qcacld-3.0: Remove vdev chk_frame structure
Chk frame member of the tdls_mgmt_req is declared locally inside of
the local function wlan_cfg80211_tdls_mgmt and address is copied
in the mgmt request, and posted to scheduler thread.
But, the validity of the chk frame variable is lost once returned
from the wlan_cfg80211_tdls_mgmt function. And the chk_frame
is used when processing the tdls_mgmt_req in scheduler thread.
And the stale data of chk_frame can be used.
Hence, make the chk_frame as a variable instead pointer inside
tdls_action_frame_request request.
Change-Id: Ib2a8a81e8f6db5550b1d0abee31d9f7ea5dacd9b
CRs-Fixed: 2402124
diff --git a/components/tdls/core/src/wlan_tdls_cmds_process.c b/components/tdls/core/src/wlan_tdls_cmds_process.c
index c34494a..2337eb7 100644
--- a/components/tdls/core/src/wlan_tdls_cmds_process.c
+++ b/components/tdls/core/src/wlan_tdls_cmds_process.c
@@ -659,8 +659,7 @@
tdls_soc->connected_peer_count,
tdls_soc->max_num_tdls_sta);
- tdls_validate->max_sta_failed = -EPERM;
- return 0;
+ return -EPERM;
}
int tdls_validate_mgmt_request(struct tdls_action_frame_request *tdls_mgmt_req)
@@ -672,13 +671,11 @@
QDF_STATUS status;
uint8_t vdev_id;
+ struct wlan_objmgr_vdev *vdev = tdls_mgmt_req->vdev;
struct tdls_validate_action_req *tdls_validate =
- tdls_mgmt_req->chk_frame;
+ &tdls_mgmt_req->chk_frame;
- if (!tdls_validate || !tdls_validate->vdev)
- return -EINVAL;
-
- if (QDF_STATUS_SUCCESS != tdls_get_vdev_objects(tdls_validate->vdev,
+ if (QDF_STATUS_SUCCESS != tdls_get_vdev_objects(vdev,
&tdls_vdev,
&tdls_soc))
return -ENOTSUPP;
@@ -687,15 +684,15 @@
* STA or P2P client should be connected and authenticated before
* sending any TDLS frames
*/
- if (!tdls_is_vdev_connected(tdls_validate->vdev) ||
- !tdls_is_vdev_authenticated(tdls_validate->vdev)) {
+ if (!tdls_is_vdev_connected(vdev) ||
+ !tdls_is_vdev_authenticated(vdev)) {
tdls_err("STA is not connected or not authenticated.");
return -EAGAIN;
}
/* other than teardown frame, mgmt frames are not sent if disabled */
if (TDLS_TEARDOWN != tdls_validate->action_code) {
- if (!tdls_check_is_tdls_allowed(tdls_validate->vdev)) {
+ if (!tdls_check_is_tdls_allowed(vdev)) {
tdls_err("TDLS not allowed, reject MGMT, action = %d",
tdls_validate->action_code);
return -EPERM;
@@ -730,7 +727,7 @@
}
/* call hdd_wmm_is_acm_allowed() */
- vdev_id = wlan_vdev_get_id(tdls_validate->vdev);
+ vdev_id = wlan_vdev_get_id(vdev);
if (!tdls_soc->tdls_wmm_cb(vdev_id)) {
tdls_debug("admission ctrl set to VI, send the frame with least AC (BK) for action %d",
tdls_validate->action_code);
diff --git a/components/tdls/core/src/wlan_tdls_mgmt.c b/components/tdls/core/src/wlan_tdls_mgmt.c
index a19984d..c3d3cb6 100644
--- a/components/tdls/core/src/wlan_tdls_mgmt.c
+++ b/components/tdls/core/src/wlan_tdls_mgmt.c
@@ -319,7 +319,7 @@
release_cmd:
/*update tdls nss infornation based on action code */
- tdls_reset_nss(tdls_soc_obj, action_req->chk_frame->action_code);
+ tdls_reset_nss(tdls_soc_obj, action_req->chk_frame.action_code);
if (QDF_IS_STATUS_ERROR(status)) {
tdls_internal_send_mgmt_tx_done(action_req, status);
tdls_release_serialization_command(action_req->vdev,
@@ -397,9 +397,9 @@
* after the cmd validation
*/
tdls_mgmt_req->tdls_mgmt.responder =
- !tdls_mgmt_req->chk_frame->responder;
+ !tdls_mgmt_req->chk_frame.responder;
tdls_mgmt_req->tdls_mgmt.status_code =
- tdls_mgmt_req->chk_frame->status_code;
