summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>2023-01-10 00:21:01 +0000
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>2023-01-10 00:21:01 +0000
commit0125d21c1529e2e05de5da92819405adae057a06 (patch)
tree99a47e1c9540912ae5e54eb3e47216244176ce55
parent03164c25284301aeddd0b7dceb2d82732f9f9cd0 (diff)
parenta8bfe75958bca32db6f3dbe534a66cfd168c4f8a (diff)
downloadwlan-android13-qpr3-release.tar.gz
Snap for 9470583 from a8bfe75958bca32db6f3dbe534a66cfd168c4f8a to tm-qpr3-releaseandroid-13.0.0_r83android-13.0.0_r79android-13.0.0_r78android-13.0.0_r77android-13.0.0_r76android-13.0.0_r75android-13.0.0_r71android-13.0.0_r70android-13.0.0_r69android-13.0.0_r68android-13.0.0_r67android-13.0.0_r63android-13.0.0_r62android-13.0.0_r61android-13.0.0_r56android-13.0.0_r54android-13.0.0_r53android-13.0.0_r52android-13.0.0_r51android-13.0.0_r50android13-qpr3-s9-releaseandroid13-qpr3-s8-releaseandroid13-qpr3-s7-releaseandroid13-qpr3-s6-releaseandroid13-qpr3-s5-releaseandroid13-qpr3-s4-releaseandroid13-qpr3-s3-releaseandroid13-qpr3-s2-releaseandroid13-qpr3-s14-releaseandroid13-qpr3-s13-releaseandroid13-qpr3-s12-releaseandroid13-qpr3-s11-releaseandroid13-qpr3-s10-releaseandroid13-qpr3-s1-releaseandroid13-qpr3-release
Change-Id: I40271bf6802ea36f536792add1a49e270e1ae17b
Diffstat
-rwxr-xr-xbcmdhd/wifi_hal/common.h3
-rwxr-xr-xbcmdhd/wifi_hal/cpp_bindings.cpp3
-rwxr-xr-xbcmdhd/wifi_hal/nan.cpp214
-rw-r--r--bcmdhd/wifi_hal/rtt.cpp3
-rwxr-xr-xbcmdhd/wifi_hal/wifi_logger.cpp64
5 files changed, 216 insertions, 71 deletions
diff --git a/bcmdhd/wifi_hal/common.h b/bcmdhd/wifi_hal/common.h
index ad9922d..379582e 100755
--- a/bcmdhd/wifi_hal/common.h
+++ b/bcmdhd/wifi_hal/common.h
@@ -460,8 +460,7 @@ wifi_interface_handle wifi_get_wlan_interface(wifi_handle info,
#ifdef RING_DUMP
wifi_error wifi_start_ring_dump(wifi_interface_handle iface,
wifi_ring_buffer_data_handler ring_handle);
-wifi_error wifi_stop_ring_dump(wifi_interface_handle iface,
- wifi_ring_buffer_data_handler ring_handle);
+wifi_error wifi_stop_ring_dump(wifi_interface_handle iface);
#endif /* RING_DUMP */
wifi_error wifi_hal_ota_update(wifi_interface_handle iface, uint32_t ota_version);
wifi_error wifi_hal_preInit(wifi_interface_handle iface);
diff --git a/bcmdhd/wifi_hal/cpp_bindings.cpp b/bcmdhd/wifi_hal/cpp_bindings.cpp
index 7a634bd..8b56bc0 100755
--- a/bcmdhd/wifi_hal/cpp_bindings.cpp
+++ b/bcmdhd/wifi_hal/cpp_bindings.cpp
@@ -601,6 +601,9 @@ static int mapErrorCodes(int err)
case -EBUSY:
ret = WIFI_ERROR_BUSY;
break;
+ case -ENODEV:
+ ret = WIFI_ERROR_NOT_AVAILABLE;
+ break;
default:
ret = WIFI_ERROR_UNKNOWN;
}
diff --git a/bcmdhd/wifi_hal/nan.cpp b/bcmdhd/wifi_hal/nan.cpp
index 52f29e3..7ac1be8 100755
--- a/bcmdhd/wifi_hal/nan.cpp
+++ b/bcmdhd/wifi_hal/nan.cpp
@@ -385,6 +385,7 @@ static int is_cmd_response(int cmd);
static int get_svc_hash(unsigned char *svc_name, u16 svc_name_len,
u8 *svc_hash, u16 svc_hash_len);
