diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-01-10 00:21:01 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-01-10 00:21:01 +0000 |
commit | 0125d21c1529e2e05de5da92819405adae057a06 (patch) | |
tree | 99a47e1c9540912ae5e54eb3e47216244176ce55 | |
parent | 03164c25284301aeddd0b7dceb2d82732f9f9cd0 (diff) | |
parent | a8bfe75958bca32db6f3dbe534a66cfd168c4f8a (diff) | |
download | wlan-android13-qpr3-s2-release.tar.gz |
Snap for 9470583 from a8bfe75958bca32db6f3dbe534a66cfd168c4f8a to tm-qpr3-releaseandroid-13.0.0_r83android-13.0.0_r79android-13.0.0_r78android-13.0.0_r77android-13.0.0_r76android-13.0.0_r75android-13.0.0_r71android-13.0.0_r70android-13.0.0_r69android-13.0.0_r68android-13.0.0_r67android-13.0.0_r63android-13.0.0_r62android-13.0.0_r61android-13.0.0_r56android-13.0.0_r54android-13.0.0_r53android-13.0.0_r52android-13.0.0_r51android-13.0.0_r50android13-qpr3-s9-releaseandroid13-qpr3-s8-releaseandroid13-qpr3-s7-releaseandroid13-qpr3-s6-releaseandroid13-qpr3-s5-releaseandroid13-qpr3-s4-releaseandroid13-qpr3-s3-releaseandroid13-qpr3-s2-releaseandroid13-qpr3-s14-releaseandroid13-qpr3-s13-releaseandroid13-qpr3-s12-releaseandroid13-qpr3-s11-releaseandroid13-qpr3-s10-releaseandroid13-qpr3-s1-releaseandroid13-qpr3-release
Change-Id: I40271bf6802ea36f536792add1a49e270e1ae17b
-rwxr-xr-x | bcmdhd/wifi_hal/common.h | 3 | ||||
-rwxr-xr-x | bcmdhd/wifi_hal/cpp_bindings.cpp | 3 | ||||
-rwxr-xr-x | bcmdhd/wifi_hal/nan.cpp | 214 | ||||
-rw-r--r-- | bcmdhd/wifi_hal/rtt.cpp | 3 | ||||
-rwxr-xr-x | bcmdhd/wifi_hal/wifi_logger.cpp | 64 |
5 files changed, 216 insertions, 71 deletions
diff --git a/bcmdhd/wifi_hal/common.h b/bcmdhd/wifi_hal/common.h index ad9922d..379582e 100755 --- a/bcmdhd/wifi_hal/common.h +++ b/bcmdhd/wifi_hal/common.h @@ -460,8 +460,7 @@ wifi_interface_handle wifi_get_wlan_interface(wifi_handle info, #ifdef RING_DUMP wifi_error wifi_start_ring_dump(wifi_interface_handle iface, wifi_ring_buffer_data_handler ring_handle); -wifi_error wifi_stop_ring_dump(wifi_interface_handle iface, - wifi_ring_buffer_data_handler ring_handle); +wifi_error wifi_stop_ring_dump(wifi_interface_handle iface); #endif /* RING_DUMP */ wifi_error wifi_hal_ota_update(wifi_interface_handle iface, uint32_t ota_version); wifi_error wifi_hal_preInit(wifi_interface_handle iface); diff --git a/bcmdhd/wifi_hal/cpp_bindings.cpp b/bcmdhd/wifi_hal/cpp_bindings.cpp index 7a634bd..8b56bc0 100755 --- a/bcmdhd/wifi_hal/cpp_bindings.cpp +++ b/bcmdhd/wifi_hal/cpp_bindings.cpp @@ -601,6 +601,9 @@ static int mapErrorCodes(int err) case -EBUSY: ret = WIFI_ERROR_BUSY; break; + case -ENODEV: + ret = WIFI_ERROR_NOT_AVAILABLE; + break; default: ret = WIFI_ERROR_UNKNOWN; } diff --git a/bcmdhd/wifi_hal/nan.cpp b/bcmdhd/wifi_hal/nan.cpp index 52f29e3..7ac1be8 100755 --- a/bcmdhd/wifi_hal/nan.cpp +++ b/bcmdhd/wifi_hal/nan.cpp @@ -385,6 +385,7 @@ static int is_cmd_response(int cmd); static int