+ tdls_mgmt_req->chk_frame.status_code;
cmd.cmd_type = WLAN_SER_CMD_TDLS_SEND_MGMT;
/* Cmd Id not applicable for non scan cmds */
diff --git a/components/tdls/dispatcher/inc/wlan_tdls_public_structs.h b/components/tdls/dispatcher/inc/wlan_tdls_public_structs.h
index a2c1e7b..f16d47e 100644
--- a/components/tdls/dispatcher/inc/wlan_tdls_public_structs.h
+++ b/components/tdls/dispatcher/inc/wlan_tdls_public_structs.h
@@ -975,24 +975,20 @@
/**
* struct tdls_validate_action_req - tdls validate mgmt request
- * @vdev: vdev object
* @action_code: action code
* @peer_mac: peer mac address
* @dialog_token: dialog code
* @status_code: status code to add
* @len: len of the frame
* @responder: whether to respond or not
- * @max_sta_failed: mgmt failure reason
*/
struct tdls_validate_action_req {
- struct wlan_objmgr_vdev *vdev;
uint8_t action_code;
uint8_t peer_mac[QDF_MAC_ADDR_SIZE];
uint8_t dialog_token;
uint8_t status_code;
size_t len;
int responder;
- int max_sta_failed;
};
/**
@@ -1010,7 +1006,7 @@
/**
* struct tdls_send_action_frame_request - tdls send mgmt request
* @vdev: vdev object
- * @chk_frame: frame validation structure
+ * @chk_frame: This struct used to validate mgmt frame
* @session_id: session id
* @vdev_id: vdev id
* @cmd_buf: cmd buffer
@@ -1020,7 +1016,7 @@
*/
struct tdls_action_frame_request {
struct wlan_objmgr_vdev *vdev;
- struct tdls_validate_action_req *chk_frame;
+ struct tdls_validate_action_req chk_frame;
uint8_t session_id;
uint8_t vdev_id;
const uint8_t *cmd_buf;
diff --git a/os_if/tdls/src/wlan_cfg80211_tdls.c b/os_if/tdls/src/wlan_cfg80211_tdls.c
index b237702..4df29dd 100644
--- a/os_if/tdls/src/wlan_cfg80211_tdls.c
+++ b/os_if/tdls/src/wlan_cfg80211_tdls.c
@@ -688,8 +688,6 @@
struct osif_tdls_vdev *tdls_priv;
int status;
unsigned long rc;
- int max_sta_failed = 0;
- struct tdls_validate_action_req chk_frame;
struct tdls_set_responder_req set_responder;
status = wlan_cfg80211_tdls_validate_mac_addr(peer_mac);
@@ -715,16 +713,12 @@
/*prepare the request */
/* Validate the management Request */
- chk_frame.vdev = vdev;
- chk_frame.action_code = action_code;
- qdf_mem_copy(chk_frame.peer_mac, peer_mac, QDF_MAC_ADDR_SIZE);
- chk_frame.dialog_token = dialog_token;
- chk_frame.action_code = action_code;
- chk_frame.status_code = status_code;
- chk_frame.len = len;
- chk_frame.max_sta_failed = max_sta_failed;
-
- mgmt_req.chk_frame = &chk_frame;
+ mgmt_req.chk_frame.action_code = action_code;
+ qdf_mem_copy(mgmt_req.chk_frame.peer_mac, peer_mac, QDF_MAC_ADDR_SIZE);
+ mgmt_req.chk_frame.dialog_token = dialog_token;
+ mgmt_req.chk_frame.action_code = action_code;
+ mgmt_req.chk_frame.status_code = status_code;
+ mgmt_req.chk_frame.len = len;
mgmt_req.vdev = vdev;
mgmt_req.vdev_id = wlan_vdev_get_id(vdev);
@@ -736,7 +730,7 @@
mgmt_req.tdls_mgmt.frame_type = action_code;
mgmt_req.tdls_mgmt.len = len;
mgmt_req.tdls_mgmt.peer_capability = peer_capability;
- mgmt_req.tdls_mgmt.status_code = chk_frame.status_code;
+ mgmt_req.tdls_mgmt.status_code = mgmt_req.chk_frame.status_code;
/*populate the additional IE's */
mgmt_req.cmd_buf = buf;
@@ -773,11 +767,6 @@
cfg80211_debug("Mgmt Tx Completion status %ld TxCompletion %u",
rc, tdls_priv->mgmt_tx_completion_status);
- if (chk_frame.max_sta_failed) {
- status = max_sta_failed;
- goto error_mgmt_req;
- }
-
if (TDLS_SETUP_RESPONSE == action_code ||
TDLS_SETUP_CONFIRM == action_code) {
qdf_mem_copy(set_responder.peer_mac, peer_mac,