prima: Add oem data rsp length
Currently NEW_OEM_DATA_RSP_SIZE no of bytes are defined statically
between host and fw for oem rsp exchange. But fw is not using all
of those bytes which results in lowi reading data from unauthorized
memory locations. Fix this by sending proper length to LOWI.
Change-Id: Idb1176111a9585b8f727fb01dda1a6079151c867
CRs-Fixed: 965180
diff --git a/CORE/HDD/inc/wlan_hdd_cfg80211.h b/CORE/HDD/inc/wlan_hdd_cfg80211.h
index 8192270..dfd9250 100644
--- a/CORE/HDD/inc/wlan_hdd_cfg80211.h
+++ b/CORE/HDD/inc/wlan_hdd_cfg80211.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2015 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2016 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -1365,7 +1365,7 @@
#ifdef FEATURE_OEM_DATA_SUPPORT
void wlan_hdd_cfg80211_oemdata_callback(void *ctx, const tANI_U16 evType,
- void *pMsg);
+ void *pMsg, tANI_U32 evLen);
#endif /* FEATURE_OEM_DATA_SUPPORT */
#if !(defined (SUPPORT_WDEV_CFG80211_VENDOR_EVENT_ALLOC))
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index 48223a1..68b6c7d 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -19211,7 +19211,7 @@
#ifdef FEATURE_OEM_DATA_SUPPORT
static void wlan_hdd_cfg80211_oem_data_rsp_ind_new(void *ctx,
- void *pMsg)
+ void *pMsg, tANI_U32 evLen)
{
hdd_context_t *pHddCtx = (hdd_context_t *)ctx;
@@ -19226,7 +19226,7 @@
return;
}
- send_oem_data_rsp_msg(sizeof(tOemDataRspNew), pMsg);
+ send_oem_data_rsp_msg(evLen, pMsg);
EXIT();
return;
@@ -19234,7 +19234,7 @@
}
void wlan_hdd_cfg80211_oemdata_callback(void *ctx, const tANI_U16 evType,
- void *pMsg)
+ void *pMsg, tANI_U32 evLen)
{
hdd_context_t *pHddCtx = (hdd_context_t *)ctx;
@@ -19244,11 +19244,11 @@
return;
}
- hddLog(VOS_TRACE_LEVEL_INFO, FL("Rcvd Event (%d)"), evType);
+ hddLog(VOS_TRACE_LEVEL_INFO, FL("Rcvd Event (%d) evLen %d"), evType, evLen);
switch(evType) {
case SIR_HAL_START_OEM_DATA_RSP_IND_NEW:
- wlan_hdd_cfg80211_oem_data_rsp_ind_new(ctx, pMsg);
+ wlan_hdd_cfg80211_oem_data_rsp_ind_new(ctx, pMsg, evLen);
break;
default:
hddLog(VOS_TRACE_LEVEL_ERROR, FL("invalid event type %d "), evType);
diff --git a/CORE/HDD/src/wlan_hdd_oemdata.c b/CORE/HDD/src/wlan_hdd_oemdata.c
index 93da9dc..ca2c812 100644
--- a/CORE/HDD/src/wlan_hdd_oemdata.c
+++ b/CORE/HDD/src/wlan_hdd_oemdata.c
@@ -582,7 +582,7 @@
\return - 0 for success, non zero for failure
--------------------------------------------------------------------------*/
-void send_oem_data_rsp_msg(int length, tANI_U8 *oemDataRsp)
+void send_oem_data_rsp_msg(tANI_U32 length, tANI_U8 *oemDataRsp)
{
struct sk_buff *skb;
struct nlmsghdr *nlh;
@@ -604,7 +604,7 @@
return;
}
- skb = alloc_skb(NLMSG_SPACE(sizeof(tAniMsgHdr) + NEW_OEM_DATA_RSP_SIZE),
+ skb = alloc_skb(NLMSG_SPACE(sizeof(tAniMsgHdr) + length),
GFP_KERNEL);
if (skb == NULL)
{
diff --git a/CORE/SME/inc/oemDataApi.h b/CORE/SME/inc/oemDataApi.h
index 25d3b1a..fa8dccc 100644
--- a/CORE/SME/inc/oemDataApi.h
+++ b/CORE/SME/inc/oemDataApi.h
@@ -163,7 +163,7 @@
/*************************************************************************************************************/
-void send_oem_data_rsp_msg(int length, tANI_U8 *oemDataRsp);
