wlan: Protect nl80211 vendor commands from SSR
Protect nl80211 vendor commands from accessing deallocated
and unitialized data structures while SSR is in progress.
Change-Id: I8983cacc86e02389521679c86f1d7869dd3510a3
CRs-Fixed: 787916
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index cb2bba9..1f99c6d 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -1673,10 +1673,10 @@
{ .type = NLA_U32 },
};
-static int wlan_hdd_cfg80211_ll_stats_set(struct wiphy *wiphy,
- struct wireless_dev *wdev,
- const void *data,
- int data_len)
+static int __wlan_hdd_cfg80211_ll_stats_set(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data,
+ int data_len)
{
int status;
struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_LL_STATS_SET_MAX + 1];
@@ -1791,6 +1791,19 @@
return 0;
}
+static int wlan_hdd_cfg80211_ll_stats_set(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data,
+ int data_len)
+{
+ int ret = 0;
+
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_ll_stats_set(wiphy, wdev, data, data_len);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+}
const struct
nla_policy
@@ -1809,10 +1822,10 @@
[QCA_WLAN_VENDOR_ATTR_LL_STATS_GET_CONFIG_REQ_MASK] = { .type = NLA_U32 },
};
-static int wlan_hdd_cfg80211_ll_stats_get(struct wiphy *wiphy,
- struct wireless_dev *wdev,
- const void *data,
- int data_len)
+static int __wlan_hdd_cfg80211_ll_stats_get(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data,
+ int data_len)
{
hdd_context_t *pHddCtx = wiphy_priv(wiphy);
struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_LL_STATS_GET_MAX + 1];
@@ -1904,6 +1917,20 @@
return 0;
}
+static int wlan_hdd_cfg80211_ll_stats_get(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data,
+ int data_len)
+{
+ int ret = 0;
+
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_ll_stats_get(wiphy, wdev, data, data_len);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+}
+
const struct
nla_policy
qca_wlan_vendor_ll_clr_policy[QCA_WLAN_VENDOR_ATTR_LL_STATS_CLR_MAX +1] =
@@ -1914,10 +1941,10 @@
[QCA_WLAN_VENDOR_ATTR_LL_STATS_CLR_CONFIG_STOP_RSP] = {.type = NLA_U8 },
};
-static int wlan_hdd_cfg80211_ll_stats_clear(struct wiphy *wiphy,
- struct wireless_dev *wdev,
- const void *data,
- int data_len)
+static int __wlan_hdd_cfg80211_ll_stats_clear(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data,
+ int data_len)
{
hdd_context_t *pHddCtx = wiphy_priv(wiphy);
struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_LL_STATS_CLR_MAX + 1];
@@ -2058,6 +2085,21 @@
}
return -EINVAL;
}
+static int wlan_hdd_cfg80211_ll_stats_clear(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data,
+ int data_len)
+{
+ int ret = 0;
+
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_ll_stats_clear(wiphy, wdev, data, data_len);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+
+
+}
#endif /* WLAN_FEATURE_LINK_LAYER_STATS */
#ifdef WLAN_FEATURE_EXTSCAN
@@ -3090,9 +3132,9 @@
}
}
-static int wlan_hdd_cfg80211_extscan_get_capabilities(struct wiphy *wiphy,
- struct wireless_dev *wdev,
- const void *data, int dataLen)
+static int __wlan_hdd_cfg80211_extscan_get_capabilities(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data, int dataLen)
{
tSirGetEXTScanCapabilitiesReqParams reqMsg;
struct net_device *dev = wdev->netdev;
@@ -3150,10 +3192,22 @@
return 0;
}
+static int wlan_hdd_cfg80211_extscan_get_capabilities(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data, int dataLen)
+{
+ int ret = 0;
-static int wlan_hdd_cfg80211_extscan_get_cached_results(struct wiphy *wiphy,
- struct wireless_dev *wdev,
- const void *data, int dataLen)
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_extscan_get_capabilities(wiphy, wdev, data, dataLen);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+}
