Piteball
/
android_kernel_google_msm
mirror of https://github.com/followmsi/android_kernel_google_msm.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'lineage-18.1' of https://github.com/LineageOS/android_kernel_google_msm into followmsi-11

This commit is contained in:
followmsi 2021-11-24 13:34:59 +01:00
parent 370db44ac2 0b02bd0ec5
commit e7e8f34f94
26 changed files with 592 additions and 293 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
arch/arm/configs/lineageos_flo_defconfig
View File

@ -12,11 +12,14 @@ CONFIG_CGROUP_CPUACCT=y
CONFIG_RESOURCE_COUNTERS=y
CONFIG_CGROUP_SCHED=y
CONFIG_RT_GROUP_SCHED=y
CONFIG_BLK_CGROUP=y
# CONFIG_DEBUG_BLK_CGROUP is not set
CONFIG_NAMESPACES=y
# CONFIG_UTS_NS is not set
# CONFIG_USER_NS is not set
# CONFIG_PID_NS is not set
CONFIG_BLK_DEV_INITRD=y
# CONFIG_BLK_DEV_THROTTLING is not set
CONFIG_RD_BZIP2=y
CONFIG_RD_LZMA=y
CONFIG_RD_XZ=y
@ -27,7 +30,9 @@ CONFIG_PROFILING=y
CONFIG_PARTITION_ADVANCED=y
CONFIG_EFI_PARTITION=y
# CONFIG_IOSCHED_TEST is not set
CONFIG_IOSCHED_BFQ=y
CONFIG_IOSCHED_CFQ=y
CONFIG_CFQ_GROUP_IOSCHED=y
CONFIG_DEFAULT_CFQ=y
CONFIG_CGROUP_BFQIO=y
CONFIG_DEFAULT_NOOP=y
CONFIG_ARCH_MSM=y
@ -558,6 +563,9 @@ CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
CONFIG_LSM_MMAP_MIN_ADDR=4096
CONFIG_SECURITY_SELINUX=y
# CONFIG_CRYPTO_DEV_QCRYPTO is not set
# CONFIG_CRYPTO_DEV_QCE is not set
# CONFIG_CRYPTO_DEV_QCEDEV is not set
CONFIG_CRYPTO_SHA1_ARM_NEON=y
CONFIG_CRYPTO_SHA256_ARM=y
CONFIG_CRYPTO_SHA512_ARM_NEON=y

3
block/bfq-sched.c
View File

@ -1046,6 +1046,9 @@ static struct bfq_entity *bfq_lookup_next_entity(struct bfq_sched_data *sd,
entity = __bfq_lookup_next_entity(st + i, false);
if (entity != NULL) {
if (extract) {
if (sd->next_in_service != entity) {
entity = __bfq_lookup_next_entity(st + i, true);
}
bfq_check_next_in_service(sd, entity);
bfq_active_extract(st + i, entity);
sd->in_service_entity = entity;

38
drivers/staging/prima/CORE/HDD/src/wlan_hdd_assoc.c
View File

@ -2596,12 +2596,13 @@ static tANI_S32 hdd_ProcessGENIE(hdd_adapter_t *pAdapter,
u_int8_t *gen_ie)
{
tHalHandle halHandle = WLAN_HDD_GET_HAL_CTX(pAdapter);
eHalStatus result;
tDot11fIERSN dot11RSNIE;
tDot11fIEWPA dot11WPAIE;
tANI_U32 i;
tANI_U8 *pRsnIe;
tANI_U16 RSNIeLen;
eHalStatus result;
tDot11fIERSN dot11RSNIE;
tDot11fIEWPA dot11WPAIE;
tANI_U32 i;
tANI_U32 status;
tANI_U8 *pRsnIe;
tANI_U16 RSNIeLen;
tPmkidCacheInfo PMKIDCache[4]; // Local transfer memory
/* Clear struct of tDot11fIERSN and tDot11fIEWPA specifically setting present
@ -2622,16 +2623,23 @@ static tANI_S32 hdd_ProcessGENIE(hdd_adapter_t *pAdapter,
{
return -EINVAL;
}
// Skip past the EID byte and length byte
pRsnIe = gen_ie + 2;
RSNIeLen = gen_ie_len - 2;
// Unpack the RSN IE
dot11fUnpackIeRSN((tpAniSirGlobal) halHandle,
pRsnIe,
RSNIeLen,
// Skip past the EID byte and length byte
pRsnIe = gen_ie + 2;
RSNIeLen = gen_ie_len - 2;
// Unpack the RSN IE
status = dot11fUnpackIeRSN((tpAniSirGlobal) halHandle,
pRsnIe,
RSNIeLen,
&dot11RSNIE);
// Copy out the encryption and authentication types
hddLog(LOG1, FL("%s: pairwise cipher suite count: %d"),
if (DOT11F_FAILED(status))
{
hddLog(LOGE,
FL("Parse failure in hdd_ProcessGENIE (0x%08x)"),
status);
return -EINVAL;
}
// Copy out the encryption and authentication types
hddLog(LOG1, FL("%s: pairwise cipher suite count: %d"),
__func__, dot11RSNIE.pwise_cipher_suite_count );
hddLog(LOG1, FL("%s: authentication suite count: %d"),
__func__, dot11RSNIE.akm_suite_count);

29
drivers/staging/prima/CORE/HDD/src/wlan_hdd_cfg80211.c
View File

@ -3244,15 +3244,22 @@ static int wlan_hdd_cfg80211_add_key( struct wiphy *wiphy,
return -EINVAL;
}
hddLog(VOS_TRACE_LEVEL_INFO,
"%s: called with key index = %d & key length %d",
__func__, key_index, params->key_len);
if (CSR_MAX_RSC_LEN < params->seq_len) {
hddLog(VOS_TRACE_LEVEL_ERROR, "%s: Invalid seq length %d", __func__,
params->seq_len);
return -EINVAL;
}
hddLog(VOS_TRACE_LEVEL_DEBUG, "%s: key index %d, key length %d, seq length %d",
__func__, key_index, params->key_len, params->seq_len);
/*extract key idx, key len and key*/
vos_mem_zero(&setKey,sizeof(tCsrRoamSetKey));
setKey.keyId = key_index;
setKey.keyLength = params->key_len;
vos_mem_copy(&setKey.Key[0],params->key, params->key_len);
vos_mem_copy(&setKey.keyRsc[0], params->seq, params->seq_len);
switch (params->cipher)
{
@ -5255,7 +5262,14 @@ int wlan_hdd_cfg80211_set_ie( hdd_adapter_t *pAdapter,
elementId = *genie++;
eLen = *genie++;
remLen -= 2;
/* Sanity check on eLen */
if (eLen > remLen) {
hddLog(VOS_TRACE_LEVEL_FATAL, "%s: Invalid IE length[%d] for IE[0x%X]",
__func__, eLen, elementId);
VOS_ASSERT(0);
return -EINVAL;
}
hddLog(VOS_TRACE_LEVEL_INFO, "%s: IE[0x%X], LEN[%d]\n",
__func__, elementId, eLen);
@ -5291,6 +5305,13 @@ int wlan_hdd_cfg80211_set_ie( hdd_adapter_t *pAdapter,
}
else if (0 == memcmp(&genie[0], "\x00\x50\xf2", 3))
{
if (eLen > (MAX_WPA_RSN_IE_LEN - 2)) {
hddLog(VOS_TRACE_LEVEL_FATAL, "%s: Invalid WPA RSN IE length[%d], exceeds %d bytes",
__func__, eLen, MAX_WPA_RSN_IE_LEN - 2);
VOS_ASSERT(0);
return -EINVAL;
}
hddLog (VOS_TRACE_LEVEL_INFO, "%s Set WPA IE (len %d)",__func__, eLen + 2);
memset( pWextState->WPARSNIE, 0, MAX_WPA_RSN_IE_LEN );
memcpy( pWextState->WPARSNIE, genie - 2, (eLen + 2) /*ie_len*/);

16
drivers/staging/prima/CORE/HDD/src/wlan_hdd_softap_tx_rx.c
View File

@ -1303,7 +1303,21 @@ VOS_STATUS hdd_softap_rx_packet_cbk( v_VOID_t *vosContext,
VOS_TRACE( VOS_MODULE_ID_HDD_SOFTAP, VOS_TRACE_LEVEL_ERROR,"%s: Failure extracting skb from vos pkt", __func__);
return VOS_STATUS_E_FAILURE;
}
if (TRUE == hdd_IsEAPOLPacket(pVosPacket)) {
//wlan_hdd_log_eapol(skb, WIFI_EVENT_DRIVER_EAPOL_FRAME_RECEIVED);
if (vos_mem_compare2(skb->data,
pAdapter->macAddressCurrent.bytes, 6) != 0) {
//VOS_TRACE(VOS_MODULE_ID_HDD_SAP_DATA, VOS_TRACE_LEVEL_ERROR,
// "Packet is not destined to this address, dropping");
kfree_skb(skb);
pVosPacket = pNextVosPacket;
continue;
}
}
pVosPacket->pSkb = NULL;
//hdd_softap_dump_sk_buff(skb);
skb->dev = pAdapter->dev;

5
drivers/staging/prima/CORE/HDD/src/wlan_hdd_wext.c
View File

@ -7073,7 +7073,10 @@ static const struct iw_priv_args we_private_args[] = {
WLAN_GET_LINK_SPEED,
IW_PRIV_TYPE_CHAR | 18,
IW_PRIV_TYPE_CHAR | 5, "getLinkSpeed" },
{
WLAN_PRIV_SET_FTIES,
IW_PRIV_TYPE_CHAR | MAX_FTIE_SIZE,
0, "set_ft_ies" },
};