+void send_oem_data_rsp_msg(tANI_U32 length, tANI_U8 *oemDataRsp);
#endif //_OEM_DATA_API_H__
diff --git a/CORE/SME/inc/smeInternal.h b/CORE/SME/inc/smeInternal.h
index 1361e8e..5faef48 100644
--- a/CORE/SME/inc/smeInternal.h
+++ b/CORE/SME/inc/smeInternal.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011-2015 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2016 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -168,7 +168,7 @@
void (*nanCallback) (void*, tSirNanEvent*);
void (*rssiThresholdBreachedCb)(void *, struct rssi_breach_event *);
#ifdef FEATURE_OEM_DATA_SUPPORT
- void (*pOemDataIndCb) (void *, const tANI_U16, void *);
+ void (*pOemDataIndCb) (void *, const tANI_U16, void *, tANI_U32);
void *pOemDataCallbackContext;
#endif /* FEATURE_OEM_DATA_SUPPORT */
diff --git a/CORE/SME/inc/sme_Api.h b/CORE/SME/inc/sme_Api.h
index 5fe1fa5..8ee0d3c 100644
--- a/CORE/SME/inc/sme_Api.h
+++ b/CORE/SME/inc/sme_Api.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2015 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2016 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -296,8 +296,8 @@
#ifdef FEATURE_OEM_DATA_SUPPORT
eHalStatus sme_OemDataRegisterCallback (tHalHandle hHal,
- void (*pOemDataIndCb)(void *, const tANI_U16, void *),
- void *callbackContext);
+ void (*pOemDataIndCb)(void *, const tANI_U16, void *, tANI_U32),
+ void *callbackContext);
#endif
/* ---------------------------------------------------------------------------
diff --git a/CORE/SME/src/sme_common/sme_Api.c b/CORE/SME/src/sme_common/sme_Api.c
index 77d341f..fa00216 100644
--- a/CORE/SME/src/sme_common/sme_Api.c
+++ b/CORE/SME/src/sme_common/sme_Api.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2015 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2016 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -13009,7 +13009,7 @@
#ifdef FEATURE_OEM_DATA_SUPPORT
eHalStatus sme_OemDataRegisterCallback (tHalHandle hHal,
- void (*pOemDataIndCb)(void *, const tANI_U16, void *),
+ void (*pOemDataIndCb)(void *, const tANI_U16, void *, tANI_U32),
void *callbackContext)
{
eHalStatus status = eHAL_STATUS_SUCCESS;
diff --git a/CORE/WDA/src/wlan_qct_wda.c b/CORE/WDA/src/wlan_qct_wda.c
index ea3a920..06973af 100644
--- a/CORE/WDA/src/wlan_qct_wda.c
+++ b/CORE/WDA/src/wlan_qct_wda.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2015 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2016 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -16377,6 +16377,7 @@
tpAniSirGlobal pMac;
tANI_U16 indType;
void *pOemRspNewIndData;
+ tANI_U32 OemRspNewLen;
VOS_TRACE(VOS_MODULE_ID_WDA, VOS_TRACE_LEVEL_INFO,
"Received WDI_START_OEM_DATA_RSP_IND_NEW Indications from FW");
@@ -16392,7 +16393,8 @@
indType = WDA_START_OEM_DATA_RSP_IND_NEW;
pOemRspNewIndData =
- (void *)wdiLowLevelInd->wdiIndicationData.pOemRspNewIndData;
+ (void *)wdiLowLevelInd->wdiIndicationData.wdiOemDataRspNew.
+ pOemRspNewIndData;
if (NULL == pOemRspNewIndData)
{
VOS_TRACE( VOS_MODULE_ID_WDA, VOS_TRACE_LEVEL_ERROR,
@@ -16402,6 +16404,9 @@
return;
}
+ OemRspNewLen = wdiLowLevelInd->wdiIndicationData.wdiOemDataRspNew.
