This reverts Change-Id: I1887aab39d2fa13cc8a900164d2aa6d489464e42
Driver is no more acquiring qdf_conc_list_lock before calling
cds_get_pcl(). SME active queue will serialize connection request and
bss start commands.
Change-Id: I98066b8f1e756ae930ea97be6f8c6e6de244662d
CRs-Fixed: 2108186
For data stall continuous HDD tx timeout count of five
post HOST TX time out data stall event to handle it in
data detection module.
Change-Id: Ic6cf5e62f711cef5919a4a5e85e4232c622c04bb
CRs-Fixed: 2094393
Add sanity check for vdev id in wma_vdev_start_resp_handler() to prevent
out of bound memory access.
Change-Id: Ia4e18e8e322142928c41dfa88b874ff017727266
CRs-Fixed: 2120424
There is a possibility of double start of inactivity timer if iff_up
(hdd_open) happens while probe/remove/reinit is still going on.
To mitigate this issue, on iff_up, start inactivity after acquiring
hdd_init_deinit_lock, which make sure probe/remove/reinit are
completed, and thereby inactivity timer is stopped.
Change-Id: I2417215380e318a8410a2d25eabf82f353a26c4f
CRs-Fixed: 2125494
There can be deadlock on iff_up on anyone of mutex's like
init_deinit_lock, iface_change_lock. To catch what caused the
deadlock start the inactivity timer to root-cause the issue
CRs-Fixed: 2120569
Change-Id: I830cc4127a9c0691ee44a5e2c56c871471d638db
qcacld-2.0 to qcacld-3.0 Propagation.
Wifi OFF/ON is needed to update the gEnableModuleDTIM ini param.
Add private ioctl to configure modulated DTIM at runtime.
CRs-Fixed: 2002662
Change-Id: I28be432da775a9aa026cd702c63dee5666260d33
Fine tune the scan rest time configuration parameters,
gRoamRestTimeMin and gNeighborScanTimerPeriod to 50ms and
100ms respectively for better power efficiency.
Change-Id: Ia6edb87dbb0abf4771613a028d711f4f7a4e0f41
CRs-Fixed: 2120683
Some data path code change didn't consider SDIO code path, so
introducing some build error for SDIO driver. Fix them in one
submission to enable ACI
Change-Id: I3d1b81c57a8ae854f18db3eccb546b7b552899b7
CRs-Fixed: 2033757
Assert was added in the wma_rx_aggr_failure_event_handler via the change
Iea93e879196e9cd43856a7dcc9204d2304f76c78 and it exposes further security
issues.
Remove the assert in wma_rx_aggr_failure_event_handler.
Change-Id: Iaef00389fa19da0fe33e3bcd6f2123e553b84dff
CRs-Fixed: 2114789
SAP DUT allocates SA query timer for each STA-PEER which gets associated
to DUT. When STA-PEER walks out or gets disassociated, SAP DUT releases
this timer memory through PEER clean-up process but in few corner cases
it is observed that STA-PEER left uncleaned.
In such cases ideally when SAP session goes away, SAP state-machine
should check any left out memory and clean it up through
lim_cleanup_mlm() but this API check for own session validity and
own session has been marked as invalid before even calling this API.
Due to which timer memory leaks.
Fix the situation by deleting the timer before marking own session as
invalid.
In some cases, for some reasons PEER delete sta request couldn't send to
FW then memory associated with delete sta request needs to be freed.
If status is failure and del sta response is not required then silently
release the memory.
CRs-Fixed: 2124293
Change-Id: I082c771bbee6d083b15515dd2e40ed9a27e0a9a1
Currently during peer initialization (ol_txrx_peer_attach), we are
initializing peer refcount to 2. This is done to prevent peer
deletion, in case some logic tries to delete a peer when the host has
not received peer map events.
The above logic fails to address the condition when there is roaming
failure, followed by peer deletion from userpace. In this case, host
tries to create a peer and initializes refcount to 2. However, since
roaming fails, firmware does not send out peer map events. In the
meanwhile, the framework tries to delete the existing peer. This
deletion following the peer creation and absence of peer map leads to an
incorrect peer refcount even after deletion and hence this peer does not
get deleted.
Initialize peer with refcount of 2 but 1 instead. In case a map or
unmap arrives after peer deletion, the existing logic will
try to find a peer in the peer hash bins or peer_id_obj_map and will
not find the peer.
Change-Id: Ia3ba6842122dba49281d7bd00303cbe7685ef91c
CRs-Fixed: 2087373
To avoid circular dependency, cleanup is done
in common code, So use correct header file to
fix any compilation issue.
Change-Id: Id094107dda4f34ed479ead0b801da27c7aa240ff
CRs-Fixed: 2126011
Add sanity check for wow_buf_pkt_len in wma_wow_wakeup_host_event()
to avoid out of bound memory access.
Change-Id: Id3b0003aa366d9239739efe561f44eff1dceff5d
CRs-Fixed: 2119401
When force_sap_acs is enabled, hostapd acs will be discarded
and driver acs will happen with override values from ini. Finally
weight for a channel is calculated based on rssi, bsscount. etc.
from auto_channel_select_weight. This ini value is getting extracted
only in __wlan_hdd_cfg80211_do_acs() and so ini value won't be updated
in sap config when hostapd acs doesn't happen or force_sap_acs is enabled.
