,8 @@ util_scan_parse_vendor_ie(struct scan_cache_entry *scan_params, * Bandwidth-NSS map has sub-type & version. * hence copy data just after version byte */ - scan_params->ie_list.bwnss_map = (((uint8_t *)ie) + 8); + if (ie->ie_len > WLAN_BWNSS_MAP_OFFSET) + scan_params->ie_list.bwnss_map = (((uint8_t *)ie) + 8); } else if (is_mbo_oce_oui((uint8_t *)ie)) { scan_params->ie_list.mbo_oce = (uint8_t *)ie; } @@ -703,7 +704,8 @@ static void util_scan_update_esp_data(struct wlan_esp_ie *esp_information, return; } - for (i = 0; i < total_elements; i++) { + for (i = 0; i < total_elements && + data < ((uint8_t *)esp_ie + esp_ie->esp_len + 3); i++) { esp_info = (struct wlan_esp_info *)data; if (esp_info->access_category == ESP_AC_BK) { qdf_mem_copy(&esp_information->esp_info_AC_BK, |