+ OemRspNewLen;
+
pMac = (tpAniSirGlobal )VOS_GET_MAC_CTXT(pWDA->pVosContext);
if (NULL == pMac)
{
@@ -16413,11 +16418,15 @@
pCallbackContext = pMac->sme.pOemDataCallbackContext;
+ VOS_TRACE( VOS_MODULE_ID_WDA, VOS_TRACE_LEVEL_INFO,
+ "%s: OemRspNewLen: %d", __func__, OemRspNewLen);
+
if(pMac->sme.pOemDataIndCb)
{
pMac->sme.pOemDataIndCb(pCallbackContext,
indType,
- pOemRspNewIndData);
+ pOemRspNewIndData,
+ OemRspNewLen);
}
else
{
diff --git a/CORE/WDI/CP/inc/wlan_qct_wdi.h b/CORE/WDI/CP/inc/wlan_qct_wdi.h
index a49fa09..5397e51 100644
--- a/CORE/WDI/CP/inc/wlan_qct_wdi.h
+++ b/CORE/WDI/CP/inc/wlan_qct_wdi.h
@@ -908,6 +908,19 @@
wpt_uint32 tx_complete_status;
wpt_uint32 tx_bd_token;
} WDI_TxBDStatus;
+
+#ifdef FEATURE_OEM_DATA_SUPPORT
+/*----------------------------------------------------------------------------
+ OEM DATA RESPONSE - DATA STRUCTURES
+----------------------------------------------------------------------------*/
+typedef struct
+{
+ void *pOemRspNewIndData;
+ /* Max OemRspNewLen possible is NEW_OEM_DATA_RSP_SIZE*/
+ wpt_uint32 OemRspNewLen;
+} WDI_OemDataRspNew;
+#endif
+
/*---------------------------------------------------------------------------
WDI_LowLevelIndType
Inidcation type and information about the indication being carried
@@ -994,7 +1007,7 @@
WDI_RssiBreachedIndType wdiRssiBreachedInd;
#ifdef FEATURE_OEM_DATA_SUPPORT
/*OEM Data Rsp New Results from FW*/
- void *pOemRspNewIndData;
+ WDI_OemDataRspNew wdiOemDataRspNew;
#endif
} wdiIndicationData;
}WDI_LowLevelIndType;
@@ -4730,14 +4743,6 @@
wpt_uint8 oemDataReqNew[NEW_OEM_DATA_REQ_SIZE];
} WDI_OemDataReqNew, WDI_OemDataReqNewConfig;
-/*----------------------------------------------------------------------------
- OEM DATA RESPONSE - DATA STRUCTURES
-----------------------------------------------------------------------------*/
-typedef struct
-{
- wpt_uint8 oemDataRspNew[NEW_OEM_DATA_RSP_SIZE];
-} WDI_OemDataRspNew;
-
/*************************************************************************************************************/
#endif /* FEATURE_OEM_DATA_SUPPORT */
diff --git a/CORE/WDI/CP/src/wlan_qct_wdi.c b/CORE/WDI/CP/src/wlan_qct_wdi.c
index 9db551b..406b4fc 100644
--- a/CORE/WDI/CP/src/wlan_qct_wdi.c
+++ b/CORE/WDI/CP/src/wlan_qct_wdi.c
@@ -36657,9 +36657,10 @@
/* Fill in the indication parameters */
wdiInd.wdiIndicationType = WDI_START_OEM_DATA_RSP_IND_NEW;
- /* extract response and send it to UMAC */
- wdiInd.wdiIndicationData.pOemRspNewIndData = (void *)pEventData->pEventData;
-
+ wdiInd.wdiIndicationData.wdiOemDataRspNew.pOemRspNewIndData =
+ (void *)pEventData->pEventData;
+ wdiInd.wdiIndicationData.wdiOemDataRspNew.OemRspNewLen =
+ pEventData->uEventDataSize;
/* Notify UMAC */
if (pWDICtx->wdiLowLevelIndCB)
{