There are two types of WLAN IPA exceptions, where WLAN driver is
involved for packet processing.
One is for RX exceptions, such as ICMP or Intra-BSS packets.
The other one is for WDI 1.0 MCC TX SW path, where packet queueing
is happening in WLAN driver.
In both cases, skb is allocated in IPA driver. If NBUF_MEMORY_DEBUG
is defined and qdf_net_buf_debug_acquire_skb() is not invoked for
the skb, qdf_nbuf_free() will trigger ASSERT to report unallocated
buffer.
For early processing of RX exceptions, dev_kfree_skb_any() needs to
be called instead of qdf_nbuf_free() otherwise above ASSERT will be
triggered.
For MCC TX SW path, ipa_free_skb() should be called to free skb to
IPA driver.
Change-Id: I039cb20673ce3aa98056529f7609801f76c4c16a
CRs-Fixed: 2247339
There might be a race condition between wlansap_stop_bss and
wlansap_start_bss. The tx_flow_control_timer might be created again
after released by hdd_stop_adapter which might cause the memory leak
issue.
Add mutex lock to protect the wlansap_start_bss in the function of
wlan_hdd_cfg80211_start_bss to fix incorrect state of fsm.
Change-Id: Icae4508450f6e1cc13210d49edaf03a8fbd39fe4
CRs-Fixed: 2239832
While calling sme_pdev_set_pcl() API, driver is passing the argument
by value. The size of the argument is 280 bytes which is not good
design.
Pass the argument by reference instead of passing it by value to make
design simple.
CRs-Fixed: 2233212
Change-Id: I92849fb125fe864c1c7c7977bce392a7bcfe4121
qdf_wait_for_event_completion() needs a timeout value in milliseconds.
msecs_to_jiffies() is not needed to convert timeout value into jiffies.
Change-Id: I95315f937d651fd200f58d89f44eb167c6f29cc8
CRs-Fixed: 2250143
Currently SMMU mem map table allocation size is very high and may
lead to allocation failure if system memory is fragmented or in low
memory cases. Do not allocate SMMU mem table buffer instead update
for each rx nbuff.
Change-Id: Ib48199387abc942980cef1ef57a00e44c729e95f
CRs-Fixed: 2238629
session_entry pointer has been dereferenced without checking against
NULL.
Add NULL check before dereferencing it.
CRs-Fixed: 2232738
Change-Id: I899a5da2affd70acf274bdceca11e9d47c7659b5
Initialize variable sap_ap_event to avoid use of uninitialized value
of sap_ap_event.sapHddEventCode when calling sap_ctx->pfnSapEventCallback.
Change-Id: Idcf18b6c95ffcef59f0db764d0071fcb4909ea2e
CRs-Fixed: 2232749
wlan_sys_probe has been superseded by the scheduler thread watchdog.
Since it is no longer needed, remove wlan_sys_probe.
Change-Id: I31e7cf0021774d074a6c94eb6a636e1f87452923
CRs-Fixed: 2249435
When WMI attaching fails in wma_open, the memory allocated
during invokation of target_if_open should be freed to
avoid a memory leak.
Change-Id: I64e5bbc9714199a1598df55e00586786a30aad35
CRs-fixed: 2237068
Address the following issues in wlan_hdd_wext.c:
CHECK:'recieved' may be misspelled - perhaps 'received'?
CHECK: parenthesis alignment in iw_get_policy_manager_ut_ops
CRs-Fixed: 2245341
Change-Id: I25c1e4310739e934d49dc7b4fc3890e5ab16e5e0
In the function hdd_hostapd_sap_event_cb, stainfo is obtained
from hdd_get_stainfo(). This stainfo is dereferenced later to
retrive dhcp_phase later. If the stainfo returned from the
function hdd_get_stainfo is NULL, then a possible NULL pointer
dereference could occur.
Add check to validate stainfo is not NULL.
Change-Id: Ia428142b6ae2545528c5998dcde63845ca592b56
CRs-Fixed: 2233870
Remove the redundant tx flow control register in sap event cb, which has
been registered already when adapter started.
Change-Id: Ia48249ed6b6de0a1af642d920f9589c600015ed3
CRs-Fixed: 2239832
This reverts change If06be4c9627eb345fb52609351417b155d336a4e for the
following reasons:
1) hdd_debug_domain_set() should never be called outside of module
start/stop
2) It effectively reverts I2fade59d1e4a27620cecadb91f69866e79c85612
Change-Id: Id132c516dd2600110912539df37eb1932730fef1
CRs-Fixed: 2248600
In hdd_we_set_11d_state(), @sme_config is accessed immediately after
being freed. Avoid accessing freed memory.
Change-Id: I7ad19f6846bce1d0f99b7712f1036c81ea363815
CRs-Fixed: 2247652
When receive dfs event, if no available channel, stop all AP,
but send eSAP_STOP_BSS_DUE_TO_NO_CHNL to same AP for 2 times
wrongly during SAP+SAP concurrency, init and schedule same work
queue sap_stop_bss_work 2 times at nearly same time, deadlock
happens
Change-Id: I86cf0ed578e81b3bc1941e057e91c9d952893e07
CRs-Fixed: 2230873
IPA driver adds unified WDI API for ipa_wdi_create_smmu_mapping
and ipa_wdi_release_smmu_mapping. WLAN driver needs to adopt the
change accordingly.
Change-Id: I997aae3651831d0ecf576369fdb428c0f59be77b
CRs-Fixed: 2230075
hdd_stop_adapter frees beacon resouce but doesn't clear SOFTAP_INIT_DONE
flag. If SSR happens in this time, NULL pointer dereference will occur.
Clear flag in hdd_stop_adapter and check NULL pointer when use beacon.
Change-Id: I14be81a4e5fb498948f7ceec9138e9b1c797af1e
CRs-Fixed: 2232511
It will reject channel switch command for STA+SAP concurrency case
since not force set channel switch.
Change-Id: Id032d5f931aa78cf24fda7e1fc1cc1d8ec58008f
CRs-Fixed: 2246121
If any userspace request is posted using request manager,
memory is allocated for that request using hdd_request_alloc
api. Now when the response of this request comes in the
registered callback, if this response is NULL then callback
returns without doing hdd_request_complete and eventually
request gets timed out and memory is released through
request_put. If the con_mode is changed before this time out
occures, con_mode_handler will try to stop_modules and will
result in mem leak detection as the memory for the request
is not released yet.
To address this issue in con_mode_handler, wait for all the
user space requests to complete before trying to stop modules.
Change-Id: If524580e420d107a1fe6d17b75d4c13e4feb96e1
CRs-Fixed: 2244739
