diff options
author | Daniel Mentz <danielmentz@google.com> | 2018-04-16 12:25:14 -0700 |
---|---|---|
committer | Daniel Mentz <danielmentz@google.com> | 2018-04-16 12:28:03 -0700 |
commit | 4e0317dd5baf8a182814e1b5883ef4d5f4d1a861 (patch) | |
tree | 2c1e8d7e86bfef1dbfa238b91fad2daae7ed2961 | |
parent | fe7f1cda1896e3f6235cc635fb3fac13215ad0e6 (diff) | |
parent | 71a0cf4c75b116497246e27279afa54365349332 (diff) |
Merge branch 'android-msm-bullhead-3.10-security-next' into android-msm-bullhead-3.10
June 2018.1
Bug: 76444139
Change-Id: Iaa4986f87971d53d9b23251fa8bb2ff3791d22e3
43 files changed, 320 insertions, 1271 deletions
diff --git a/arch/arm64/configs/bullhead_defconfig b/arch/arm64/configs/bullhead_defconfig index 3988805bc455..983c23fbfb4a 100644 --- a/arch/arm64/configs/bullhead_defconfig +++ b/arch/arm64/configs/bullhead_defconfig @@ -538,7 +538,6 @@ CONFIG_QCOM_VOWIFI_11R=y CONFIG_WLAN_FEATURE_NAN=y CONFIG_QCOM_TDLS=y CONFIG_QCOM_LTE_COEX=y -CONFIG_WLAN_FEATURE_MEMDUMP=y CONFIG_WLAN_OFFLOAD_PACKETS=y CONFIG_NANOHUB=y CONFIG_NANOHUB_SPI=y diff --git a/crypto/hmac.c b/crypto/hmac.c index ade790b454e9..758688b4bc6b 100644 --- a/crypto/hmac.c +++ b/crypto/hmac.c @@ -197,11 +197,15 @@ static int hmac_create(struct crypto_template *tmpl, struct rtattr **tb) salg = shash_attr_alg(tb[1], 0, 0); if (IS_ERR(salg)) return PTR_ERR(salg); + alg = &salg->base; + /* The underlying hash algorithm must be unkeyed */ err = -EINVAL; + if (crypto_shash_alg_has_setkey(salg)) + goto out_put_alg; + ds = salg->digestsize; ss = salg->statesize; - alg = &salg->base; if (ds > alg->cra_blocksize || ss < alg->cra_blocksize) goto out_put_alg; diff --git a/crypto/shash.c b/crypto/shash.c index 929058a68561..d40199f23e0d 100644 --- a/crypto/shash.c +++ b/crypto/shash.c @@ -24,11 +24,12 @@ static const struct crypto_type crypto_shash_type; -static int shash_no_setkey(struct crypto_shash *tfm, const u8 *key, - unsigned int keylen) +int shash_no_setkey(struct crypto_shash *tfm, const u8 *key, + unsigned int keylen) { return -ENOSYS; } +EXPORT_SYMBOL_GPL(shash_no_setkey); static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key, unsigned int keylen) diff --git a/drivers/char/adsprpc.c b/drivers/char/adsprpc.c index f5ed8007247b..865c85671610 100644 --- a/drivers/char/adsprpc.c +++ b/drivers/char/adsprpc.c @@ -62,6 +62,9 @@ up_read(¤t->mm->mmap_sem);\ } while (0) +#define FASTRPC_CTX_MAGIC (0xbeeddeed) +#define FASTRPC_CTX_MAX (256) +#define FASTRPC_CTXID_MASK (0xFF0) #define IS_CACHE_ALIGNED(x) (((x) & ((L1_CACHE_BYTES)-1)) == 0) @@ -91,6 +94,13 @@ static inline uint32_t buf_page_size(uint32_t size) return sz > PAGE_SIZE ? sz : PAGE_SIZE; } +static inline uint64_t ptr_to_uint64(void *ptr) +{ + uint64_t addr = (uint64_t)((uintptr_t)ptr); + + return addr; +} + static inline int buf_get_pages(void *addr, ssize_t sz, int nr_pages, int access, struct smq_phy_page *pages, int nr_elems, struct smq_phy_page *range) @@ -178,6 +188,8 @@ struct smq_invoke_ctx { uint32_t sc; struct overlap *overs; struct overlap **overps; + unsigned int magic; + uint64_t ctxid; }; struct smq_context_list { @@ -216,6 +228,8 @@ struct fastrpc_apps { spinlock_t wrlock; spinlock_t hlock; struct hlist_head htbl[RPC_HASH_SZ]; + spinlock_t ctxlock; + struct smq_invoke_ctx *ctxtable[FASTRPC_CTX_MAX]; }; struct fastrpc_mmap { @@ -507,9 +521,10 @@ static int context_alloc(struct fastrpc_apps *me, uint32_t kernel, struct file_data *fdata, struct smq_invoke_ctx **po) { - int err = 0, bufs, size = 0; + int err = 0, bufs, ii, size = 0; struct smq_invoke_ctx *ctx = 0; struct smq_context_list *clst = &me->clst; + struct fastrpc_ioctl_invoke *invoke = &invokefd->inv; bufs = REMOTE_SCALARS_INBUFS(invoke->sc) + @@ -562,10 +577,26 @@ static int context_alloc(struct fastrpc_apps *me, uint32_t kernel, ctx->pid = current->pid; ctx->tgid = current->tgid; init_completion(&ctx->work); + ctx->magic = FASTRPC_CTX_MAGIC; spin_lock(&clst->hlock); hlist_add_head(&ctx->hn, &clst->pending); spin_unlock(&clst->hlock); + spin_lock(&me->ctxlock); + for (ii = 0; ii < FASTRPC_CTX_MAX; ii++) { + if (!me->ctxtable[ii]) { + me->ctxtable[ii] = ctx; + ctx->ctxid = (ptr_to_uint64(ctx) & ~0xFFF)|(ii << 4); + break; + } + } + spin_unlock(&me->ctxlock); + VERIFY(err, ii < FASTRPC_CTX_MAX); + if (err) { + pr_err("adsprpc: out of context memory\n"); + goto bail; + } + *po = ctx; bail: if (ctx && err) @@ -593,6 +624,7 @@ static void context_free(struct smq_invoke_ctx *ctx, int remove) int ssrcount = ctx->fdata->ssrcount; struct fastrpc_smmu *smmu = &apps->channel[cid].smmu; struct fastrpc_buf *b; + struct fastrpc_apps *me = &gfa; int i, bufs; if (ctx->smmu) { bufs = REMOTE_SCALARS_INBUFS(ctx->sc) + @@ -614,6 +646,17 @@ static void context_free(struct smq_invoke_ctx *ctx, int remove) free_mem(b, ctx->fdata); kfree(ctx->abufs); + ctx->magic = 0; + ctx->ctxid = 0; + + spin_lock(&me->ctxlock); + for (i = 0; i < FASTRPC_CTX_MAX; i++) { + if (me->ctxtable[i] == ctx) { + me->ctxtable[i] = NULL; + break; + } + } + spin_unlock(&me->ctxlock); if (ctx->dev) { add_dev(apps, ctx->dev); if (ctx->obuf.handle != ctx->dev->buf.handle) @@ -1092,7 +1135,7 @@ static int fastrpc_invoke_send(struct fastrpc_apps *me, msg.tid = current->pid; if (kernel) msg.pid = 0; - msg.invoke.header.ctx = ctx; + msg.invoke.header.ctx = ctx->ctxid; msg.invoke.header.handle = handle; msg.invoke.header.sc = sc; msg.invoke.page.addr = buf->phys; @@ -1122,16 +1165,35 @@ static void fastrpc_deinit(void) static void fastrpc_read_handler(int cid) { struct fastrpc_apps *me = &gfa; - struct smq_invoke_rsp rsp; - int ret = 0; + struct smq_invoke_rsp rsp = {0}; + int ret = 0, err = 0; + uint32_t index; do { ret = smd_read_from_cb(me->channel[cid].chan, &rsp, sizeof(rsp)); if (ret != sizeof(rsp)) break; - context_notify_user(rsp.ctx, rsp.retval); + index = (uint32_t)((rsp.ctx & FASTRPC_CTXID_MASK) >> 4); + VERIFY(err, index < FASTRPC_CTX_MAX); + if (err) + goto bail; + + VERIFY(err, !IS_ERR_OR_NULL(me->ctxtable[index])); + if (err) + goto bail; + + VERIFY(err, ((me->ctxtable[index]->ctxid == (rsp.ctx)) && + me->ctxtable[index]->magic == FASTRPC_CTX_MAGIC)); + if (err) + goto bail; + + context_notify_user(me->ctxtable[index], rsp.retval); } while (ret == sizeof(rsp)); + +bail: + if (err) + pr_err("adsprpc: invalid response or context\n"); } static void smd_event_handler(void *priv, unsigned event) @@ -1162,6 +1224,7 @@ static int fastrpc_init(void) spin_lock_init(&me->hlock); spin_lock_init(&me->wrlock); + spin_lock_init(&me->ctxlock); mutex_init(&me->smd_mutex); context_list_ctor(&me->clst); for (i = 0; i < RPC_HASH_SZ; ++i) @@ -1399,6 +1462,12 @@ static int fastrpc_init_process(struct file_data *fdata, inbuf.pgid = current->tgid; inbuf.namelen = strlen(current->comm); inbuf.filelen = init->filelen; + if (!access_ok(0, (void const __user *)init->file, + init->filelen)) + goto bail; + if (!access_ok(1, (void const __user *)init->mem, + init->memlen)) + goto bail; VERIFY(err, 0 == map_buffer(me, fdata, init->memfd, (char *)init->mem, init->memlen, &map, &pages, &npages)); diff --git a/drivers/char/adsprpc_shared.h b/drivers/char/adsprpc_shared.h index c0f8d3cc8c4e..c8e31369cef1 100644 --- a/drivers/char/adsprpc_shared.h +++ b/drivers/char/adsprpc_shared.h @@ -137,7 +137,7 @@ struct fastrpc_ioctl_mmap { }; struct smq_null_invoke { - struct smq_invoke_ctx *ctx; /* invoke caller context */ + uint64_t ctx; /* invoke caller context */ uint32_t handle; /* handle to invoke */ uint32_t sc; /* scalars structure describing the data */ }; @@ -164,7 +164,7 @@ struct smq_msg { }; struct smq_invoke_rsp { - struct smq_invoke_ctx *ctx; /* invoke caller context */ + uint64_t ctx; /* invoke caller context */ int retval; /* invoke return value */ }; diff --git a/drivers/char/diag/diag_dci.c b/drivers/char/diag/diag_dci.c index c5c7b4325991..eb83058dce52 100644 --- a/drivers/char/diag/diag_dci.c +++ b/drivers/char/diag/diag_dci.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2012-2015, 2017 The Linux Foundation. All rights reserved. +/* Copyright (c) 2012-2015, 2017-2018 The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -806,11 +806,11 @@ static void dci_process_ctrl_status(unsigned char *buf, int len, int token) { struct diag_ctrl_dci_status *header = NULL; unsigned char *temp = buf; - uint32_t read_len = 0; + unsigned int read_len = 0; uint8_t i; int peripheral_mask, status; - if (!buf || (len < sizeof(struct diag_ctrl_dci_status))) { + if (!buf || len < 2 || (len < sizeof(struct diag_ctrl_dci_status))) { pr_err("diag: In %s, invalid buf %p or length: %d\n", __func__, buf, len); return; @@ -826,7 +826,7 @@ static void dci_process_ctrl_status(unsigned char *buf, int len, int token) read_len += sizeof(struct diag_ctrl_dci_status); for (i = 0; i < header->count; i++) { - if (read_len > len) { + if (read_len > (len - 2)) { pr_err("diag: In %s, Invalid length len: %d\n", __func__, len); return; @@ -868,7 +868,9 @@ static void dci_process_ctrl_handshake_pkt(unsigned char *buf, int len, unsigned char *temp = buf; int err = 0; - if (!buf || (len < sizeof(struct diag_ctrl_dci_handshake_pkt))) + if (!buf) + return; + if (len < 0 || len < sizeof(struct diag_ctrl_dci_handshake_pkt)) return; if (!VALID_DCI_TOKEN(token)) @@ -1108,18 +1110,32 @@ void extract_dci_events(unsigned char *buf, int len, int data_source, int token) struct list_head *start, *temp; struct diag_dci_client_tbl *entry = NULL; - length = *(uint16_t *)(buf + 1); /* total length of event series */ - if (length == 0) { - pr_err("diag: Incoming dci event length is invalid\n"); + if (!buf) { + pr_err("diag: In %s buffer is NULL\n", __func__); return; } - /* Move directly to the start of the event series. 