6
drivers/staging/prima/CORE/MAC/inc/sirMacProtDef.h
View File

@ -579,9 +579,13 @@
#define SIR_MAC_MAX_NUMBER_OF_RATES 12
#define SIR_MAC_MAX_NUM_OF_DEFAULT_KEYS 4
#define SIR_MAC_KEY_LENGTH 13 // WEP Maximum key length size
#define SIR_MAC_AUTH_CHALLENGE_LENGTH 128
#define SIR_MAC_AUTH_CHALLENGE_LENGTH 253
#define SIR_MAC_WEP_IV_LENGTH 4
#define SIR_MAC_WEP_ICV_LENGTH 4
#define SIR_MAC_CHALLENGE_ID_LEN 2
/* 2 bytes each for auth algo number, transaction number and status code */
#define SIR_MAC_AUTH_FRAME_INFO_LEN 6
/// MAX key length when ULA is used
#define SIR_MAC_MAX_KEY_LENGTH 32

3
drivers/staging/prima/CORE/MAC/src/cfg/cfgProcMsg.c
View File

@ -545,7 +545,8 @@ ProcSetReqInternal(tpAniSirGlobal pMac, tANI_U16 length, tANI_U32 *pParam, tANI_
// Process string parameter
else
{
if (valueLenRoundedUp4 > length)
if ((valueLenRoundedUp4 > length) ||
(valueLen > CFG_MAX_STR_LEN))
{
PELOGE(cfgLog(pMac, LOGE, FL("Invalid string length %d in set param %d (tot %d)"),
valueLen, cfgId, length);)

2
drivers/staging/prima/CORE/MAC/src/include/dot11f.h
View File

@ -106,8 +106,8 @@ typedef tANI_U32 tDOT11F_U64[2];
#define DOT11F_BUFFER_OVERFLOW ( 0x10000005 )
#define DOT11F_MANDATORY_TLV_MISSING ( 0x00001000 )
#define DOT11F_FAILED(code) ( (code) & 0x10000000 )
#define DOT11F_WARNED(code) ( ( ( 0 == (code) ) & 0x10000000 ) && code)
#define DOT11F_SUCCEEDED(code) ( (code) == 0 )
#define DOT11F_WARNED(code) (!DOT11F_SUCCEEDED(code) && !DOT11F_FAILED(code))
/*********************************************************************
* Fixed Fields *

1
drivers/staging/prima/CORE/MAC/src/include/sirParams.h
View File

@ -63,6 +63,7 @@
#define SIR_MAX_NUM_CHANNELS 64
#define SIR_MAX_NUM_STA_IN_IBSS 16
#define SIR_MAX_NUM_STA_IN_BSS 256
#define SIR_ESE_MAX_MEAS_IE_REQS 8
typedef enum
{

17
drivers/staging/prima/CORE/MAC/src/pe/lim/limProcessAssocRspFrame.c
View File

@ -491,14 +491,17 @@ limProcessAssocRspFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tANI_U8 sub
if(pAssocRsp->ricPresent)
{
psessionEntry->RICDataLen = pAssocRsp->num_RICData * sizeof(tDot11fIERICDataDesc);
if( (palAllocateMemory(pMac->hHdd, (void**)&psessionEntry->ricData, psessionEntry->RICDataLen)) != eHAL_STATUS_SUCCESS)
if (psessionEntry->RICDataLen)
{
PELOGE(limLog(pMac, LOGE, FL("Unable to allocate memory to store assoc response"));)
psessionEntry->RICDataLen = 0;
}
else
{
palCopyMemory(pMac->hHdd, psessionEntry->ricData, &pAssocRsp->RICData[0], psessionEntry->RICDataLen);
if( (palAllocateMemory(pMac->hHdd, (void**)&psessionEntry->ricData, psessionEntry->RICDataLen)) != eHAL_STATUS_SUCCESS)
{
PELOGE(limLog(pMac, LOGE, FL("Unable to allocate memory to store assoc response"));)
psessionEntry->RICDataLen = 0;
}
else
{
palCopyMemory(pMac->hHdd, psessionEntry->ricData, &pAssocRsp->RICData[0], psessionEntry->RICDataLen);
}
}
}
else