+
+static int __wlan_hdd_cfg80211_extscan_get_cached_results(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data, int dataLen)
{
tSirEXTScanGetCachedResultsReqParams reqMsg;
struct net_device *dev = wdev->netdev;
@@ -3222,8 +3276,20 @@
failed:
return -EINVAL;
}
+static int wlan_hdd_cfg80211_extscan_get_cached_results(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data, int dataLen)
+{
+ int ret = 0;
-static int wlan_hdd_cfg80211_extscan_set_bssid_hotlist(struct wiphy *wiphy,
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_extscan_get_cached_results(wiphy, wdev, data, dataLen);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+}
+
+static int __wlan_hdd_cfg80211_extscan_set_bssid_hotlist(struct wiphy *wiphy,
struct wireless_dev *wdev,
const void *data, int dataLen)
{
@@ -3359,7 +3425,21 @@
return -EINVAL;
}
-static int wlan_hdd_cfg80211_extscan_set_significant_change(struct wiphy *wiphy,
+static int wlan_hdd_cfg80211_extscan_set_bssid_hotlist(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data, int dataLen)
+{
+ int ret = 0;
+
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_extscan_set_bssid_hotlist(wiphy, wdev, data,
+ dataLen);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+}
+
+static int __wlan_hdd_cfg80211_extscan_set_significant_change(struct wiphy *wiphy,
struct wireless_dev *wdev,
const void *data, int dataLen)
{
@@ -3526,7 +3606,21 @@
return -EINVAL;
}
-static int wlan_hdd_cfg80211_extscan_get_valid_channels(struct wiphy *wiphy,
+static int wlan_hdd_cfg80211_extscan_set_significant_change(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data, int dataLen)
+{
+ int ret = 0;
+
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_extscan_set_significant_change(wiphy, wdev, data,
+ dataLen);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+}
+
+static int __wlan_hdd_cfg80211_extscan_get_valid_channels(struct wiphy *wiphy,
struct wireless_dev *wdev,
const void *data, int dataLen)
{
@@ -3618,7 +3712,21 @@
return cfg80211_vendor_cmd_reply(replySkb);
}
-static int wlan_hdd_cfg80211_extscan_start(struct wiphy *wiphy,
+static int wlan_hdd_cfg80211_extscan_get_valid_channels(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data, int dataLen)
+{
+ int ret = 0;
+
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_extscan_get_valid_channels(wiphy, wdev, data,
+ dataLen);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+}
+
+static int __wlan_hdd_cfg80211_extscan_start(struct wiphy *wiphy,
struct wireless_dev *wdev,
const void *data, int dataLen)
{
@@ -3856,7 +3964,20 @@
return -EINVAL;
}
-static int wlan_hdd_cfg80211_extscan_stop(struct wiphy *wiphy,
+static int wlan_hdd_cfg80211_extscan_start(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data, int dataLen)
+{
+ int ret = 0;
+
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_extscan_start(wiphy, wdev, data, dataLen);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+}
+
+static int __wlan_hdd_cfg80211_extscan_stop(struct wiphy *wiphy,
struct wireless_dev *wdev,
const void *data, int dataLen)
{
@@ -3913,7 +4034,20 @@
return 0;
}
-static int wlan_hdd_cfg80211_extscan_reset_bssid_hotlist(struct wiphy *wiphy,
+static int wlan_hdd_cfg80211_extscan_stop(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data, int dataLen)
+{
+ int ret = 0;
+
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_extscan_stop(wiphy, wdev, data, dataLen);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+}
+
+static int __wlan_hdd_cfg80211_extscan_reset_bssid_hotlist(struct wiphy *wiphy,
struct wireless_dev *wdev,
const void *data, int dataLen)
{
@@ -3970,7 +4104,20 @@