1 byte for - * event code and 2 bytes for the length field. - */ - /* The length field indicates the total length removing the cmd_code - * and the lenght field. The event parsing in that case should happen + + /* + * 1 byte for event code and 2 bytes for the length field. + * The length field indicates the total length removing the cmd_code + * and the length field. The event parsing in that case should happen * till the end. */ + if (len < 3) { + pr_err("diag: In %s invalid len: %d\n", __func__, len); + return; + } + length = *(uint16_t *)(buf + 1); /* total length of event series */ + if ((length == 0) || (len != (length + 3))) { + pr_err("diag: Incoming dci event length: %d is invalid\n", + length); + return; + } + /* + * Move directly to the start of the event series. + * The event parsing should happen from start of event + * series till the end. + */ temp_len = 3; while (temp_len < length) { event_id_packet = *(uint16_t *)(buf + temp_len); @@ -1136,30 +1152,60 @@ void extract_dci_events(unsigned char *buf, int len, int data_source, int token) * necessary. */ timestamp_len = 8; - memcpy(timestamp, buf + temp_len + 2, timestamp_len); + if ((temp_len + timestamp_len + 2) <= len) + memcpy(timestamp, buf + temp_len + 2, + timestamp_len); + else { + pr_err("diag: Invalid length in %s, len: %d, temp_len: %d", + __func__, len, temp_len); + return; + } } /* 13th and 14th bit represent the payload length */ if (((event_id_packet & 0x6000) >> 13) == 3) { payload_len_field = 1; - payload_len = *(uint8_t *) + if ((temp_len + timestamp_len + 3) <= len) { + payload_len = *(uint8_t *) (buf + temp_len + 2 + timestamp_len); - if (payload_len < (MAX_EVENT_SIZE - 13)) { - /* copy the payload length and the payload */ + } else { + pr_err("diag: Invalid length in %s, len: %d, temp_len: %d", + __func__, len, temp_len); + return; + } + if ((payload_len < (MAX_EVENT_SIZE - 13)) && + ((temp_len + timestamp_len + payload_len + 3) <= len)) { + /* + * Copy the payload length and the payload + * after skipping temp_len bytes for already + * parsed packet, timestamp_len for timestamp + * buffer, 2 bytes for event_id_packet. + */ memcpy(event_data + 12, buf + temp_len + 2 + timestamp_len, 1); memcpy(event_data + 13, buf + temp_len + 2 + timestamp_len + 1, payload_len); } else { - pr_err("diag: event > %d, payload_len = %d\n", - (MAX_EVENT_SIZE - 13), payload_len); + pr_err("diag: event > %d, payload_len = %d, temp_len = %d\n", + (MAX_EVENT_SIZE - 13), payload_len, temp_len); return; } } else { payload_len_field = 0; payload_len = (event_id_packet & 0x6000) >> 13; - /* copy the payload */ - memcpy(event_data + 12, buf + temp_len + 2 + + /* + * Copy the payload after skipping temp_len bytes + * for already parsed packet, timestamp_len for + * timestamp buffer, 2 bytes for event_id_packet. + */ + if ((payload_len < (MAX_EVENT_SIZE - 12)) && + ((temp_len + timestamp_len + payload_len + 2) <= len)) + memcpy(event_data + 12, buf + temp_len + 2 + timestamp_len, payload_len); + else { + pr_err("diag: event > %d, payload_len = %d, temp_len = %d\n", + (MAX_EVENT_SIZE - 12), payload_len, temp_len); + return; + } } /* Before copying the data to userspace, check if we are still @@ -1277,19 +1323,19 @@ void extract_dci_log(unsigned char *buf, int len, int data_source, int token) pr_err("diag: In %s buffer is NULL\n", __func__); return; } - - /* The first six bytes for the incoming log packet contains - * Command code (2), the length of the packet (2) and the length - * of the log (2) + /* + * The first eight bytes for the incoming log packet contains + * Command code (2), the length of the packet (2), the length + * of the log (2) and log code (2) */ - log_code = *(uint16_t *)(buf + 6); - read_bytes += sizeof(uint16_t) + 6; - if (read_bytes > len) { - pr_err("diag: Invalid length in %s, len: %d, read: %d", - __func__, len, read_bytes); + if (len < 8) { + pr_err("diag: In %s invalid len: %d\n", __func__, len); return; } + log_code = *(uint16_t *)(buf + 6); + read_bytes += sizeof(uint16_t) + 6; + /* parse through log mask table of each client and check mask */ mutex_lock(&driver->dci_mutex); list_for_each_safe(start, temp, &driver->dci_client_list) { diff --git a/drivers/media/platform/msm/camera_v2/isp/msm_isp40.c b/drivers/media/platform/msm/camera_v2/isp/msm_isp40.c index 384167182b8d..165e526bf8cb 100644 --- a/drivers/media/platform/msm/camera_v2/isp/msm_isp40.c +++ b/drivers/media/platform/msm/camera_v2/isp/msm_isp40.c @@ -1115,11 +1115,12 @@ static int msm_vfe40_start_fetch_engine(struct vfe_device *vfe_dev, vfe_dev->fetch_engine_info.bufq_handle = bufq_handle; vfe_dev->fetch_engine_info.session_id = fe_cfg->session_id; vfe_dev->fetch_engine_info.stream_id = fe_cfg->stream_id; - + mutex_lock(&vfe_dev->buf_mgr->lock); rc = vfe_dev->buf_mgr->ops->get_buf_by_index( vfe_dev->buf_mgr, bufq_handle, fe_cfg->buf_idx, &buf); if (rc < 0) { pr_err("%s: No fetch buffer\n", __func__); + mutex_unlock(&vfe_dev->buf_mgr->lock); return -EINVAL; } @@ -1129,7 +1130,7 @@ static int msm_vfe40_start_fetch_engine(struct vfe_device *vfe_dev, msm_camera_io_w_mb(0x10000, vfe_dev->vfe_base + 0x4C); msm_camera_io_w_mb(0x20000, vfe_dev->vfe_base + 0x4C); buf->state = MSM_ISP_BUFFER_STATE_DIVERTED; - + mutex_unlock(&vfe_dev->buf_mgr->lock); return 0; } diff --git a/drivers/media/platform/msm/camera_v2/isp/msm_isp44.c b/drivers/media/platform/msm/camera_v2/isp/msm_isp44.c index 9e76344b4a52..9f1f102efd55 100644 --- a/drivers/media/platform/msm/camera_v2/isp/msm_isp44.c +++ b/drivers/media/platform/msm/camera_v2/isp/msm_isp44.c @@ -938,10 +938,12 @@ static int msm_vfe44_fetch_engine_start(struct vfe_device *vfe_dev, vfe_dev->fetch_engine_info.session_id = fe_cfg->session_id; vfe_dev->fetch_engine_info.stream_id = fe_cfg->stream_id; + mutex_lock(&vfe_dev->buf_mgr->lock); rc = vfe_dev->buf_mgr->ops->get_buf_by_index( vfe_dev->buf_mgr, bufq_handle, fe_cfg->buf_idx, &buf); if (rc < 0) { pr_err("%s: No fetch buffer\n", __func__); + mutex_unlock(&vfe_dev->buf_mgr->lock); return -EINVAL; } vfe_dev->fetch_engine_info.buf_idx = fe_cfg->buf_idx; @@ -954,7 +956,7 @@ static int msm_vfe44_fetch_engine_start(struct vfe_device *vfe_dev, ISP_DBG("%s: Fetch Engine ready\n", __func__); buf->state = MSM_ISP_BUFFER_STATE_DIVERTED; - + mutex_unlock(&vfe_dev->buf_mgr->lock); return 0; } diff --git a/drivers/media/platform/msm/camera_v2/isp/msm_isp46.c b/drivers/media/platform/msm/camera_v2/isp/msm_isp46.c index 53fffe734215..19640943c472 100644 --- a/drivers/media/platform/msm/camera_v2/isp/msm_isp46.c +++ b/drivers/media/platform/msm/camera_v2/isp/msm_isp46.c @@ -877,10 +877,12 @@ static int msm_vfe46_start_fetch_engine(struct vfe_device *vfe_dev, vfe_dev->fetch_engine_info.session_id = fe_cfg->session_id; vfe_dev->fetch_engine_info.stream_id = fe_cfg->stream_id; + mutex_lock(&vfe_dev->buf_mgr->lock); rc = vfe_dev->buf_mgr->ops->get_buf_by_index( vfe_dev->buf_mgr, bufq_handle, fe_cfg->buf_idx, &buf); if (rc < 0) { pr_err("%s: No fetch buffer\n", __func__); + mutex_unlock(&vfe_dev->buf_mgr->lock); return -EINVAL; } vfe_dev->fetch_engine_info.buf_idx = fe_cfg->buf_idx; @@ -893,6 +895,7 @@ static int msm_vfe46_start_fetch_engine(struct vfe_device *vfe_dev, ISP_DBG("%s:VFE%d Fetch Engine ready\n", __func__, vfe_dev->pdev->id); buf->state = MSM_ISP_BUFFER_STATE_DISPATCHED; + mutex_unlock(&vfe_dev->buf_mgr->lock); return 0; } diff --git a/drivers/media/platform/msm/camera_v2/isp/msm_isp47.c b/drivers/media/platform/msm/camera_v2/isp/msm_isp47.c index d9a194f9996c..d064924a67b1 100644 --- a/drivers/media/platform/msm/camera_v2/isp/msm_isp47.c +++ b/drivers/media/platform/msm/camera_v2/isp/msm_isp47.c @@ -918,10 +918,12 @@ static int msm_vfe47_start_fetch_engine(struct vfe_device *vfe_dev, vfe_dev->fetch_engine_info.session_id = fe_cfg->session_id; vfe_dev->fetch_engine_info.stream_id = fe_cfg->stream_id; + mutex_lock(&vfe_dev->buf_mgr->lock); rc = vfe_dev->buf_mgr->ops->get_buf_by_index( vfe_dev->buf_mgr, bufq_handle, fe_cfg->buf_idx, &buf); if (rc < 0) { pr_err("%s: No fetch buffer\n", __func__); + mutex_unlock(&vfe_dev->buf_mgr->lock); return -EINVAL; } vfe_dev->fetch_engine_info.buf_idx = fe_cfg->buf_idx; @@ -934,6 +936,7 @@ static int msm_vfe47_start_fetch_engine(struct vfe_device *vfe_dev, ISP_DBG("%s:VFE%d Fetch Engine ready\n", __func__, vfe_dev->pdev->id); buf->state = MSM_ISP_BUFFER_STATE_DISPATCHED; + mutex_unlock(&vfe_dev->buf_mgr->lock); return 0; } diff --git a/drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c b/drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c index 39a5a5dd67fc..777cf9858de3 100644 --- a/drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c +++ b/drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c @@ -2575,9 +2575,11 @@ int msm_isp_update_axi_stream(struct vfe_device *vfe_dev, void *arg) break; } case UPDATE_STREAM_REQUEST_FRAMES: { + mutex_lock(&vfe_dev->buf_mgr->lock); rc = msm_isp_request_frame(vfe_dev, stream_info, update_info->user_stream_id, update_info->frame_id); + mutex_unlock(&vfe_dev->buf_mgr->lock); if (rc) pr_err("%s failed to request frame!\n", __func__); diff --git a/drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c b/drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c index a1b202c31fcd..08d6a4a237c1 100644 --- a/drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c +++ b/drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c @@ -872,7 +872,9 @@ static long msm_isp_ioctl_unlocked(struct v4l2_subdev *sd, break; case VIDIOC_MSM_ISP_CFG_STREAM: mutex_lock(&vfe_dev->core_mutex); + mutex_lock(&vfe_dev->buf_mgr->lock); rc = msm_isp_cfg_axi_stream(vfe_dev, arg); + mutex_unlock(&vfe_dev->buf_mgr->lock); mutex_unlock(&vfe_dev->core_mutex); break; case VIDIOC_MSM_ISP_AXI_HALT: @@ -882,14 +884,18 @@ static long msm_isp_ioctl_unlocked(struct v4l2_subdev *sd, break; case VIDIOC_MSM_ISP_AXI_RESET: mutex_lock(&vfe_dev->core_mutex); + mutex_lock(&vfe_dev->buf_mgr->lock); rc = msm_isp_stats_reset(vfe_dev); rc |= msm_isp_axi_reset(vfe_dev, arg); + mutex_unlock(&vfe_dev->buf_mgr->lock); mutex_unlock(&vfe_dev->core_mutex); break; case VIDIOC_MSM_ISP_AXI_RESTART: mutex_lock(&vfe_dev->core_mutex); + mutex_lock(&vfe_dev->buf_mgr->lock); rc = msm_isp_stats_restart(vfe_dev); rc |= msm_isp_axi_restart(vfe_dev, arg); + mutex_unlock(&vfe_dev->buf_mgr->lock); mutex_unlock(&vfe_dev->core_mutex); break; case VIDIOC_MSM_ISP_INPUT_CFG: @@ -928,7 +934,9 @@ static long msm_isp_ioctl_unlocked(struct v4l2_subdev *sd, break; case VIDIOC_MSM_ISP_CFG_STATS_STREAM: mutex_lock(&vfe_dev->core_mutex); + mutex_lock(&vfe_dev->buf_mgr->lock); rc = msm_isp_cfg_stats_stream(vfe_dev, arg); + mutex_unlock(&vfe_dev->buf_mgr->lock); mutex_unlock(&vfe_dev->core_mutex); break; case VIDIOC_MSM_ISP_UPDATE_STATS_STREAM: diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c index c283701a5887..5973e5b76146 100755 --- a/drivers/staging/android/ion/ion.c +++ b/drivers/staging/android/ion/ion.c @@ -1480,6 +1480,11 @@ static int ion_sync_for_device(struct ion_client *client, int fd) } buffer = dmabuf->priv; + if (buffer->flags & ION_FLAG_SECURE) { + pr_err("%s: cannot sync a secure dmabuf\n", __func__); + dma_buf_put(dmabuf); + return -EINVAL; + } dma_sync_sg_for_device(NULL, buffer->sg_table->sgl, buffer->sg_table->nents, DMA_BIDIRECTIONAL); dma_buf_put(dmabuf); diff --git a/drivers/staging/android/ion/msm/msm_ion.c b/drivers/staging/android/ion/msm/msm_ion.c index 8e10e0cddd74..828826254657 100644 --- a/drivers/staging/android/ion/msm/msm_ion.c +++ b/drivers/staging/android/ion/msm/msm_ion.