qcacmn: Merge tag 'LA.UM.8.1.r1-15600-sm8150.0' into neutrino-msm-hot…

…dogb-4.14 "LA.UM.8.1.r1-15600-sm8150.0" * tag 'LA.UM.8.1.r1-15600-sm8150.0': qcacmn: Fix buffer overflow while memcpy of pmk_ext qcacmn: Use IS_ENABLED for the definition of kernel module qcacmn: Get the valid vdev in get_vdev_by_macaddr_from_pdev qcacmn: Add check in policy_mgr_dump_channel_list qcacmn: Add INI for P2P GO force SCC qcacmn: Clean up logs in Tdls path qcacmn: Fix OOB issue in wlan_parse_rsn_ie Signed-off-by: Adam W. Willis <return.of.octobot@gmail.com>
0ctobot · Aug 26, 2020 · 35a1bcf · 35a1bcf
2 parents 6ac73be + 20b2b5e
commit 35a1bcf
Show file tree

Hide file tree

Showing 8 changed files with 62 additions and 27 deletions.
diff --git a/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/i_qdf_mem.h b/drivers/staging/qca-wifi-host-cmn/qdf/linux/src/i_qdf_mem.h
@@ -61,7 +61,7 @@
 #endif /* __KERNEL__ */
 #include <qdf_status.h>
 
-#ifdef CONFIG_ARM_SMMU
+#if IS_ENABLED(CONFIG_ARM_SMMU)
 #include <pld_common.h>
 #include <asm/dma-iommu.h>
 #include <linux/iommu.h>
@@ -212,7 +212,7 @@ static inline bool __qdf_mem_smmu_s1_enabled(qdf_device_t osdev)
 	return osdev->smmu_s1_enabled;
 }
 
-#ifdef CONFIG_ARM_SMMU
+#if IS_ENABLED(CONFIG_ARM_SMMU)
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 19, 0))
 /**
  * __qdf_dev_get_domain() - get iommu domain from osdev

diff --git a/drivers/staging/qca-wifi-host-cmn/umac/cmn_services/cmn_defs/inc/wlan_cmn_ieee80211.h b/drivers/staging/qca-wifi-host-cmn/umac/cmn_services/cmn_defs/inc/wlan_cmn_ieee80211.h
@@ -1510,7 +1510,8 @@ static inline QDF_STATUS wlan_parse_rsn_ie(uint8_t *rsn_ie,
 		rsn->pmkid_count = LE_READ_2(ie);
 		ie += 2;
 		rem_len -= 2;
-		if (rsn->pmkid_count > (unsigned int) rem_len / PMKID_LEN) {
+		if (rsn->pmkid_count > MAX_PMKID ||
+		    rsn->pmkid_count > (unsigned int)rem_len / PMKID_LEN) {
 			rsn->pmkid_count = 0;
 			return QDF_STATUS_E_INVAL;
 		}

diff --git a/drivers/staging/qca-wifi-host-cmn/umac/cmn_services/obj_mgr/src/wlan_objmgr_pdev_obj.c b/drivers/staging/qca-wifi-host-cmn/umac/cmn_services/obj_mgr/src/wlan_objmgr_pdev_obj.c
@@ -711,14 +711,13 @@ struct wlan_objmgr_vdev *wlan_objmgr_get_vdev_by_macaddr_from_pdev(
 	/* Iterate through pdev's vdev list, till vdev macaddr matches with
 	entry of vdev list */
 	while (vdev != NULL) {
-		if (WLAN_ADDR_EQ(wlan_vdev_mlme_get_macaddr(vdev), macaddr)
-					== QDF_STATUS_SUCCESS) {
-			if (wlan_objmgr_vdev_try_get_ref(vdev, dbg_id) !=
-							QDF_STATUS_SUCCESS)
-				vdev = NULL;
-
-			wlan_pdev_obj_unlock(pdev);
-			return vdev;
+		if (QDF_IS_STATUS_SUCCESS(
+		    WLAN_ADDR_EQ(wlan_vdev_mlme_get_macaddr(vdev), macaddr))) {
+			if (QDF_IS_STATUS_SUCCESS(
+				wlan_objmgr_vdev_try_get_ref(vdev, dbg_id))) {
+				wlan_pdev_obj_unlock(pdev);
+				return vdev;
+			}
 		}
 		/* get next vdev */
 		vdev_next = wlan_vdev_get_next_vdev_of_pdev(vdev_list, vdev);

