Restrict printing of kernel virtual addresses in SPS driver.
In debug prints, handles to bam device structures may be printed
as integers. As these handles are obtained by casting pointer
to bam device structures to integer, they can reveal addresses
of the structures to attackers.
Cast the handles in debug prints to pointers, printed with with %pK,
which hides these values if kptr_restrict is set (default on Android).
Change-Id: Idd28c7d11a06113605f7428a4cfc2505c1ae0073
Signed-off-by: Jishnu Prakash <jprakash@codeaurora.org>
Adding code changes to validate buffer size.
While calling ipa_read verifying the kernel buffer
size in range or not.
Change-Id: Idc608c2cf0587a00f19ece38a4eb646f7fde68e3
Signed-off-by: Praveen Kurapati <pkurapat@codeaurora.org>
Adding code changes to validate user inputs.
Before allocating the NAT entry verifying the
NAT entry size in range or not.
Change-Id: I21147f20a12243af5d21aebdc206703964db2be4
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Currently RT is deleted even if rt rule or header proc ctx
is invalid. Add check to prevent it.
Change-Id: Ic37ff9a33fab2b3c0d6393e43452e4b62a91d932
Acked-by: Pooja Kumari <kumarip@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Protect ipa default routing table from
addition, deletion and modification once after
default rule added by ipa-driver.
Change-Id: I045d9c29fed23edf796d826e440b81124e1f666a
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
The correct sequence for enabling HOLB drop is first
to suspend the pipe and then to HOLB drop.
Change-Id: I78b7b268eec230a4993e446bd90846f800364e06
CRs-Fixed: 2141518
Acked-by: Ady Abraham <adya@qti.qualcomm.com>
Signed-off-by: Skylar Chang <chiaweic@codeaurora.org>
Adding code changes to validate user inputs.
Before allocating the NAT entry verifying the
NAT entry size in range or not.
Change-Id: I21147f20a12243af5d21aebdc206703964db2be4
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Currently RT is deleted even if rt rule or header proc ctx
is invalid. Add check to prevent it.
Change-Id: Ic37ff9a33fab2b3c0d6393e43452e4b62a91d932
Acked-by: Pooja Kumari <kumarip@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Protect ipa default routing table from
addition, deletion and modification once after
default rule added by ipa-driver.
Change-Id: I045d9c29fed23edf796d826e440b81124e1f666a
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
There is a race condition between ipa3_nat_init_cmd
and ipa_read_nat4. The two thread will R/W the critical
global variables. This will result in race conditions
and possibly buffer overread/ overwrite issues. Add code
to prevent this race condition.
Change-Id: I6bf9a837ae941cf3ad9413da6e44821916acf196
Acked-by: Pooja Kumari <kumarip@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Currnetly NAT table is not deleted even if public ip is assigned to
NAT table. Add check to prevent deletion only if public ip is not assigned.
Change-Id: I4855b21472d3f6bf541d07733b18592e9e677ce6
Acked-by: Pooja Kumari <kumarip@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
IPA driver expose routing rule id IOCTL's to user space.
There is a chance of getting invalid routing rule-id.
Validate it before committing it to IPA hardware.
Change-Id: If80b94d3a055f9212d25aff9a57d1b45001ba586
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Move those deleted entries to the free
list to avoid the gap in hdr tbl list.
Change-Id: I5f5b6ec845e6b7e52c7079c2a3200a8290616951
Acked-by: Pooja Kumari <kumarip@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Signed-off-by: Skylar Chang <chiaweic@codeaurora.org>
After getting reset ioctl from user-space
module, the caches in ipa-driver are clean
however ipa-hw still has it. The fix is
to commit those caches in ipa-hw.
Change-Id: Iee0009b2bf3cdff2979d1fdba629c86a7c5afe21
Acked-by: Pooja Kumari <kumarip@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Signed-off-by: Skylar Chang <chiaweic@codeaurora.org>
Update WLAN upstream name to support STA SAP scenario
with wlan1 iface.
Change-Id: I0223c5b4aff8dfe24562a2c6d4ac581a7843224e
Acked-by: Pooja Kumari <kumarip@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Hdr offset calculation is wrong when
driver received clean-up ioctl from
user-space. The fix is to find right
hdr offset to commit ned headers.