394
drivers/staging/prima/CORE/MAC/src/pe/lim/limProcessAuthFrame.c
View File

@ -156,12 +156,14 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
{
tANI_U8 *pBody, keyId, cfgPrivacyOptImp,
defaultKey[SIR_MAC_KEY_LENGTH],
encrAuthFrame[LIM_ENCR_AUTH_BODY_LEN],
plainBody[256];
*encrAuthFrame = NULL,
*plainBody = NULL;
tANI_U16 frameLen;
//tANI_U32 authRspTimeout, maxNumPreAuth, val;
tANI_U32 maxNumPreAuth, val;
tSirMacAuthFrameBody *pRxAuthFrameBody, rxAuthFrame, authFrame;
tSirMacAuthFrameBody *pRxAuthFrameBody,
*rxAuthFrame = NULL,
*authFrame = NULL;
tpSirMacMgmtHdr pHdr;
tCfgWepKeyEntry *pKeyMapEntry = NULL;
struct tLimPreAuthNode *pAuthNode;
@ -169,7 +171,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
tANI_U8 decryptResult;
tANI_U8 *pChallenge;
tANI_U32 key_length=8;
tANI_U8 challengeTextArray[SIR_MAC_AUTH_CHALLENGE_LENGTH];
tANI_U8 *challengeTextArray = NULL;
tpDphHashNode pStaDs = NULL;
tANI_U16 assocId = 0;
/* Added For BT -AMP support */
@ -216,7 +218,37 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
ccmCfgSetInt(pMac,WNI_CFG_AUTHENTICATE_FAILURE_TIMEOUT ,
psessionEntry->defaultAuthFailureTimeout, NULL, eANI_BOOLEAN_FALSE);
}
rxAuthFrame = vos_mem_malloc(sizeof(tSirMacAuthFrameBody));
if (!rxAuthFrame) {
limLog(pMac, LOGE, FL("Failed to allocate memory"));
return;
}
authFrame = vos_mem_malloc(sizeof(tSirMacAuthFrameBody));
if (!authFrame) {
limLog(pMac, LOGE, FL("failed to allocate memory"));
goto free;
}
plainBody = vos_mem_malloc(LIM_ENCR_AUTH_BODY_LEN);
if (!plainBody) {
limLog(pMac, LOGE, FL("failed to allocate memory"));
goto free;
}
challengeTextArray = vos_mem_malloc(SIR_MAC_AUTH_CHALLENGE_LENGTH);
if(!challengeTextArray) {
limLog(pMac, LOGE, FL("failed to allocate memory"));
goto free;
}
vos_mem_set(rxAuthFrame, sizeof(tSirMacAuthFrameBody), 0);
vos_mem_set(authFrame, sizeof(tSirMacAuthFrameBody), 0);
vos_mem_set(plainBody, LIM_ENCR_AUTH_BODY_LEN, 0);
vos_mem_set(challengeTextArray, SIR_MAC_AUTH_CHALLENGE_LENGTH, 0);
/// Determine if WEP bit is set in the FC or received MAC header
if (pHdr->fc.wep)
{
@ -233,7 +265,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
limSendDeauthMgmtFrame( pMac, eSIR_MAC_MIC_FAILURE_REASON,
pHdr->sa, psessionEntry, FALSE );
return;
goto free;
}
// Extract key ID from IV (most 2 bits of 4th byte of IV)
@ -251,11 +283,11 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
if (psessionEntry->limSystemRole == eLIM_STA_ROLE || psessionEntry->limSystemRole == eLIM_BT_AMP_STA_ROLE)
{
authFrame.authAlgoNumber = eSIR_SHARED_KEY;
authFrame.authTransactionSeqNumber = SIR_MAC_AUTH_FRAME_4;
authFrame.authStatusCode = eSIR_MAC_CHALLENGE_FAILURE_STATUS;
authFrame->authAlgoNumber = eSIR_SHARED_KEY;
authFrame->authTransactionSeqNumber = SIR_MAC_AUTH_FRAME_4;
authFrame->authStatusCode = eSIR_MAC_CHALLENGE_FAILURE_STATUS;
limSendAuthMgmtFrame(pMac, &authFrame,
limSendAuthMgmtFrame(pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
// Log error
@ -263,7 +295,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
FL("received Authentication frame with wep bit set on role=%d "MAC_ADDRESS_STR),
psessionEntry->limSystemRole, MAC_ADDR_ARRAY(pHdr->sa) );)
return;
goto free;
}
if (frameLen < LIM_ENCR_AUTH_BODY_LEN)
@ -274,7 +306,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
frameLen);
limPrintMacAddr(pMac, pHdr->sa, LOGE);
return;
goto free;
}
if(psessionEntry->limSystemRole == eLIM_AP_ROLE)
{
@ -310,13 +342,13 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
* an Authentication frame with FC bit set.
* Send Auth frame4 with 'out of sequence' status code.
*/
authFrame.authAlgoNumber = eSIR_SHARED_KEY;
authFrame.authTransactionSeqNumber =
authFrame->authAlgoNumber = eSIR_SHARED_KEY;
authFrame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_AUTH_FRAME_OUT_OF_SEQ_STATUS;
limSendAuthMgmtFrame(pMac, &authFrame,
limSendAuthMgmtFrame(pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
@ -326,7 +358,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
"no preauth context with WEP bit set "MAC_ADDRESS_STR),
MAC_ADDR_ARRAY(pHdr->sa));)
return;
goto free;
}
else
{
@ -348,13 +380,13 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
* out of sequence Auth frame status code.
*/
authFrame.authAlgoNumber = eSIR_SHARED_KEY;
authFrame.authTransactionSeqNumber =
authFrame->authAlgoNumber = eSIR_SHARED_KEY;
authFrame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_AUTH_FRAME_OUT_OF_SEQ_STATUS;
limSendAuthMgmtFrame(pMac, &authFrame,
limSendAuthMgmtFrame(pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
@ -363,7 +395,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
FL("received Authentication frame from peer that is in state %d "
MAC_ADDRESS_STR), pAuthNode->mlmState, MAC_ADDR_ARRAY(pHdr->sa));)
return;
goto free;
}
}
@ -382,13 +414,13 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
* Send Authentication frame
* with challenge failure status code
*/
authFrame.authAlgoNumber = eSIR_SHARED_KEY;
authFrame.authTransactionSeqNumber =
authFrame->authAlgoNumber = eSIR_SHARED_KEY;
authFrame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_CHALLENGE_FAILURE_STATUS;
limSendAuthMgmtFrame(pMac, &authFrame,
limSendAuthMgmtFrame(pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
@ -397,7 +429,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
FL("received Auth frame3 from peer that has NULL key map entry "
MAC_ADDRESS_STR),MAC_ADDR_ARRAY(pHdr->sa));)
return;
goto free;
} // if (!pKeyMapEntry->wepOn)
else
{
@ -412,14 +444,14 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
PELOGW(limLog(pMac, LOGW, FL("=====> decryptResult == LIM_DECRYPT_ICV_FAIL ..."));)
limDeletePreAuthNode(pMac,
pHdr->sa);
authFrame.authAlgoNumber = eSIR_SHARED_KEY;
authFrame.authTransactionSeqNumber =
authFrame->authAlgoNumber = eSIR_SHARED_KEY;
authFrame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_CHALLENGE_FAILURE_STATUS;
limSendAuthMgmtFrame(
pMac, &authFrame,
pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
@ -428,11 +460,15 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
FL("received Authentication frame from peer that failed decryption, Addr "
MAC_ADDRESS_STR), MAC_ADDR_ARRAY(pHdr->sa));)
return;
goto free;
}
if ((sirConvertAuthFrame2Struct(pMac, plainBody, frameLen-8, &rxAuthFrame)!=eSIR_SUCCESS)||(!isAuthValid(pMac, &rxAuthFrame,psessionEntry)))
return;
if ( ( sirConvertAuthFrame2Struct(pMac, plainBody, frameLen-8,
rxAuthFrame)!=eSIR_SUCCESS ) ||
( !isAuthValid(pMac, rxAuthFrame,psessionEntry) ) )
{
goto free;
}
} // end if (pKeyMapEntry->key == NULL)
@ -463,17 +499,17 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
* with challenge failure status code
*/
authFrame.authAlgoNumber = eSIR_SHARED_KEY;
authFrame.authTransactionSeqNumber =
authFrame->authAlgoNumber = eSIR_SHARED_KEY;
authFrame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_CHALLENGE_FAILURE_STATUS;
limSendAuthMgmtFrame(pMac, &authFrame,
limSendAuthMgmtFrame(pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
return;
goto free;
}
key_length=val;
@ -489,14 +525,14 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
/// ICV failure
limDeletePreAuthNode(pMac,
pHdr->sa);
authFrame.authAlgoNumber = eSIR_SHARED_KEY;
authFrame.authTransactionSeqNumber =
authFrame->authAlgoNumber = eSIR_SHARED_KEY;
authFrame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_CHALLENGE_FAILURE_STATUS;
limSendAuthMgmtFrame(
pMac, &authFrame,
pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
@ -505,11 +541,14 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
FL("received Authentication frame from peer that failed decryption: "
MAC_ADDRESS_STR), MAC_ADDR_ARRAY(pHdr->sa));)
return;
goto free;
}
if ( ( sirConvertAuthFrame2Struct(pMac, plainBody, frameLen-8,
rxAuthFrame)!=eSIR_SUCCESS ) ||
( !isAuthValid(pMac, rxAuthFrame, psessionEntry) ) )
{
goto free;
}
if ((sirConvertAuthFrame2Struct(pMac, plainBody, frameLen-8, &rxAuthFrame)!=eSIR_SUCCESS)||(!isAuthValid(pMac, &rxAuthFrame,psessionEntry)))
return;
} // End of check for Key Mapping/Default key presence
}
else
@ -523,13 +562,13 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
* should have been 'unsupported algorithm' status code.
*/
authFrame.authAlgoNumber = eSIR_SHARED_KEY;
authFrame.authTransactionSeqNumber =
authFrame->authAlgoNumber = eSIR_SHARED_KEY;
authFrame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_CHALLENGE_FAILURE_STATUS;
limSendAuthMgmtFrame(pMac, &authFrame,
limSendAuthMgmtFrame(pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
@ -538,19 +577,22 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
FL("received Authentication frame3 from peer that while privacy option is turned OFF "
MAC_ADDRESS_STR), MAC_ADDR_ARRAY(pHdr->sa));)
return;
goto free;
} // else if (wlan_cfgGetInt(CFG_PRIVACY_OPTION_IMPLEMENTED))
} // if (fc.wep)
else
{
if ((sirConvertAuthFrame2Struct(pMac, pBody, frameLen, &rxAuthFrame)!=eSIR_SUCCESS)||(!isAuthValid(pMac, &rxAuthFrame,psessionEntry)))
return;
if ( ( sirConvertAuthFrame2Struct(pMac, pBody,
frameLen, rxAuthFrame)!=eSIR_SUCCESS ) ||
( !isAuthValid(pMac, rxAuthFrame,psessionEntry) ) )
{
goto free;
}
}
pRxAuthFrameBody = &rxAuthFrame;
pRxAuthFrameBody = rxAuthFrame;
PELOGW(limLog(pMac, LOGW,
FL("Received Auth frame with type=%d seqnum=%d, status=%d (%d)"),
@ -652,7 +694,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
limSendDeauthMgmtFrame(pMac,
eSIR_MAC_UNSPEC_FAILURE_REASON, (tANI_U8 *) pAuthNode->peerMacAddr, psessionEntry, FALSE);
limTriggerSTAdeletion(pMac, pStaDs, psessionEntry);
return;
goto free;
}
}
else
@ -662,8 +704,9 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
* but ACK lost at STA side, in this case 2nd auth frame is already
* in transmission queue
* */
PELOGE(limLog(pMac, LOGE, FL("STA is initiating Authentication after ACK lost..."));)
return;
PELOGE(limLog(pMac, LOGE, FL("STA is initiating "
"Authentication after ACK lost..."));)
goto free;
}
}
if (wlan_cfgGetInt(pMac, WNI_CFG_MAX_NUM_PRE_AUTH,
@ -683,18 +726,18 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
* reached. Send Authentication frame
* with unspecified failure
*/
authFrame.authAlgoNumber =
authFrame->authAlgoNumber =
pRxAuthFrameBody->authAlgoNumber;
authFrame.authTransactionSeqNumber =
authFrame->authTransactionSeqNumber =
pRxAuthFrameBody->authTransactionSeqNumber + 1;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_UNSPEC_FAILURE_STATUS;
limSendAuthMgmtFrame(pMac, &authFrame,
limSendAuthMgmtFrame(pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
return;
goto free;
}
/// No Pre-auth context exists for the STA.
if (limIsAuthAlgoSupported(
@ -715,7 +758,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
FL("Max pre-auth nodes reached "));
limPrintMacAddr(pMac, pHdr->sa, LOGW);
return;
goto free;
}
PELOG1(limLog(pMac, LOG1, FL("Alloc new data: %x peer "), pAuthNode);
@ -739,13 +782,13 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
* status code.
*/
authFrame.authAlgoNumber =
authFrame->authAlgoNumber =
pRxAuthFrameBody->authAlgoNumber;
authFrame.authTransactionSeqNumber =
authFrame->authTransactionSeqNumber =
pRxAuthFrameBody->authTransactionSeqNumber + 1;
authFrame.authStatusCode = eSIR_MAC_SUCCESS_STATUS;
authFrame->authStatusCode = eSIR_MAC_SUCCESS_STATUS;
limSendAuthMgmtFrame(
pMac, &authFrame,
pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
@ -792,15 +835,15 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
* code.
*/
authFrame.authAlgoNumber =
authFrame->authAlgoNumber =
pRxAuthFrameBody->authAlgoNumber;
authFrame.authTransactionSeqNumber =
authFrame->authTransactionSeqNumber =
pRxAuthFrameBody->authTransactionSeqNumber + 1;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_AUTH_ALGO_NOT_SUPPORTED_STATUS;
limSendAuthMgmtFrame(
pMac, &authFrame,
pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
@ -810,7 +853,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
MAC_ADDRESS_STR), pRxAuthFrameBody->authAlgoNumber,
MAC_ADDR_ARRAY(pHdr->sa));)
return;
goto free;
}
else
{
@ -824,7 +867,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
FL("Max pre-auth nodes reached "));
limPrintMacAddr(pMac, pHdr->sa, LOGW);
return;
goto free;
}
palCopyMemory( pMac->hHdd,
@ -859,31 +902,33 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
* unspecified failure status code.
*/
authFrame.authAlgoNumber =
authFrame->authAlgoNumber =
pRxAuthFrameBody->authAlgoNumber;
authFrame.authTransactionSeqNumber =
authFrame->authTransactionSeqNumber =
pRxAuthFrameBody->authTransactionSeqNumber + 1;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_UNSPEC_FAILURE_STATUS;
limSendAuthMgmtFrame(pMac, &authFrame,
limSendAuthMgmtFrame(pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
limDeletePreAuthNode(pMac, pHdr->sa);
return;
goto free;
}
limActivateAuthRspTimer(pMac, pAuthNode);
pAuthNode->fTimerStarted = 1;
// get random bytes and use as
// challenge text
// TODO
//if( !VOS_IS_STATUS_SUCCESS( vos_rand_get_bytes( 0, (tANI_U8 *)challengeTextArray, SIR_MAC_AUTH_CHALLENGE_LENGTH ) ) )
/*
* get random bytes and use as challenge text
*/
if( !VOS_IS_STATUS_SUCCESS( vos_rand_get_bytes( 0, (tANI_U8 *)challengeTextArray, SIR_MAC_AUTH_CHALLENGE_LENGTH ) ) )
{
limLog(pMac, LOGE,FL("Challenge text preparation failed in limProcessAuthFrame"));
