diff options
| author | SaidiReddy Yenuga <saidir@codeaurora.org> | 2016-08-24 20:38:10 +0530 |
|---|---|---|
| committer | Anjaneedevi Kapparapu <akappa@codeaurora.org> | 2016-08-25 16:14:56 +0530 |
| commit | 8d1077f1f0fc4f0375b0b40ce763868856f825da (patch) | |
| tree | e5b0dac4d2b6886defe4b2c4cc145388a06039f7 | |
| parent | b39b1d6e01280615051487f1dcf31a7fc7a90c83 (diff) | |
qcacld-2.0: Add NULL Check in iwpriv ioctl iw_setint_getnone
prima to qcacld-2.0 propagation
iw_setint_getnone can cause crash in monitor mode as hal
context is not initialized.
Modify the code to handle dereferencing hHal in Driver Monitor
mode.
CRs-Fixed: 1040579
Change-Id: If26cfab5374ac34c55e03b887c320c0736a9df23
| -rw-r--r-- | CORE/HDD/src/wlan_hdd_wext.c | 98 |
1 files changed, 76 insertions, 22 deletions
diff --git a/CORE/HDD/src/wlan_hdd_wext.c b/CORE/HDD/src/wlan_hdd_wext.c index 6810347baadd..f6bd740df32e 100644 --- a/CORE/HDD/src/wlan_hdd_wext.c +++ b/CORE/HDD/src/wlan_hdd_wext.c @@ -5815,8 +5815,8 @@ static int __iw_setint_getnone(struct net_device *dev, { case WE_SET_11D_STATE: { - if((ENABLE_11D == set_value) || (DISABLE_11D == set_value)) { - + if(((ENABLE_11D == set_value) || (DISABLE_11D == set_value)) && + (hHal)) { sme_GetConfigParam(hHal, &smeConfig); smeConfig.csrConfig.Is11dSupportEnabled = (v_BOOL_t)set_value; @@ -5863,13 +5863,16 @@ static int __iw_setint_getnone(struct net_device *dev, case 0: //Full Power { struct statsContext context; - eHalStatus status; + eHalStatus status = eHAL_STATUS_FAILURE; init_completion(&context.completion); context.pAdapter = pAdapter; context.magic = POWER_CONTEXT_MAGIC; + if (NULL == hHal) + return -EINVAL; + status = sme_RequestFullPower(WLAN_HDD_GET_HAL_CTX(pAdapter), iw_power_callback_fn, &context, eSME_FULL_PWR_NEEDED_BY_HDD); @@ -5902,23 +5905,32 @@ static int __iw_setint_getnone(struct net_device *dev, break; } case 1: //Enable BMPS - sme_EnablePowerSave(hHal, ePMC_BEACON_MODE_POWER_SAVE); + if (hHal) + sme_EnablePowerSave(hHal, ePMC_BEACON_MODE_POWER_SAVE); + else + ret = -EINVAL; break; case 2: //Disable BMPS - sme_DisablePowerSave(hHal, ePMC_BEACON_MODE_POWER_SAVE); + if (hHal) + sme_DisablePowerSave(hHal, ePMC_BEACON_MODE_POWER_SAVE); + else + ret = -EINVAL; break; case 3: //Request Bmps { struct statsContext context; - eHalStatus status; + eHalStatus status = eHAL_STATUS_FAILURE; init_completion(&context.completion); context.pAdapter = pAdapter; context.magic = POWER_CONTEXT_MAGIC; + if (NULL == hHal) + return -EINVAL; + status = sme_RequestBmps(WLAN_HDD_GET_HAL_CTX(pAdapter), - iw_power_callback_fn, &context); + iw_power_callback_fn, &context); if (eHAL_STATUS_PMC_PENDING == status) { unsigned long rc; @@ -5948,26 +5960,44 @@ static int __iw_setint_getnone(struct net_device *dev, break; } case 4: //Enable IMPS - sme_EnablePowerSave(hHal, ePMC_IDLE_MODE_POWER_SAVE); + if (hHal) + sme_EnablePowerSave(hHal, ePMC_IDLE_MODE_POWER_SAVE); + else + ret = -EINVAL; break; case 5: //Disable IMPS - sme_DisablePowerSave(hHal, ePMC_IDLE_MODE_POWER_SAVE); + if (hHal) + sme_DisablePowerSave(hHal, ePMC_IDLE_MODE_POWER_SAVE); + else + ret = -EINVAL; break; case 6: //Enable Standby - sme_EnablePowerSave(hHal, ePMC_STANDBY_MODE_POWER_SAVE); + if (hHal) + sme_EnablePowerSave(hHal, ePMC_STANDBY_MODE_POWER_SAVE); + else + ret = -EINVAL; break; case 7: //Disable Standby - sme_DisablePowerSave(hHal, ePMC_STANDBY_MODE_POWER_SAVE); + if (hHal) + sme_DisablePowerSave(hHal, ePMC_STANDBY_MODE_POWER_SAVE); + else + ret = -EINVAL; break; case 8: //Request Standby #ifdef CONFIG_HAS_EARLYSUSPEND #endif break; case 9: //Start Auto Bmps Timer - sme_StartAutoBmpsTimer(hHal); + if (hHal) + sme_StartAutoBmpsTimer(hHal); + else + ret = -EINVAL; break; case 10://Stop Auto BMPS Timer - sme_StopAutoBmpsTimer(hHal); + if (hHal) + sme_StopAutoBmpsTimer(hHal); + else + ret = -EINVAL; break; #ifdef CONFIG_HAS_EARLYSUSPEND case 11://suspend to standby @@ -6002,7 +6032,8 @@ static int __iw_setint_getnone(struct net_device *dev, case WE_SET_MAX_ASSOC: { if ((WNI_CFG_ASSOC_STA_LIMIT_STAMIN > set_value) || - (WNI_CFG_ASSOC_STA_LIMIT_STAMAX < set_value)) + (WNI_CFG_ASSOC_STA_LIMIT_STAMAX < set_value) || + (NULL == hHal)) { ret = -EINVAL; } @@ -6027,6 +6058,9 @@ static int __iw_setint_getnone(struct net_device *dev, case WE_SET_DATA_INACTIVITY_TO: { + if (NULL == hHal) + return -EINVAL; + if ((set_value < CFG_DATA_INACTIVITY_TIMEOUT_MIN) || (set_value > CFG_DATA_INACTIVITY_TIMEOUT_MAX) || (ccmCfgSetInt((WLAN_HDD_GET_CTX(pAdapter))->hHal, @@ -6050,6 +6084,8 @@ static int __iw_setint_getnone(struct net_device *dev, { tSirMacAddr bssid; + if (NULL == hHal) + return -EINVAL; vos_mem_copy(bssid, pHddStaCtx->conn_info.bssId, VOS_MAC_ADDR_SIZE); if ( sme_SetTxPower(hHal, pAdapter->sessionId, bssid, pAdapter->device_mode, set_value) != @@ -6066,6 +6102,8 @@ static int __iw_setint_getnone(struct net_device *dev, tSirMacAddr bssid; tSirMacAddr selfMac; + if (NULL == hHal) + return -EINVAL; hddLog(VOS_TRACE_LEVEL_INFO, "%s: Setting maximum tx power %d dBm", __func__, set_value); vos_mem_copy(bssid, pHddStaCtx->conn_info.bssId, @@ -6137,6 +6175,8 @@ static int __iw_setint_getnone(struct net_device *dev, case WE_SET_TM_LEVEL: { + if (NULL == hHal) + return -EINVAL; hddLog(VOS_TRACE_LEVEL_INFO, "Set Thermal Mitigation Level %d", set_value); (void)sme_SetThermalLevel(hHal, set_value); @@ -6147,6 +6187,8 @@ static int __iw_setint_getnone(struct net_device *dev, { hdd_context_t *phddctx = WLAN_HDD_GET_CTX(pAdapter); + if (NULL == hHal) + return -EINVAL; ret = wlan_hdd_update_phymode(dev, hHal, set_value, phddctx); break; } @@ -6251,6 +6293,8 @@ static int __iw_setint_getnone(struct net_device *dev, case WE_SET_SHORT_GI: { + if (NULL == hHal) + return -EINVAL; hddLog(LOG1, "WMI_VDEV_PARAM_SGI val %d", set_value); ret = sme_UpdateHTConfig(hHal, pAdapter->sessionId, WNI_CFG_HT_CAP_INFO_SHORT_GI_20MHZ, @@ -6265,6 +6309,8 @@ static int __iw_setint_getnone(struct net_device *dev, { u_int32_t value; + if (NULL == hHal) + return -EINVAL; hddLog(LOG1, "WMI_VDEV_PARAM_ENABLE_RTSCTS val 0x%x", set_value); if ((set_value & HDD_RTSCTS_EN_MASK) == HDD_RTSCTS_ENABLE) @@ -6294,6 +6340,9 @@ static int __iw_setint_getnone(struct net_device *dev, { bool chwidth = false; hdd_context_t *phddctx = WLAN_HDD_GET_CTX(pAdapter); + + if (NULL == hHal) + return -EINVAL; /*updating channel bonding only on 5Ghz*/ hddLog(LOG1, "WMI_VDEV_PARAM_CHWIDTH val %d", set_value); if (set_value > eHT_CHANNEL_WIDTH_80MHZ) { @@ -6845,7 +6894,8 @@ static int __iw_setint_getnone(struct net_device *dev, } case WE_SET_SCAN_BAND_PREFERENCE: { - if(pAdapter->device_mode != WLAN_HDD_INFRA_STATION) { + if((pAdapter->device_mode != WLAN_HDD_INFRA_STATION) || + (NULL == hHal)) { ret = -EINVAL; break; } @@ -6929,6 +6979,8 @@ static int __iw_setint_getnone(struct net_device *dev, case WE_SET_DEBUG_LOG: { hdd_context_t *pHddCtx = WLAN_HDD_GET_CTX(pAdapter); + if (NULL == hHal) + return -EINVAL; #ifdef QCA_PKT_PROTO_TRACE /* Trace buffer dump only */ if (VOS_PKT_TRAC_DUMP_CMD == set_value) @@ -7011,7 +7063,8 @@ static int __iw_setint_getnone(struct net_device *dev, pAdapter->sessionId, pAdapter->device_mode); if ((WLAN_HDD_INFRA_STATION == pAdapter->device_mode) || - (WLAN_HDD_P2P_CLIENT == pAdapter->device_mode)) { + (WLAN_HDD_P2P_CLIENT == pAdapter->device_mode) || + (NULL == hHal)) { status = sme_ext_change_channel(pHddCtx->hHal, set_value, pAdapter->sessionId); @@ -8599,9 +8652,9 @@ static int __iw_set_var_ints_getnone(struct net_device *dev, hddLog(LOG1, "%s: LOG_DUMP %d arg1 %d arg2 %d arg3 %d arg4 %d", __func__, apps_args[0], apps_args[1], apps_args[2], apps_args[3], apps_args[4]); - - logPrintf(hHal, apps_args[0], apps_args[1], apps_args[2], - apps_args[3], apps_args[4]); + if (hHal) + logPrintf(hHal, apps_args[0], apps_args[1], apps_args[2], + apps_args[3], apps_args[4]); } break; @@ -8656,8 +8709,9 @@ static int __iw_set_var_ints_getnone(struct net_device *dev, "bitmask_of_module %d ", __func__, apps_args[0], apps_args[1], apps_args[2], apps_args[3]); - vosTraceDumpAll((void*)hHal , apps_args[0], apps_args[1], - apps_args[2], apps_args[3]); + if (hHal) + vosTraceDumpAll((void*)hHal , apps_args[0], apps_args[1], + apps_args[2], apps_args[3]); } break; @@ -8666,7 +8720,7 @@ static int __iw_set_var_ints_getnone(struct net_device *dev, { cmd = 287; //Command should be updated if there is any change // in the Riva dump command - if((apps_args[0] >= 40 ) && (apps_args[0] <= 160 )) + if((apps_args[0] >= 40 ) && (apps_args[0] <= 160 ) && (hHal)) { logPrintf(hHal, cmd, staId, apps_args[0], apps_args[1], apps_args[2]); } |