get_svc_hash(unsigned char *svc_name, u16 svc_name_len, u8 *svc_hash, u16 svc_hash_len); NanResponseType get_response_type(WIFI_SUB_COMMAND nan_subcmd); +NanResponseType get_response_type_frm_req_type(NanRequestType cmdType); static NanStatusType nan_map_response_status(int vendor_status); /* Function to separate the common events to NAN1.0 events */ @@ -701,6 +702,8 @@ class NanDiscEnginePrimitive : public WifiCommand if (mParams->service_name_len) { u8 svc_hash[NAN_SVC_HASH_SIZE]; + u16 len = min(mParams->service_name_len, sizeof(mParams->service_name) - 1); + mParams->service_name[len] = '\0'; result = get_svc_hash(mParams->service_name, mParams->service_name_len, svc_hash, NAN_SVC_HASH_SIZE); @@ -1065,6 +1068,8 @@ class NanDiscEnginePrimitive : public WifiCommand if (mParams->service_name_len) { u8 svc_hash[NAN_SVC_HASH_SIZE]; + u16 len = min(mParams->service_name_len, sizeof(mParams->service_name) - 1); + mParams->service_name[len] = '\0'; result = get_svc_hash(mParams->service_name, mParams->service_name_len, svc_hash, NAN_SVC_HASH_SIZE); @@ -1385,6 +1390,8 @@ class NanDiscEnginePrimitive : public WifiCommand } if (mParams->service_specific_info_len > 0) { + u16 len = min(mParams->service_specific_info_len, + sizeof(mParams->service_specific_info) - 1); result = request.put_u16(NAN_ATTRIBUTE_SERVICE_SPECIFIC_INFO_LEN, mParams->service_specific_info_len); if (result < 0) { @@ -1399,7 +1406,7 @@ class NanDiscEnginePrimitive : public WifiCommand ALOGE("%s: Failed to put svc info, result = %d", __func__, result); return result; } - mParams->service_specific_info[mParams->service_specific_info_len] = '\0'; + mParams->service_specific_info[len] = '\0'; ALOGI("Transmit service info string is %s\n", mParams->service_specific_info); } @@ -1570,8 +1577,9 @@ class NanDiscEnginePrimitive : public WifiCommand pub_term_event.reason = (NanStatusType)it.get_u8(); ALOGI("pub termination status %u", pub_term_event.reason); } else if (attr_type == NAN_ATTRIBUTE_REASON) { - u8 len = min(it.get_len(), sizeof(pub_term_event.nan_reason)); + u8 len = min(it.get_len(), sizeof(pub_term_event.nan_reason) - 1); memcpy(pub_term_event.nan_reason, it.get_data(), len); + pub_term_event.nan_reason[len] = '\0'; ALOGI("pub termination reason: %s, len = %d\n", pub_term_event.nan_reason, len); } else { @@ -1693,8 +1701,9 @@ class NanDiscEnginePrimitive : public WifiCommand sub_term_event.reason = (NanStatusType)it.get_u16(); ALOGI("sub termination status %u", sub_term_event.reason); } else if (attr_type == NAN_ATTRIBUTE_REASON) { - u8 len = min(it.get_len(), sizeof(sub_term_event.nan_reason)); + u8 len = min(it.get_len(), sizeof(sub_term_event.nan_reason) - 1); memcpy(sub_term_event.nan_reason, it.get_data(), len); + sub_term_event.nan_reason[len] = '\0'; ALOGI("sub termination nan reason: %s, len = %d\n", sub_term_event.nan_reason, len); } else { @@ -1745,8 +1754,9 @@ class NanDiscEnginePrimitive : public WifiCommand } else if (attr_type == NAN_ATTRIBUTE_STATUS) { followup_ind.reason = (NanStatusType)it.get_u8(); } else if (attr_type == NAN_ATTRIBUTE_REASON) { - u8 len = min(it.get_len(), sizeof(followup_ind.nan_reason)); + u8 len = min(it.get_len(), sizeof(followup_ind.nan_reason) - 1); memcpy(followup_ind.nan_reason, it.get_data(), len); + followup_ind.nan_reason[len] = '\0'; ALOGI("nan transmit followup ind: reason: %s, len = %d\n", followup_ind.nan_reason, len); } @@ -1839,40 +1849,69 @@ class NanDataPathPrimitive : public WifiCommand int createDataPathIfaceRequest(WifiRequest& request, char *iface_name) { - int result = request.create(GOOGLE_OUI, NAN_SUBCMD_DATA_PATH_IFACE_CREATE); + ALOGD("add ifname = %s, iface_type = %d", iface_name, NL80211_IFTYPE_STATION); + u32 wlan0_id = if_nametoindex("wlan0"); + if (!wlan0_id) { + ALOGE("%s: Error wlan0 not present\n", __FUNCTION__); + return WIFI_ERROR_UNKNOWN; + } + + /* Do not create interface if already exist. */ + if (if_nametoindex(iface_name)) { + ALOGD("%s: if_nametoindex(%s) = %d already exists, skip create \n", + __FUNCTION__, iface_name, if_nametoindex(iface_name)); + return WIFI_SUCCESS; + } + + int result = request.create(NL80211_CMD_NEW_INTERFACE); if (result < 0) { - ALOGE("%s Failed to create request\n", __func__); + ALOGE("failed to create NL80211_CMD_NEW_INTERFACE; result = %d", result); return result; } - nlattr *data = request.attr_start(NL80211_ATTR_VENDOR_DATA); - result = request.put_string(NAN_ATTRIBUTE_IFACE, (char *)iface_name); + result = request.put_u32(NL80211_ATTR_IFINDEX, wlan0_id); if (result < 0) { - ALOGE("%s: Failed to fill iface, result = %d\n", __func__, result); + ALOGE("failed to put NL80211_ATTR_IFINDEX; result = %d", result); + return result; + } + + result = request.put_string(NL80211_ATTR_IFNAME, iface_name); + if (result < 0) { + ALOGE("failed to put NL80211_ATTR_IFNAME = %s; result = %d", iface_name, result); + return result; + } + + result = request.put_u32(NL80211_ATTR_IFTYPE, NL80211_IFTYPE_STATION); + if (result < 0) { + ALOGE("failed to put NL80211_ATTR_IFTYPE; result = %d", result); return result; } - request.attr_end(data); return WIFI_SUCCESS; } int deleteDataPathIfaceRequest(WifiRequest& request, char *iface_name) { - int result = request.create(GOOGLE_OUI, NAN_SUBCMD_DATA_PATH_IFACE_DELETE); + ALOGD("delete ifname = %s\n", iface_name); + + int result = request.create(NL80211_CMD_DEL_INTERFACE); if (result < 0) { - ALOGE("%s: Failed to create request, result = %d\n", __func__, result); + ALOGE("failed to create NL80211_CMD_DEL_INTERFACE; result = %d", result); return result; } - nlattr *data = request.attr_start(NL80211_ATTR_VENDOR_DATA); - - result = request.put_string(NAN_ATTRIBUTE_IFACE, (char *)iface_name); + result = request.put_u32(NL80211_ATTR_IFINDEX, if_nametoindex(iface_name)); if (result < 0) { - ALOGE("%s: Failed to fill iface, result = %d\n", __func__, result); + ALOGE("failed to put NL80211_ATTR_IFINDEX = %d; result = %d", + if_nametoindex(iface_name), result); return result; } - request.attr_end(data); + result = request.put_string(NL80211_ATTR_IFNAME, iface_name); + if (result < 0) { + ALOGE("failed to put NL80211_ATTR_IFNAME = %s; result = %d", iface_name, result); + return result; + } return WIFI_SUCCESS; } @@ -2296,7 +2335,23 @@ class NanDataPathPrimitive : public WifiCommand ALOGE("%s: failed to configure setup; result = %d", __func__, result); return result; } - + ALOGI("NanDataPathPrmitive::request Response\n"); + if (mType == NAN_DATA_PATH_IFACE_DELETE) { + NanResponseMsg rsp_data; + memset(&rsp_data, 0, sizeof(NanResponseMsg)); + /* Prepare the NanResponseMsg payload */ + rsp_data.response_type = get_response_type_frm_req_type((NanRequestType)mType); + /* Return success even for no dev case also, nothing to do */ + rsp_data.status = NAN_STATUS_SUCCESS; + memcpy(rsp_data.nan_error, NanStatusToString(rsp_data.status), + strlen(NanStatusToString(rsp_data.status))); + rsp_data.nan_error[strlen(NanStatusToString(rsp_data.status))] = '\0'; + rsp_data.nan_error[NAN_ERROR_STR_LEN - 1] = '\0'; + ALOGI("Mapped hal status = %d\n", rsp_data.status); + ALOGI("Received nan_error string %s\n", (u8*)rsp_data.nan_error); + GET_NAN_HANDLE(info)->mHandlers.NotifyResponse(id(), &rsp_data); + ALOGE("Notified by cmd ret!!"); + } request.destroy(); return WIFI_SUCCESS; } @@ -2321,49 +2376,63 @@ class NanDataPathPrimitive : public WifiCommand int handleResponse(WifiEvent& reply) { nan_hal_resp_t *rsp_vndr_data = NULL; + NanResponseMsg rsp_data; + int32_t result = BCME_OK; - if (reply.get_cmd() != NL80211_CMD_VENDOR || reply.get_vendor_data() == NULL) { + ALOGI("NanDataPathPrmitive::handle Response\n"); + memset(&rsp_data, 0, sizeof(NanResponseMsg)); + if (mType == NAN_DATA_PATH_IFACE_CREATE) { + /* NDI creation and deletion are done through vendor ops, + * driver does not send the cmd response payload, + * but for framework, + * mimicking the NanResponseMsg for iface create and delete nan cmds + */ + rsp_data.response_type = get_response_type_frm_req_type((NanRequestType)mType); + /* Return success even for no dev case also, nothing to do */ + if (result == WIFI_SUCCESS || result == WIFI_ERROR_NOT_AVAILABLE) { + rsp_data.status = NAN_STATUS_SUCCESS; + } else { + rsp_data.status = NAN_STATUS_INTERNAL_FAILURE; + } + } else if (reply.get_cmd() != NL80211_CMD_VENDOR || reply.get_vendor_data() == NULL) { ALOGD("Ignoring reply with cmd = %d", reply.get_cmd()); return NL_SKIP; - } - - rsp_vndr_data = (nan_hal_resp_t *)reply.get_vendor_data(); - ALOGI("NanDataPathPrmitive::handle response\n"); - int32_t result = rsp_vndr_data->value; - NanResponseMsg rsp_data; + } else { + rsp_vndr_data = (nan_hal_resp_t *)reply.get_vendor_data(); + result = rsp_vndr_data->value; + rsp_data.response_type = get_response_type((WIFI_SUB_COMMAND)rsp_vndr_data->subcmd); - memset(&rsp_data, 0, sizeof(NanResponseMsg)); - rsp_data.response_type = get_response_type((WIFI_SUB_COMMAND)rsp_vndr_data->subcmd); + if ((WIFI_SUB_COMMAND)rsp_vndr_data->subcmd == NAN_SUBCMD_DATA_PATH_SEC_INFO) { + /* Follow through */ + } else if (!valid_dp_response_type(rsp_data.response_type)) { + return NL_SKIP; + } + rsp_data.status = nan_map_response_status(rsp_vndr_data->status); - if ((WIFI_SUB_COMMAND)rsp_vndr_data->subcmd == NAN_SUBCMD_DATA_PATH_SEC_INFO) { - /* Follow through */ - } else if (!valid_dp_response_type(rsp_data.response_type)) { - return NL_SKIP; + if (rsp_data.response_type == NAN_DP_INITIATOR_RESPONSE) { + ALOGI("received ndp instance_id %d and ret = %d\n", + rsp_vndr_data->ndp_instance_id, result); + rsp_data.body.data_request_response.ndp_instance_id = + rsp_vndr_data->ndp_instance_id; + mNdpId = rsp_vndr_data->ndp_instance_id; + } else if ((WIFI_SUB_COMMAND)rsp_vndr_data->subcmd == NAN_SUBCMD_DATA_PATH_SEC_INFO) { + memcpy(mPubNmi, rsp_vndr_data->pub_nmi, NAN_MAC_ADDR_LEN); + memcpy(mSvcHash, rsp_vndr_data->svc_hash, NAN_SVC_HASH_SIZE); + return NL_SKIP; + } } - rsp_data.status = nan_map_response_status(rsp_vndr_data->status); - ALOGE("Mapped hal status = %d\n", rsp_data.status); - if (rsp_vndr_data->nan_reason[0] == '\0') { - memcpy(rsp_data.nan_error, NanStatusToString(rsp_data.status), - strlen(NanStatusToString(rsp_data.status))); - rsp_data.nan_error[strlen(NanStatusToString(rsp_data.status))] = '\0'; - } + memcpy(rsp_data.nan_error, NanStatusToString(rsp_data.status), + strlen(NanStatusToString(rsp_data.status))); + rsp_data.nan_error[strlen(NanStatusToString(rsp_data.status))] = '\0'; rsp_data.nan_error[NAN_ERROR_STR_LEN - 1] = '\0'; - ALOGI("\n Received nan_error string %s\n", (u8*)rsp_data.nan_error); - - if (rsp_data.response_type == NAN_DP_INITIATOR_RESPONSE) { - ALOGI("received ndp instance_id %d and ret = %d\n", rsp_vndr_data->ndp_instance_id, result); - rsp_data.body.data_request_response.ndp_instance_id = rsp_vndr_data->ndp_instance_id; - mNdpId = rsp_vndr_data->ndp_instance_id; - } else if ((WIFI_SUB_COMMAND)rsp_vndr_data->subcmd == NAN_SUBCMD_DATA_PATH_SEC_INFO) { - memcpy(mPubNmi, rsp_vndr_data->pub_nmi, NAN_MAC_ADDR_LEN); - memcpy(mSvcHash, rsp_vndr_data->svc_hash, NAN_SVC_HASH_SIZE); - return NL_SKIP; - } + ALOGI("Mapped hal status = %d\n", rsp_data.status); + ALOGI("Received nan_error string %s\n", (u8*)rsp_data.nan_error); ALOGI("NanDataPathPrmitive:Received response for cmd [%s], ret %d\n", - NanRspToString(rsp_data.response_type), rsp_data.status); + NanRspToString(rsp_data.response_type), rsp_data.status); GET_NAN_HANDLE(info)->mHandlers.NotifyResponse(id(), &rsp_data); + ALOGE("Notified by cmd reply!!"); return NL_SKIP; } @@ -3553,8 +3622,9 @@ class NanMacControl : public WifiCommand disabled_ind.reason = (NanStatusType)it.get_u8(); ALOGI("Nan Disable:status %u", disabled_ind.reason); } else