limLog(pMac, LOGE,FL("Challenge text "
"preparation failed in limProcessAuthFrame"));
goto free;
}
pChallenge = pAuthNode->challengeText;
@ -897,21 +942,20 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
* Sending Authenticaton frame with challenge.
*/
authFrame.authAlgoNumber =
authFrame->authAlgoNumber =
pRxAuthFrameBody->authAlgoNumber;
authFrame.authTransactionSeqNumber =
authFrame->authTransactionSeqNumber =
pRxAuthFrameBody->authTransactionSeqNumber + 1;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_SUCCESS_STATUS;
authFrame.type = SIR_MAC_CHALLENGE_TEXT_EID;
authFrame.length = SIR_MAC_AUTH_CHALLENGE_LENGTH;
palCopyMemory( pMac->hHdd,
authFrame.challengeText,
authFrame->type = SIR_MAC_CHALLENGE_TEXT_EID;
authFrame->length = SIR_MAC_AUTH_CHALLENGE_LENGTH;
palCopyMemory( pMac->hHdd,authFrame->challengeText,
pAuthNode->challengeText,
SIR_MAC_AUTH_CHALLENGE_LENGTH);
limSendAuthMgmtFrame(
pMac, &authFrame,
pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
} // if (wlan_cfgGetInt(CFG_PRIVACY_OPTION_IMPLEMENTED))
@ -927,15 +971,15 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
* with auth algorithm not supported status code
*/
authFrame.authAlgoNumber =
authFrame->authAlgoNumber =
pRxAuthFrameBody->authAlgoNumber;
authFrame.authTransactionSeqNumber =
authFrame->authTransactionSeqNumber =
pRxAuthFrameBody->authTransactionSeqNumber + 1;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_AUTH_ALGO_NOT_SUPPORTED_STATUS;
limSendAuthMgmtFrame(
pMac, &authFrame,
pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
@ -945,7 +989,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
MAC_ADDRESS_STR), pRxAuthFrameBody->authAlgoNumber,
MAC_ADDR_ARRAY(pHdr->sa));)
return;
goto free;
} // end switch(pRxAuthFrameBody->authAlgoNumber)
} // if (limIsAuthAlgoSupported(pRxAuthFrameBody->authAlgoNumber))
else
@ -955,14 +999,14 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
* authentication algorithm requested by sending party.
* Reject Authentication with StatusCode=13.
*/
authFrame.authAlgoNumber =
authFrame->authAlgoNumber =
pRxAuthFrameBody->authAlgoNumber;
authFrame.authTransactionSeqNumber =
authFrame->authTransactionSeqNumber =
pRxAuthFrameBody->authTransactionSeqNumber + 1;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_AUTH_ALGO_NOT_SUPPORTED_STATUS;
limSendAuthMgmtFrame(pMac, &authFrame,
limSendAuthMgmtFrame(pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
@ -971,7 +1015,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
FL("received Authentication frame for unsupported auth algorithm %d "
MAC_ADDRESS_STR), pRxAuthFrameBody->authAlgoNumber,
MAC_ADDR_ARRAY(pHdr->sa));)
return;
goto free;
} //end if (limIsAuthAlgoSupported(pRxAuthFrameBody->authAlgoNumber))
break;
@ -991,7 +1035,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
psessionEntry->limMlmState);)
PELOG1(limPrintMacAddr(pMac, pHdr->sa, LOG1);)
return;
goto free;
}
if ( !palEqualMemory( pMac->hHdd,(tANI_U8 *) pHdr->sa,
@ -1065,7 +1109,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
FL("Max pre-auth nodes reached "));
limPrintMacAddr(pMac, pHdr->sa, LOGW);
return;
goto free;
}
PELOG1(limLog(pMac, LOG1, FL("Alloc new data: %x peer "), pAuthNode);)
@ -1116,17 +1160,17 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
MAC_ADDRESS_STR), pRxAuthFrameBody->authAlgoNumber,
MAC_ADDR_ARRAY(pHdr->sa));)
authFrame.authAlgoNumber =
authFrame->authAlgoNumber =
pRxAuthFrameBody->authAlgoNumber;
authFrame.authTransactionSeqNumber =
authFrame->authTransactionSeqNumber =
pRxAuthFrameBody->authTransactionSeqNumber + 1;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_AUTH_ALGO_NOT_SUPPORTED_STATUS;
limSendAuthMgmtFrame(pMac, &authFrame,
limSendAuthMgmtFrame(pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
return;
goto free;
}
else
{
@ -1138,7 +1182,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
PELOGE(limLog(pMac, LOGE,
FL("received Auth frame with invalid challenge text IE"));)
return;
goto free;
}
/**
@ -1157,14 +1201,14 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
* Send Auth frame with
* challenge failure status code
*/
authFrame.authAlgoNumber =
authFrame->authAlgoNumber =
pRxAuthFrameBody->authAlgoNumber;
authFrame.authTransactionSeqNumber =
authFrame->authTransactionSeqNumber =
pRxAuthFrameBody->authTransactionSeqNumber + 1;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_CHALLENGE_FAILURE_STATUS;
limSendAuthMgmtFrame(pMac, &authFrame,
limSendAuthMgmtFrame(pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
@ -1176,7 +1220,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
limRestoreFromAuthState(pMac, eSIR_SME_NO_KEY_MAPPING_KEY_FOR_PEER,
eSIR_MAC_UNSPEC_FAILURE_REASON,psessionEntry);
return;
goto free;
} // if (pKeyMapEntry->key == NULL)
else
{
@ -1186,10 +1230,18 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
sirSwapU16ifNeeded((tANI_U16) (pRxAuthFrameBody->authTransactionSeqNumber + 1));
((tpSirMacAuthFrameBody) plainBody)->authStatusCode = eSIR_MAC_SUCCESS_STATUS;
((tpSirMacAuthFrameBody) plainBody)->type = SIR_MAC_CHALLENGE_TEXT_EID;
((tpSirMacAuthFrameBody) plainBody)->length = SIR_MAC_AUTH_CHALLENGE_LENGTH;
((tpSirMacAuthFrameBody) plainBody)->length = pRxAuthFrameBody->length;
palCopyMemory( pMac->hHdd, (tANI_U8 *) ((tpSirMacAuthFrameBody) plainBody)->challengeText,
pRxAuthFrameBody->challengeText,
SIR_MAC_AUTH_CHALLENGE_LENGTH);
pRxAuthFrameBody->length);
encrAuthFrame = vos_mem_malloc(pRxAuthFrameBody->length +
LIM_ENCR_AUTH_INFO_LEN);
if (!encrAuthFrame) {
limLog(pMac, LOGE, FL("failed to allocate memory"));
goto free;
}
vos_mem_set(encrAuthFrame, pRxAuthFrameBody->length +
LIM_ENCR_AUTH_INFO_LEN, 0);
limEncryptAuthFrame(pMac, 0,
pKeyMapEntry->key,
@ -1202,7 +1254,8 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
limSendAuthMgmtFrame(pMac,
(tpSirMacAuthFrameBody) encrAuthFrame,
pHdr->sa,
LIM_WEP_IN_FC,psessionEntry);
pRxAuthFrameBody->length,
psessionEntry);
break;
} // end if (pKeyMapEntry->key == NULL)
@ -1240,15 +1293,15 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
limLog(pMac, LOGP,
FL("could not retrieve Default key"));
authFrame.authAlgoNumber =
authFrame->authAlgoNumber =
pRxAuthFrameBody->authAlgoNumber;
authFrame.authTransactionSeqNumber =
authFrame->authTransactionSeqNumber =
pRxAuthFrameBody->authTransactionSeqNumber + 1;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_CHALLENGE_FAILURE_STATUS;
limSendAuthMgmtFrame(
pMac, &authFrame,
pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
@ -1264,10 +1317,19 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
sirSwapU16ifNeeded((tANI_U16) (pRxAuthFrameBody->authTransactionSeqNumber + 1));
((tpSirMacAuthFrameBody) plainBody)->authStatusCode = eSIR_MAC_SUCCESS_STATUS;
((tpSirMacAuthFrameBody) plainBody)->type = SIR_MAC_CHALLENGE_TEXT_EID;
((tpSirMacAuthFrameBody) plainBody)->length = SIR_MAC_AUTH_CHALLENGE_LENGTH;
((tpSirMacAuthFrameBody) plainBody)->length = pRxAuthFrameBody->length;
palCopyMemory( pMac->hHdd, (tANI_U8 *) ((tpSirMacAuthFrameBody) plainBody)->challengeText,
pRxAuthFrameBody->challengeText,
SIR_MAC_AUTH_CHALLENGE_LENGTH);
pRxAuthFrameBody->length);
encrAuthFrame = vos_mem_malloc(pRxAuthFrameBody->length +
LIM_ENCR_AUTH_INFO_LEN);
if (!encrAuthFrame) {
limLog(pMac, LOGE, FL("failed to allocate memory"));
goto free;
}
vos_mem_set(encrAuthFrame, pRxAuthFrameBody->length +
LIM_ENCR_AUTH_INFO_LEN, 0);
limEncryptAuthFrame(pMac, keyId,
defaultKey,
@ -1281,7 +1343,8 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
limSendAuthMgmtFrame(pMac,
(tpSirMacAuthFrameBody) encrAuthFrame,
pHdr->sa,
LIM_WEP_IN_FC,psessionEntry);
pRxAuthFrameBody->length,
psessionEntry);
break;
} // end if (pKeyMapEntry)
@ -1317,13 +1380,13 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
* Shared Key authentication type. Reject with Auth frame4
* with 'out of sequence' status code.
*/
authFrame.authAlgoNumber = eSIR_SHARED_KEY;
authFrame.authTransactionSeqNumber =
authFrame->authAlgoNumber = eSIR_SHARED_KEY;
authFrame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_AUTH_FRAME_OUT_OF_SEQ_STATUS;
limSendAuthMgmtFrame(pMac, &authFrame,
limSendAuthMgmtFrame(pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
@ -1333,7 +1396,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
MAC_ADDRESS_STR), pRxAuthFrameBody->authAlgoNumber,
MAC_ADDR_ARRAY(pHdr->sa));)
return;
goto free;
}
if (psessionEntry->limSystemRole == eLIM_AP_ROLE || psessionEntry->limSystemRole == eLIM_BT_AMP_AP_ROLE ||
@ -1347,13 +1410,13 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
if (!pHdr->fc.wep)
{
/// WEP bit is not set in FC of Auth Frame3
authFrame.authAlgoNumber = eSIR_SHARED_KEY;
authFrame.authTransactionSeqNumber =
authFrame->authAlgoNumber = eSIR_SHARED_KEY;
authFrame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_CHALLENGE_FAILURE_STATUS;
limSendAuthMgmtFrame(pMac, &authFrame,
limSendAuthMgmtFrame(pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
@ -1362,7 +1425,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
FL("received Auth frame3 from peer with no WEP bit set "MAC_ADDRESS_STR),
MAC_ADDR_ARRAY(pHdr->sa));)
return;
goto free;
}
pAuthNode = limSearchPreAuthList(pMac,
@ -1376,13 +1439,13 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
* Send Auth frame4 with 'out of sequence'
* status code.
*/
authFrame.authAlgoNumber = eSIR_SHARED_KEY;
authFrame.authTransactionSeqNumber =
authFrame->authAlgoNumber = eSIR_SHARED_KEY;
authFrame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_AUTH_FRAME_OUT_OF_SEQ_STATUS;
limSendAuthMgmtFrame(pMac, &authFrame,
limSendAuthMgmtFrame(pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
@ -1391,7 +1454,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
FL("received AuthFrame3 from peer that has no preauth context "
MAC_ADDRESS_STR), MAC_ADDR_ARRAY(pHdr->sa));)
return;
goto free;
}
if (pAuthNode->mlmState == eLIM_MLM_AUTH_RSP_TIMEOUT_STATE)
@ -1401,14 +1464,14 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
* Reject by sending Auth Frame4 with
* Auth respone timeout Status Code.
*/
authFrame.authAlgoNumber = eSIR_SHARED_KEY;
authFrame.authTransactionSeqNumber =
authFrame->authAlgoNumber = eSIR_SHARED_KEY;
authFrame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_AUTH_RSP_TIMEOUT_STATUS;
limSendAuthMgmtFrame(
pMac, &authFrame,
pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
@ -1421,7 +1484,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
limDeletePreAuthNode(pMac,
pHdr->sa);
return;
goto free;
} // end switch (pAuthNode->mlmState)
if (pRxAuthFrameBody->authStatusCode != eSIR_MAC_SUCCESS_STATUS)
@ -1438,7 +1501,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
MAC_ADDRESS_STR), pRxAuthFrameBody->authStatusCode,
MAC_ADDR_ARRAY(pHdr->sa));)
return;
goto free;
}
/**
@ -1463,12 +1526,12 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
/**
* Send Authentication Frame4 with 'success' Status Code.
*/
authFrame.authAlgoNumber = eSIR_SHARED_KEY;
authFrame.authTransactionSeqNumber =
authFrame->authAlgoNumber = eSIR_SHARED_KEY;
authFrame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
authFrame.authStatusCode = eSIR_MAC_SUCCESS_STATUS;
authFrame->authStatusCode = eSIR_MAC_SUCCESS_STATUS;
limSendAuthMgmtFrame(pMac, &authFrame,
limSendAuthMgmtFrame(pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
@ -1496,14 +1559,14 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
* delete STA context.
*/
authFrame.authAlgoNumber =
authFrame->authAlgoNumber =
pRxAuthFrameBody->authAlgoNumber;
authFrame.authTransactionSeqNumber =
authFrame->authTransactionSeqNumber =
SIR_MAC_AUTH_FRAME_4;
authFrame.authStatusCode =
authFrame->authStatusCode =
eSIR_MAC_CHALLENGE_FAILURE_STATUS;
limSendAuthMgmtFrame(pMac, &authFrame,
limSendAuthMgmtFrame(pMac, authFrame,
pHdr->sa,
LIM_NO_WEP_IN_FC,psessionEntry);
@ -1511,7 +1574,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
PELOGE( limLog(pMac, LOGW,
FL("Challenge failure for peer "MAC_ADDRESS_STR),
MAC_ADDR_ARRAY(pHdr->sa));)
return;
goto free;
}
} // if (pMac->lim.gLimSystemRole == eLIM_AP_ROLE || ...
@ -1532,7 +1595,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
psessionEntry->limMlmState);)
PELOG1( limPrintMacAddr(pMac, pHdr->sa, LOG1);)
return;
goto free;
}
if (pRxAuthFrameBody->authAlgoNumber != eSIR_SHARED_KEY)
@ -1550,7 +1613,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
MAC_ADDRESS_STR), pRxAuthFrameBody->authAlgoNumber,
MAC_ADDR_ARRAY(pHdr->sa));)
return;
goto free;
}
if ( !palEqualMemory( pMac->hHdd,(tANI_U8 *) pHdr->sa,
@ -1605,7 +1668,7 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
FL("Max pre-auth nodes reached "));
limPrintMacAddr(pMac, pHdr->sa, LOGW);
return;
goto free;
}
PELOG1(limLog(pMac, LOG1, FL("Alloc new data: %x peer "), pAuthNode);
limPrintMacAddr(pMac, pHdr->sa, LOG1);)
@ -1650,6 +1713,19 @@ limProcessAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession pse
break;
} // end switch (pRxAuthFrameBody->authTransactionSeqNumber)
free:
if (authFrame)
vos_mem_free(authFrame);
if (rxAuthFrame)
vos_mem_free(rxAuthFrame);
if (encrAuthFrame)
vos_mem_free(encrAuthFrame);
if (plainBody)
vos_mem_free(plainBody);
if (challengeTextArray)
vos_mem_free(challengeTextArray);
} /*** end limProcessAuthFrame() ***/