NanResponseType get_response_type(WIFI_SUB_COMMAND nan_subcmd);
+NanResponseType get_response_type_frm_req_type(NanRequestType cmdType);
static NanStatusType nan_map_response_status(int vendor_status);
/* Function to separate the common events to NAN1.0 events */
@@ -701,6 +702,8 @@ class NanDiscEnginePrimitive : public WifiCommand
if (mParams->service_name_len) {
u8 svc_hash[NAN_SVC_HASH_SIZE];
+ u16 len = min(mParams->service_name_len, sizeof(mParams->service_name) - 1);
+ mParams->service_name[len] = '\0';
result = get_svc_hash(mParams->service_name, mParams->service_name_len,
svc_hash, NAN_SVC_HASH_SIZE);
@@ -1065,6 +1068,8 @@ class NanDiscEnginePrimitive : public WifiCommand
if (mParams->service_name_len) {
u8 svc_hash[NAN_SVC_HASH_SIZE];
+ u16 len = min(mParams->service_name_len, sizeof(mParams->service_name) - 1);
+ mParams->service_name[len] = '\0';
result = get_svc_hash(mParams->service_name, mParams->service_name_len,
svc_hash, NAN_SVC_HASH_SIZE);
@@ -1385,6 +1390,8 @@ class NanDiscEnginePrimitive : public WifiCommand
}
if (mParams->service_specific_info_len > 0) {
+ u16 len = min(mParams->service_specific_info_len,
+ sizeof(mParams->service_specific_info) - 1);
result = request.put_u16(NAN_ATTRIBUTE_SERVICE_SPECIFIC_INFO_LEN,
mParams->service_specific_info_len);
if (result < 0) {
@@ -1399,7 +1406,7 @@ class NanDiscEnginePrimitive : public WifiCommand
ALOGE("%s: Failed to put svc info, result = %d", __func__, result);
return result;
}
- mParams->service_specific_info[mParams->service_specific_info_len] = '\0';
+ mParams->service_specific_info[len] = '\0';
ALOGI("Transmit service info string is %s\n", mParams->service_specific_info);
}
@@ -1570,8 +1577,9 @@ class NanDiscEnginePrimitive : public WifiCommand
pub_term_event.reason = (NanStatusType)it.get_u8();
ALOGI("pub termination status %u", pub_term_event.reason);
} else if (attr_type == NAN_ATTRIBUTE_REASON) {
- u8 len = min(it.get_len(), sizeof(pub_term_event.nan_reason));
+ u8 len = min(it.get_len(), sizeof(pub_term_event.nan_reason) - 1);
memcpy(pub_term_event.nan_reason, it.get_data(), len);
+ pub_term_event.nan_reason[len] = '\0';
ALOGI("pub termination reason: %s, len = %d\n",
pub_term_event.nan_reason, len);
} else {
@@ -1693,8 +1701,9 @@ class NanDiscEnginePrimitive : public WifiCommand
sub_term_event.reason = (NanStatusType)it.get_u16();
ALOGI("sub termination status %u", sub_term_event.reason);
} else if (attr_type == NAN_ATTRIBUTE_REASON) {
- u8 len = min(it.get_len(), sizeof(sub_term_event.nan_reason));
+ u8 len = min(it.get_len(), sizeof(sub_term_event.nan_reason) - 1);
memcpy(sub_term_event.nan_reason, it.get_data(), len);
+ sub_term_event.nan_reason[len] = '\0';
ALOGI("sub termination nan reason: %s, len = %d\n",
sub_term_event.nan_reason, len);
} else {
@@ -1745,8 +1754,9 @@ class NanDiscEnginePrimitive : public WifiCommand
} else if (attr_type == NAN_ATTRIBUTE_STATUS) {