Change-Id: I70878a19b64c3defa6101bd68d435f0b74bcfb9b
Acked-by: Pooja Kumari <kumarip@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Signed-off-by: Skylar Chang <chiaweic@codeaurora.org>
Support header/filter, routing rules
cleanup when user-space module
crashed like ipacm and also cached
the wlan client connect messages
for ipacm to query.
Change-Id: Ib09cbe0e9114aa5a5673898ff796de7e7944af35
Acked-by: Pooja Kumari <kumarip@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Signed-off-by: Skylar Chang <chiaweic@codeaurora.org>
Add support for platform reboot from IPA APPS
driver perspective.
Change-Id: Id65336da06a59a28944bfd51d9482d3d82a9cc3e
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Once USB DPL consumer ep is configured,
there is a chance of IPA hardware getting stalled,
if DPL client is not pulling the data over other end.
so, set holb discard over USB DPL cons ep
to avoid this stall.
Change-Id: I520b8c1ec84e03b783677c43670cbb9f904a4b4f
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
SPS driver does not support manual bind/unbind operations
through sysfs. Suppress the bind/unbind nodes. Do not free
SPS struct in sps_device_de_init since it is being done in
sps_exit, and also to avoid use-after-free.
Change-Id: If6da6c5fb9d1a44d0420c6151f7f9d0a33cb2d04
Signed-off-by: Siva Kumar Akkireddi <sivaa@codeaurora.org>
IPC logging is for debugging purpose and
it may disabled in kernel anytime.
From IPA driver printing the error log on IPC
create context is misleading.
Instead of error, make it as debug.
Change-Id: Icee2b1ad9fcef446f79dfc71f554a24a90ea3d2d
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
SSM driver is not enabled and hence needs deprecation.
Remove all the SSM driver references.
CRs-Fixed: 2268386
Change-Id: I02f82817023d2fcc6d05a2f0d7eb3aec8f60a7d5
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Without NAT device initialization sending NAT DMA
commands leads to XPU violation. Added checks to
verify device initialized or not before sending DMA
command.
Change-Id: I7440abc14a81e1621573f0e2808a410d60b2458d
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Add changes to verify passed value with in the allocated
max array size range or not before accessing structure.
Change-Id: If70493e937f6f0bc29bbfe08bf43738bdb4e9cf4
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Check for CAP_NET_ADMIN capability of the user
space application who tries to access rmnet driver IOCTL.
Change-Id: If6bb4b54659306c5103b5e34bf02c7234c851e0a
CRs-Fixed: 2226355
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Protect the common shared sys head_desc_list with
spin lock to avoid the race condition.
Change-Id: I427374ef44f150d6ead4aa44e245b23a55b7dd9e
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Header entry deleted but same entry pointer using in
routing table not updated. Added checks to confirm
header entry present or not before using it to avoid
null pointer dereference.
Change-Id: Id1d844c60b2dcb0cc7cf18352b78d62fe5a89347
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Miss to Validate user inputs for last entry while
sending the QMI message to modem. Adding code changes to
fix to validate user inputs for last entry.
Change-Id: If2c6c4fbfc922d56355d26a16f844fd57d4992ac
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Value of MAX_NUM_OF_MUX_CHANNEL is greater than
number of valid interfaces. So empty interface
is also getting mux id. Return mux id only for valid
interfaces.
Change-Id: I7852df0aa0ccee781c1bf6857a4183b99194f3ee
Acked-by: Pooja Kumari <kumarip@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
The first APPS default routing table rule is installed
at the IPA driver initialization. To prevent routing
exception, this rule cannot be deleted by user application.
This change prevents deleting this rule.
Change-Id: Ia27434fd24a15fea5956018a1271b11bbe227df7
CRs-fixed: 2165859
Signed-off-by: Ghanim Fodi <gfodi@codeaurora.org>
This is a fix for dynamic memory leak seen with incorrectly
allocating memory of a different size than with intended
size.
Change-Id: I350719dadad9fd5c7f35a334e81c8d9f2298f888
Acked-by: Jyothi Jayanthi <jyothij@qti.qualcomm.com>
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Michael Adisumarta <madisuma@codeaurora.org>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