26
drivers/staging/prima/CORE/MAC/src/pe/lim/limProcessDeauthFrame.c
View File

@ -94,12 +94,19 @@ limProcessDeauthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession p
tpDphHashNode pStaDs;
tpPESession pRoamSessionEntry=NULL;
tANI_U8 roamSessionId;
tANI_U32 frameLen;
pHdr = WDA_GET_RX_MAC_HEADER(pRxPacketInfo);
pBody = WDA_GET_RX_MPDU_DATA(pRxPacketInfo);
frameLen = WDA_GET_RX_PAYLOAD_LEN(pRxPacketInfo);
if (frameLen < sizeof(reasonCode)) {
PELOGE(limLog(pMac, LOGE,
FL("received invalid framelen %d"), frameLen);)
return;
}
if ((eLIM_STA_ROLE == psessionEntry->limSystemRole) && (eLIM_SME_WT_DEAUTH_STATE == psessionEntry->limSmeState))
{
@ -126,6 +133,23 @@ limProcessDeauthFrame(tpAniSirGlobal pMac, tANI_U8 *pRxPacketInfo, tpPESession p
return;
}
#ifdef WLAN_FEATURE_11W
/* PMF: If this session is a PMF session, then ensure that this frame was protected */
if(psessionEntry->limRmfEnabled && (WDA_GET_RX_DPU_FEEDBACK(pRxPacketInfo) & DPU_FEEDBACK_UNPROTECTED_ERROR))
{
PELOGE(limLog(pMac, LOGE, FL("received an unprotected deauth from AP"));)
// If the frame received is unprotected, forward it to the supplicant to initiate
// an SA query
//send the unprotected frame indication to SME
limSendSmeUnprotectedMgmtFrameInd( pMac, pHdr->fc.subType,
(tANI_U8*)pHdr, (frameLen + sizeof(tSirMacMgmtHdr)),
psessionEntry->smeSessionId, psessionEntry);
return;
}
#endif
// Get reasonCode from Deauthentication frame body
reasonCode = sirReadU16(pBody);

15
drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.c
View File

@ -557,7 +557,10 @@ limEncryptAuthFrame(tpAniSirGlobal pMac, tANI_U8 keyId, tANI_U8 *pKey, tANI_U8 *
tANI_U8 *pEncrBody, tANI_U32 keyLength)
{
tANI_U8 seed[LIM_SEED_LENGTH], icv[SIR_MAC_WEP_ICV_LENGTH];
tANI_U16 framelen;
framelen = ((tpSirMacAuthFrameBody)pPlainText)->length +
SIR_MAC_AUTH_FRAME_INFO_LEN + SIR_MAC_CHALLENGE_ID_LEN;
keyLength += 3;
// Bytes 0-2 of seed is IV
@ -568,15 +571,15 @@ limEncryptAuthFrame(tpAniSirGlobal pMac, tANI_U8 keyId, tANI_U8 *pKey, tANI_U8 *
palCopyMemory( pMac->hHdd, (tANI_U8 *) &seed[3], pKey, keyLength - 3);
// Compute CRC-32 and place them in last 4 bytes of plain text
limComputeCrc32(icv, pPlainText, sizeof(tSirMacAuthFrameBody));
limComputeCrc32(icv, pPlainText, framelen);
palCopyMemory( pMac->hHdd, pPlainText + sizeof(tSirMacAuthFrameBody),
palCopyMemory( pMac->hHdd, pPlainText + framelen,
icv, SIR_MAC_WEP_ICV_LENGTH);
// Run RC4 on plain text with the seed
limRC4(pEncrBody + SIR_MAC_WEP_IV_LENGTH,
(tANI_U8 *) pPlainText, seed, keyLength,
LIM_ENCR_AUTH_BODY_LEN - SIR_MAC_WEP_IV_LENGTH);
framelen + SIR_MAC_WEP_IV_LENGTH);
// Prepare IV
pEncrBody[0] = seed[0];
@ -609,7 +612,7 @@ limEncryptAuthFrame(tpAniSirGlobal pMac, tANI_U8 keyId, tANI_U8 *pKey, tANI_U8 *
*/
void
limComputeCrc32(tANI_U8 *pDest, tANI_U8 * pSrc, tANI_U8 len)
limComputeCrc32(tANI_U8 *pDest, tANI_U8 * pSrc, tANI_U16 len)
{
tANI_U32 crc;
int i;
@ -696,7 +699,7 @@ limRC4(tANI_U8 *pDest, tANI_U8 *pSrc, tANI_U8 *seed, tANI_U32 keyLength, tANI_U1
{
tANI_U8 i = ctx.i;
tANI_U8 j = ctx.j;
tANI_U8 len = (tANI_U8) frameLen;
tANI_U16 len = frameLen;
while (len-- > 0)
{
@ -778,7 +781,7 @@ limDecryptAuthFrame(tpAniSirGlobal pMac, tANI_U8 *pKey, tANI_U8 *pEncrBody,
// Compute CRC-32 and place them in last 4 bytes of encrypted body
limComputeCrc32(icv,
(tANI_U8 *) pPlainBody,
(tANI_U8) (frameLen - SIR_MAC_WEP_ICV_LENGTH));
(frameLen - SIR_MAC_WEP_ICV_LENGTH));
// Compare RX_ICV with computed ICV
for (i = 0; i < SIR_MAC_WEP_ICV_LENGTH; i++)