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2011-2014, The Linux Foundation. All rights reserved. +/* Copyright (c) 2011-2014,2016,2018 The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -722,11 +722,11 @@ long msm_ion_custom_ioctl(struct ion_client *client, down_read(&mm->mmap_sem); - start = (unsigned long) data.flush_data.vaddr; - end = (unsigned long) data.flush_data.vaddr - + data.flush_data.length; + start = (unsigned long)data.flush_data.vaddr + + data.flush_data.offset; + end = start + data.flush_data.length; - if (start && check_vaddr_bounds(start, end)) { + if (check_vaddr_bounds(start, end)) { pr_err("%s: virtual address %p is out of bounds\n", __func__, data.flush_data.vaddr); ret = -EINVAL; diff --git a/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_tx_send.c b/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_tx_send.c index b35dc99af25c..1f45203d24ea 100644 --- a/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_tx_send.c +++ b/drivers/staging/qcacld-2.0/CORE/CLD_TXRX/TXRX/ol_tx_send.c @@ -555,6 +555,7 @@ ol_tx_completion_handler( tx_desc = td_array[tx_desc_id].tx_desc; tx_desc->status = status; netbuf = tx_desc->netbuf; + NBUF_UPDATE_TX_PKT_COUNT(netbuf, NBUF_TX_PKT_FREE); DPTRACE(adf_dp_trace_ptr(netbuf, ADF_DP_TRACE_FREE_PACKET_PTR_RECORD, adf_nbuf_data_addr(netbuf), @@ -580,7 +581,6 @@ ol_tx_completion_handler( pdev, tx_desc, tx_descs, netbuf, lcl_freelist, tx_desc_last, status); } - NBUF_UPDATE_TX_PKT_COUNT(netbuf, NBUF_TX_PKT_FREE); #ifdef QCA_SUPPORT_TXDESC_SANITY_CHECKS tx_desc->pkt_type = 0xff; #ifdef QCA_COMPUTE_TX_DELAY @@ -755,6 +755,9 @@ ol_tx_single_completion_handler( struct ol_tx_desc_list_elem_t *td_array = pdev->tx_desc.array; adf_nbuf_t netbuf; + if (tx_desc_id >= pdev->tx_desc.pool_size) + return; + tx_desc = td_array[tx_desc_id].tx_desc; tx_desc->status = status; netbuf = tx_desc->netbuf; diff --git a/drivers/staging/qcacld-2.0/CORE/EPPING/src/epping_main.c b/drivers/staging/qcacld-2.0/CORE/EPPING/src/epping_main.c index f7b649d121f1..ccf588133873 100644 --- a/drivers/staging/qcacld-2.0/CORE/EPPING/src/epping_main.c +++ b/drivers/staging/qcacld-2.0/CORE/EPPING/src/epping_main.c @@ -68,7 +68,6 @@ #include "if_ath_sdio.h" #endif #include "epping_main.h" -#include "wlan_hdd_memdump.h" #include "epping_internal.h" #ifdef TIMER_MANAGER @@ -214,7 +213,6 @@ void epping_exit(v_CONTEXT_t pVosContext) __func__); return; } - memdump_deinit(); if (pEpping_ctx->epping_adapter) { epping_destroy_adapter(pEpping_ctx->epping_adapter); pEpping_ctx->epping_adapter = NULL; @@ -413,7 +411,6 @@ int epping_wlan_startup(struct device *parent_dev, v_VOID_t *hif_sc) } } #endif /* HIF_PCI */ - memdump_init(); EPPING_LOG(VOS_TRACE_LEVEL_INFO_HIGH, "%s: Exit", __func__); complete(&pEpping_ctx->wlan_start_comp); return ret; diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/inc/wlan_hdd_cfg80211.h b/drivers/staging/qcacld-2.0/CORE/HDD/inc/wlan_hdd_cfg80211.h index b4963f7cd7ac..626f1ac32600 100644 --- a/drivers/staging/qcacld-2.0/CORE/HDD/inc/wlan_hdd_cfg80211.h +++ b/drivers/staging/qcacld-2.0/CORE/HDD/inc/wlan_hdd_cfg80211.h @@ -215,8 +215,9 @@ enum qca_nl80211_vendor_subcmds { QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_INFO = 61, /* Start Wifi Logger */ QCA_NL80211_VENDOR_SUBCMD_WIFI_LOGGER_START = 62, - /* Start Wifi Memory Dump */ - QCA_NL80211_VENDOR_SUBCMD_WIFI_LOGGER_MEMORY_DUMP = 63, + + /* FW Memory Dump feature is deprecated */ + QCA_NL80211_VENDOR_SUBCMD_ROAM = 64, /* @@ -325,9 +326,6 @@ enum qca_nl80211_vendor_subcmds_index { /* OCB events */ QCA_NL80211_VENDOR_SUBCMD_DCC_STATS_EVENT_INDEX, -#ifdef WLAN_FEATURE_MEMDUMP - QCA_NL80211_VENDOR_SUBCMD_WIFI_LOGGER_MEMORY_DUMP_INDEX, -#endif /* WLAN_FEATURE_MEMDUMP */ QCA_NL80211_VENDOR_SUBCMD_MONITOR_RSSI_INDEX, #ifdef WLAN_FEATURE_NAN_DATAPATH QCA_NL80211_VENDOR_SUBCMD_NDP_INDEX, @@ -1476,7 +1474,6 @@ enum qca_wlan_vendor_features { /** * enum wifi_logger_supported_features - values for supported logger features - * @WIFI_LOGGER_MEMORY_DUMP_SUPPORTED - Memory dump of FW * @WIFI_LOGGER_PER_PACKET_TX_RX_STATUS_SUPPORTED - Per packet statistics * @WIFI_LOGGER_CONNECT_EVENT_SUPPORTED - Logging of Connectivity events * @WIFI_LOGGER_POWER_EVENT_SUPPORTED - Power of driver @@ -1484,7 +1481,6 @@ enum qca_wlan_vendor_features { * @WIFI_LOGGER_WATCHDOG_TIMER_SUPPORTED - monitor FW health */ enum wifi_logger_supported_features { - WIFI_LOGGER_MEMORY_DUMP_SUPPORTED = (1 << (0)), WIFI_LOGGER_PER_PACKET_TX_RX_STATUS_SUPPORTED = (1 << (1)), WIFI_LOGGER_CONNECT_EVENT_SUPPORTED = (1 << (2)), WIFI_LOGGER_POWER_EVENT_SUPPORTED = (1 << (3)), diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/inc/wlan_hdd_main.h b/drivers/staging/qcacld-2.0/CORE/HDD/inc/wlan_hdd_main.h index d527b37f7767..0bd2028d7cd3 100644 --- a/drivers/staging/qcacld-2.0/CORE/HDD/inc/wlan_hdd_main.h +++ b/drivers/staging/qcacld-2.0/CORE/HDD/inc/wlan_hdd_main.h @@ -1700,14 +1700,7 @@ struct hdd_context_s struct hdd_ll_stats_context ll_stats_context; #endif /* End of WLAN_FEATURE_LINK_LAYER_STATS */ -#ifdef WLAN_FEATURE_MEMDUMP - uint8_t *fw_dump_loc; - uint32_t dump_loc_paddr; - vos_timer_t memdump_cleanup_timer; struct mutex memdump_lock; - bool memdump_in_progress; - bool memdump_init_done; -#endif /* WLAN_FEATURE_MEMDUMP */ uint16_t driver_dump_size; uint8_t *driver_dump_mem; @@ -2011,8 +2004,6 @@ void hdd_get_fw_version(hdd_context_t *hdd_ctx, uint32_t *major_spid, uint32_t *minor_spid, uint32_t *siid, uint32_t *crmid); -bool hdd_is_memdump_supported(void); - #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)) static inline void hdd_set_needed_headroom(struct net_device *wlan_dev, uint16_t len) diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/inc/wlan_hdd_memdump.h b/drivers/staging/qcacld-2.0/CORE/HDD/inc/wlan_hdd_memdump.h index 72143efe3157..8f7c0639bd4b 100644 --- a/drivers/staging/qcacld-2.0/CORE/HDD/inc/wlan_hdd_memdump.h +++ b/drivers/staging/qcacld-2.0/CORE/HDD/inc/wlan_hdd_memdump.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2016 The Linux Foundation. All rights reserved. + * Copyright (c) 2015-2017 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -40,65 +40,7 @@ /* Assigned size of driver memory dump is 4096 bytes */ #define DRIVER_MEM_DUMP_SIZE 4096 -#ifdef WLAN_FEATURE_MEMDUMP -/** - * enum qca_wlan_vendor_attr_memory_dump - values for memory dump attributes - * @QCA_WLAN_VENDOR_ATTR_MEMORY_DUMP_INVALID - Invalid - * @QCA_WLAN_VENDOR_ATTR_REQUEST_ID - Indicate request ID - * @QCA_WLAN_VENDOR_ATTR_MEMDUMP_SIZE - Indicate size of the memory dump - * @QCA_WLAN_VENDOR_ATTR_MEMORY_DUMP_AFTER_LAST - To keep track of the last enum - * @QCA_WLAN_VENDOR_ATTR_MEMORY_DUMP_MAX - max value possible for this type - * - * enum values are used for NL attributes for data used by - * QCA_NL80211_VENDOR_SUBCMD_WIFI_LOGGER_MEMORY_DUMP sub command. - */ -enum qca_wlan_vendor_attr_memory_dump { - QCA_WLAN_VENDOR_ATTR_MEMORY_DUMP_INVALID = 0, - QCA_WLAN_VENDOR_ATTR_REQUEST_ID = 1, - QCA_WLAN_VENDOR_ATTR_MEMDUMP_SIZE = 2, - - QCA_WLAN_VENDOR_ATTR_MEMORY_DUMP_AFTER_LAST, - QCA_WLAN_VENDOR_ATTR_MEMORY_DUMP_MAX = - QCA_WLAN_VENDOR_ATTR_MEMORY_DUMP_AFTER_LAST - 1, -}; - -/* Size of fw memory dump is estimated to be 327680 bytes */ -#define FW_MEM_DUMP_SIZE 327680 -#define FW_DRAM_LOCATION 0x00400000 -#define FW_MEM_DUMP_REQ_ID 1 -#define FW_MEM_DUMP_NUM_SEG 1 -#define MEMDUMP_COMPLETION_TIME_MS 800 - -int memdump_init(void); -void memdump_deinit(void); -int wlan_hdd_cfg80211_get_fw_mem_dump(struct wiphy *wiphy, - struct wireless_dev *wdev, - const void *data, int data_len); int hdd_driver_memdump_init(void); void hdd_driver_memdump_deinit(void); -#else -static inline int memdump_init(void) -{ - return -ENOTSUPP; -} - -static inline void memdump_deinit(void) -{ -} -static inline int wlan_hdd_cfg80211_get_fw_mem_dump(struct wiphy *wiphy, - struct wireless_dev *wdev, - const void *data, int data_len) -{ - return -ENOTSUPP; -} -static inline int hdd_driver_memdump_init(void) -{ - return -EINVAL; -} -static inline void hdd_driver_memdump_deinit(void) -{ - return; -} -#endif #endif /* if !defined(WLAN_HDD_MEMDUMP_H)*/ diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c index b490462fcea1..1ca7cbd3f52d 100644 --- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c +++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_cfg80211.c @@ -106,8 +106,6 @@ #include "wlan_hdd_ocb.h" #include "qwlan_version.h" -#include "wlan_hdd_memdump.h" - #include "wlan_logging_sock_svc.h" #define g_mode_rates_size (12) @@ -1336,12 +1334,6 @@ static const struct nl80211_vendor_cmd_info wlan_hdd_cfg80211_vendor_events[] = .vendor_id = QCA_NL80211_VENDOR_ID, .subcmd = QCA_NL80211_VENDOR_SUBCMD_DCC_STATS_EVENT }, -#ifdef WLAN_FEATURE_MEMDUMP - [QCA_NL80211_VENDOR_SUBCMD_WIFI_LOGGER_MEMORY_DUMP_INDEX] = { - .vendor_id = QCA_NL80211_VENDOR_ID, - .subcmd = QCA_NL80211_VENDOR_SUBCMD_WIFI_LOGGER_MEMORY_DUMP - }, -#endif /* WLAN_FEATURE_MEMDUMP */ [QCA_NL80211_VENDOR_SUBCMD_MONITOR_RSSI_INDEX] = { .vendor_id = QCA_NL80211_VENDOR_ID, .subcmd = QCA_NL80211_VENDOR_SUBCMD_MONITOR_RSSI @@ -6730,8 +6722,6 @@ __wlan_hdd_cfg80211_get_logger_supp_feature(struct wiphy *wiphy, features = 0; - if (hdd_is_memdump_supported()) - features |= WIFI_LOGGER_MEMORY_DUMP_SUPPORTED; features |= WIFI_LOGGER_PER_PACKET_TX_RX_STATUS_SUPPORTED; features |= WIFI_LOGGER_CONNECT_EVENT_SUPPORTED; features |= WIFI_LOGGER_WAKE_LOCK_SUPPORTED; @@ -10756,16 +10746,6 @@ const struct wiphy_vendor_command hdd_wiphy_vendor_commands[] = .doit = wlan_hdd_cfg80211_get_logger_supp_feature }, -#ifdef WLAN_FEATURE_MEMDUMP - { - .info.vendor_id = QCA_NL80211_VENDOR_ID, - .info.subcmd = QCA_NL80211_VENDOR_SUBCMD_WIFI_LOGGER_MEMORY_DUMP, - .flags = WIPHY_VENDOR_CMD_NEED_WDEV | - WIPHY_VENDOR_CMD_NEED_NETDEV | - WIPHY_VENDOR_CMD_NEED_RUNNING, - .doit = wlan_hdd_cfg80211_get_fw_mem_dump - }, -#endif /* WLAN_FEATURE_MEMDUMP */ { .info.vendor_id = QCA_NL80211_VENDOR_ID, .info.subcmd = QCA_NL80211_VENDOR_SUBCMD_WIFI_LOGGER_START, diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_main.