if (attr_type == NAN_ATTRIBUTE_REASON) { - u8 len = min(it.get_len(), sizeof(disabled_ind.nan_reason)); + u8 len = min(it.get_len(), sizeof(disabled_ind.nan_reason) - 1); memcpy(disabled_ind.nan_reason, it.get_data(), len); + disabled_ind.nan_reason[len] = '\0'; ALOGI("Disabled nan reason: %s, len = %d\n", disabled_ind.nan_reason, len); } @@ -3864,6 +3934,27 @@ NanResponseType get_response_type(WIFI_SUB_COMMAND nan_subcmd) return response_type; } + +NanResponseType get_response_type_frm_req_type(NanRequestType cmdType) { + NanResponseType response_type; + + switch (cmdType) { + case NAN_DATA_PATH_IFACE_CREATE: + response_type = NAN_DP_INTERFACE_CREATE; + break; + case NAN_DATA_PATH_IFACE_DELETE: + response_type = NAN_DP_INTERFACE_DELETE; + break; + default: + /* unknown response for a request type */ + response_type = NAN_RESPONSE_ERROR; + break; + } + + return response_type; + +} + static int get_svc_hash(unsigned char *svc_name, u16 svc_name_len, u8 *svc_hash, u16 svc_hash_len) { @@ -4413,7 +4504,8 @@ wifi_error nan_disable_request(transaction_id id, ALOGE("Disable NAN MAC transId= %d\n", id); mac_prim->setId(id); } else { - ALOGE("Invalid transId= %d cur= %d\n", id, mac_prim->getId()); + ALOGE("Invalid transId= %d cur= %d\n", id, + mac_prim ? mac_prim->getId() : -1); } cmd->setChreNan(0); @@ -4844,8 +4936,9 @@ class NanEventCap : public WifiCommand disabled_ind.reason = (NanStatusType)it.get_u8(); ALOGI("Nan Disable:status %u", disabled_ind.reason); } else if (attr_type == NAN_ATTRIBUTE_REASON) { - u8 len = min(it.get_len(), sizeof(disabled_ind.nan_reason)); + u8 len = min(it.get_len(), sizeof(disabled_ind.nan_reason) - 1); memcpy(disabled_ind.nan_reason, it.get_data(), len); + disabled_ind.nan_reason[len] = '\0'; ALOGI("nan disabled reason: %s, len = %d\n", disabled_ind.nan_reason, len); } @@ -4870,8 +4963,9 @@ class NanEventCap : public WifiCommand pub_term_event.reason = (NanStatusType)it.get_u8(); ALOGI("pub termination status %u", pub_term_event.reason); } else if (attr_type == NAN_ATTRIBUTE_REASON) { - u8 len = min(it.get_len(), sizeof(pub_term_event.nan_reason)); + u8 len = min(it.get_len(), sizeof(pub_term_event.nan_reason) - 1); memcpy(pub_term_event.nan_reason, it.get_data(), len); + pub_term_event.nan_reason[len] = '\0'; ALOGI("Pub termination nan reason: %s, len = %d\n", pub_term_event.nan_reason, len); } else { @@ -5001,8 +5095,9 @@ class NanEventCap : public WifiCommand sub_term_event.reason = (NanStatusType)it.get_u8(); ALOGI("sub termination status %u", sub_term_event.reason); } else if (attr_type == NAN_ATTRIBUTE_REASON) { - u8 len = min(it.get_len(), sizeof(sub_term_event.nan_reason)); + u8 len = min(it.get_len(), sizeof(sub_term_event.nan_reason) - 1); memcpy(sub_term_event.nan_reason, it.get_data(), len); + sub_term_event.nan_reason[len] = '\0'; ALOGI("sub termination nan reason: %s, len = %d\n", sub_term_event.nan_reason, len); } else { @@ -5250,8 +5345,9 @@ class NanEventCap : public WifiCommand } else if (attr_type == NAN_ATTRIBUTE_STATUS) { followup_ind.reason = (NanStatusType)it.get_u8(); } else if (attr_type == NAN_ATTRIBUTE_REASON) { - u8 len = min(it.get_len(), sizeof(followup_ind.nan_reason)); + u8 len = min(it.get_len(), sizeof(followup_ind.nan_reason) - 1); memcpy(followup_ind.nan_reason, it.get_data(), len); + followup_ind.nan_reason[len] = '\0'; ALOGI("nan transmit followup ind: reason: %s, len = %d\n", followup_ind.nan_reason, len); } @@ -5337,6 +5433,9 @@ wifi_error nan_data_request_initiator(transaction_id id, #endif /* CONFIG_BRCM */ counters.dp_req++; if (msg->service_name_len) { + u16 len = min(msg->service_name_len, sizeof(msg->service_name) - 1); + msg->service_name[len] = '\0'; + if (strncmp(NAN_OOB_INTEROP_SVC_NAME, (char*)msg->service_name, msg->service_name_len) == 0) { ALOGI("Use Hardcoded svc_hash\n"); @@ -5422,6 +5521,9 @@ wifi_error nan_data_indication_response(transaction_id id, #endif /* CONFIG_BRCM */ counters.dp_resp++; if (msg->service_name_len) { + u16 len = min(msg->service_name_len, sizeof(msg->service_name) - 1); + msg->service_name[len] = '\0'; + if (strncmp(NAN_OOB_INTEROP_SVC_NAME, (char*)msg->service_name, msg->service_name_len) == 0) { ALOGI("Use Hardcoded svc_hash\n"); diff --git a/bcmdhd/wifi_hal/rtt.cpp b/bcmdhd/wifi_hal/rtt.cpp index 6bb0a49..46aa868 100644 --- a/bcmdhd/wifi_hal/rtt.cpp +++ b/bcmdhd/wifi_hal/rtt.cpp @@ -662,6 +662,7 @@ wifi_error wifi_rtt_range_request(wifi_request_id id, wifi_interface_handle ifac return WIFI_ERROR_INVALID_ARGS; } + ALOGI("Rtt range_request; id = %d", id); RttCommand *cmd = new RttCommand(iface, id, num_rtt_config, rtt_config, handler); NULL_CHECK_RETURN(cmd, "memory allocation failure", WIFI_ERROR_OUT_OF_MEMORY); wifi_error result = wifi_register_cmd(handle, id, cmd); @@ -695,9 +696,11 @@ wifi_error wifi_rtt_range_cancel(wifi_request_id id, wifi_interface_handle ifac return WIFI_ERROR_INVALID_ARGS; } + ALOGI("Rtt range_cancel_request; id = %d", id); RttCommand *cmd = new RttCommand(iface, id); NULL_CHECK_RETURN(cmd, "memory allocation failure", WIFI_ERROR_OUT_OF_MEMORY); cmd->cancel_specific(num_devices, addr); + wifi_unregister_cmd(handle, id); cmd->releaseRef(); return WIFI_SUCCESS; } diff --git a/bcmdhd/wifi_hal/wifi_logger.cpp b/bcmdhd/wifi_hal/wifi_logger.cpp index 4d2d8dd..229dc2f 100755 --- a/bcmdhd/wifi_hal/wifi_logger.cpp +++ b/bcmdhd/wifi_hal/wifi_logger.cpp @@ -1035,6 +1035,12 @@ wifi_error wifi_start_logging(wifi_interface_handle iface, u32 verbose_level, } } +typedef struct { + u32 magic; + int num_entries; +} __attribute__((packed)) wifi_ring_buffer_entry_pack; + +#define WIFI_RING_BUFFER_PACK_MAGIC 0xDBAADBAA /////////////////////////////////////////////////////////////////////////////// class SetLogHandler : public WifiCommand @@ -1153,11 +1159,46 @@ public: if (mHandler.on_ring_buffer_data) { /* Skip