9
drivers/staging/prima/CORE/MAC/src/pe/lim/limSecurityUtils.h
View File

@ -57,6 +57,13 @@
#define LIM_ENCR_AUTH_BODY_LEN (sizeof(tSirMacAuthFrameBody) + \
SIR_MAC_WEP_IV_LENGTH + \
SIR_MAC_WEP_ICV_LENGTH)
#define LIM_ENCR_AUTH_INFO_LEN (SIR_MAC_AUTH_FRAME_INFO_LEN +\
SIR_MAC_WEP_IV_LENGTH + \
SIR_MAC_WEP_ICV_LENGTH + \
SIR_MAC_CHALLENGE_ID_LEN)
struct tLimPreAuthNode;
tANI_U8 limIsAuthAlgoSupported(tpAniSirGlobal, tAniAuthType, tpPESession);
@ -73,7 +80,7 @@ void limRestoreFromAuthState(tpAniSirGlobal,
// Encryption/Decryption related functions
tCfgWepKeyEntry *limLookUpKeyMappings(tSirMacAddr);
void limComputeCrc32(tANI_U8 *, tANI_U8 *, tANI_U8);
void limComputeCrc32(tANI_U8 *, tANI_U8 *, tANI_U16);
void limRC4(tANI_U8 *, tANI_U8 *, tANI_U8 *, tANI_U32, tANI_U16);
void limEncryptAuthFrame(tpAniSirGlobal, tANI_U8, tANI_U8 *, tANI_U8 *, tANI_U8 *, tANI_U32);
tANI_U8 limDecryptAuthFrame(tpAniSirGlobal, tANI_U8 *, tANI_U8 *, tANI_U8 *, tANI_U32, tANI_U16);

20
drivers/staging/prima/CORE/MAC/src/pe/lim/limSendManagementFrames.c
View File

@ -3114,8 +3114,8 @@ void
limSendAuthMgmtFrame(tpAniSirGlobal pMac,
tpSirMacAuthFrameBody pAuthFrameBody,
tSirMacAddr peerMacAddr,
tANI_U8 wepBit,
tpPESession psessionEntry
tANI_U8 wep_challenge_len,
tpPESession psessionEntry
)
{
tANI_U8 *pFrame, *pBody;
@ -3130,8 +3130,8 @@ limSendAuthMgmtFrame(tpAniSirGlobal pMac,
{
return;
}
if (wepBit == LIM_WEP_IN_FC)
if (wep_challenge_len)
{
/// Auth frame3 to be sent with encrypted framebody
/**
@ -3142,9 +3142,9 @@ limSendAuthMgmtFrame(tpAniSirGlobal pMac,
* IV & ICV.
*/
frameLen = sizeof(tSirMacMgmtHdr) + LIM_ENCR_AUTH_BODY_LEN;
bodyLen = wep_challenge_len + LIM_ENCR_AUTH_INFO_LEN;
frameLen = sizeof(tSirMacMgmtHdr) + bodyLen;
bodyLen = LIM_ENCR_AUTH_BODY_LEN;
} // if (wepBit == LIM_WEP_IN_FC)
else
{
@ -3269,7 +3269,11 @@ limSendAuthMgmtFrame(tpAniSirGlobal pMac,
}
pMacHdr = ( tpSirMacMgmtHdr ) pFrame;
pMacHdr->fc.wep = wepBit;
if (wep_challenge_len)
pMacHdr->fc.wep = LIM_WEP_IN_FC;
else
pMacHdr->fc.wep = LIM_NO_WEP_IN_FC;
// Prepare BSSId
if( (psessionEntry->limSystemRole == eLIM_AP_ROLE)|| (psessionEntry->limSystemRole == eLIM_BT_AMP_AP_ROLE) )
@ -3282,7 +3286,7 @@ limSendAuthMgmtFrame(tpAniSirGlobal pMac,
/// Prepare Authentication frame body
pBody = pFrame + sizeof(tSirMacMgmtHdr);
if (wepBit == LIM_WEP_IN_FC)
if (wep_challenge_len)
{
palCopyMemory( pMac->hHdd, pBody, (tANI_U8 *) pAuthFrameBody, bodyLen);

17
drivers/staging/prima/CORE/MAC/src/pe/rrm/rrmApi.c
View File

@ -632,14 +632,21 @@ rrmProcessBeaconReportReq( tpAniSirGlobal pMac,
pSmeBcnReportReq->channelList.numChannels = num_channels;
if( pBeaconReq->measurement_request.Beacon.num_APChannelReport )
{
tANI_U8 *pChanList = pSmeBcnReportReq->channelList.channelNumber;
tANI_U8 *ch_lst = pSmeBcnReportReq->channelList.channelNumber;
uint8_t len;
uint16_t ch_ctr = 0;
for( num_APChanReport = 0 ; num_APChanReport < pBeaconReq->measurement_request.Beacon.num_APChannelReport ; num_APChanReport++ )
{
palCopyMemory( pMac->hHdd, pChanList,
pBeaconReq->measurement_request.Beacon.APChannelReport[num_APChanReport].channelList,
pBeaconReq->measurement_request.Beacon.APChannelReport[num_APChanReport].num_channelList );
len = pBeaconReq->measurement_request.Beacon.
APChannelReport[num_APChanReport].num_channelList;
if(ch_ctr + len > sizeof(pSmeBcnReportReq->channelList.channelNumber))
break;
pChanList += pBeaconReq->measurement_request.Beacon.APChannelReport[num_APChanReport].num_channelList;
palCopyMemory( pMac->hHdd, &ch_lst[ch_ctr],
pBeaconReq->measurement_request.Beacon.
APChannelReport[num_APChanReport].channelList, len);
ch_ctr += len;
}
}

