wlan: Add NULL Check in iwpriv ioctl iw_setint_getnone
iw_setint_getnone can cause crash in monitor mode as hal
context is not initialized.
Modify the code to handle dereferencing hHal in Driver Monitor
mode.
CRs-Fixed: 1040579
Change-Id: If26cfab5374ac34c55e03b887c320c0736a9df23
diff --git a/CORE/HDD/src/wlan_hdd_wext.c b/CORE/HDD/src/wlan_hdd_wext.c
index c7ecdc3..2bd2df2 100644
--- a/CORE/HDD/src/wlan_hdd_wext.c
+++ b/CORE/HDD/src/wlan_hdd_wext.c
@@ -5663,7 +5663,7 @@
union iwreq_data *wrqu, char *extra)
{
hdd_adapter_t *pAdapter;
- tHalHandle hHal;
+ tHalHandle hHal = NULL;
hdd_wext_state_t *pWextState;
hdd_context_t *pHddCtx;
hdd_mon_ctx_t *pMonCtx = NULL;
@@ -5718,8 +5718,8 @@
tSmeConfigParams smeConfig;
memset(&smeConfig, 0x00, sizeof(smeConfig));
- if((ENABLE_11D == set_value) || (DISABLE_11D == set_value)) {
-
+ if(((ENABLE_11D == set_value) || (DISABLE_11D == set_value)) &&
+ (hHal)) {
sme_GetConfigParam(hHal,&smeConfig);
smeConfig.csrConfig.Is11dSupportEnabled = (v_BOOL_t)set_value;
@@ -5764,16 +5764,20 @@
case 0: //Full Power
{
struct statsContext context;
- eHalStatus status;
+ eHalStatus status = eHAL_STATUS_FAILURE;
init_completion(&context.completion);
context.pAdapter = pAdapter;
context.magic = POWER_CONTEXT_MAGIC;
+ if (NULL == hHal)
+ return -EINVAL;
+
status = sme_RequestFullPower(WLAN_HDD_GET_HAL_CTX(pAdapter),
iw_power_callback_fn, &context,
eSME_FULL_PWR_NEEDED_BY_HDD);
+
if (eHAL_STATUS_PMC_PENDING == status)
{
int lrc = wait_for_completion_interruptible_timeout(
@@ -5805,23 +5809,32 @@
break;
}
case 1: //Enable BMPS
- sme_EnablePowerSave(hHal, ePMC_BEACON_MODE_POWER_SAVE);
+ if (hHal)
+ sme_EnablePowerSave(hHal, ePMC_BEACON_MODE_POWER_SAVE);
+ else
+ ret = -EINVAL;
break;
case 2: //Disable BMPS
- sme_DisablePowerSave(hHal, ePMC_BEACON_MODE_POWER_SAVE);
+ if (hHal)
+ sme_DisablePowerSave(hHal, ePMC_BEACON_MODE_POWER_SAVE);
+ else
+ ret = -EINVAL;
break;
case 3: //Request Bmps
{
struct statsContext context;
- eHalStatus status;
+ eHalStatus status = eHAL_STATUS_FAILURE;
init_completion(&context.completion);
context.pAdapter = pAdapter;
context.magic = POWER_CONTEXT_MAGIC;
+ if (NULL == hHal)
+ return -EINVAL;
+
status = sme_RequestBmps(WLAN_HDD_GET_HAL_CTX(pAdapter),
- iw_power_callback_fn, &context);
+ iw_power_callback_fn, &context);
if (eHAL_STATUS_PMC_PENDING == status)
{
int lrc = wait_for_completion_interruptible_timeout(
@@ -5853,26 +5866,44 @@
break;
}
case 4: //Enable IMPS
- sme_EnablePowerSave(hHal, ePMC_IDLE_MODE_POWER_SAVE);
+ if (hHal)
+ sme_EnablePowerSave(hHal, ePMC_IDLE_MODE_POWER_SAVE);
+ else
+ ret = -EINVAL;
break;
case 5: //Disable IMPS
- sme_DisablePowerSave(hHal, ePMC_IDLE_MODE_POWER_SAVE);
+ if (hHal)
+ sme_DisablePowerSave(hHal, ePMC_IDLE_MODE_POWER_SAVE);
+ else
+ ret = -EINVAL;
break;
case 6: //Enable Standby
- sme_EnablePowerSave(hHal, ePMC_STANDBY_MODE_POWER_SAVE);
+ if (hHal)
+ sme_EnablePowerSave(hHal, ePMC_STANDBY_MODE_POWER_SAVE);
+ else
+ ret = -EINVAL;
break;
case 7: //Disable Standby
- sme_DisablePowerSave(hHal, ePMC_STANDBY_MODE_POWER_SAVE);
+ if (hHal)
+ sme_DisablePowerSave(hHal, ePMC_STANDBY_MODE_POWER_SAVE);
+ else
+ ret = -EINVAL;
break;
case 8: //Request Standby
#ifdef CONFIG_HAS_EARLYSUSPEND
#endif
break;
case 9: //Start Auto Bmps Timer
- sme_StartAutoBmpsTimer(hHal);
+ if (hHal)
+ sme_StartAutoBmpsTimer(hHal);
+ else
+ ret = -EINVAL;
break;
case 10://Stop Auto BMPS Timer
- sme_StopAutoBmpsTimer(hHal);
+ if (hHal)
+ sme_StopAutoBmpsTimer(hHal);
+ else
+ ret = -EINVAL;
break;
