Merge "wifi: Clear ring bufffers on detecting buffer corruption" into tm-dev am: 60931f8ec6 am: 78ce85df3b
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/18451407
Change-Id: I40d8296748c8312f35af046c8816050f8d198f5b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/wifi/1.6/default/ringbuffer.cpp b/wifi/1.6/default/ringbuffer.cpp
index 6d4ed84..981bf7b 100644
--- a/wifi/1.6/default/ringbuffer.cpp
+++ b/wifi/1.6/default/ringbuffer.cpp
@@ -26,20 +26,26 @@
Ringbuffer::Ringbuffer(size_t maxSize) : size_(0), maxSize_(maxSize) {}
-void Ringbuffer::append(const std::vector<uint8_t>& input) {
+enum Ringbuffer::AppendStatus Ringbuffer::append(const std::vector<uint8_t>& input) {
if (input.size() == 0) {
- return;
+ return AppendStatus::FAIL_IP_BUFFER_ZERO;
}
if (input.size() > maxSize_) {
LOG(INFO) << "Oversized message of " << input.size() << " bytes is dropped";
- return;
+ return AppendStatus::FAIL_IP_BUFFER_EXCEEDED_MAXSIZE;
}
data_.push_back(input);
size_ += input.size() * sizeof(input[0]);
while (size_ > maxSize_) {
+ if (data_.front().size() <= 0 || data_.front().size() > maxSize_) {
+ LOG(ERROR) << "First buffer in the ring buffer is Invalid. Size: "
+ << data_.front().size();
+ return AppendStatus::FAIL_RING_BUFFER_CORRUPTED;
+ }
size_ -= data_.front().size() * sizeof(data_.front()[0]);
data_.pop_front();
}
+ return AppendStatus::SUCCESS;
}
const std::list<std::vector<uint8_t>>& Ringbuffer::getData() const {
diff --git a/wifi/1.6/default/ringbuffer.h b/wifi/1.6/default/ringbuffer.h
index 8571a9f..c6a1e4c 100644
--- a/wifi/1.6/default/ringbuffer.h
+++ b/wifi/1.6/default/ringbuffer.h
@@ -31,11 +31,19 @@
*/
class Ringbuffer {
public:
+ // Error codes for the append ring buffer operation
+ enum AppendStatus {
+ SUCCESS,
+ FAIL_GENERIC,
+ FAIL_IP_BUFFER_ZERO,
+ FAIL_IP_BUFFER_EXCEEDED_MAXSIZE,
+ FAIL_RING_BUFFER_CORRUPTED
+ };
explicit Ringbuffer(size_t maxSize);
// Appends the data buffer and deletes from the front until buffer is
// within |maxSize_|.
- void append(const std::vector<uint8_t>& input);
+ enum AppendStatus append(const std::vector<uint8_t>& input);
const std::list<std::vector<uint8_t>>& getData() const;
void clear();
diff --git a/wifi/1.6/default/wifi_chip.cpp b/wifi/1.6/default/wifi_chip.cpp
index f062409..c7c00b1 100644
--- a/wifi/1.6/default/wifi_chip.cpp
+++ b/wifi/1.6/default/wifi_chip.cpp
@@ -1613,6 +1613,7 @@
return;
}
WifiDebugRingBufferStatus hidl_status;
+ Ringbuffer::AppendStatus appendstatus;
if (!hidl_struct_util::convertLegacyDebugRingBufferStatusToHidl(status,
&hidl_status)) {
LOG(ERROR) << "Error converting ring buffer status";
@@ -1623,13 +1624,19 @@
const auto& target = shared_ptr_this->ringbuffer_map_.find(name);
if (target != shared_ptr_this->ringbuffer_map_.end()) {
Ringbuffer& cur_buffer = target->second;
- cur_buffer.append(data);
+ appendstatus = cur_buffer.append(data);
} else {
LOG(ERROR) << "Ringname " << name << " not found";
return;
}
// unique_lock unlocked here
}
+ if (appendstatus == Ringbuffer::AppendStatus::FAIL_RING_BUFFER_CORRUPTED) {
+ LOG(ERROR) << "Ringname " << name << " is corrupted. Clear the ring buffer";
+ shared_ptr_this->writeRingbufferFilesInternal();
+ return;
+ }
+
};
legacy_hal::wifi_error legacy_status = legacy_hal_.lock()->registerRingBufferCallbackHandler(
getFirstActiveWlanIfaceName(), on_ring_buffer_data_callback);
@@ -1971,6 +1978,11 @@
}
unique_fd file_auto_closer(dump_fd);
for (const auto& cur_block : cur_buffer.getData()) {
+ if (cur_block.size() <= 0 || cur_block.size() > kMaxBufferSizeBytes) {
+ PLOG(ERROR) << "Ring buffer: " << item.first
+ << " is corrupted. Invalid block size: " << cur_block.size();
+ break;
+ }
if (write(dump_fd, cur_block.data(), sizeof(cur_block[0]) * cur_block.size()) ==
-1) {
PLOG(ERROR) << "Error writing to file";