146
drivers/staging/prima/CORE/SAP/src/sapChSelect.c
View File

@ -489,7 +489,9 @@ v_U32_t sapweightRssiCount(v_S7_t rssi, v_U16_t count)
SIDE EFFECTS
============================================================================*/
void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh,
tSapSpectChInfo *spect_ch_strt_addr,
tSapSpectChInfo *spect_ch_end_addr)
{
tSapSpectChInfo *pExtSpectCh = NULL;
v_S31_t rssi;
@ -497,7 +499,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
{
case CHANNEL_1:
pExtSpectCh = (pSpectCh + 1);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_FIRST_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -509,7 +513,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 2);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_SEC_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -521,7 +527,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 3);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_THIRD_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -533,7 +541,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 4);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_FOURTH_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -547,7 +557,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
break;
case CHANNEL_2:
pExtSpectCh = (pSpectCh - 1);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_FIRST_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -559,7 +571,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 1);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_FIRST_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -571,7 +585,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 2);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_SEC_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -583,7 +599,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 3);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_THIRD_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -603,7 +621,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
case CHANNEL_8:
case CHANNEL_9:
pExtSpectCh = (pSpectCh - 1);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_FIRST_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -615,7 +635,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 1);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_FIRST_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -627,7 +649,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 2);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_SEC_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -639,7 +663,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 2);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_SEC_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -653,7 +679,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
break;
case CHANNEL_10:
pExtSpectCh = (pSpectCh - 1);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_FIRST_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -665,7 +693,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 1);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_FIRST_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -677,7 +707,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 2);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_SEC_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -689,7 +721,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 3);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_THIRD_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -703,7 +737,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
break;
case CHANNEL_11:
pExtSpectCh = (pSpectCh - 1);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_FIRST_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -715,7 +751,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 2);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_SEC_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -727,7 +765,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 3);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_THIRD_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -739,7 +779,9 @@ void sapInterferenceRssiCount(tSapSpectChInfo *pSpectCh)
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 4);
if(pExtSpectCh != NULL)
if (pExtSpectCh != NULL &&
(pExtSpectCh >= spect_ch_strt_addr &&
pExtSpectCh < spect_ch_end_addr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_24GHZ_FOURTH_OVERLAP_CHAN_RSSI_EFFECT_PRIMARY;
@ -796,6 +838,9 @@ void sapComputeSpectWeight( tSapChSelSpectInfo* pSpectInfoParams,
v_U32_t ieLen = 0;
tSirProbeRespBeacon *pBeaconStruct;
tpAniSirGlobal pMac = (tpAniSirGlobal) halHandle;
tSapSpectChInfo *pSpectChStartAddr = pSpectInfoParams->pSpectCh;
tSapSpectChInfo *pSpectChEndAddr =
pSpectInfoParams->pSpectCh + pSpectInfoParams->numSpectChans;
if(eHAL_STATUS_SUCCESS != palAllocateMemory(pMac->hHdd,
(void **)&pBeaconStruct, sizeof(tSirProbeRespBeacon)))
@ -880,7 +925,9 @@ void sapComputeSpectWeight( tSapChSelSpectInfo* pSpectInfoParams,
tSapSpectChInfo *pExtSpectCh = NULL;
case PHY_DOUBLE_CHANNEL_LOW_PRIMARY: // Above the Primary Channel
pExtSpectCh = (pSpectCh + 1);
if(pExtSpectCh != NULL)
if( pExtSpectCh != NULL &&
(pExtSpectCh >= pSpectChStartAddr &&
pExtSpectCh < pSpectChEndAddr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_SUBBAND1_RSSI_EFFECT_PRIMARY;
@ -895,7 +942,9 @@ void sapComputeSpectWeight( tSapChSelSpectInfo* pSpectInfoParams,
break;
case PHY_DOUBLE_CHANNEL_HIGH_PRIMARY: // Below the Primary channel
pExtSpectCh = (pSpectCh - 1);
if(pExtSpectCh != NULL)
if( pExtSpectCh != NULL &&
(pExtSpectCh >= pSpectChStartAddr &&
pExtSpectCh < pSpectChEndAddr))
{
rssi = pSpectCh->rssiAgr + SAP_SUBBAND1_RSSI_EFFECT_PRIMARY;
if (IS_RSSI_VALID(pExtSpectCh->rssiAgr, rssi))
@ -914,7 +963,9 @@ void sapComputeSpectWeight( tSapChSelSpectInfo* pSpectInfoParams,
{
tSapSpectChInfo *pExtSpectCh = NULL;
pExtSpectCh = (pSpectCh + 1);
if(pExtSpectCh != NULL)
if( pExtSpectCh != NULL &&
(pExtSpectCh >= pSpectChStartAddr &&
pExtSpectCh < pSpectChEndAddr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_SUBBAND1_RSSI_EFFECT_PRIMARY;
@ -926,7 +977,9 @@ void sapComputeSpectWeight( tSapChSelSpectInfo* pSpectInfoParams,
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 2);
if(pExtSpectCh != NULL)
if( pExtSpectCh != NULL &&
(pExtSpectCh >= pSpectChStartAddr &&
pExtSpectCh < pSpectChEndAddr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_SUBBAND2_RSSI_EFFECT_PRIMARY;
@ -938,7 +991,9 @@ void sapComputeSpectWeight( tSapChSelSpectInfo* pSpectInfoParams,
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 3);
if(pExtSpectCh != NULL)
if( pExtSpectCh != NULL &&
(pExtSpectCh >= pSpectChStartAddr &&
pExtSpectCh < pSpectChEndAddr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_SUBBAND3_RSSI_EFFECT_PRIMARY;
@ -954,7 +1009,9 @@ void sapComputeSpectWeight( tSapChSelSpectInfo* pSpectInfoParams,
{
tSapSpectChInfo *pExtSpectCh = NULL;
pExtSpectCh = (pSpectCh - 1 );
if(pExtSpectCh != NULL)
if( pExtSpectCh != NULL &&
(pExtSpectCh >= pSpectChStartAddr &&
pExtSpectCh < pSpectChEndAddr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_SUBBAND1_RSSI_EFFECT_PRIMARY;
@ -966,7 +1023,9 @@ void sapComputeSpectWeight( tSapChSelSpectInfo* pSpectInfoParams,
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 1);
if(pExtSpectCh != NULL)
if( pExtSpectCh != NULL &&
(pExtSpectCh >= pSpectChStartAddr &&
pExtSpectCh < pSpectChEndAddr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_SUBBAND1_RSSI_EFFECT_PRIMARY;
@ -978,7 +1037,9 @@ void sapComputeSpectWeight( tSapChSelSpectInfo* pSpectInfoParams,
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 2);
if(pExtSpectCh != NULL)
if( pExtSpectCh != NULL &&
(pExtSpectCh >= pSpectChStartAddr &&
pExtSpectCh < pSpectChEndAddr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_SUBBAND2_RSSI_EFFECT_PRIMARY;
@ -994,7 +1055,9 @@ void sapComputeSpectWeight( tSapChSelSpectInfo* pSpectInfoParams,
{
tSapSpectChInfo *pExtSpectCh = NULL;
pExtSpectCh = (pSpectCh - 1 );
if(pExtSpectCh != NULL)
if( pExtSpectCh != NULL &&
(pExtSpectCh >= pSpectChStartAddr &&
pExtSpectCh < pSpectChEndAddr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_SUBBAND1_RSSI_EFFECT_PRIMARY;
@ -1006,7 +1069,9 @@ void sapComputeSpectWeight( tSapChSelSpectInfo* pSpectInfoParams,
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 2);
if(pExtSpectCh != NULL)
if( pExtSpectCh != NULL &&
(pExtSpectCh >= pSpectChStartAddr &&
pExtSpectCh < pSpectChEndAddr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_SUBBAND2_RSSI_EFFECT_PRIMARY;
@ -1018,7 +1083,9 @@ void sapComputeSpectWeight( tSapChSelSpectInfo* pSpectInfoParams,
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh + 1);
if(pExtSpectCh != NULL)
if( pExtSpectCh != NULL &&
(pExtSpectCh >= pSpectChStartAddr &&
pExtSpectCh < pSpectChEndAddr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_SUBBAND1_RSSI_EFFECT_PRIMARY;
@ -1034,7 +1101,9 @@ void sapComputeSpectWeight( tSapChSelSpectInfo* pSpectInfoParams,
{
tSapSpectChInfo *pExtSpectCh = NULL;
pExtSpectCh = (pSpectCh - 1 );
if(pExtSpectCh != NULL)
if( pExtSpectCh != NULL &&
(pExtSpectCh >= pSpectChStartAddr &&
pExtSpectCh < pSpectChEndAddr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_SUBBAND1_RSSI_EFFECT_PRIMARY;
@ -1046,7 +1115,9 @@ void sapComputeSpectWeight( tSapChSelSpectInfo* pSpectInfoParams,
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 2);
if(pExtSpectCh != NULL)
if( pExtSpectCh != NULL &&
(pExtSpectCh >= pSpectChStartAddr &&
pExtSpectCh < pSpectChEndAddr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_SUBBAND2_RSSI_EFFECT_PRIMARY;
@ -1058,7 +1129,9 @@ void sapComputeSpectWeight( tSapChSelSpectInfo* pSpectInfoParams,
pExtSpectCh->rssiAgr = SOFTAP_MIN_RSSI;
}
pExtSpectCh = (pSpectCh - 3);
if(pExtSpectCh != NULL)
if( pExtSpectCh != NULL &&
(pExtSpectCh >= pSpectChStartAddr &&
pExtSpectCh < pSpectChEndAddr))
{
++pExtSpectCh->bssCount;
rssi = pSpectCh->rssiAgr + SAP_SUBBAND3_RSSI_EFFECT_PRIMARY;
@ -1075,7 +1148,8 @@ void sapComputeSpectWeight( tSapChSelSpectInfo* pSpectInfoParams,
}
else if(operatingBand == RF_SUBBAND_2_4_GHZ)
{
sapInterferenceRssiCount(pSpectCh);
sapInterferenceRssiCount(pSpectCh, pSpectChStartAddr,
pSpectChEndAddr);
}
VOS_TRACE(VOS_MODULE_ID_SAP, VOS_TRACE_LEVEL_INFO_HIGH,

6
drivers/staging/prima/CORE/SME/src/rrm/sme_rrm.c
View File

@ -554,6 +554,12 @@ void sme_RrmProcessBeaconReportReqInd(tpAniSirGlobal pMac, void *pMsgBuf)
#if defined WLAN_VOWIFI_DEBUG
smsLog( pMac, LOGE, "Received Beacon report request ind Channel = %d", pBeaconReq->channelInfo.channelNum );
#endif
if (pBeaconReq->channelList.numChannels > SIR_ESE_MAX_MEAS_IE_REQS) {
smsLog( pMac, LOGP, "Beacon report request numChannels: %u exceeds "
"max num channels", pBeaconReq->channelList.numChannels);
return;
}
//section 11.10.8.1 (IEEE Std 802.11k-2008)
//channel 0 and 255 has special meaning.
if( (pBeaconReq->channelInfo.channelNum == 0) ||

6
drivers/staging/prima/CORE/SME/src/sme_common/sme_FTApi.c
View File

@ -175,6 +175,7 @@ void sme_SetFTIEs( tHalHandle hHal, tANI_U8 sessionId, const tANI_U8 *ft_ies,
{
case eFT_START_READY:
case eFT_AUTH_REQ_READY:
smsLog( pMac, LOG1, FL("ft_ies_length: %d"), ft_ies_length);
if ((pMac->ft.ftSmeContext.auth_ft_ies) &&
(pMac->ft.ftSmeContext.auth_ft_ies_length))
{
@ -182,7 +183,7 @@ void sme_SetFTIEs( tHalHandle hHal, tANI_U8 sessionId, const tANI_U8 *ft_ies,
vos_mem_free(pMac->ft.ftSmeContext.auth_ft_ies);
pMac->ft.ftSmeContext.auth_ft_ies_length = 0;
}
ft_ies_length = VOS_MIN(ft_ies_length, MAX_FTIE_SIZE);
// Save the FT IEs
pMac->ft.ftSmeContext.auth_ft_ies = vos_mem_malloc(ft_ies_length);
if(pMac->ft.ftSmeContext.auth_ft_ies == NULL)
@ -198,9 +199,6 @@ void sme_SetFTIEs( tHalHandle hHal, tANI_U8 sessionId, const tANI_U8 *ft_ies,
pMac->ft.ftSmeContext.FTState = eFT_AUTH_REQ_READY;
#if defined WLAN_FEATURE_VOWIFI_11R_DEBUG
smsLog( pMac, LOG1, "ft_ies_length=%d", ft_ies_length);
#endif
break;
case eFT_AUTH_COMPLETE:

5
drivers/staging/prima/CORE/SYS/legacy/src/utils/src/dot11f.c
View File

@ -20089,6 +20089,10 @@ static tANI_U32 UnpackCore(tpAniSirGlobal pCtx,
}
countOffset = ( (0 != pIe->arraybound) * ( *(tANI_U16* )(pFrm + pIe->countOffset)));
if (0 != pIe->arraybound && countOffset >= pIe->arraybound) {
status |= DOT11F_DUPLICATE_IE;
goto skip_dup_ie;
}
switch (pIe->sig)
{
case SigIeAPName:
@ -20548,6 +20552,7 @@ static tANI_U32 UnpackCore(tpAniSirGlobal pCtx,
status |= DOT11F_UNKNOWN_IES;
}
skip_dup_ie:
pBufRemaining += len;
if (len > nBufRemaining)

4
drivers/staging/prima/CORE/SYS/legacy/src/utils/src/parserApi.c
View File

@ -3263,7 +3263,7 @@ sirConvertAddtsReq2Struct(tpAniSirGlobal pMac,
if ( addts.num_WMMTCLAS )
{
j = (tANI_U8)(pAddTs->numTclas + addts.num_WMMTCLAS);
if ( SIR_MAC_TCLASIE_MAXNUM > j ) j = SIR_MAC_TCLASIE_MAXNUM;
if ( SIR_MAC_TCLASIE_MAXNUM < j ) j = SIR_MAC_TCLASIE_MAXNUM;
for ( i = pAddTs->numTclas; i < j; ++i )
{
@ -3445,7 +3445,7 @@ sirConvertAddtsRsp2Struct(tpAniSirGlobal pMac,
if ( addts.num_WMMTCLAS )
{
j = (tANI_U8)(pAddTs->numTclas + addts.num_WMMTCLAS);
if ( SIR_MAC_TCLASIE_MAXNUM > j ) j = SIR_MAC_TCLASIE_MAXNUM;
if ( SIR_MAC_TCLASIE_MAXNUM < j ) j = SIR_MAC_TCLASIE_MAXNUM;
for ( i = pAddTs->numTclas; i < j; ++i )
{

12
drivers/staging/prima/CORE/TL/src/wlan_qct_tl.c
View File

@ -5668,7 +5668,7 @@ WLANTL_RxCachedFrames
---------------------------------------------------------------------*/
vosTempBuff = vosDataBuff;
while ( NULL != vosTempBuff )
while (NULL != vosDataBuff)
{
broadcast = VOS_FALSE;
selfBcastLoopback = VOS_FALSE;
@ -7231,6 +7231,7 @@ WLANTL_STARxConn
v_PVOID_t aucBDHeader;
v_U8_t ucTid;
WLANTL_RxMetaInfoType wRxMetaInfo;
v_U8_t ucAsf; /* AMSDU sub frame */
/*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -*/
/*------------------------------------------------------------------------
@ -7281,6 +7282,7 @@ WLANTL_STARxConn
usMPDULen = (v_U16_t)WDA_GET_RX_MPDU_LEN(aucBDHeader);
ucMPDUHLen = (v_U8_t)WDA_GET_RX_MPDU_HEADER_LEN(aucBDHeader);
ucTid = (v_U8_t)WDA_GET_RX_TID(aucBDHeader);
ucAsf = (v_U8_t)WDA_GET_RX_ASF(aucBDHeader);
vos_pkt_get_packet_length( vosDataBuff, &usPktLen);
@ -7298,6 +7300,14 @@ WLANTL_STARxConn
return VOS_STATUS_SUCCESS;
}
if (ucAsf) {
vos_pkt_return_packet(vosDataBuff);
*pvosDataBuff = NULL;
VOS_TRACE(VOS_MODULE_ID_TL, VOS_TRACE_LEVEL_ERROR,
"WLAN TL: AMSDU frames are not allowed while authentication - dropping");
return VOS_STATUS_SUCCESS;
}
vosStatus = WLANTL_GetEtherType(aucBDHeader,vosDataBuff,ucMPDUHLen,&usEtherType);
if( VOS_IS_STATUS_SUCCESS(vosStatus) )

26
drivers/staging/prima/CORE/TL/src/wlan_qct_tl_ba.c
View File

@ -872,6 +872,9 @@ WLANTL_AMSDUProcess
v_U16_t packetLength;
static v_U32_t numAMSDUFrames;
vos_pkt_t* vosDataBuff;
uint8_t llc_hdr[6] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00};
uint8_t broadcast_addr[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
/*- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -*/
/*------------------------------------------------------------------------
Sanity check
@ -950,6 +953,7 @@ WLANTL_AMSDUProcess
pClientSTA->ucMPDUHeaderLen = ucMPDUHLen;
memcpy(pClientSTA->aucMPDUHeader, MPDUHeaderAMSDUHeader, ucMPDUHLen);
/* AMSDU header stored to handle garbage data within next frame */
pClientSTA->drop_amsdu = false;
}
else
{
@ -987,6 +991,28 @@ WLANTL_AMSDUProcess
return VOS_STATUS_SUCCESS; /*Not a transport error*/
}
if (pClientSTA->drop_amsdu) {
vos_pkt_return_packet(vosDataBuff);
*ppVosDataBuff = NULL;
return VOS_STATUS_SUCCESS;
}
/**
* Set drop_amsdu flag and drop AMSDU subframe if
* 1. AMSDU subframe header's DA is equal to LLC header or
* 2. AMPDU header's DA is a broadcast address
*/
if ((vos_mem_compare2(MPDUHeaderAMSDUHeader + ucMPDUHLen,
llc_hdr, 6) == 0) ||
(vos_mem_compare2(MPDUHeaderAMSDUHeader + 4, broadcast_addr, 6) == 0)) {
pClientSTA->drop_amsdu = true;
vos_pkt_return_packet(vosDataBuff);
*ppVosDataBuff = NULL;
VOS_TRACE(VOS_MODULE_ID_TL, VOS_TRACE_LEVEL_ERROR,
"WLAN TL:Invalid AMSDU frame - dropping");
return VOS_STATUS_SUCCESS;
}
/* Find Padding and remove */
memcpy(&subFrameLength, MPDUHeaderAMSDUHeader + ucMPDUHLen + WLANTL_AMSDU_SUBFRAME_LEN_OFFSET, sizeof(v_U16_t));
subFrameLength = vos_be16_to_cpu(subFrameLength);

3
drivers/staging/prima/CORE/TL/src/wlan_qct_tli.h
View File

@ -531,6 +531,9 @@ typedef struct
/* Pointer to the root of the chain */
vos_pkt_t* vosAMSDUChain;
/* Drop any invalid amsdu */
bool drop_amsdu;
/* Used for saving/restoring frame header for 802.3/11 AMSDU sub-frames */
v_U8_t aucMPDUHeader[WLANTL_MPDU_HEADER_LEN];

66
fs/pnode.c
View File

@ -195,10 +195,15 @@ static struct mount *next_group(struct mount *m, struct mount *origin)
}
/* all accesses are serialized by namespace_sem */
static struct mount *last_dest, *last_source, *dest_master;
static struct mount *last_dest, *first_source, *last_source, *dest_master;
static struct dentry *mp_dentry;
static struct list_head *list;
static inline bool peers(struct mount *m1, struct mount *m2)
{
return m1->mnt_group_id == m2->mnt_group_id && m1->mnt_group_id;
}
static int propagate_one(struct mount *m)
{
struct mount *child;
@ -209,24 +214,26 @@ static int propagate_one(struct mount *m)
/* skip if mountpoint isn't covered by it */
if (!is_subdir(mp_dentry, m->mnt.mnt_root))
return 0;
if (m->mnt_group_id == last_dest->mnt_group_id) {
if (peers(m, last_dest)) {
type = CL_MAKE_SHARED;
} else {
struct mount *n, *p;
bool done;
for (n = m; ; n = p) {
p = n->mnt_master;
if (p == dest_master || IS_MNT_MARKED(p)) {
while (last_dest->mnt_master != p) {
last_source = last_source->mnt_master;
last_dest = last_source->mnt_parent;
}
if (n->mnt_group_id != last_dest->mnt_group_id) {
last_source = last_source->mnt_master;
last_dest = last_source->mnt_parent;
}
if (p == dest_master || IS_MNT_MARKED(p))
break;
}
}
do {
struct mount *parent = last_source->mnt_parent;
if (last_source == first_source)
break;
done = parent->mnt_master == p;
if (done && peers(n, parent))
break;
last_source = last_source->mnt_master;
} while (!done);
type = CL_SLAVE;
/* beginning of peer group among the slaves? */
if (IS_MNT_SHARED(m))
@ -273,6 +280,7 @@ int propagate_mnt(struct mount *dest_mnt, struct dentry *dest_dentry,
* so globals will do just fine.
*/
last_dest = dest_mnt;
first_source = source_mnt;
last_source = source_mnt;
mp_dentry = dest_dentry;
list = tree_list;
@ -397,36 +405,18 @@ int propagate_umount(struct list_head *list)
return 0;
}
/*
* Iterates over all slaves, and slaves of slaves.
*/
static struct mount *next_descendent(struct mount *root, struct mount *cur)
{
if (!IS_MNT_NEW(cur) && !list_empty(&cur->mnt_slave_list))
return first_slave(cur);
do {
struct mount *master = cur->mnt_master;
if (!master || cur->mnt_slave.next != &master->mnt_slave_list) {
struct mount *next = next_slave(cur);
return (next == root) ? NULL : next;
}
cur = master;
} while (cur != root);
return NULL;
}
void propagate_remount(struct mount *mnt)
{
struct mount *m = mnt;
struct mount *parent = mnt->mnt_parent;
struct mount *p = mnt, *m;
struct super_block *sb = mnt->mnt.mnt_sb;
if (sb->s_op->copy_mnt_data) {
m = next_descendent(mnt, m);
while (m) {
if (!sb->s_op->copy_mnt_data)
return;
for (p = propagation_next(parent, parent); p;
p = propagation_next(p, parent)) {
m = __lookup_mnt(&p->mnt, mnt->mnt_mountpoint, 0);
if (m)
sb->s_op->copy_mnt_data(m->mnt.data, mnt->mnt.data);
m = next_descendent(mnt, m);
}
}
}