diff --git a/drivers/staging/qca-wifi-host-cmn/umac/cmn_services/policy_mgr/inc/wlan_policy_mgr_api.h b/drivers/staging/qca-wifi-host-cmn/umac/cmn_services/policy_mgr/inc/wlan_policy_mgr_api.h
@@ -2262,6 +2262,16 @@ bool policy_mgr_is_safe_channel(struct wlan_objmgr_psoc *psoc,
  */
 bool policy_mgr_is_force_scc(struct wlan_objmgr_psoc *psoc);
 
+/**
+ * policy_mgr_go_scc_enforced() - Get GO force SCC enabled or not
+ * @psoc: psoc object
+ *
+ * This function checks if force SCC logic should be used on GO interface.
+ *
+ * Return: True if allow GO force SCC
+ */
+bool policy_mgr_go_scc_enforced(struct wlan_objmgr_psoc *psoc);
+
 /**
  * policy_mgr_valid_sap_conc_channel_check() - checks & updates
  * the channel SAP to come up on in case of STA+SAP concurrency

diff --git a/...taging/qca-wifi-host-cmn/umac/cmn_services/policy_mgr/inc/wlan_policy_mgr_public_struct.h b/...taging/qca-wifi-host-cmn/umac/cmn_services/policy_mgr/inc/wlan_policy_mgr_public_struct.h
@@ -1008,6 +1008,7 @@ struct dual_mac_config {
  * Default is DBS for STA+STA and STA+P2P.
  * @sta_sap_scc_on_lte_coex_chan: Is STA+SAP SCC allowed on a
  *                              lte coex channel
+ * @go_force_scc: Enable/Disable P2P GO force SCC
  * @enable_dfs_master_cap: Is DFS master capability enabled
  */
 struct policy_mgr_user_cfg {
@@ -1020,6 +1021,7 @@ struct policy_mgr_user_cfg {
 	uint32_t is_sta_sap_scc_allowed_on_dfs_chan;
 	uint32_t channel_select_logic_conc;
 	uint32_t sta_sap_scc_on_lte_coex_chan;
+	uint32_t go_force_scc;
 	uint8_t enable_dfs_master_cap;
 };
 

diff --git a/...taging/qca-wifi-host-cmn/umac/cmn_services/policy_mgr/src/wlan_policy_mgr_get_set_utils.c b/...taging/qca-wifi-host-cmn/umac/cmn_services/policy_mgr/src/wlan_policy_mgr_get_set_utils.c
@@ -3368,3 +3368,24 @@ bool policy_mgr_is_sta_sap_scc(struct wlan_objmgr_psoc *psoc, uint8_t sap_ch)
 
 	return is_scc;
 }
+
+bool policy_mgr_go_scc_enforced(struct wlan_objmgr_psoc *psoc)
+{
+	uint32_t mcc_to_scc_switch;
+	struct policy_mgr_psoc_priv_obj *pm_ctx;
+
+	pm_ctx = policy_mgr_get_context(psoc);
+	if (!pm_ctx) {
+		policy_mgr_err("Invalid Context");
+		return false;
+	}
+	mcc_to_scc_switch = pm_ctx->user_cfg.mcc_to_scc_switch_mode;
+	if (mcc_to_scc_switch ==
+	    QDF_MCC_TO_SCC_SWITCH_FORCE_PREFERRED_WITHOUT_DISCONNECTION)
+		return true;
+
+	if (pm_ctx->user_cfg.go_force_scc && policy_mgr_is_force_scc(psoc))
+		return true;
+
+	return false;
+}
diff --git a/drivers/staging/qca-wifi-host-cmn/umac/cmn_services/policy_mgr/src/wlan_policy_mgr_pcl.c b/drivers/staging/qca-wifi-host-cmn/umac/cmn_services/policy_mgr/src/wlan_policy_mgr_pcl.c
@@ -1935,7 +1935,7 @@ bool policy_mgr_dump_channel_list(uint32_t len, uint8_t *pcl_channels,
 		return false;
 