followup_ind.reason = (NanStatusType)it.get_u8();
} else if (attr_type == NAN_ATTRIBUTE_REASON) {
- u8 len = min(it.get_len(), sizeof(followup_ind.nan_reason));
+ u8 len = min(it.get_len(), sizeof(followup_ind.nan_reason) - 1);
memcpy(followup_ind.nan_reason, it.get_data(), len);
+ followup_ind.nan_reason[len] = '\0';
ALOGI("nan transmit followup ind: reason: %s, len = %d\n",
followup_ind.nan_reason, len);
}
@@ -1839,40 +1849,69 @@ class NanDataPathPrimitive : public WifiCommand
int createDataPathIfaceRequest(WifiRequest& request, char *iface_name)
{
- int result = request.create(GOOGLE_OUI, NAN_SUBCMD_DATA_PATH_IFACE_CREATE);
+ ALOGD("add ifname = %s, iface_type = %d", iface_name, NL80211_IFTYPE_STATION);
+ u32 wlan0_id = if_nametoindex("wlan0");
+ if (!wlan0_id) {
+ ALOGE("%s: Error wlan0 not present\n", __FUNCTION__);
+ return WIFI_ERROR_UNKNOWN;
+ }
+
+ /* Do not create interface if already exist. */
+ if (if_nametoindex(iface_name)) {
+ ALOGD("%s: if_nametoindex(%s) = %d already exists, skip create \n",
+ __FUNCTION__, iface_name, if_nametoindex(iface_name));
+ return WIFI_SUCCESS;
+ }
+
+ int result = request.create(NL80211_CMD_NEW_INTERFACE);
if (result < 0) {
- ALOGE("%s Failed to create request\n", __func__);
+ ALOGE("failed to create NL80211_CMD_NEW_INTERFACE; result = %d", result);
return result;
}
- nlattr *data = request.attr_start(NL80211_ATTR_VENDOR_DATA);
- result = request.put_string(NAN_ATTRIBUTE_IFACE, (char *)iface_name);
+ result = request.put_u32(NL80211_ATTR_IFINDEX, wlan0_id);
if (result < 0) {
- ALOGE("%s: Failed to fill iface, result = %d\n", __func__, result);
+ ALOGE("failed to put NL80211_ATTR_IFINDEX; result = %d", result);
+ return result;
+ }
+
+ result = request.put_string(NL80211_ATTR_IFNAME, iface_name);
+ if (result < 0) {
+ ALOGE("failed to put NL80211_ATTR_IFNAME = %s; result = %d", iface_name, result);
+ return result;
+ }
+
+ result = request.put_u32(NL80211_ATTR_IFTYPE, NL80211_IFTYPE_STATION);
+ if (result < 0) {
+ ALOGE("failed to put NL80211_ATTR_IFTYPE; result = %d", result);
return result;
}
- request.attr_end(data);
return WIFI_SUCCESS;
}
int deleteDataPathIfaceRequest(WifiRequest& request, char *iface_name)
{
- int result = request.create(GOOGLE_OUI, NAN_SUBCMD_DATA_PATH_IFACE_DELETE);
+ ALOGD("delete ifname = %s\n", iface_name);
+
+ int result = request.create(NL80211_CMD_DEL_INTERFACE);
if (result < 0) {
- ALOGE("%s: Failed to create request, result = %d\n", __func__, result);
+ ALOGE("failed to create NL80211_CMD_DEL_INTERFACE; result = %d", result);
return result;
}
- nlattr *data = request.attr_start(NL80211_ATTR_VENDOR_DATA);
-
- result = request.put_string(NAN_ATTRIBUTE_IFACE, (char *)iface_name);
+ result = request.put_u32(NL80211_ATTR_IFINDEX, if_nametoindex(iface_name));
if (result < 0) {
- ALOGE("%s: Failed to fill iface, result = %d\n", __func__, result);
+ ALOGE("failed to put NL80211_ATTR_IFINDEX = %d; result = %d",