Update auto_channel_select_weight ini value in sap config in
wlan_hdd_cfg80211_start_bss() which is called irrespective of any
configuration.
Change-Id: I90f549fece117a72c19cf5fdc9f6485b1ab8afdc
CRs-Fixed: 2125597
Checkpatch reported instances of the following issue, so fix them:
- ERROR:SPACING: space prohibited before that ',' (ctx:WxE)
Change-Id: Ifc015a9e3976ebca03662438998433e976e6cf18
CRs-Fixed: 2125683
Checkpatch reported the following issues, so fix them:
- ERROR:SPACING: space prohibited before that ':' (ctx:WxE)
- ERROR:SPACING: space prohibited after that '*' (ctx:ExW)
Change-Id: I2ae63f6a0474a6d8384c2b6796a5239b99aa3ffb
CRs-Fixed: 2125682
Checkpatch flaged the following issues, so fix them:
- WARNING:LONG_LINE: line over 80 characters
- ERROR:SPACING: space prohibited before that ',' (ctx:WxE)
- WARNING:LINE_SPACING: Missing a blank line after declarations
Change-Id: Ifb14eaa7828da997c35265deed5e94a2a2db9054
CRs-Fixed: 2125681
Checkpatch reported the following issues, so fix them:
- WARNING: Missing a blank line after declarations
- WARNING: Block comments use a trailing */ on a separate line
- ERROR: that open brace { should be on the previous line
Change-Id: I7671e3a165cb7f372187c37ce31a92778422031a
CRs-Fixed: 2124909
Checkpatch reported the following issues, so fix them:
- ERROR: else should follow close brace '}'
- WARNING: braces {} are not necessary for single statement blocks
Change-Id: I9c8d329d70ee258834eaaea0183ba2e36643b572
CRs-Fixed: 2124908
It can help to trace what is happening during load/unload and
avoid just exiting silently.
Change-Id: I61a451058a7846d3627500db2c9d8d5998e8210e
CRs-fixed: 2123331
Commit fb9d5acfed and 645749571d introduce an API to deinit scan
runtime suspend lock and move runtime suspend context deinit in
order to fix a memory leak issue. However, it breaks SSR because
runtime suspend context init and deinit are not matching during
SSR which results double free happens in the rmmod after SSR.
Move runtime suspend context init to correct place.
Change-Id: I698385ab52e7e18636b143cd71c229afb676baff
CRs-fixed: 2123331
If probe failed because of no memory, we want to try to recovery by
issuing a re-probe for built-in driver. Hence, convert probe return
error from -ENOMEM to -EPROBE_DEFER for built-in driver so that
platform driver can issue re-probe based on the return value.
CRs-Fixed: 2124159
Change-Id: I6cca0ed186554c8065b77af8c178ca9e143abf98
Checkpatch reported the following problem:
ERROR: Prefixing 0x with decimal output is defective
Correctly use %x when logging hex data.
Change-Id: I8150cf6ae5770a18035f006df9e774932919d9b7
CRs-Fixed: 2124907
In WMA, data from firmware event buffer is used without
sanity checks for upper limit. This might lead to a potential
integer overflow further leading to buffer corruption.
Add sanity check to avoid integer overflow.
Change-Id: Id47e12015a4d46af24180b621b52ffcb17596c07
CRs-Fixed: 2112832
Structure roam_offload_synch_ind has element hlp_data which is of
size FILS_MAX_HLP_DATA_LEN is greater than WMI_SVC_MSG_MAX_SIZE.
Hence, remove check for size of roam_offload_synch_ind against
WMI_SVC_MSG_MAX_SIZE to avoid roam failure. Also, modify check
for validity of vdev id.
Change-Id: I1b9cef08e1d847f27b7057abf7189ef0f867b92f
CRs-Fixed: 2124786
Fw assert and unloading can occur at same moment, there is no need
to recover if wlan unloading is ongoing, so skip notifying SSR framework
in such case.
Change-Id: I2176d1505e8e358f4436277e4d0b706923596f27
CRs-Fixed: 2087634
In driver as part of __wlan_hdd_cfg80211_set_ap_channel_width() driver
modify the channelBondingMode24GHz and this modified value is not
changed to default value once hostapd restarts.
Due to this when the 20/40 BSS Coexistence Management frame is
received and hostapd tries to change the width to 20Mhz using
__wlan_hdd_cfg80211_set_ap_channel_width(), as
channelBondingMode24GHz is already set to 0, the request is
ignored and SAP doesn’t switch to 20Mhz.
To fix this use per session cb mode to validate bw switch.
Change-Id: Ia233c478794602aa6909cf637c5fc8c82fc3433a
CRs-Fixed: 2058315
Currently resp_event->vdev_id, recevied from the FW, is directly used
to refer to wma->interfaces without validating if the vdev_id is valid.
Add sanity check to make sure vdev_id is less than max_bssid before
using it.
Change-Id: I734ff795a3936719b08493f868384dbde72a80df
CRs-Fixed: 2119394