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_main.c index 1be32f0da270..f6d246aeac17 100755 --- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_main.c +++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_main.c @@ -13011,7 +13011,6 @@ void __hdd_wlan_exit(void) hdd_close_tx_queues(pHddCtx); //Do all the cleanup before deregistering the driver - memdump_deinit(); hdd_driver_memdump_deinit(); hdd_wlan_exit(pHddCtx); EXIT(); @@ -14136,6 +14135,7 @@ static int hdd_initialize_mac_address(hdd_context_t *hdd_ctx) } return 0; } + /**--------------------------------------------------------------------------- \brief hdd_wlan_startup() - HDD init function @@ -14690,7 +14690,6 @@ int hdd_wlan_startup(struct device *dev, v_VOID_t *hif_sc) vos_set_load_in_progress(VOS_MODULE_ID_VOSS, FALSE); pHddCtx->isLoadInProgress = FALSE; - memdump_init(); hdd_driver_memdump_init(); hddLog(LOGE, FL("FTM driver loaded")); complete(&wlan_start_comp); @@ -15136,7 +15135,6 @@ int hdd_wlan_startup(struct device *dev, v_VOID_t *hif_sc) pHddCtx->isLoadInProgress = FALSE; vos_set_load_unload_in_progress(VOS_MODULE_ID_VOSS, FALSE); vos_set_load_in_progress(VOS_MODULE_ID_VOSS, FALSE); - memdump_init(); hdd_driver_memdump_init(); if (pHddCtx->cfg_ini->goptimize_chan_avoid_event) { hal_status = sme_enable_disable_chanavoidind_event(pHddCtx->hHal, 0); @@ -17473,22 +17471,6 @@ void hdd_get_fw_version(hdd_context_t *hdd_ctx, *crmid = hdd_ctx->target_fw_version & 0x7fff; } -/** - * hdd_is_memdump_supported() - to check if memdump feature support - * - * This function is used to check if memdump feature is supported in - * the host driver - * - * Return: true if supported and false otherwise - */ -bool hdd_is_memdump_supported(void) -{ -#ifdef WLAN_FEATURE_MEMDUMP - return true; -#endif - return false; -} - #ifdef QCA_CONFIG_SMP int wlan_hdd_get_cpu() { diff --git a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_memdump.c b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_memdump.c index edc90b532922..dc6d6e3a9697 100644 --- a/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_memdump.c +++ b/drivers/staging/qcacld-2.0/CORE/HDD/src/wlan_hdd_memdump.c @@ -42,321 +42,6 @@ #include <linux/proc_fs.h> /* Necessary because we use the proc fs */ #include <linux/uaccess.h> /* for copy_to_user */ -/** - * hdd_fw_dump_context - hdd firmware memory dump context - * - * @request_id: userspace assigned firmware memory dump request ID - * @response_event: firmware memory dump request wait event - */ -struct hdd_fw_dump_context { - uint32_t request_id; - struct completion response_event; -}; -static struct hdd_fw_dump_context fw_dump_context; - -/** - * memdump_cleanup_timer_cb() - Timer callback function for memory dump cleanup. - * - * @data: Callback data (used to stored HDD context) - * - * Callback function registered for memory dump cleanup VOS timer. - * - * Return: none - */ - -static void memdump_cleanup_timer_cb(void *data) -{ - int status; - hdd_context_t *hdd_ctx = data; - adf_os_dma_addr_t paddr; - adf_os_dma_addr_t dma_ctx; - adf_os_device_t adf_ctx; - - status = wlan_hdd_validate_context(hdd_ctx); - if (0 != status) - return; - - if (!hdd_ctx->fw_dump_loc) { - hddLog(LOG1, FL("Memory dump already freed")); - return; - } - - adf_ctx = vos_get_context(VOS_MODULE_ID_ADF, hdd_ctx->pvosContext); - if (!adf_ctx) { - hddLog(LOGE, FL("ADF context is NULL")); - return; - } - - paddr = hdd_ctx->dump_loc_paddr; - mutex_lock(&hdd_ctx->memdump_lock); - adf_os_mem_free_consistent(adf_ctx, - FW_MEM_DUMP_SIZE, hdd_ctx->fw_dump_loc, paddr, dma_ctx); - hdd_ctx->fw_dump_loc = NULL; - hdd_ctx->memdump_in_progress = false; - mutex_unlock(&hdd_ctx->memdump_lock); - -} - -/** - * wlan_hdd_cfg80211_fw_mem_dump_cb() - Callback to receive FW memory dump - * @ctx: pointer to HDD context. - * @rsp: pointer to fw dump copy complete response - * - * This is a callback function used to indicate user space about the - * availability for firmware memory dump via vendor event. - * - * Return: None - */ -static void wlan_hdd_cfg80211_fw_mem_dump_cb(void *ctx, - struct fw_dump_rsp *dump_rsp) -{ - hdd_context_t *hdd_ctx = ctx; - struct hdd_fw_dump_context *context; - int status; - - status = wlan_hdd_validate_context(hdd_ctx); - if (0 != status) - return; - - spin_lock(&hdd_context_lock); - context = &fw_dump_context; - /* validate the response received */ - if (!dump_rsp->dump_complete || - context->request_id != dump_rsp->request_id) { - spin_unlock(&hdd_context_lock); - hddLog(LOGE, - FL("Error @ request_id: %d response_id: %d status: %d"), - context->request_id, dump_rsp->request_id, - dump_rsp->dump_complete); - return; - } else { - complete(&context->response_event); - } - spin_unlock(&hdd_context_lock); - - return; -} - -/** - * wlan_hdd_send_memdump_rsp - send memory dump response to user space - * @hdd_ctx: Pointer to hdd context - * - * Return: 0 for success; non-zero for failure - */ -static int wlan_hdd_send_memdump_rsp(hdd_context_t *hdd_ctx) -{ - struct sk_buff *skb; - int status; - - status = wlan_hdd_validate_context(hdd_ctx); - if (0 != status) - return status; - - skb = cfg80211_vendor_cmd_alloc_reply_skb(hdd_ctx->wiphy, - NLMSG_HDRLEN + NLA_HDRLEN + sizeof(uint32_t)); - - if (!skb) { - hddLog(LOGE, FL("cfg80211_vendor_cmd_alloc_reply_skb failed")); - return -ENOMEM; - } - - if (nla_put_u32(skb, QCA_WLAN_VENDOR_ATTR_MEMDUMP_SIZE, - FW_MEM_DUMP_SIZE)) { - hddLog(LOGE, FL("nla put fail")); - goto nla_put_failure; - } - - cfg80211_vendor_cmd_reply(skb); - hddLog(LOG1, FL("Memdump event sent successfully to user space")); - return 0; - -nla_put_failure: - kfree_skb(skb); - return -EINVAL; -} - -/** - * __wlan_hdd_cfg80211_get_fw_mem_dump() - Get FW memory dump - * @wiphy: pointer to wireless wiphy structure. - * @wdev: pointer to wireless_dev structure. - * @data: Pointer to the NL data. - * @data_len:Length of @data - * - * This is called when wlan driver needs to get the firmware memory dump - * via vendor specific command. - * - * Return: 0 on success, error number otherwise. - */ -static int -__wlan_hdd_cfg80211_get_fw_mem_dump(struct wiphy *wiphy, - struct wireless_dev *wdev, - const void *data, int data_len) -{ - int status; - VOS_STATUS sme_status; - hdd_context_t *hdd_ctx = wiphy_priv(wiphy); - struct fw_dump_req fw_mem_dump_req; - struct fw_dump_seg_req* seg_req; - uint8_t loop; - adf_os_dma_addr_t paddr; - adf_os_dma_addr_t dma_ctx; - adf_os_device_t adf_ctx; - unsigned long rc; - struct hdd_fw_dump_context *context; - - if (VOS_FTM_MODE == hdd_get_conparam()) { - hddLog(LOGE, FL("Command not allowed in FTM mode")); - return -EINVAL; - } - - status = wlan_hdd_validate_context(hdd_ctx); - if (0 != status) - return status; - - adf_ctx = vos_get_context(VOS_MODULE_ID_ADF, hdd_ctx->pvosContext); - if (!adf_ctx) { - hddLog(LOGE, FL("ADF context is NULL")); - return -EINVAL; - } - - if (hdd_ctx->memdump_in_progress) { - hddLog(LOGE, FL("Already a memdump req in progress.")); - return -EBUSY; - } - - /* - * Allocate memory for fw memory dump. Memory allocated should be - * contiguous. Physical address of the allocated memory is passed - * to the FW for copy - * - * Reuse the memory if available. - */ - mutex_lock(&hdd_ctx->memdump_lock); - if (!hdd_ctx->fw_dump_loc) { - hdd_ctx->fw_dump_loc = adf_os_mem_alloc_consistent( - adf_ctx, FW_MEM_DUMP_SIZE, &paddr, dma_ctx); - if (!hdd_ctx->fw_dump_loc) { - mutex_unlock(&hdd_ctx->memdump_lock); - hddLog(LOGE, FL("adf_os_mem_alloc_consistent failed")); - return -ENOMEM; - } - hdd_ctx->dump_loc_paddr = paddr; - } - mutex_unlock(&hdd_ctx->memdump_lock); - - /* - * Currently request_id and num_seg is assumed to be default(1) - * It is assumed that firmware dump requested is for DRAM section - * only - */ - - fw_mem_dump_req.request_id = FW_MEM_DUMP_REQ_ID; - fw_mem_dump_req.num_seg = FW_MEM_DUMP_NUM_SEG; - - hddLog(LOG1, FL("request_id:%d num_seg:%d"), - fw_mem_dump_req.request_id, fw_mem_dump_req.num_seg); - seg_req = (struct fw_dump_seg_req *) fw_mem_dump_req.segment; - for (loop = 0; loop < fw_mem_dump_req.num_seg; loop++) { - seg_req->seg_id = 1; - seg_req->seg_start_addr_lo = FW_DRAM_LOCATION; - seg_req->seg_start_addr_hi = 0; - seg_req->seg_length = FW_MEM_DUMP_SIZE; - seg_req->dst_addr_lo = hdd_ctx->dump_loc_paddr; - seg_req->dst_addr_hi = 0; - hddLog(LOG1, FL("seg_number:%d"), loop); - hddLog(LOG1, - FL("seg_id:%d start_addr_lo:0x%x start_addr_hi:0x%x"), - seg_req->seg_id, seg_req->seg_start_addr_lo, - seg_req->seg_start_addr_hi); - hddLog(LOG1, - FL("seg_length:%d dst_addr_lo:0x%x dst_addr_hi:0x%x"), - seg_req->seg_length, seg_req->dst_addr_lo, - seg_req->dst_addr_hi); - seg_req++; - } - - /** - * Start the cleanup timer. - * Memory allocated for this request will be freed up - * once the timer expires. Memory dump request is expected to be - * completed by this time. - * - * User space will not be able to access the dump after this time. - * New request should be issued to get the dump again. - */ - vos_timer_start(&hdd_ctx->memdump_cleanup_timer, - MEMDUMP_COMPLETION_TIME_MS); - hdd_ctx->memdump_in_progress = true; - - spin_lock(&hdd_context_lock); - context = &fw_dump_context; - context->request_id = fw_mem_dump_req.request_id; - INIT_COMPLETION(context->response_event); - spin_unlock(&hdd_context_lock); - - sme_status = sme_fw_mem_dump(hdd_ctx->hHal, &fw_mem_dump_req); - if (VOS_STATUS_SUCCESS != sme_status) { - hddLog(LOGE, FL("sme_fw_mem_dump Failed")); - mutex_lock(&hdd_ctx->memdump_lock); - adf_os_mem_free_consistent(adf_ctx, - FW_MEM_DUMP_SIZE, hdd_ctx->fw_dump_loc, paddr, dma_ctx); - hdd_ctx->fw_dump_loc = NULL; - mutex_unlock(&hdd_ctx->memdump_lock); - hdd_ctx->memdump_in_progress = false; - if (VOS_TIMER_STATE_RUNNING == - vos_timer_getCurrentState(&hdd_ctx->memdump_cleanup_timer)) { - vos_timer_stop(&hdd_ctx->memdump_cleanup_timer); - } - return -EINVAL; - } - - rc = wait_for_completion_timeout(&context->response_event, - msecs_to_jiffies(MEMDUMP_COMPLETION_TIME_MS)); - if (!rc) { - hddLog(LOGE, FL("Target response timed out for request_id: %d"), - context->request_id); - return -ETIMEDOUT; - } - - status = wlan_hdd_send_memdump_rsp(hdd_ctx); - if (status) - hddLog(LOGE, - FL("Failed to send FW memory dump rsp to user space")); - - return status; -} - -/** - * wlan_hdd_cfg80211_get_fw_mem_dump() - Get FW memory dump - * @wiphy: pointer to wireless wiphy structure. - * @wdev: pointer to wireless_dev structure. - * @data: Pointer to the NL data. - * @data_len:Length of @data - * - * This is called when wlan driver needs to get the firmware memory dump - * via vendor specific command. - * - * Return: 0 on success, error number otherwise. - */ -int wlan_hdd_cfg80211_get_fw_mem_dump(struct wiphy *wiphy, - struct wireless_dev *wdev, - const void *data, int data_len) -{ - int ret; - - vos_ssr_protect(__func__); - ret = __wlan_hdd_cfg80211_get_fw_mem_dump(wiphy, wdev, data, data_len); - vos_ssr_unprotect(__func__); - - return ret; -} - -#define PROCFS_MEMDUMP_DIR "debug" -#define PROCFS_MEMDUMP_NAME "fwdump" -#define PROCFS_MEMDUMP_PERM 0444 - -static struct proc_dir_entry *proc_file, *proc_dir; - /** memdump_get_file_data() - get data available in proc file * * @file - handle for the proc file. @@ -384,289 +69,6 @@ static void *memdump_get_file_data(struct file *file) } #endif -/** - * memdump_read() - perform read operation in memory dump proc file - * - * @file - handle for the proc file. - * @buf - pointer