return 0;
}
-static int wlan_hdd_cfg80211_extscan_reset_significant_change(
+static int wlan_hdd_cfg80211_extscan_reset_bssid_hotlist(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data, int dataLen)
+{
+ int ret = 0;
+
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_extscan_reset_bssid_hotlist(wiphy, wdev, data, dataLen);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+}
+
+static int __wlan_hdd_cfg80211_extscan_reset_significant_change(
struct wiphy *wiphy,
struct wireless_dev *wdev,
const void *data, int dataLen)
@@ -4031,6 +4178,21 @@
return 0;
}
+static int wlan_hdd_cfg80211_extscan_reset_significant_change(
+ struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data, int dataLen)
+{
+ int ret = 0;
+
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_extscan_reset_significant_change(wiphy,
+ wdev, data,
+ dataLen);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+}
#endif /* WLAN_FEATURE_EXTSCAN */
/*EXT TDLS*/
@@ -4085,7 +4247,7 @@
[QCA_WLAN_VENDOR_ATTR_SET_SCANNING_MAC_OUI] = {.type = NLA_UNSPEC },
};
-static int wlan_hdd_cfg80211_set_spoofed_mac_oui(struct wiphy *wiphy,
+static int __wlan_hdd_cfg80211_set_spoofed_mac_oui(struct wiphy *wiphy,
struct wireless_dev *wdev,
const void *data,
int data_len)
@@ -4146,7 +4308,21 @@
return 0;
}
-static int wlan_hdd_cfg80211_exttdls_get_status(struct wiphy *wiphy,
+static int wlan_hdd_cfg80211_set_spoofed_mac_oui(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data,
+ int data_len)
+{
+ int ret = 0;
+
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_set_spoofed_mac_oui(wiphy, wdev, data, data_len);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+}
+
+static int __wlan_hdd_cfg80211_exttdls_get_status(struct wiphy *wiphy,
struct wireless_dev *wdev,
const void *data,
int data_len)
@@ -4236,6 +4412,20 @@
return -EINVAL;
}
+static int wlan_hdd_cfg80211_exttdls_get_status(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data,
+ int data_len)
+{
+ int ret = 0;
+
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_exttdls_get_status(wiphy, wdev, data, data_len);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+}
+
static int wlan_hdd_cfg80211_exttdls_callback(tANI_U8* mac,
tANI_S32 state,
tANI_S32 reason,
@@ -4304,7 +4494,7 @@
return -EINVAL;
}
-static int wlan_hdd_cfg80211_exttdls_enable(struct wiphy *wiphy,
+static int __wlan_hdd_cfg80211_exttdls_enable(struct wiphy *wiphy,
struct wireless_dev *wdev,
const void *data,
int data_len)
@@ -4391,7 +4581,21 @@
wlan_hdd_cfg80211_exttdls_callback));
}
-static int wlan_hdd_cfg80211_exttdls_disable(struct wiphy *wiphy,
+static int wlan_hdd_cfg80211_exttdls_enable(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data,
+ int data_len)
+{
+ int ret = 0;
+
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_exttdls_enable(wiphy, wdev, data, data_len);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+}
+
+static int __wlan_hdd_cfg80211_exttdls_disable(struct wiphy *wiphy,
struct wireless_dev *wdev,
const void *data,
int data_len)
@@ -4433,8 +4637,22 @@
return (wlan_hdd_tdls_extctrl_deconfig_peer(pAdapter, peer));
}
+static int wlan_hdd_cfg80211_exttdls_disable(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data,
+ int data_len)
+{
+ int ret = 0;
+
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_exttdls_disable(wiphy, wdev, data, data_len);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+}
+
static int
-wlan_hdd_cfg80211_get_supported_features(struct wiphy *wiphy,
+__wlan_hdd_cfg80211_get_supported_features(struct wiphy *wiphy,
struct wireless_dev *wdev,
const void *data, int data_len)
{
@@ -4443,7 +4661,16 @@
hdd_context_t *pHddCtx = wiphy_priv(wiphy);
struct sk_buff *skb = NULL;