+ if_nametoindex(iface_name), result);
return result;
}
- request.attr_end(data);
+ result = request.put_string(NL80211_ATTR_IFNAME, iface_name);
+ if (result < 0) {
+ ALOGE("failed to put NL80211_ATTR_IFNAME = %s; result = %d", iface_name, result);
+ return result;
+ }
return WIFI_SUCCESS;
}
@@ -2296,7 +2335,23 @@ class NanDataPathPrimitive : public WifiCommand
ALOGE("%s: failed to configure setup; result = %d", __func__, result);
return result;
}
-
+ ALOGI("NanDataPathPrmitive::request Response\n");
+ if (mType == NAN_DATA_PATH_IFACE_DELETE) {
+ NanResponseMsg rsp_data;
+ memset(&rsp_data, 0, sizeof(NanResponseMsg));
+ /* Prepare the NanResponseMsg payload */
+ rsp_data.response_type = get_response_type_frm_req_type((NanRequestType)mType);
+ /* Return success even for no dev case also, nothing to do */
+ rsp_data.status = NAN_STATUS_SUCCESS;
+ memcpy(rsp_data.nan_error, NanStatusToString(rsp_data.status),
+ strlen(NanStatusToString(rsp_data.status)));
+ rsp_data.nan_error[strlen(NanStatusToString(rsp_data.status))] = '\0';
+ rsp_data.nan_error[NAN_ERROR_STR_LEN - 1] = '\0';
+ ALOGI("Mapped hal status = %d\n", rsp_data.status);
+ ALOGI("Received nan_error string %s\n", (u8*)rsp_data.nan_error);
+ GET_NAN_HANDLE(info)->mHandlers.NotifyResponse(id(), &rsp_data);
+ ALOGE("Notified by cmd ret!!");
+ }
request.destroy();
return WIFI_SUCCESS;
}
@@ -2321,49 +2376,63 @@ class NanDataPathPrimitive : public WifiCommand
int handleResponse(WifiEvent& reply)
{
nan_hal_resp_t *rsp_vndr_data = NULL;
+ NanResponseMsg rsp_data;
+ int32_t result = BCME_OK;
- if (reply.get_cmd() != NL80211_CMD_VENDOR || reply.get_vendor_data() == NULL) {
+ ALOGI("NanDataPathPrmitive::handle Response\n");
+ memset(&rsp_data, 0, sizeof(NanResponseMsg));
+ if (mType == NAN_DATA_PATH_IFACE_CREATE) {
+ /* NDI creation and deletion are done through vendor ops,
+ * driver does not send the cmd response payload,
+ * but for framework,
+ * mimicking the NanResponseMsg for iface create and delete nan cmds
+ */
+ rsp_data.response_type = get_response_type_frm_req_type((NanRequestType)mType);
+ /* Return success even for no dev case also, nothing to do */
+ if (result == WIFI_SUCCESS || result == WIFI_ERROR_NOT_AVAILABLE) {
+ rsp_data.status = NAN_STATUS_SUCCESS;
+ } else {
+ rsp_data.status = NAN_STATUS_INTERNAL_FAILURE;
+ }
+ } else if (reply.get_cmd() != NL80211_CMD_VENDOR || reply.get_vendor_data() == NULL) {
ALOGD("Ignoring reply with cmd = %d", reply.get_cmd());
return NL_SKIP;
- }
-
- rsp_vndr_data = (nan_hal_resp_t *)reply.get_vendor_data();
- ALOGI("NanDataPathPrmitive::handle response\n");
- int32_t result = rsp_vndr_data->value;
- NanResponseMsg rsp_data;
+ } else {
+ rsp_vndr_data = (nan_hal_resp_t *)reply.get_vendor_data();
+ result = rsp_vndr_data->value;
+ rsp_data.response_type = get_response_type((WIFI_SUB_COMMAND)rsp_vndr_data->subcmd);
- memset(&rsp_data, 0, sizeof(NanResponseMsg));