to user space buffer. - * @count - number of bytes to be read. - * @pos - offset in the from buffer. - * - * This function performs read operation for the memory dump proc file. - * - * Return: number of bytes read on success, error code otherwise. - */ -static ssize_t memdump_read(struct file *file, char __user *buf, - size_t count, loff_t *pos) -{ - int status; - hdd_context_t *hdd_ctx; - adf_os_dma_addr_t paddr; - adf_os_dma_addr_t dma_ctx; - adf_os_device_t adf_ctx; - - hdd_ctx = memdump_get_file_data(file); - - hddLog(LOG1, FL("Read req for size:%zu pos:%llu"), count, *pos); - status = wlan_hdd_validate_context(hdd_ctx); - if (0 != status) - return -EINVAL; - - adf_ctx = vos_get_context(VOS_MODULE_ID_ADF, hdd_ctx->pvosContext); - if (!adf_ctx) { - hddLog(LOGE, FL("ADF context is NULL")); - return -EINVAL; - } - - if (!hdd_ctx->memdump_in_progress) { - hddLog(LOGE, FL("Current mem dump request timed out/failed")); - return -EINVAL; - } - - if (*pos < 0) { - hddLog(LOGE, FL("Invalid start offset for memdump read")); - return -EINVAL; - } else if (*pos >= FW_MEM_DUMP_SIZE || !count) { - hddLog(LOGE, FL("No more data to copy")); - return 0; - } else if (count > FW_MEM_DUMP_SIZE - *pos) { - count = FW_MEM_DUMP_SIZE - *pos; - } - - if (!hdd_ctx->fw_dump_loc) { - hddLog(LOGE, FL("Invalid fw mem dump location")); - return -EINVAL; - } - - if (copy_to_user(buf, hdd_ctx->fw_dump_loc + *pos, count)) { - hddLog(LOGE, FL("copy to user space failed")); - return -EFAULT; - } - - /* offset(pos) should be updated here based on the copy done */ - *pos += count; - - /* Entire FW memory dump copy completed */ - if (*pos >= FW_MEM_DUMP_SIZE) { - paddr = hdd_ctx->dump_loc_paddr; - mutex_lock(&hdd_ctx->memdump_lock); - adf_os_mem_free_consistent(adf_ctx, - FW_MEM_DUMP_SIZE, hdd_ctx->fw_dump_loc, paddr, dma_ctx); - hdd_ctx->fw_dump_loc = NULL; - hdd_ctx->memdump_in_progress = false; - if (VOS_TIMER_STATE_RUNNING == - vos_timer_getCurrentState(&hdd_ctx->memdump_cleanup_timer)) { - vos_timer_stop(&hdd_ctx->memdump_cleanup_timer); - } - mutex_unlock(&hdd_ctx->memdump_lock); - } - - return count; -} - -/** - * struct memdump_fops - file operations for memory dump feature - * @read - read function for memory dump operation. - * - * This structure initialize the file operation handle for memory - * dump feature - */ -static const struct file_operations memdump_fops = { - read: memdump_read -}; - -/** - * memdump_procfs_init() - Initialize procfs for memory dump - * - * @vos_ctx - Global vos context. - * - * This function create file under proc file system to be used later for - * processing firmware memory dump - * - * Return: 0 on success, error code otherwise. - */ -static int memdump_procfs_init(void *vos_ctx) -{ - hdd_context_t *hdd_ctx; - - hdd_ctx = vos_get_context(VOS_MODULE_ID_HDD, vos_ctx); - if (!hdd_ctx) { - hddLog(LOGE , FL("Invalid HDD context")); - return -EINVAL; - } - - proc_dir = proc_mkdir(PROCFS_MEMDUMP_DIR, NULL); - if (proc_dir == NULL) { - remove_proc_entry(PROCFS_MEMDUMP_DIR, NULL); - pr_debug("Error: Could not initialize /proc/%s\n", - PROCFS_MEMDUMP_DIR); - return -ENOMEM; - } - - proc_file = proc_create_data(PROCFS_MEMDUMP_NAME, - PROCFS_MEMDUMP_PERM, proc_dir, - &memdump_fops, hdd_ctx); - if (proc_file == NULL) { - remove_proc_entry(PROCFS_MEMDUMP_NAME, proc_dir); - pr_debug("Error: Could not initialize /proc/%s\n", - PROCFS_MEMDUMP_NAME); - return -ENOMEM; - } - - pr_debug("/proc/%s/%s created\n", PROCFS_MEMDUMP_DIR, - PROCFS_MEMDUMP_NAME); - return 0; -} - -/** - * memdump_procfs_remove() - Remove file/dir under procfs for memory dump - * - * This function removes file/dir under proc file system that was - * processing firmware memory dump - * - * Return: None - */ -static void memdump_procfs_remove(void) -{ - remove_proc_entry(PROCFS_MEMDUMP_NAME, proc_dir); - pr_debug("/proc/%s/%s removed\n", PROCFS_MEMDUMP_DIR, - PROCFS_MEMDUMP_NAME); - remove_proc_entry(PROCFS_MEMDUMP_DIR, NULL); - pr_debug("/proc/%s removed\n", PROCFS_MEMDUMP_DIR); -} - -/** - * memdump_init() - Intialization function for memory dump feature - * - * This function creates proc file for memdump feature and registers - * HDD callback function with SME. - * - * Return - 0 on success, error otherwise - */ -int memdump_init(void) -{ - hdd_context_t *hdd_ctx; - void *vos_ctx; - int status = 0; - eHalStatus cb_status; - VOS_STATUS vos_status; - - vos_ctx = vos_get_global_context(VOS_MODULE_ID_SYS, NULL); - if (!vos_ctx) { - hddLog(LOGE, FL("Invalid VOS context")); - return -EINVAL; - } - - hdd_ctx = vos_get_context(VOS_MODULE_ID_HDD, vos_ctx); - if (!hdd_ctx) { - hddLog(LOGE , FL("Invalid HDD context")); - return -EINVAL; - } - - if (VOS_FTM_MODE == hdd_get_conparam()) { - hddLog(LOGE, FL("Not initializing memdump in FTM mode")); - return -EINVAL; - } - - cb_status = sme_fw_mem_dump_register_cb(hdd_ctx->hHal, - wlan_hdd_cfg80211_fw_mem_dump_cb); - if (eHAL_STATUS_SUCCESS != cb_status) { - hddLog(LOGE , FL("Failed to register the callback")); - return -EINVAL; - } - - status = memdump_procfs_init(vos_ctx); - if (status) { - hddLog(LOGE , FL("Failed to create proc file")); - return status; - } - - init_completion(&fw_dump_context.response_event); - - vos_status = vos_timer_init(&hdd_ctx->memdump_cleanup_timer, - VOS_TIMER_TYPE_SW, memdump_cleanup_timer_cb, - (void *)hdd_ctx); - if (!VOS_IS_STATUS_SUCCESS(vos_status)) { - hddLog(LOGE, FL("Failed to init memdump cleanup timer")); - return -EINVAL; - } - - mutex_init(&hdd_ctx->memdump_lock); - hdd_ctx->memdump_init_done = true; - - return 0; -} - -/** - * memdump_deinit() - De initialize memdump feature - * - * This function removes proc file created for memdump feature. - * - * Return: None - */ -void memdump_deinit(void) { - hdd_context_t *hdd_ctx; - void *vos_ctx; - adf_os_dma_addr_t paddr; - adf_os_dma_addr_t dma_ctx; - adf_os_device_t adf_ctx; - VOS_STATUS vos_status; - - vos_ctx = vos_get_global_context(VOS_MODULE_ID_SYS, NULL); - if (!vos_ctx) { - hddLog(LOGE, FL("Invalid VOS context")); - return; - } - - hdd_ctx = vos_get_context(VOS_MODULE_ID_HDD, vos_ctx); - if(!hdd_ctx) { - hddLog(LOGE , FL("Invalid HDD context")); - return; - } - - if (VOS_FTM_MODE == hdd_get_conparam()) { - hddLog(LOGE, FL("Not deinitializing memdump in FTM mode")); - return; - } - - if (!hdd_ctx->memdump_init_done) { - hddLog(LOGE, FL("MemDump not initialized")); - return; - } - - hdd_ctx->memdump_init_done = false; - adf_ctx = vos_get_context(VOS_MODULE_ID_ADF, hdd_ctx->pvosContext); - if (!adf_ctx) { - hddLog(LOGE, FL("ADF context is NULL")); - return; - } - - memdump_procfs_remove(); - sme_fw_mem_dump_unregister_cb(hdd_ctx->hHal); - - mutex_lock(&hdd_ctx->memdump_lock); - if (hdd_ctx->fw_dump_loc) { - paddr = hdd_ctx->dump_loc_paddr; - adf_os_mem_free_consistent(adf_ctx, - FW_MEM_DUMP_SIZE, hdd_ctx->fw_dump_loc, paddr, dma_ctx); - hdd_ctx->fw_dump_loc = NULL; - hdd_ctx->memdump_in_progress = false; - } - - mutex_unlock(&hdd_ctx->memdump_lock); - mutex_destroy(&hdd_ctx->memdump_lock); - - if (VOS_TIMER_STATE_RUNNING == - vos_timer_getCurrentState(&hdd_ctx->memdump_cleanup_timer)) { - vos_timer_stop(&hdd_ctx->memdump_cleanup_timer); - } - - vos_status = vos_timer_destroy(&hdd_ctx->memdump_cleanup_timer); - if (!VOS_IS_STATUS_SUCCESS(vos_status)) { - hddLog(LOGE, FL("Failed to deallocate timer")); - } -} - #define PROCFS_DRIVER_DUMP_DIR "debugdriver" #ifdef MULTI_IF_NAME @@ -815,29 +217,15 @@ static const struct file_operations driver_dump_fops = { /** * hdd_driver_memdump_procfs_init() - Initialize procfs for driver memory dump + * @hdd_ctx: hdd context * * This function create file under proc file system to be used later for * processing driver memory dump * * Return: 0 on success, error code otherwise. */ -static int hdd_driver_memdump_procfs_init(void) +static int hdd_driver_memdump_procfs_init(hdd_context_t *hdd_ctx) { - hdd_context_t *hdd_ctx; - void *vos_ctx; - - vos_ctx = vos_get_global_context(VOS_MODULE_ID_SYS, NULL); - if (!vos_ctx) { - VOS_ASSERT(0); - return -EINVAL; - } - - hdd_ctx = vos_get_context(VOS_MODULE_ID_HDD, vos_ctx); - if (!hdd_ctx) { - hddLog(LOGE, FL("Invalid HDD context")); - return -EINVAL; - } - proc_dir_driver = proc_mkdir(PROCFS_DRIVER_DUMP_DIR, NULL); if (proc_dir_driver == NULL) { pr_debug("Error: Could not initialize /proc/%s\n", @@ -889,13 +277,29 @@ static void hdd_driver_memdump_procfs_remove(void) int hdd_driver_memdump_init(void) { int status; + void *vos_ctx; + hdd_context_t *hdd_ctx; if (VOS_FTM_MODE == hdd_get_conparam()) { hddLog(LOGE, FL("Not initializing memdump in FTM mode")); return -EINVAL; } - status = hdd_driver_memdump_procfs_init(); + vos_ctx = vos_get_global_context(VOS_MODULE_ID_SYS, NULL); + if (!vos_ctx) { + hddLog(LOGE, FL("Invalid VOS context")); + return -EINVAL; + } + + hdd_ctx = vos_get_context(VOS_MODULE_ID_HDD, vos_ctx); + if (!hdd_ctx) { + hddLog(LOGE , FL("Invalid HDD context")); + return -EINVAL; + } + + mutex_init(&hdd_ctx->memdump_lock); + + status = hdd_driver_memdump_procfs_init(hdd_ctx); if (status) { hddLog(LOGE, FL("Failed to create proc file")); return status; diff --git a/drivers/staging/qcacld-2.0/CORE/MAC/inc/sirApi.h b/drivers/staging/qcacld-2.0/CORE/MAC/inc/sirApi.h index 5e50437bf658..ccc36533753d 100644 --- a/drivers/staging/qcacld-2.0/CORE/MAC/inc/sirApi.h +++ b/drivers/staging/qcacld-2.0/CORE/MAC/inc/sirApi.h @@ -6511,61 +6511,6 @@ struct sir_guard_time_request { /* Max number of rates allowed in Supported Rates IE */ #define MAX_NUM_SUPPORTED_RATES (8) -#define MAX_NUM_FW_SEGMENTS 4 - -/** - * struct fw_dump_seg_req - individual segment details - * @seg_id - segment id. - * @seg_start_addr_lo - lower address of the segment. - * @seg_start_addr_hi - higher address of the segment. - * @seg_length - length of the segment. - * @dst_addr_lo - lower address of the destination buffer. - * @dst_addr_hi - higher address of the destination buffer. - * - * This structure carries the information to firmware about the - * individual segments. This structure is part of firmware memory - * dump request. - */ -struct fw_dump_seg_req -{ - uint8_t seg_id; - uint32_t seg_start_addr_lo; - uint32_t seg_start_addr_hi; - uint32_t seg_length; - uint32_t dst_addr_lo; - uint32_t dst_addr_hi; -}; - -/** - * struct fw_dump_req - firmware memory dump request details. - * @request_id - request id. - * @num_seg - requested number of segments. - * @fw_dump_seg_req - individual segment information. - * - * This structure carries information about the firmware - * memory dump request. - */ -struct fw_dump_req -{ - uint32_t request_id; - uint32_t num_seg; - struct fw_dump_seg_req segment[MAX_NUM_FW_SEGMENTS]; -}; - -/** - * struct fw_dump_rsp - firmware dump response details. - * @request_id - request id. - * @dump_complete - copy completion status. - * - * This structure is used to store the firmware dump copy complete - * response from the firmware. - */ -struct fw_dump_rsp -{ - uint32_t request_id; - uint32_t dump_complete; -}; - /** * struct vdev_ie_info - IE info * @vdev_i - vdev for which the IE is being sent diff --git a/drivers/staging/qcacld-2.0/CORE/MAC/inc/wniApi.h b/drivers/staging/qcacld-2.0/CORE/MAC/inc/wniApi.h index 28210a5f0599..6a24ea12da6b 100644 --- a/drivers/staging/qcacld-2.0/CORE/MAC/inc/wniApi.h +++ b/drivers/staging/qcacld-2.0/CORE/MAC/inc/wniApi.h @@ -392,7 +392,6 @@ enum eWniMsgTypes eWNI_SME_DCC_STATS_EVENT, eWNI_SME_TSF_EVENT, - eWNI_SME_FW_DUMP_IND, eWNI_SME_PDEV_SET_HT_VHT_IE, eWNI_SME_EXT_CHANGE_CHANNEL, eWNI_SME_EXT_CHANGE_CHANNEL_IND, diff --git a/drivers/staging/qcacld-2.0/CORE/MAC/src/include/sirParams.h b/drivers/staging/qcacld-2.0/CORE/MAC/src/include/sirParams.h index 86df44ecdea7..ee2ee7316399 100644 --- a/drivers/staging/qcacld-2.0/CORE/MAC/src/include/sirParams.h +++ b/drivers/staging/qcacld-2.0/CORE/MAC/src/include/sirParams.h @@ -733,7 +733,7 @@ typedef struct sSirMbMsgP2p #define SIR_HAL_DCC_GET_STATS_CMD (SIR_HAL_ITC_MSG_TYPES_BEGIN + 324) #define SIR_HAL_DCC_CLEAR_STATS_CMD (SIR_HAL_ITC_MSG_TYPES_BEGIN + 325) #define SIR_HAL_DCC_UPDATE_NDL_CMD (SIR_HAL_ITC_MSG_TYPES_BEGIN + 326) -#define SIR_HAL_FW_MEM_DUMP_REQ (SIR_HAL_ITC_MSG_TYPES_BEGIN + 327) +/* FW Memory Dump feature is deprecated */ #define SIR_HAL_START_STOP_LOGGING (SIR_HAL_ITC_MSG_TYPES_BEGIN + 328) #define SIR_HAL_EXTSCAN_STATUS_IND (SIR_HAL_ITC_MSG_TYPES_BEGIN + 329) diff --git a/drivers/staging/qcacld-2.0/CORE/SERVICES/HIF/USB/hif_usb.c b/drivers/staging/qcacld-2.0/CORE/SERVICES/HIF/USB/hif_usb.c index fa28970389ad..ae8600cdc091 100644 --- a/drivers/staging/qcacld-2.0/CORE/SERVICES/HIF/USB/hif_usb.c +++ b/drivers/staging/qcacld-2.0/CORE/SERVICES/HIF/USB/hif_usb.c @@ -245,7 +245,8 @@ static A_STATUS HIFSend_internal(HIF_DEVICE *hifDevice, a_uint8_t PipeID, int usb_status; int i; struct HIFSendContext *pSendContext; - int frag_count = 0, head_data_len, tmp_frag_count = 0; + uint8_t frag_count; + uint32_t head_data_len, tmp_frag_count = 0; unsigned char *pData; AR_DEBUG_PRINTF(USB_HIF_DEBUG_BULK_OUT, ("+%s pipe : %d, buf:0x%p\n", @@ -254,8 +255,15 @@ static A_STATUS HIFSend_internal(HIF_DEVICE *hifDevice, a_uint8_t PipeID, a_mem_trace(buf); frag_count = adf_nbuf_get_num_frags(buf); - if (frag_count > 1) { /* means have extra fragment buf in skb */ - /* header data length should be total sending length substract + if (frag_count == 1) { + /* + * | HIFSendContext | netbuf->data + */ + head_data_len = sizeof(struct HIFSendContext); + } else if ((frag_count - 1) <= CVG_NBUF_MAX_EXTRA_FRAGS) { + /* + * means have extra fragment buf in skb + * header data length should be total sending length substract * internal data length of netbuf * | HIFSendContext | fragments except internal buffer | * netbuf->data @@ -268,10 +276,12 @@ static A_STATUS HIFSend_internal(HIF_DEVICE *hifDevice, a_uint8_t PipeID, tmp_frag_count = tmp_frag_count + 1; } } else { - /* - * | HIFSendContext | netbuf->data - */ - head_data_len = sizeof(struct HIFSendContext); + /* Extra fragments overflow */ + AR_DEBUG_PRINTF(ATH_DEBUG_ERR, ( + "%s Extra fragments count overflow : %d\n", + __func__, frag_count)); + status = A_ERROR; + goto exit; } /* Check whether head room is enough to save extra head data */ @@ -366,6 +376,7 @@ static A_STATUS HIFSend_internal(HIF_DEVICE *hifDevice, a_uint8_t PipeID, } while (FALSE); +exit: if (A_FAILED(status) && (status != A_NO_RESOURCE)) { AR_DEBUG_PRINTF(ATH_DEBUG_ERR, ("athusb send failed %d\n", status)); diff --git a/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c b/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c index 010db5898cd4..7a69013ca8b4 100644 --- a/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c +++ b/drivers/staging/qcacld-2.0/CORE/SERVICES/WMA/wma.c @@ -2847,49 +2847,6 @@ static void wma_post_link_status(tAniGetLinkStatus *pGetLinkStatus, } } -#ifdef WLAN_FEATURE_MEMDUMP -/** - * wma_fw_mem_dump_rsp() - send fw mem dump response to SME - * - * @req_id - request id. - * @status - copy status from the firmware. - * - * This function is called by the memory dump response handler to - * indicate SME that firmware dump copy is complete - */ -static VOS_STATUS wma_fw_mem_dump_rsp(uint32_t req_id, uint32_t status) -{ - struct fw_dump_rsp *dump_rsp; - vos_msg_t sme_msg = {0} ; - VOS_STATUS vos_status = VOS_STATUS_SUCCESS; - - dump_rsp = vos_mem_malloc(sizeof(*dump_rsp)); - - if (!dump_rsp) { - WMA_LOGE(FL("Memory allocation failed.")); - vos_status = VOS_STATUS_E_NOMEM; - return vos_status; - } - - WMA_LOGI(FL("FW memory dump copy complete status: %d for request: %d"), - status, req_id); - - dump_rsp->request_id = req_id; - dump_rsp->dump_complete = status; - - sme_msg.type = eWNI_SME_FW_DUMP_IND; - sme_msg.bodyptr = dump_rsp; - sme_msg.bodyval = 0; - - vos_status = vos_mq_post_message(VOS_MODULE_ID_SME, &sme_msg); - if (!VOS_IS_STATUS_SUCCESS(vos_status)) { - WMA_LOGE(FL("Fail to post fw mem dump ind msg")); - vos_mem_free(dump_rsp); - } - - return vos_status; -} -#endif /* WLAN_FEATURE_MEMDUMP */ static int wma_link_status_rsp(tp_wma_handle wma, u_int8_t *buf) { @@ -5109,48 +5066,6 @@ static int wma_unified_link_radio_stats_event_handler(void *handle, #endif /* WLAN_FEATURE_LINK_LAYER_STATS */ -/** - * wma_fw_mem_dump_event_handler() - handles fw memory dump event - * - * handle - pointer to wma handle. - * cmd_param_info - pointer to TLV info received in the event. - * len - length of data in @cmd_param_info - * - * This function is a handler for firmware memory dump event. - */ -#ifdef WLAN_FEATURE_MEMDUMP -static int wma_fw_mem_dump_event_handler(void *handle, u_int8_t *cmd_param_info, - u_int32_t len) -{ - WMI_UPDATE_FW_MEM_DUMP_EVENTID_param_tlvs *param_buf; - wmi_update_fw_mem_dump_fixed_param *event; - VOS_STATUS status; - - param_buf = - (WMI_UPDATE_FW_MEM_DUMP_EVENTID_param_tlvs *) cmd_param_info; - if (!param_buf) { - WMA_LOGA("%s: Invalid stats event", __func__); - return -EINVAL; - } - - event = param_buf->fixed_param; - - status = wma_fw_mem_dump_rsp(event->request_id, - event->fw_mem_dump_complete); - if (VOS_STATUS_SUCCESS != status) { - return -EINVAL; - } - - WMA_LOGI("FW MEM DUMP RSP posted successfully"); - return 0; -} -#else -static int wma_fw_mem_dump_event_handler(void *handle, u_int8_t *cmd_param_info, - u_int32_t len) -{ - return 0; -} -#endif /* WLAN_FEATURE_MEMDUMP */ u_int8_t *wma_add_p2p_ie(u_int8_t *frm) { @@ -6344,7 +6259,8 @@ static int wma_nan_rsp_event_handler(void *handle, u_int8_t *event_buf, alloc_len = sizeof(tSirNanEvent); alloc_len += nan_rsp_event_hdr->data_len; if (nan_rsp_event_hdr->data_len > ((WMA_SVC_MSG_MAX_SIZE - - sizeof(*nan_rsp_event_hdr)) / sizeof(u_int8_t))) { + sizeof(*nan_rsp_event_hdr)) / sizeof(u_int8_t)) || + nan_rsp_event_hdr->data_len > param_buf->num_data) { WMA_LOGE("excess data length:%d", nan_rsp_event_hdr->data_len); VOS_ASSERT(0); return -EINVAL; @@ -7629,12 +7545,6 @@ VOS_STATUS WDA_open(v_VOID_t *vos_context, v_VOID_t *os_ctx, wma_register_ll_stats_event_handler(wma_handle); #endif /* WLAN_FEATURE_LINK_LAYER_STATS */ - /* Register event handler to receive firmware mem dump - * copy complete indication - */ - wmi_unified_register_event_handler(wma_handle->wmi_handle, - WMI_UPDATE_FW_MEM_DUMP_EVENTID, - wma_fw_mem_dump_event_handler); wmi_set_tgt_assert(wma_handle->wmi_handle, mac_params->force_target_assert_enabled); @@ -29086,111 +28996,6 @@ VOS_STATUS wma_config_guard_time(tp_wma_handle wma, return ret; } -#ifdef WLAN_FEATURE_MEMDUMP -/* - * wma_process_fw_mem_dump_req() - Function to request fw memory dump from - * firmware - * @wma: Pointer to WMA handle - * @mem_dump_req: Pointer for mem_dump_req - * - * This function sends memory dump request to firmware - * - * Return: VOS_STATUS_SUCCESS for success otherwise failure - * - */ -static VOS_STATUS wma_process_fw_mem_dump_req(tp_wma_handle wma, - struct fw_dump_req* mem_dump_req) -{ - wmi_get_fw_mem_dump_fixed_param *cmd; - wmi_fw_mem_dump *dump_params; - struct fw_dump_seg_req *seg_req; - int32_t len; - wmi_buf_t buf; - u_int8_t *buf_ptr; - int ret, loop; - - if (!mem_dump_req || !wma) { - WMA_LOGE(FL("input pointer is NULL")); - return VOS_STATUS_E_FAILURE; - } - - /* - * len = sizeof(fixed param) that includes tlv header + - * tlv header for array of struc + - * sizeof (each struct) - */ - len = sizeof(*cmd) + WMI_TLV_HDR_SIZE; - len += mem_dump_req->num_seg * sizeof(wmi_fw_mem_dump); - buf = wmi_buf_alloc(wma->wmi_handle, len); - - if (!buf) { - WMA_LOGE(FL("Failed allocate wmi buffer")); - return VOS_STATUS_E_NOMEM; - } - - buf_ptr = (u_int8_t *) wmi_buf_data(buf); - vos_mem_zero(buf_ptr, len); - cmd = (wmi_get_fw_mem_dump_fixed_param *) buf_ptr; - - WMITLV_SET_HDR(&cmd->tlv_header, - WMITLV_TAG_STRUC_wmi_get_fw_mem_dump_fixed_param, - WMITLV_GET_STRUCT_TLVLEN(wmi_get_fw_mem_dump_fixed_param)); - - cmd->request_id = mem_dump_req->request_id; - cmd->num_fw_mem_dump_segs = mem_dump_req->num_seg; - - /* TLV indicating array of structures to follow */ - buf_ptr += sizeof(wmi_get_fw_mem_dump_fixed_param); - WMITLV_SET_HDR(buf_ptr, WMITLV_TAG_ARRAY_STRUC, - sizeof(wmi_fw_mem_dump) * - cmd->num_fw_mem_dump_segs); - - buf_ptr += WMI_TLV_HDR_SIZE; - dump_params = (wmi_fw_mem_dump *) buf_ptr; - - WMA_LOGI(FL("request_id:%d num_seg:%d"), - mem_dump_req->request_id, mem_dump_req->num_seg); - for (loop = 0; loop < cmd->num_fw_mem_dump_segs; loop++) { - seg_req = (struct fw_dump_seg_req *) - ((uint8_t *)(mem_dump_req->segment) + - loop * sizeof(*seg_req)); - WMITLV_SET_HDR(&dump_params->tlv_header, - WMITLV_TAG_STRUC_wmi_fw_mem_dump_params, - WMITLV_GET_STRUCT_TLVLEN(wmi_fw_mem_dump)); - dump_params->seg_id = seg_req->seg_id; - dump_params->seg_start_addr_lo = seg_req-> seg_start_addr_lo; - dump_params->seg_start_addr_hi = seg_req->seg_start_addr_hi; - dump_params->seg_length = seg_req->seg_length; - dump_params->dest_addr_lo = seg_req->dst_addr_lo; - dump_params->dest_addr_hi = seg_req->dst_addr_hi; - WMA_LOGI(FL("seg_number:%d"), loop); - WMA_LOGI(FL("seg_id:%d start_addr_lo:0x%x start_addr_hi:0x%x"), - dump_params->seg_id, dump_params->seg_start_addr_lo, - dump_params->seg_start_addr_hi); - WMA_LOGI(FL("seg_length:%d dst_addr_lo:0x%x dst_addr_hi:0x%x"), - dump_params->seg_length, dump_params->dest_addr_lo, - dump_params->dest_addr_hi); - dump_params++; - } - - ret = wmi_unified_cmd_send(wma->wmi_handle, buf, len, - WMI_GET_FW_MEM_DUMP_CMDID); - if (ret) { - WMA_LOGE(FL("Failed to