diff options
| author | Srinivas Dasari <dasaris@codeaurora.org> | 2017-02-07 18:47:22 +0530 |
|---|---|---|
| committer | Brinly Taylor <brinly@brinly.me> | 2017-08-17 09:22:40 +1000 |
| commit | 93c86319f93c3c0f2f9bcb15fb115d2c180d120a (patch) | |
| tree | fabf53c8f8a0a25003bdda8c84669393032c81e1 | |
| parent | eabd5a6d3d81a9df679bdcdc934058f421182197 (diff) | |
| download | android_hardware_qcom_wlan-cm-14.1-caf.tar.gz android_hardware_qcom_wlan-cm-14.1-caf.tar.bz2 android_hardware_qcom_wlan-cm-14.1-caf.zip | |
WifiHAL: Free the stats received so far if requestResponse() failscm-14.1-caf
WLAN driver may return failure (e.g. TIMEOUT) for llstats_get even
after sending few stats to wifihal. This is possible in the below
cases,
1. Driver gets radio stats from firmware and sent those stats to
the wifihal and got a TIMEOUT while waiting for iface stats
2. Driver gets radio stats and iface stats from firmware and sent
those stats to the wifihal and got a TIMEOUT while waiting for
peer stats
Wifihal treats this as complete request failure from driver and
doesn't return the received stats to framework. The memory
allocated for these stats is not getting freed. Free the same
when requestResponse() returns error.
Remove the memset() of mResultsParams in initGetContext() as it's
causing a memleak of the stats collected in the above cases when
next llstats_get request comes from framework.
This memset() just resets mResultsParams but doesn't reset the
cached results size parameter mRadioStatsSize.
When next radios stats come to wifihal, realloc() with this
parameter creates a fresh buffer (mResultsParams.radio_stats) of
size (mRadioStatsSize+new_stats_size) but memset happens only from
address (mResultsParams.radio_stats+mRadioStatsSize).
So mResultsParams.radio_stats contains garbage values from
mResultsParams.radio_stats to
mResultsParams.radio_stats+mRadioStatsSize byte.
Native or wifihal accesses these garbage values and
tx_time_per_levels is one of them.
Accessing tx_time_per_levels leads to illegal memory access as it
contains garbage values.
Change-Id: Ic99541c16d2fd0328c504da10fef2acdbf228b12
CRs-Fixed: 2003354
| -rw-r--r-- | qcwcn/wifi_hal/llstats.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/qcwcn/wifi_hal/llstats.cpp b/qcwcn/wifi_hal/llstats.cpp index 17492d5..9d642a1 100644 --- a/qcwcn/wifi_hal/llstats.cpp +++ b/qcwcn/wifi_hal/llstats.cpp @@ -93,7 +93,6 @@ LLStatsCommand* LLStatsCommand::instance(wifi_handle handle) void LLStatsCommand::initGetContext(u32 reqId) { mRequestId = reqId; - memset(&mResultsParams, 0,sizeof(LLStatsResultsParams)); memset(&mHandler, 0,sizeof(mHandler)); } @@ -1348,8 +1347,10 @@ wifi_error wifi_get_link_stats(wifi_request_id id, if (ret != 0) { ALOGE("%s: requestResponse Error:%d",__FUNCTION__, ret); } - if (ret < 0) + if (ret < 0) { + LLCommand->clearStats(); goto cleanup; + } if (ret == 0) { ret = LLCommand->notifyResponse(); |