- rsp_data.response_type = get_response_type((WIFI_SUB_COMMAND)rsp_vndr_data->subcmd);
+ if ((WIFI_SUB_COMMAND)rsp_vndr_data->subcmd == NAN_SUBCMD_DATA_PATH_SEC_INFO) {
+ /* Follow through */
+ } else if (!valid_dp_response_type(rsp_data.response_type)) {
+ return NL_SKIP;
+ }
+ rsp_data.status = nan_map_response_status(rsp_vndr_data->status);
- if ((WIFI_SUB_COMMAND)rsp_vndr_data->subcmd == NAN_SUBCMD_DATA_PATH_SEC_INFO) {
- /* Follow through */
- } else if (!valid_dp_response_type(rsp_data.response_type)) {
- return NL_SKIP;
+ if (rsp_data.response_type == NAN_DP_INITIATOR_RESPONSE) {
+ ALOGI("received ndp instance_id %d and ret = %d\n",
+ rsp_vndr_data->ndp_instance_id, result);
+ rsp_data.body.data_request_response.ndp_instance_id =
+ rsp_vndr_data->ndp_instance_id;
+ mNdpId = rsp_vndr_data->ndp_instance_id;
+ } else if ((WIFI_SUB_COMMAND)rsp_vndr_data->subcmd == NAN_SUBCMD_DATA_PATH_SEC_INFO) {
+ memcpy(mPubNmi, rsp_vndr_data->pub_nmi, NAN_MAC_ADDR_LEN);
+ memcpy(mSvcHash, rsp_vndr_data->svc_hash, NAN_SVC_HASH_SIZE);
+ return NL_SKIP;
+ }
}
- rsp_data.status = nan_map_response_status(rsp_vndr_data->status);
- ALOGE("Mapped hal status = %d\n", rsp_data.status);
- if (rsp_vndr_data->nan_reason[0] == '\0') {
- memcpy(rsp_data.nan_error, NanStatusToString(rsp_data.status),
- strlen(NanStatusToString(rsp_data.status)));
- rsp_data.nan_error[strlen(NanStatusToString(rsp_data.status))] = '\0';
- }
+ memcpy(rsp_data.nan_error, NanStatusToString(rsp_data.status),
+ strlen(NanStatusToString(rsp_data.status)));
+ rsp_data.nan_error[strlen(NanStatusToString(rsp_data.status))] = '\0';
rsp_data.nan_error[NAN_ERROR_STR_LEN - 1] = '\0';
- ALOGI("\n Received nan_error string %s\n", (u8*)rsp_data.nan_error);
-
- if (rsp_data.response_type == NAN_DP_INITIATOR_RESPONSE) {
- ALOGI("received ndp instance_id %d and ret = %d\n", rsp_vndr_data->ndp_instance_id, result);
- rsp_data.body.data_request_response.ndp_instance_id = rsp_vndr_data->ndp_instance_id;
- mNdpId = rsp_vndr_data->ndp_instance_id;
- } else if ((WIFI_SUB_COMMAND)rsp_vndr_data->subcmd == NAN_SUBCMD_DATA_PATH_SEC_INFO) {
- memcpy(mPubNmi, rsp_vndr_data->pub_nmi, NAN_MAC_ADDR_LEN);
- memcpy(mSvcHash, rsp_vndr_data->svc_hash, NAN_SVC_HASH_SIZE);
- return NL_SKIP;
- }
+ ALOGI("Mapped hal status = %d\n", rsp_data.status);
+ ALOGI("Received nan_error string %s\n", (u8*)rsp_data.nan_error);
ALOGI("NanDataPathPrmitive:Received response for cmd [%s], ret %d\n",
- NanRspToString(rsp_data.response_type), rsp_data.status);
+ NanRspToString(rsp_data.response_type), rsp_data.status);
GET_NAN_HANDLE(info)->mHandlers.NotifyResponse(id(), &rsp_data);
+ ALOGE("Notified by cmd reply!!");
return NL_SKIP;
}
@@ -3553,8 +3622,9 @@ class NanMacControl : public WifiCommand
disabled_ind.reason = (NanStatusType)it.get_u8();
ALOGI("Nan Disable:status %u", disabled_ind.reason);
} else if (attr_type == NAN_ATTRIBUTE_REASON) {