msg header. Retrieved log */ char *pBuff; - wifi_ring_buffer_entry *buffer_entry = - (wifi_ring_buffer_entry *) buffer; - pBuff = (char *) (buffer_entry + 1); - (*mHandler.on_ring_buffer_data)((char *)status.name, pBuff, - buffer_entry->entry_size, &status); + int num_entries; + int cur_off = 0; + wifi_ring_buffer_entry_pack *pack_hdr = + (wifi_ring_buffer_entry_pack *)buffer; + wifi_ring_buffer_entry *entry_hdr = + (wifi_ring_buffer_entry *)(buffer + sizeof(*pack_hdr)); + cur_off += sizeof(*pack_hdr); + + if (pack_hdr->magic != WIFI_RING_BUFFER_PACK_MAGIC) { + ALOGE("SetLogHandler: magic code is not matched " + "magic:%u ring_name:%s\n", pack_hdr->magic, status.name); + return NL_SKIP; + } + + num_entries = pack_hdr->num_entries; + + while (num_entries > 0) { + /* Check for accesses that exceed the total buffer size */ + if (cur_off + sizeof(*entry_hdr) + entry_hdr->entry_size > buffer_size) { + ALOGE("SetLogHandler: detected invalid access " + "num_entries:%d cur_num:%d buffer_size:%d cur_off:%d " + "hdrsize:%lu entry_size:%d ring_name:%s\n", + pack_hdr->num_entries, num_entries, buffer_size, cur_off, + sizeof(*entry_hdr), entry_hdr->entry_size, status.name); + return NL_SKIP; + } + + /* Copy buffer without hdr to the ringbuffer in LegacyHAL */ + pBuff = (char *)entry_hdr + sizeof(*entry_hdr); + (*mHandler.on_ring_buffer_data)((char *)status.name, pBuff, + entry_hdr->entry_size, &status); + + cur_off += sizeof(*entry_hdr) + entry_hdr->entry_size; + + /* jump to next entry_hdr */ + entry_hdr = (wifi_ring_buffer_entry *)((char *)entry_hdr + sizeof(*entry_hdr) + entry_hdr->entry_size); + + num_entries--; + } + } } else { ALOGE("Unknown Event"); @@ -1198,6 +1239,10 @@ wifi_error wifi_reset_log_handler(wifi_request_id id, wifi_interface_handle ifac wifi_handle handle = getWifiHandle(iface); ALOGE("Loghandler reset, wifi_request_id = %d, handle = %p", id, handle); +#ifdef RING_DUMP + wifi_stop_ring_dump(iface); +#endif /* RING_DUMP */ + if (id == -1) { wifi_ring_buffer_data_handler handler; memset(&handler, 0, sizeof(handler)); @@ -1207,9 +1252,6 @@ wifi_error wifi_reset_log_handler(wifi_request_id id, wifi_interface_handle ifac cmd->cancel(); cmd->releaseRef(); -#ifdef RING_DUMP - wifi_stop_ring_dump(iface, handler); -#endif /* RING_DUMP */ return WIFI_SUCCESS; } @@ -1643,9 +1685,6 @@ public: ring_name[i] = NULL; } } - if (mBuff) { - free(mBuff); - } DUMP_INFO(("Stop Ring Dump Successfully Completed, mErrCode = %d\n", mErrCode)); return WIFI_SUCCESS; @@ -1984,8 +2023,7 @@ wifi_error wifi_start_ring_dump(wifi_interface_handle iface, return result; } -wifi_error wifi_stop_ring_dump(wifi_interface_handle iface, - wifi_ring_buffer_data_handler ring_handle) +wifi_error wifi_stop_ring_dump(wifi_interface_handle iface) { RingDump *cmd = new RingDump(iface, FILE_DUMP_REQUEST_ID); NULL_CHECK_RETURN(cmd, "memory allocation failure", WIFI_ERROR_OUT_OF_MEMORY); |