#ifdef CONFIG_HAS_EARLYSUSPEND
case 11://suspend to standby
@@ -5905,7 +5936,8 @@
case WE_SET_MAX_ASSOC:
{
if ((WNI_CFG_ASSOC_STA_LIMIT_STAMIN > set_value) ||
- (WNI_CFG_ASSOC_STA_LIMIT_STAMAX < set_value))
+ (WNI_CFG_ASSOC_STA_LIMIT_STAMAX < set_value) ||
+ (NULL == hHal))
{
ret = -EINVAL;
}
@@ -5940,6 +5972,9 @@
case WE_SET_DATA_INACTIVITY_TO:
{
+ if (NULL == hHal)
+ return -EINVAL;
+
if ((set_value < CFG_DATA_INACTIVITY_TIMEOUT_MIN) ||
(set_value > CFG_DATA_INACTIVITY_TIMEOUT_MAX) ||
(ccmCfgSetInt((WLAN_HDD_GET_CTX(pAdapter))->hHal,
@@ -5959,6 +5994,9 @@
tSirMacAddr bssid = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF};
tSirMacAddr selfMac = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF};
+ if (NULL == hHal)
+ return -EINVAL;
+
hddLog(VOS_TRACE_LEVEL_INFO, "%s: Setting maximum tx power %d dBm",
__func__, set_value);
if( sme_SetMaxTxPower(hHal, bssid, selfMac, set_value) !=
@@ -6073,7 +6111,10 @@
{
hdd_context_t *pHddCtx = WLAN_HDD_GET_CTX(pAdapter);
pHddCtx->cfg_ini->gEnableDebugLog = set_value;
- sme_UpdateConnectDebug(pHddCtx->hHal, set_value);
+ if (hHal)
+ sme_UpdateConnectDebug(pHddCtx->hHal, set_value);
+ else
+ ret = -1;
break;
}
#ifdef FEATURE_WLAN_TDLS
@@ -6111,8 +6152,9 @@
}
hddLog(LOG1, "WE_SET_BAND_PREFERRENCE val %d ", set_value);
- if (eCSR_BAND_ALL == set_value ||
- eCSR_BAND_24 == set_value || eCSR_BAND_5G == set_value) {
+ if ((eCSR_BAND_ALL == set_value ||
+ eCSR_BAND_24 == set_value || eCSR_BAND_5G == set_value) &&
+ (hHal)) {
sme_GetConfigParam(hHal, &smeConfig);
smeConfig.csrConfig.scanBandPreference = set_value;
@@ -6139,6 +6181,9 @@
hddLog(LOG1, FL(
"Set Miracast vendor tuning %d"), set_value);
+ if (NULL == hHal)
+ return -EINVAL;
+
if (1 == set_value || 0 == set_value)
{
if (eHAL_STATUS_SUCCESS != sme_SetMiracastVendorConfig(pHddCtx->hHal,
@@ -6171,7 +6216,7 @@
{
VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_INFO,
"%s: TDLS_2040_BSS_COEXISTENCE %d", __func__, set_value);
- if (set_value == 0 || set_value == 1)
+ if ((set_value == 0 || set_value == 1) && (hHal))
{
sme_SetTdls2040BSSCoexistence(WLAN_HDD_GET_HAL_CTX(pAdapter),
set_value);
@@ -6193,6 +6238,9 @@
hddLog( LOG1, FL("WE_SET_RTS_CTS_HTVHT set value %d"), set_value);
+ if (NULL == hHal)
+ return -EINVAL;
+
if (eHAL_STATUS_SUCCESS !=
sme_SetRtsCtsHtVht( pHddCtx->hHal, set_value))
{
@@ -7730,7 +7778,7 @@
union iwreq_data *wrqu, char *extra)
{
hdd_adapter_t *pAdapter;
- tHalHandle hHal;
+ tHalHandle hHal = NULL;
int sub_cmd;
int *apps_args = (int *) extra;
hdd_station_ctx_t *pStaCtx = NULL ;
@@ -7813,9 +7861,9 @@
hddLog(LOG1, "%s: LOG_DUMP %d arg1 %d arg2 %d arg3 %d arg4 %d",
__func__, apps_args[0], apps_args[1], apps_args[2],
apps_args[3], apps_args[4]);
-
- logPrintf(hHal, apps_args[0], apps_args[1], apps_args[2],
- apps_args[3], apps_args[4]);
+ if (hHal)
+ logPrintf(hHal, apps_args[0], apps_args[1], apps_args[2],
+ apps_args[3], apps_args[4]);
}
break;
@@ -7871,8 +7919,9 @@
"bitmask_of_module %d ",
__func__, apps_args[0], apps_args[1], apps_args[2],
apps_args[3]);
- vosTraceDumpAll((void*)hHal , apps_args[0], apps_args[1],
- apps_args[2], apps_args[3]);
+ if (hHal)
+ vosTraceDumpAll((void*)hHal , apps_args[0], apps_args[1],
+ apps_args[2], apps_args[3]);
}
break;
@@ -7883,7 +7932,9 @@
// in the Riva dump command
if((apps_args[0] >= 40 ) && (apps_args[0] <= 160 ))
{
- logPrintf(hHal, cmd, staId, apps_args[0], apps_args[1], apps_args[2]);
+ if (hHal)
+ logPrintf(hHal, cmd, staId, apps_args[0], apps_args[1],
+ apps_args[2]);
}
else
{