- u8 len = min(it.get_len(), sizeof(disabled_ind.nan_reason));
+ u8 len = min(it.get_len(), sizeof(disabled_ind.nan_reason) - 1);
memcpy(disabled_ind.nan_reason, it.get_data(), len);
+ disabled_ind.nan_reason[len] = '\0';
ALOGI("Disabled nan reason: %s, len = %d\n",
disabled_ind.nan_reason, len);
}
@@ -3864,6 +3934,27 @@ NanResponseType get_response_type(WIFI_SUB_COMMAND nan_subcmd)
return response_type;
}
+
+NanResponseType get_response_type_frm_req_type(NanRequestType cmdType) {
+ NanResponseType response_type;
+
+ switch (cmdType) {
+ case NAN_DATA_PATH_IFACE_CREATE:
+ response_type = NAN_DP_INTERFACE_CREATE;
+ break;
+ case NAN_DATA_PATH_IFACE_DELETE:
+ response_type = NAN_DP_INTERFACE_DELETE;
+ break;
+ default:
+ /* unknown response for a request type */
+ response_type = NAN_RESPONSE_ERROR;
+ break;
+ }
+
+ return response_type;
+
+}
+
static int get_svc_hash(unsigned char *svc_name,
u16 svc_name_len, u8 *svc_hash, u16 svc_hash_len)
{
@@ -4413,7 +4504,8 @@ wifi_error nan_disable_request(transaction_id id,
ALOGE("Disable NAN MAC transId= %d\n", id);
mac_prim->setId(id);
} else {
- ALOGE("Invalid transId= %d cur= %d\n", id, mac_prim->getId());
+ ALOGE("Invalid transId= %d cur= %d\n", id,
+ mac_prim ? mac_prim->getId() : -1);
}
cmd->setChreNan(0);
@@ -4844,8 +4936,9 @@ class NanEventCap : public WifiCommand
disabled_ind.reason = (NanStatusType)it.get_u8();
ALOGI("Nan Disable:status %u", disabled_ind.reason);
} else if (attr_type == NAN_ATTRIBUTE_REASON) {
- u8 len = min(it.get_len(), sizeof(disabled_ind.nan_reason));
+ u8 len = min(it.get_len(), sizeof(disabled_ind.nan_reason) - 1);
memcpy(disabled_ind.nan_reason, it.get_data(), len);
+ disabled_ind.nan_reason[len] = '\0';
ALOGI("nan disabled reason: %s, len = %d\n",
disabled_ind.nan_reason, len);
}
@@ -4870,8 +4963,9 @@ class NanEventCap : public WifiCommand
pub_term_event.reason = (NanStatusType)it.get_u8();
ALOGI("pub termination status %u", pub_term_event.reason);
} else if (attr_type == NAN_ATTRIBUTE_REASON) {
- u8 len = min(it.get_len(), sizeof(pub_term_event.nan_reason));
+ u8 len = min(it.get_len(), sizeof(pub_term_event.nan_reason) - 1);
memcpy(pub_term_event.nan_reason, it.get_data(), len);
+ pub_term_event.nan_reason[len] = '\0';
ALOGI("Pub termination nan reason: %s, len = %d\n",
pub_term_event.nan_reason, len);
} else {
@@ -5001,8 +5095,9 @@ class NanEventCap : public WifiCommand
sub_term_event.reason = (NanStatusType)it.get_u8();
ALOGI("sub termination status %u", sub_term_event.reason);
} else if (attr_type == NAN_ATTRIBUTE_REASON) {
- u8 len = min(it.get_len(), sizeof(sub_term_event.nan_reason));
+ u8 len = min(it.get_len(), sizeof(sub_term_event.nan_reason) - 1);
memcpy(sub_term_event.nan_reason, it.get_data(), len);
+ sub_term_event.nan_reason[len] = '\0';
ALOGI("sub termination nan reason: %s, len = %d\n",
sub_term_event.nan_reason, len);
} else {
@@ -5250,8 +5345,9 @@ class NanEventCap : public WifiCommand