 	policymgr_nofl_debug("Total PCL Chan Freq %d", len);
-	for (idx = 0; idx < len; idx++) {
+	for (idx = 0; idx < len && idx < QDF_MAX_NUM_CHAN; idx++) {
 		num += qdf_scnprintf(chan_buff + num, buff_len - num, " %d[%d]",
 				     pcl_channels[idx], pcl_weight[idx]);
 		count++;

diff --git a/drivers/staging/qca-wifi-host-cmn/wmi/src/wmi_unified_tlv.c b/drivers/staging/qca-wifi-host-cmn/wmi/src/wmi_unified_tlv.c
@@ -6473,6 +6473,8 @@ wmi_fill_sae_single_pmk_param(struct roam_offload_scan_params *params,
 }
 #endif
 
+#define ROAM_OFFLOAD_PMK_EXT_BYTES 16
+
 /**
  * send_roam_scan_offload_mode_cmd_tlv() - send roam scan mode request to fw
  * @wmi_handle: wmi handle
@@ -6775,17 +6777,17 @@ static QDF_STATUS send_roam_scan_offload_mode_cmd_tlv(wmi_unified_t wmi_handle,
 					     roam_req->psk_pmk,
 					     roam_offload_11i->pmk_len);
 
-				if (auth_mode ==
-				   WMI_AUTH_RSNA_SUITE_B_8021X_SHA384) {
-					roam_offload_11i->pmk_ext_len =
-						(roam_req->pmk_len -
-						 ROAM_OFFLOAD_PMK_BYTES);
-					qdf_mem_copy(roam_offload_11i->pmk_ext,
-						     &roam_req->psk_pmk[
-							ROAM_OFFLOAD_PMK_BYTES],
-						     roam_offload_11i->
-							pmk_ext_len);
-				}
+				roam_offload_11i->pmk_ext_len =
+					((roam_req->pmk_len >
+					 ROAM_OFFLOAD_PMK_BYTES) &&
+					 (auth_mode ==
+					 WMI_AUTH_RSNA_SUITE_B_8021X_SHA384)) ?
+					ROAM_OFFLOAD_PMK_EXT_BYTES : 0;
+
+				qdf_mem_copy(roam_offload_11i->pmk_ext,
+					     &roam_req->psk_pmk[
+					     ROAM_OFFLOAD_PMK_BYTES],
+					     roam_offload_11i->pmk_ext_len);
 
 				WMITLV_SET_HDR(&roam_offload_11i->tlv_header,
 				WMITLV_TAG_STRUC_wmi_roam_11i_offload_tlv_param,
@@ -10710,14 +10712,14 @@ static QDF_STATUS send_update_tdls_peer_state_cmd_tlv(wmi_unified_t wmi_handle,
 	peer_cap->peer_operclass_len =
 		peerStateParams->peerCap.peerOperClassLen;
 
-	WMI_LOGD("%s: peer_operclass_len: %d",
-		 __func__, peer_cap->peer_operclass_len);
+	WMI_LOGD("peer_operclass_len: %d", peer_cap->peer_operclass_len);
 	for (i = 0; i < WMI_TDLS_MAX_SUPP_OPER_CLASSES; i++) {
 		peer_cap->peer_operclass[i] =
 			peerStateParams->peerCap.peerOperClass[i];
-		WMI_LOGD("%s: peer_operclass[%d]: %d",
-			 __func__, i, peer_cap->peer_operclass[i]);
 	}
+	qdf_trace_hex_dump(QDF_MODULE_ID_WMI, QDF_TRACE_LEVEL_DEBUG,
+			   (uint8_t *)peer_cap->peer_operclass,
+			   WMI_TDLS_MAX_SUPP_OPER_CLASSES);
 
 	peer_cap->is_peer_responder = peerStateParams->peerCap.isPeerResponder;
 	peer_cap->pref_offchan_num = peerStateParams->peerCap.prefOffChanNum;