send get firmware mem dump request")); - wmi_buf_free(buf); - return VOS_STATUS_E_FAILURE; - } - - WMA_LOGI(FL("Get firmware mem dump request sent successfully")); - return VOS_STATUS_SUCCESS; -} -#else -static VOS_STATUS wma_process_fw_mem_dump_req(tp_wma_handle wma, - void *mem_dump_req) -{ - return VOS_STATUS_SUCCESS; -} -#endif /* WLAN_FEATURE_MEMDUMP */ /* * wma_process_set_ie_info() - Function to send IE info to firmware @@ -30988,11 +30793,6 @@ VOS_STATUS wma_mc_process_msg(v_VOID_t *vos_context, vos_msg_t *msg) (struct sir_guard_time_request *)msg->bodyptr); vos_mem_free(msg->bodyptr); break; - case WDA_FW_MEM_DUMP_REQ: - wma_process_fw_mem_dump_req(wma_handle, - (struct fw_dump_req*)msg->bodyptr); - vos_mem_free(msg->bodyptr); - break; case SIR_HAL_START_STOP_LOGGING: wma_set_wifi_start_packet_stats(wma_handle, (struct sir_wifi_start_log *)msg->bodyptr); diff --git a/drivers/staging/qcacld-2.0/CORE/SME/inc/smeInternal.h b/drivers/staging/qcacld-2.0/CORE/SME/inc/smeInternal.h index 4f89113b0f1c..039af1aaa1e3 100644 --- a/drivers/staging/qcacld-2.0/CORE/SME/inc/smeInternal.h +++ b/drivers/staging/qcacld-2.0/CORE/SME/inc/smeInternal.h @@ -219,9 +219,6 @@ typedef struct tagSmeStruct ocb_callback dcc_update_ndl_callback; void *dcc_stats_event_context; ocb_callback dcc_stats_event_callback; -#ifdef WLAN_FEATURE_MEMDUMP - void (*fw_dump_callback)(void *context, struct fw_dump_rsp *rsp); -#endif void (*set_thermal_level_cb)(void *hdd_context, uint8_t level); void (*rssi_threshold_breached_cb)(void *, struct rssi_breach_event *); diff --git a/drivers/staging/qcacld-2.0/CORE/SME/inc/sme_Api.h b/drivers/staging/qcacld-2.0/CORE/SME/inc/sme_Api.h index 453db8c35a36..7a5fe2174cfe 100644 --- a/drivers/staging/qcacld-2.0/CORE/SME/inc/sme_Api.h +++ b/drivers/staging/qcacld-2.0/CORE/SME/inc/sme_Api.h @@ -4114,11 +4114,6 @@ eHalStatus sme_SetLinkLayerStatsIndCB #endif /* WLAN_FEATURE_LINK_LAYER_STATS */ -eHalStatus sme_fw_mem_dump(tHalHandle hHal, void *recvd_req); -eHalStatus sme_fw_mem_dump_register_cb(tHalHandle hHal, - void (*callback_routine)(void *cb_context, struct fw_dump_rsp *rsp)); -eHalStatus sme_fw_mem_dump_unregister_cb(tHalHandle hHal); - #ifdef WLAN_FEATURE_ROAM_OFFLOAD /*-------------------------------------------------------------------------- \brief sme_UpdateRoamOffloadEnabled() - enable/disable roam offload feature diff --git a/drivers/staging/qcacld-2.0/CORE/SME/src/sme_common/sme_Api.c b/drivers/staging/qcacld-2.0/CORE/SME/src/sme_common/sme_Api.c index 75fca9e0c179..9501df091c74 100644 --- a/drivers/staging/qcacld-2.0/CORE/SME/src/sme_common/sme_Api.c +++ b/drivers/staging/qcacld-2.0/CORE/SME/src/sme_common/sme_Api.c @@ -78,7 +78,6 @@ extern tSirRetStatus uMacPostCtrlMsg(void* pSirGlobal, tSirMbMsg* pMb); #define LOG_SIZE 256 -#define READ_MEMORY_DUMP_CMD 9 #define TL_INIT_STATE 0 static tSelfRecoveryStats gSelfRecoveryStats; @@ -2566,31 +2565,6 @@ eHalStatus sme_SetEseBeaconRequest(tHalHandle hHal, const tANI_U8 sessionId, } #endif /* FEATURE_WLAN_ESE && FEATURE_WLAN_ESE_UPLOAD */ - -/** - * sme_process_fw_mem_dump_rsp - process fw memory dump response from WMA - * - * @pMac - pointer to MAC handle. - * @pMsg - pointer to received SME msg. - * - * This function process the received SME message and calls the corresponding - * callback which was already registered with SME. - */ -#ifdef WLAN_FEATURE_MEMDUMP -static void sme_process_fw_mem_dump_rsp(tpAniSirGlobal pMac, vos_msg_t* pMsg) -{ - if (pMsg->bodyptr) { - if (pMac->sme.fw_dump_callback) - pMac->sme.fw_dump_callback(pMac->hHdd, - (struct fw_dump_rsp*) pMsg->bodyptr); - vos_mem_free(pMsg->bodyptr); - } -} -#else -static void sme_process_fw_mem_dump_rsp(tpAniSirGlobal pMac, vos_msg_t* pMsg) -{ -} -#endif eHalStatus sme_IbssPeerInfoResponseHandleer( tHalHandle hHal, tpSirIbssGetPeerInfoRspParams pIbssPeerInfoParams) { @@ -3294,9 +3268,6 @@ eHalStatus sme_ProcessMsg(tHalHandle hHal, vos_msg_t* pMsg) } vos_mem_free(pMsg->bodyptr); break; - case eWNI_SME_FW_DUMP_IND: - sme_process_fw_mem_dump_rsp(pMac, pMsg); - break; case eWNI_SME_SET_THERMAL_LEVEL_IND: if (pMac->sme.set_thermal_level_cb) { @@ -16199,76 +16170,6 @@ eHalStatus sme_SetLinkLayerStatsIndCB #endif /* WLAN_FEATURE_LINK_LAYER_STATS */ -/** - * sme_fw_mem_dump_register_cb() - Register fw memory dump callback - * - * @hHal - MAC global handle - * @callback_routine - callback routine from HDD - * - * This API is invoked by HDD to register its callback in SME - * - * Return: eHalStatus - */ -#ifdef WLAN_FEATURE_MEMDUMP -eHalStatus sme_fw_mem_dump_register_cb(tHalHandle hal, - void (*callback_routine)(void *cb_context, - struct fw_dump_rsp *rsp)) -{ - eHalStatus status = eHAL_STATUS_SUCCESS; - tpAniSirGlobal pmac = PMAC_STRUCT(hal); - - status = sme_AcquireGlobalLock(&pmac->sme); - if (eHAL_STATUS_SUCCESS == status) { - pmac->sme.fw_dump_callback = callback_routine; - sme_ReleaseGlobalLock(&pmac->sme); - } else { - VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR, - FL("sme_AcquireGlobalLock error")); - } - - return status; -} -#else -eHalStatus sme_fw_mem_dump_register_cb(tHalHandle hal, - void (*callback_routine)(void *cb_context, - struct fw_dump_rsp *rsp)) -{ - return eHAL_STATUS_SUCCESS; -} -#endif /* WLAN_FEATURE_MEMDUMP */ - -/** - * sme_fw_mem_dump_unregister_cb() - Unregister fw memory dump callback - * - * @hHal - MAC global handle - * - * This API is invoked by HDD to unregister its callback in SME - * - * Return: eHalStatus - */ -#ifdef WLAN_FEATURE_MEMDUMP -eHalStatus sme_fw_mem_dump_unregister_cb(tHalHandle hal) -{ - eHalStatus status; - tpAniSirGlobal pmac = PMAC_STRUCT(hal); - - status = sme_AcquireGlobalLock(&pmac->sme); - if (eHAL_STATUS_SUCCESS == status) { - pmac->sme.fw_dump_callback = NULL; - sme_ReleaseGlobalLock(&pmac->sme); - } else { - VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR, - FL("sme_AcquireGlobalLock error")); - } - - return status; -} -#else -eHalStatus sme_fw_mem_dump_unregister_cb(tHalHandle hal) -{ - return eHAL_STATUS_SUCCESS; -} -#endif /* WLAN_FEATURE_MEMDUMP */ #ifdef WLAN_FEATURE_ROAM_OFFLOAD /*-------------------------------------------------------------------------- @@ -16864,80 +16765,6 @@ VOS_STATUS sme_apfind_set_cmd(struct sme_ap_find_request_req *input) return VOS_STATUS_SUCCESS; } #endif /* WLAN_FEATURE_APFIND */ -/** - * sme_fw_mem_dump() - Get FW memory dump - * - * This API is invoked by HDD to indicate FW to start - * dumping firmware memory. - * - * Return: eHalStatus - */ -#ifdef WLAN_FEATURE_MEMDUMP -eHalStatus sme_fw_mem_dump(tHalHandle hHal, void *recvd_req) -{ - eHalStatus status = eHAL_STATUS_SUCCESS; - VOS_STATUS vos_status = VOS_STATUS_SUCCESS; - tpAniSirGlobal pMac = PMAC_STRUCT(hHal); - vos_msg_t msg; - struct fw_dump_req* send_req; - struct fw_dump_seg_req seg_req; - int loop; - - send_req = vos_mem_malloc(sizeof(*send_req)); - if(!send_req) { - VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR, - FL("Memory allocation failed for WDA_FW_MEM_DUMP")); - return eHAL_STATUS_FAILURE; - } - vos_mem_copy(send_req, recvd_req, sizeof(*send_req)); - - VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_INFO, - FL("request_id:%d num_seg:%d"), - send_req->request_id, send_req->num_seg); - VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_INFO, - FL("Segment Information")); - for (loop = 0; loop < send_req->num_seg; loop++) { - seg_req = send_req->segment[loop]; - VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_INFO, - FL("seg_number:%d"), loop); - VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_INFO, - FL("seg_id:%d start_addr_lo:0x%x start_addr_hi:0x%x"), - seg_req.seg_id, seg_req.seg_start_addr_lo, - seg_req.seg_start_addr_hi); - VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_INFO, - FL("seg_length:%d dst_addr_lo:0x%x dst_addr_hi:0x%x"), - seg_req.seg_length, seg_req.dst_addr_lo, - seg_req.dst_addr_hi); - } - - if (eHAL_STATUS_SUCCESS == sme_AcquireGlobalLock(&pMac->sme)) { - msg.bodyptr = send_req; - msg.type = WDA_FW_MEM_DUMP_REQ; - msg.reserved = 0; - - vos_status = vos_mq_post_message(VOS_MODULE_ID_WDA, &msg); - if (VOS_STATUS_SUCCESS != vos_status) { - VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR, - FL("Not able to post WDA_FW_MEM_DUMP")); - vos_mem_free(send_req); - status = eHAL_STATUS_FAILURE; - } - sme_ReleaseGlobalLock(&pMac->sme); - } else { - VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR, - FL("Failed to acquire SME Global Lock")); - vos_mem_free(send_req); - status = eHAL_STATUS_FAILURE; - } - - return status; -} -#else -eHalStatus sme_fw_mem_dump(tHalHandle hHal, void *recvd_req) -{ - return eHAL_STATUS_SUCCESS; -} -#endif /* WLAN_FEATURE_MEMDUMP */ #ifdef FEATURE_WLAN_MCC_TO_SCC_SWITCH /* * sme_validate_sap_channel_switch() - validate target channel switch w.r.t diff --git a/drivers/staging/qcacld-2.0/CORE/SYS/legacy/src/utils/src/macTrace.c b/drivers/staging/qcacld-2.0/CORE/SYS/legacy/src/utils/src/macTrace.c index 153aaaeb5c66..3a58f8d35b27 100644 --- a/drivers/staging/qcacld-2.0/CORE/SYS/legacy/src/utils/src/macTrace.c +++ b/drivers/staging/qcacld-2.0/CORE/SYS/legacy/src/utils/src/macTrace.c @@ -572,7 +572,6 @@ tANI_U8* macTraceGetSmeMsgString(tANI_U16 smeMsg) CASE_RETURN_STRING(eWNI_SME_DCC_UPDATE_NDL_RSP); CASE_RETURN_STRING(eWNI_SME_DCC_STATS_EVENT); CASE_RETURN_STRING(eWNI_SME_TSF_EVENT); - CASE_RETURN_STRING(eWNI_SME_FW_DUMP_IND); CASE_RETURN_STRING(eWNI_SME_PDEV_SET_HT_VHT_IE); CASE_RETURN_STRING(eWNI_SME_EXT_CHANGE_CHANNEL); CASE_RETURN_STRING(eWNI_SME_EXT_CHANGE_CHANNEL_IND); @@ -988,7 +987,6 @@ tANI_U8* macTraceGetWdaMsgString(tANI_U16 wdaMsg) CASE_RETURN_STRING(SIR_HAL_SET_MIRACAST); CASE_RETURN_STRING(SIR_HAL_CONFIG_STATS_FACTOR); CASE_RETURN_STRING(SIR_HAL_CONFIG_GUARD_TIME); - CASE_RETURN_STRING(WDA_FW_MEM_DUMP_REQ); CASE_RETURN_STRING(SIR_HAL_START_STOP_LOGGING); CASE_RETURN_STRING(WDA_TSF_GPIO_PIN); CASE_RETURN_STRING(SIR_HAL_FLUSH_LOG_TO_FW); diff --git a/drivers/staging/qcacld-2.0/CORE/WDA/inc/wlan_qct_wda.h b/drivers/staging/qcacld-2.0/CORE/WDA/inc/wlan_qct_wda.h index f969cfae4672..d5bc4af5d791 100644 --- a/drivers/staging/qcacld-2.0/CORE/WDA/inc/wlan_qct_wda.h +++ b/drivers/staging/qcacld-2.0/CORE/WDA/inc/wlan_qct_wda.h @@ -1068,7 +1068,6 @@ tSirRetStatus uMacPostCtrlMsg(void* pSirGlobal, tSirMbMsg* pMb); #define WDA_UPDATE_Q2Q_IE_IND SIR_HAL_UPDATE_Q2Q_IE_IND #endif /* FEATURE_AP_MCC_CH_AVOIDANCE */ -#define WDA_FW_MEM_DUMP_REQ SIR_HAL_FW_MEM_DUMP_REQ #define WDA_TSF_GPIO_PIN SIR_HAL_TSF_GPIO_PIN_REQ #define WDA_SET_RSSI_MONITOR_REQ SIR_HAL_SET_RSSI_MONITOR_REQ diff --git a/drivers/staging/qcacld-2.0/Kbuild b/drivers/staging/qcacld-2.0/Kbuild index ae16760d96de..5773ae0c111b 100644 --- a/drivers/staging/qcacld-2.0/Kbuild +++ b/drivers/staging/qcacld-2.0/Kbuild @@ -132,9 +132,6 @@ ifeq ($(KERNEL_BUILD), 0) endif ifneq ($(CONFIG_ARCH_MDM9607), y) - #Flag to enable memdump feature - CONFIG_WLAN_FEATURE_MEMDUMP := y - #Flag to enable offload packets feature CONFIG_WLAN_OFFLOAD_PACKETS := y endif @@ -397,6 +394,7 @@ HDD_OBJS := $(HDD_SRC_DIR)/wlan_hdd_assoc.o \ $(HDD_SRC_DIR)/wlan_hdd_ftm.o \ $(HDD_SRC_DIR)/wlan_hdd_hostapd.o \ $(HDD_SRC_DIR)/wlan_hdd_main.o \ + $(HDD_SRC_DIR)/wlan_hdd_memdump.o \ $(HDD_SRC_DIR)/wlan_hdd_ocb.o \ $(HDD_SRC_DIR)/wlan_hdd_oemdata.o \ $(HDD_SRC_DIR)/wlan_hdd_scan.o \ @@ -428,10 +426,6 @@ ifeq ($(CONFIG_WLAN_SYNC_TSF),y) HDD_OBJS += $(HDD_SRC_DIR)/wlan_hdd_tsf.o endif -ifeq ($(CONFIG_WLAN_FEATURE_MEMDUMP),y) -HDD_OBJS += $(HDD_SRC_DIR)/wlan_hdd_memdump.o -endif - ifeq ($(CONFIG_WLAN_FEATURE_NAN_DATAPATH),y) HDD_OBJS += $(HDD_SRC_DIR)/wlan_hdd_nan_datapath.o endif @@ -1502,10 +1496,6 @@ ifeq ($(CONFIG_STATICALLY_ADD_11P_CHANNELS),y) CDEFINES += -DFEATURE_STATICALLY_ADD_11P_CHANNELS endif -ifeq ($(CONFIG_WLAN_FEATURE_MEMDUMP),y) -CDEFINES += -DWLAN_FEATURE_MEMDUMP -endif - ifeq ($(CONFIG_WLAN_OFFLOAD_PACKETS),y) CDEFINES += -DWLAN_FEATURE_OFFLOAD_PACKETS endif diff --git a/drivers/staging/qcacld-2.0/Kconfig b/drivers/staging/qcacld-2.0/Kconfig index 791b0588da3a..cc2c5105bb53 100644 --- a/drivers/staging/qcacld-2.0/Kconfig +++ b/drivers/staging/qcacld-2.0/Kconfig @@ -54,9 +54,6 @@ config WLAN_SYNC_TSF bool "Enable QCOM sync multi devices tsf feature" default n -config WLAN_FEATURE_MEMDUMP - bool "Enable MEMDUMP feature" - default n config WLAN_OFFLOAD_PACKETS bool "Enable offload packets feature" diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h index 821eae8cbd8c..0af57a99c6a1 100644 --- a/include/crypto/internal/hash.h +++ b/include/crypto/internal/hash.h @@ -70,6 +70,14 @@ int ahash_register_instance(struct crypto_template *tmpl, struct ahash_instance *inst); void ahash_free_instance(struct crypto_instance *inst); +int shash_no_setkey(struct crypto_shash *tfm, const u8 *key, + unsigned int keylen); + +static inline bool crypto_shash_alg_has_setkey(struct shash_alg *alg) +{ + return alg->setkey != shash_no_setkey; +} + int crypto_init_ahash_spawn(struct crypto_ahash_spawn *spawn, struct hash_alg_common *alg, struct crypto_instance *inst); diff --git a/lib/asn1_decoder.c b/lib/asn1_decoder.c index b1c885297113..ffbb03e34d20 100644 --- a/lib/asn1_decoder.c +++ b/lib/asn1_decoder.c @@ -276,6 +276,9 @@ next_op: if (unlikely(len > datalen - dp)) goto data_overrun_error; } + } else { + if (unlikely(len > datalen - dp)) + goto data_overrun_error; } if (flags & FLAG_CONS) { @@ -302,38 +305,43 @@ next_op: /* Decide how to handle the operation */ switch (op) { - case ASN1_OP_MATCH_ANY_ACT: - case ASN1_OP_COND_MATCH_ANY_ACT: - ret = actions[machine[pc + 1]](context, hdr, tag, data + dp, len); - if (ret < 0) - return ret; - goto skip_data; - - case ASN1_OP_MATCH_ACT: - case ASN1_OP_MATCH_ACT_OR_SKIP: - case ASN1_OP_COND_MATCH_ACT_OR_SKIP: - ret = actions[machine[pc + 2]](context, hdr, tag, data + dp, len); - if (ret < 0) - return ret; - goto skip_data; - case ASN1_OP_MATCH: case ASN1_OP_MATCH_OR_SKIP: + case ASN1_OP_MATCH_ACT: + case ASN1_OP_MATCH_ACT_OR_SKIP: case ASN1_OP_MATCH_ANY: + case ASN1_OP_MATCH_ANY_ACT: case ASN1_OP_COND_MATCH_OR_SKIP: + case ASN1_OP_COND_MATCH_ACT_OR_SKIP: case ASN1_OP_COND_MATCH_ANY: - skip_data: + case ASN1_OP_COND_MATCH_ANY_ACT: + if (!(flags & FLAG_CONS)) { if (flags & FLAG_INDEFINITE_LENGTH) { + size_t tmp = dp; + ret = asn1_find_indefinite_length( - data, datalen, &dp, &len, &errmsg); + data, datalen, &tmp, &len, &errmsg); if (ret < 0) goto error; - } else { - dp += len; } pr_debug("- LEAF: %zu\n", len); } + + if (op & ASN1_OP_MATCH__ACT) { + unsigned char act; + + if (op & ASN1_OP_MATCH__ANY) + act = machine[pc + 1]; + else + act = machine[pc + 2]; + ret = actions[act](context, hdr, tag, data + dp, len); + if (ret < 0) + return ret; + } + + if (!(flags & FLAG_CONS)) + dp += len; pc += asn1_op_lengths[op]; goto next_op; diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c index b5cfba13bd37..b3bd200f8b42 100644 --- a/net/bluetooth/hidp/core.c +++ b/net/bluetooth/hidp/core.c @@ -411,6 +411,16 @@ static void hidp_del_timer(struct hidp_session *session) del_timer(&session->timer); } +static void hidp_process_report(struct hidp_session *session, int type, + const u8 *data, unsigned int len, int intr) +{ + if (len > HID_MAX_BUFFER_SIZE) + len = HID_MAX_BUFFER_SIZE; + + memcpy(session->input_buf, data, len); + hid_input_report(session->hid, type, session->input_buf, len, intr); +} + static void hidp_process_handshake(struct hidp_session *session, unsigned char param) { @@ -483,7 +493,8 @@ static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb, hidp_input_report(session, skb); if (session->hid) - hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0); + hidp_process_report(session, HID_INPUT_REPORT, + skb->data, skb->len, 0); break; case HIDP_DATA_RTYPE_OTHER: @@ -565,7 +576,8 @@ static void hidp_recv_intr_frame(struct hidp_session *session, hidp_input_report(session, skb); if (session->hid) { - hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1); + hidp_process_report(session, HID_INPUT_REPORT, + skb->data, skb->len, 1); BT_DBG("report len %d", skb->len); } } else { diff --git a/net/bluetooth/hidp/hidp.h b/net/bluetooth/hidp/hidp.h index 6162ce8606ac..5e2a5d54ad25 100644 --- a/net/bluetooth/hidp/hidp.h +++ b/net/bluetooth/hidp/hidp.h @@ -24,6 +24,7 @@ #define __HIDP_H #include <linux/types.h> +#include <linux/hid.h> #include <linux/kref.h> #include <net/bluetooth/bluetooth.h> #include <net/bluetooth/l2cap.h> @@ -177,6 +178,9 @@ struct hidp_session { /* Used in hidp_output_raw_report() */ int output_report_success; /* boolean */ + + /* temporary input buffer */ + u8 input_buf[HID_MAX_BUFFER_SIZE]; }; /* HIDP init defines */ diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c index b304648a759a..3bc80c7fbf85 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c @@ -340,6 +340,9 @@ static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4, rt->dst.dev->mtu); return -EMSGSIZE; } + if (length < sizeof(struct iphdr)) + return -EINVAL; + if (flags&MSG_PROBE) goto out; diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 0c94b3bcf055..1d165d5cb6b7 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1216,14 +1216,16 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, np->cork.tclass = tclass; if (rt->dst.flags & DST_XFRM_TUNNEL) mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ? - rt->dst.dev->mtu : dst_mtu(&rt->dst); + ACCESS_ONCE(rt->dst.dev->mtu) : dst_mtu(&rt->dst); else mtu = np->pmtudisc == IPV6_PMTUDISC_PROBE ? - rt->dst.dev->mtu : dst_mtu(rt->dst.path); + ACCESS_ONCE(rt->dst.dev->mtu) : dst_mtu(rt->dst.path); if (np->frag_size < mtu) { if (np->frag_size) mtu = np->frag_size; } + if (mtu < IPV6_MIN_MTU) + return -EINVAL; cork->fragsize = mtu; if (dst_allfrag(rt->dst.path)) cork->flags |= IPCORK_ALLFRAG; diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c index c9ccdd7564d5..fd5ad12d8d5f 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c @@ -616,6 +616,8 @@ static int rawv6_send_hdrinc(struct sock *sk, void *from, int length, ipv6_local_error(sk, EMSGSIZE, fl6, rt->dst.dev->mtu); return -EMSGSIZE; } + if (length < sizeof(struct ipv6hdr)) + return -EINVAL; if (flags&MSG_PROBE) goto out; diff --git a/sound/soc/codecs/wcd_cpe_core.c b/sound/soc/codecs/wcd_cpe_core.c index d80abe0642b2..b47903706cb2 100644 --- a/sound/soc/codecs/wcd_cpe_core.c +++ b/sound/soc/codecs/wcd_cpe_core.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2015, The Linux Foundation. All rights reserved. +/* Copyright (c) 2014-2015, 2018 The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -1630,6 +1630,7 @@ struct wcd_cpe_core *wcd_cpe_init(const char *img_fname, init_completion(&core->online_compl); init_waitqueue_head(&core->ssr_entry.offline_poll_wait); mutex_init(&core->ssr_lock); + mutex_init(&core->session_lock); core->cpe_users = 0; /* @@ -2592,6 +2593,7 @@ static struct cpe_lsm_session *wcd_cpe_alloc_lsm_session( * If this is the first session to be allocated, * only then register the afe service. */ + WCD_CPE_GRAB_LOCK(&core->session_lock, "session_lock"); if (!wcd_cpe_lsm_session_active()) afe_register_service = true; @@ -2603,6 +2605,7 @@ static struct cpe_lsm_session *wcd_cpe_alloc_lsm_session( dev_err(core->dev, "%s: max allowed sessions already allocated\n", __func__); + WCD_CPE_REL_LOCK(&core->session_lock, "session_lock"); return NULL; } @@ -2611,6 +2614,7 @@ static struct cpe_lsm_session *wcd_cpe_alloc_lsm_session( dev_err(core->dev, "%s: Failed to enable cpe, err = %d\n", __func__, ret); + WCD_CPE_REL_LOCK(&core->session_lock, "session_lock"); return NULL; } @@ -2657,6 +2661,8 @@ static struct cpe_lsm_session *wcd_cpe_alloc_lsm_session( init_completion(&session->cmd_comp); lsm_sessions[session_id] = session; + + WCD_CPE_REL_LOCK(&core->session_lock, "session_lock"); return session; err_afe_mode_cmd: @@ -2671,6 +2677,7 @@ err_ret: err_session_alloc: wcd_cpe_vote(core, false); + WCD_CPE_REL_LOCK(&core->session_lock, "session_lock"); return NULL; } @@ -3000,9 +3007,11 @@ static int wcd_cpe_dealloc_lsm_session(void *core_handle, struct wcd_cpe_core *core = core_handle; int ret = 0; + WCD_CPE_GRAB_LOCK(&core->session_lock, "session_lock"); if (!session) { dev_err(core->dev, "%s: Invalid lsm session\n", __func__); + WCD_CPE_REL_LOCK(&core->session_lock, "session_lock"); return -EINVAL; } @@ -3013,6 +3022,7 @@ static int wcd_cpe_dealloc_lsm_session(void *core_handle, "%s: Wrong session id %d max allowed = %d\n", __func__, session->id, WCD_CPE_LSM_MAX_SESSIONS); + WCD_CPE_REL_LOCK(&core->session_lock, "session_lock"); return -EINVAL; } @@ -3033,6 +3043,7 @@ static int wcd_cpe_dealloc_lsm_session(void *core_handle, "%s: Failed to un-vote cpe, err = %d\n", __func__, ret); + WCD_CPE_REL_LOCK(&core->session_lock, "session_lock"); return ret; } diff --git a/sound/soc/codecs/wcd_cpe_core.h b/sound/soc/codecs/wcd_cpe_core.h index 050b0296b4b0..4a8a28caf5f7 100644 --- a/sound/soc/codecs/wcd_cpe_core.h +++ b/sound/soc/codecs/wcd_cpe_core.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2015, The Linux Foundation. All rights reserved. +/* Copyright (c) 2013-2015, 2018, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -134,6 +134,9 @@ struct wcd_cpe_core { /* mutex to protect cpe ssr status variables */ struct mutex ssr_lock; + /* mutex to protect cpe session status variables */ + struct mutex session_lock; + /* Store the calibration data needed for cpe */ struct cal_type_data *cal_data[WCD_CPE_LSM_CAL_MAX]; |