} else if (attr_type == NAN_ATTRIBUTE_STATUS) {
followup_ind.reason = (NanStatusType)it.get_u8();
} else if (attr_type == NAN_ATTRIBUTE_REASON) {
- u8 len = min(it.get_len(), sizeof(followup_ind.nan_reason));
+ u8 len = min(it.get_len(), sizeof(followup_ind.nan_reason) - 1);
memcpy(followup_ind.nan_reason, it.get_data(), len);
+ followup_ind.nan_reason[len] = '\0';
ALOGI("nan transmit followup ind: reason: %s, len = %d\n",
followup_ind.nan_reason, len);
}
@@ -5337,6 +5433,9 @@ wifi_error nan_data_request_initiator(transaction_id id,
#endif /* CONFIG_BRCM */
counters.dp_req++;
if (msg->service_name_len) {
+ u16 len = min(msg->service_name_len, sizeof(msg->service_name) - 1);
+ msg->service_name[len] = '\0';
+
if (strncmp(NAN_OOB_INTEROP_SVC_NAME,
(char*)msg->service_name, msg->service_name_len) == 0) {
ALOGI("Use Hardcoded svc_hash\n");
@@ -5422,6 +5521,9 @@ wifi_error nan_data_indication_response(transaction_id id,
#endif /* CONFIG_BRCM */
counters.dp_resp++;
if (msg->service_name_len) {
+ u16 len = min(msg->service_name_len, sizeof(msg->service_name) - 1);
+ msg->service_name[len] = '\0';
+
if (strncmp(NAN_OOB_INTEROP_SVC_NAME,
(char*)msg->service_name, msg->service_name_len) == 0) {
ALOGI("Use Hardcoded svc_hash\n");
diff --git a/bcmdhd/wifi_hal/rtt.cpp b/bcmdhd/wifi_hal/rtt.cpp
index 6bb0a49..46aa868 100644
--- a/bcmdhd/wifi_hal/rtt.cpp
+++ b/bcmdhd/wifi_hal/rtt.cpp
@@ -662,6 +662,7 @@ wifi_error wifi_rtt_range_request(wifi_request_id id, wifi_interface_handle ifac
return WIFI_ERROR_INVALID_ARGS;
}
+ ALOGI("Rtt range_request; id = %d", id);
RttCommand *cmd = new RttCommand(iface, id, num_rtt_config, rtt_config, handler);
NULL_CHECK_RETURN(cmd, "memory allocation failure", WIFI_ERROR_OUT_OF_MEMORY);
wifi_error result = wifi_register_cmd(handle, id, cmd);
@@ -695,9 +696,11 @@ wifi_error wifi_rtt_range_cancel(wifi_request_id id, wifi_interface_handle ifac
return WIFI_ERROR_INVALID_ARGS;
}
+ ALOGI("Rtt range_cancel_request; id = %d", id);
RttCommand *cmd = new RttCommand(iface, id);
NULL_CHECK_RETURN(cmd, "memory allocation failure", WIFI_ERROR_OUT_OF_MEMORY);
cmd->cancel_specific(num_devices, addr);
+ wifi_unregister_cmd(handle, id);
cmd->releaseRef();
return WIFI_SUCCESS;
}
diff --git a/bcmdhd/wifi_hal/wifi_logger.cpp b/bcmdhd/wifi_hal/wifi_logger.cpp
index 4d2d8dd..229dc2f 100755
--- a/bcmdhd/wifi_hal/wifi_logger.cpp
+++ b/bcmdhd/wifi_hal/wifi_logger.cpp
@@ -1035,6 +1035,12 @@ wifi_error wifi_start_logging(wifi_interface_handle iface, u32 verbose_level,
}
}
+typedef struct {
+ u32 magic;
+ int num_entries;
+} __attribute__((packed)) wifi_ring_buffer_entry_pack;
+
+#define WIFI_RING_BUFFER_PACK_MAGIC 0xDBAADBAA
///////////////////////////////////////////////////////////////////////////////
class SetLogHandler : public WifiCommand
@@ -1153,11 +1159,46 @@ public:
if (mHandler.on_ring_buffer_data) {
/* Skip msg header. Retrieved log */
char *pBuff;