tANI_U32 fset = 0;
+ int ret = 0;
+
+ ret = wlan_hdd_validate_context(pHddCtx);
+ if (0 != ret)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ "%s: HDD context is not valid (%d)",__func__, ret);
+ return ret;
+ }
if (wiphy->interface_modes & BIT(NL80211_IFTYPE_STATION)) {
hddLog(LOG1, FL("Infra Station mode is supported by driver"));
fset |= WIFI_FEATURE_INFRA;
@@ -4544,7 +4771,21 @@
}
static int
-wlan_hdd_cfg80211_get_concurrency_matrix(struct wiphy *wiphy,
+wlan_hdd_cfg80211_get_supported_features(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data, int data_len)
+{
+ int ret = 0;
+
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_get_supported_features(wiphy, wdev, data, data_len);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+}
+
+static int
+__wlan_hdd_cfg80211_get_concurrency_matrix(struct wiphy *wiphy,
struct wireless_dev *wdev,
const void *data, int data_len)
{
@@ -4552,9 +4793,19 @@
uint8_t i, feature_sets, max_feature_sets;
struct nlattr *tb[QCA_WLAN_VENDOR_ATTR_GET_CONCURRENCY_MATRIX_MAX + 1];
struct sk_buff *reply_skb;
+ hdd_context_t *pHddCtx = wiphy_priv(wiphy);
+ int ret;
ENTER();
+ ret = wlan_hdd_validate_context(pHddCtx);
+ if (0 != ret)
+ {
+ VOS_TRACE(VOS_MODULE_ID_HDD, VOS_TRACE_LEVEL_ERROR,
+ "%s: HDD context is not valid, ret = %d",__func__, ret);
+ return ret;
+ }
+
if (nla_parse(tb, QCA_WLAN_VENDOR_ATTR_GET_CONCURRENCY_MATRIX_MAX,
data, data_len, NULL)) {
hddLog(LOGE, FL("Invalid ATTR"));
@@ -4624,6 +4875,21 @@
return -EINVAL;
}
+static int
+wlan_hdd_cfg80211_get_concurrency_matrix(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data, int data_len)
+{
+ int ret = 0;
+
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_get_concurrency_matrix(wiphy, wdev, data,
+ data_len);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+}
+
static const struct nla_policy
wlan_hdd_set_no_dfs_flag_config_policy[QCA_WLAN_VENDOR_ATTR_SET_NO_DFS_FLAG_MAX
+1] =
@@ -4631,7 +4897,7 @@
[QCA_WLAN_VENDOR_ATTR_SET_NO_DFS_FLAG] = {.type = NLA_U32 },
};
-static int wlan_hdd_cfg80211_disable_dfs_channels(struct wiphy *wiphy,
+static int __wlan_hdd_cfg80211_disable_dfs_channels(struct wiphy *wiphy,
struct wireless_dev *wdev,
const void *data,
int data_len)
@@ -4675,6 +4941,21 @@
return 0;
}
+static int wlan_hdd_cfg80211_disable_dfs_channels(struct wiphy *wiphy,
+ struct wireless_dev *wdev,
+ const void *data,
+ int data_len)
+{
+ int ret = 0;
+
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_disable_dfs_channels(wiphy, wdev, data, data_len);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+
+}
+
const struct
nla_policy qca_wlan_vendor_attr[QCA_WLAN_VENDOR_ATTR_MAX+1] =
{
@@ -4682,7 +4963,7 @@
[QCA_WLAN_VENDOR_ATTR_MAC_ADDR] = { .type = NLA_UNSPEC },
};
-static int wlan_hdd_cfg80211_firmware_roaming(struct wiphy *wiphy,
+static int __wlan_hdd_cfg80211_firmware_roaming(struct wiphy *wiphy,
struct wireless_dev *wdev, const void *data, int data_len)
{
@@ -4693,10 +4974,11 @@
v_U32_t isFwrRoamEnabled = FALSE;
int ret;
- if (NULL == pHddCtx) {
+ ret = wlan_hdd_validate_context(pHddCtx);
+ if (0 != ret) {
hddLog(VOS_TRACE_LEVEL_ERROR,
- FL("HDD context is not valid"));
- return -EINVAL;
+ FL("HDD context is not valid, ret = %d"), ret);
+ return ret;
}
ret = nla_parse(tb, QCA_WLAN_VENDOR_ATTR_MAX,
@@ -4734,6 +5016,18 @@
return status;
}
+static int wlan_hdd_cfg80211_firmware_roaming(struct wiphy *wiphy,
+ struct wireless_dev *wdev, const void *data, int data_len)
+{
+ int ret = 0;
+
+ vos_ssr_protect(__func__);
+ ret = __wlan_hdd_cfg80211_firmware_roaming(wiphy, wdev, data, data_len);
+ vos_ssr_unprotect(__func__);
+
+ return ret;
+}
+
const struct wiphy_vendor_command hdd_wiphy_vendor_commands[] =
{
{