qcacld: fix for Assertion in _wmi_beacon_tx_offload_hdlr() in FW

FW is asserting while handling the WMI_PRB_TMPL_CMDID, since host
is sending more than 512 bytes of data in probe response template.
To fix this, check buffer length before sending wmi command to FW

Change-Id: I38d3941e7d5c97cc0d18c0b132b52d5279cc6b8f
CRs-Fixed: 738200

3 files changed, 9 insertions, 1 deletions

diff --git a/CORE/MAC/src/include/sirParams.h b/CORE/MAC/src/include/sirParams.h
index 55bc043f2efc..0fd0c50be766 100644
--- a/CORE/MAC/src/include/sirParams.h
+++ b/CORE/MAC/src/include/sirParams.h
@@ -45,7 +45,7 @@
 
 // Firmware wide constants
 
-#define SIR_MAX_PACKET_SIZE     2048
+#define SIR_MAX_PACKET_SIZE     512
 #define SIR_MAX_NUM_CHANNELS    64
 #define SIR_MAX_NUM_STA_IN_IBSS 16
 #define SIR_ESE_MAX_MEAS_IE_REQS   8
diff --git a/CORE/SERVICES/WMA/wma.c b/CORE/SERVICES/WMA/wma.c
index ccbcf1ca3601..0c67398cb2c8 100644
--- a/CORE/SERVICES/WMA/wma.c
+++ b/CORE/SERVICES/WMA/wma.c
@@ -14728,6 +14728,12 @@ static int wmi_unified_probe_rsp_tmpl_send(tp_wma_handle wma,
 	          sizeof(wmi_bcn_prb_info) + WMI_TLV_HDR_SIZE +
 		  tmpl_len_aligned;
 
+	if (wmi_buf_len > BEACON_TX_BUFFER_SIZE) {
+		WMA_LOGE(FL("wmi_buf_len: %d > %d. Can't send wmi cmd"),
+			 wmi_buf_len, BEACON_TX_BUFFER_SIZE);
+		return -EINVAL;
+	}
+
 	wmi_buf = wmi_buf_alloc(wma->wmi_handle, wmi_buf_len);
 	if (!wmi_buf) {
 		WMA_LOGE(FL("wmi_buf_alloc failed"));
diff --git a/CORE/SERVICES/WMA/wma.h b/CORE/SERVICES/WMA/wma.h
index 44d0eaebd1e5..e2789af1f2e4 100644
--- a/CORE/SERVICES/WMA/wma.h
+++ b/CORE/SERVICES/WMA/wma.h
@@ -154,6 +154,8 @@
 
 #define WMA_SEC_TO_USEC                     (1000000)
 
+#define BEACON_TX_BUFFER_SIZE               (512)
+
 typedef struct probeTime_dwellTime {
 	u_int8_t dwell_time;
 	u_int8_t probe_time;