- wifi_ring_buffer_entry *buffer_entry =
- (wifi_ring_buffer_entry *) buffer;
- pBuff = (char *) (buffer_entry + 1);
- (*mHandler.on_ring_buffer_data)((char *)status.name, pBuff,
- buffer_entry->entry_size, &status);
+ int num_entries;
+ int cur_off = 0;
+ wifi_ring_buffer_entry_pack *pack_hdr =
+ (wifi_ring_buffer_entry_pack *)buffer;
+ wifi_ring_buffer_entry *entry_hdr =
+ (wifi_ring_buffer_entry *)(buffer + sizeof(*pack_hdr));
+ cur_off += sizeof(*pack_hdr);
+
+ if (pack_hdr->magic != WIFI_RING_BUFFER_PACK_MAGIC) {
+ ALOGE("SetLogHandler: magic code is not matched "
+ "magic:%u ring_name:%s\n", pack_hdr->magic, status.name);
+ return NL_SKIP;
+ }
+
+ num_entries = pack_hdr->num_entries;
+
+ while (num_entries > 0) {
+ /* Check for accesses that exceed the total buffer size */
+ if (cur_off + sizeof(*entry_hdr) + entry_hdr->entry_size > buffer_size) {
+ ALOGE("SetLogHandler: detected invalid access "
+ "num_entries:%d cur_num:%d buffer_size:%d cur_off:%d "
+ "hdrsize:%lu entry_size:%d ring_name:%s\n",
+ pack_hdr->num_entries, num_entries, buffer_size, cur_off,
+ sizeof(*entry_hdr), entry_hdr->entry_size, status.name);
+ return NL_SKIP;
+ }
+
+ /* Copy buffer without hdr to the ringbuffer in LegacyHAL */
+ pBuff = (char *)entry_hdr + sizeof(*entry_hdr);
+ (*mHandler.on_ring_buffer_data)((char *)status.name, pBuff,
+ entry_hdr->entry_size, &status);
+
+ cur_off += sizeof(*entry_hdr) + entry_hdr->entry_size;
+
+ /* jump to next entry_hdr */
+ entry_hdr = (wifi_ring_buffer_entry *)((char *)entry_hdr + sizeof(*entry_hdr) + entry_hdr->entry_size);
+
+ num_entries--;
+ }
+
}
} else {
ALOGE("Unknown Event");
@@ -1198,6 +1239,10 @@ wifi_error wifi_reset_log_handler(wifi_request_id id, wifi_interface_handle ifac
wifi_handle handle = getWifiHandle(iface);
ALOGE("Loghandler reset, wifi_request_id = %d, handle = %p", id, handle);
+#ifdef RING_DUMP
+ wifi_stop_ring_dump(iface);
+#endif /* RING_DUMP */
+
if (id == -1) {
wifi_ring_buffer_data_handler handler;
memset(&handler, 0, sizeof(handler));
@@ -1207,9 +1252,6 @@ wifi_error wifi_reset_log_handler(wifi_request_id id, wifi_interface_handle ifac
cmd->cancel();
cmd->releaseRef();
-#ifdef RING_DUMP
- wifi_stop_ring_dump(iface, handler);
-#endif /* RING_DUMP */
return WIFI_SUCCESS;
}
@@ -1643,9 +1685,6 @@ public:
ring_name[i] = NULL;
}
}
- if (mBuff) {
- free(mBuff);
- }
DUMP_INFO(("Stop Ring Dump Successfully Completed, mErrCode = %d\n", mErrCode));
return WIFI_SUCCESS;
@@ -1984,8 +2023,7 @@ wifi_error wifi_start_ring_dump(wifi_interface_handle iface,
return result;
}
-wifi_error wifi_stop_ring_dump(wifi_interface_handle iface,
- wifi_ring_buffer_data_handler ring_handle)
+wifi_error wifi_stop_ring_dump(wifi_interface_handle iface)
{
RingDump *cmd = new RingDump(iface, FILE_DUMP_REQUEST_ID);
NULL_CHECK_RETURN(cmd, "memory allocation failure", WIFI_ERROR_OUT_OF_MEMORY);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 09:10:54 +0000