While sending probe response template down to firmware, driver
populates some items in data-structure which is not getting used.
Remove those unused items and send only what is needed.
CRs-Fixed: 2148056
Change-Id: I1878f523f0f88c354854dfdb75e60e66c4ecb0e8
Add a SSID length validation check before
copying the SSID field to scan request
structure from connect profile.
Change-Id: Ic6297a28f8852db2e5d22c5c7d5b8eab7b76dbfd
CRs-Fixed: 2145706
Initialize message local variable on stack in SME get peer info request
API before posting message via scheduler API.
Change-Id: I4471f3c3eacaacfb8e9145e61dd4eb33b921936f
CRs-Fixed: 2158564
Avoid bit addressing for HE Caps and HE Ops, and use structures
to access fields within HE Caps and HE Ops.
Change-Id: I1afa1926d1f4c7da5446870a7ad3121c06762f98
CRs-Fixed: 2145511
Conditional check to avoid add of same softap interface again
during SSR in __wlan_hdd_add_virtual_intf() is causing
regression (Ic3cd1eebb23482e9cebf04683533face178698b4) and
not allowing to add more than one softap interface.
To fix, add check for newly requested softap interface name with
previously registered softap interfaces and add if name is different
else return the existing one.
Change-Id: I103bd577db5c38e53b1ef12278a856a39790f8f7
CRs-Fixed: 2155854
MC addr list is a ndo operation can be invoked by the kernel even
if the driver modules are closed which can result in accessing from
freed variables.
Reject the set/reset mc addr list when the modules are closed.
Change-Id: Ief83e18e6f8e431c7d68377f803ac602178f8913
CRs-Fixed: 2153099
TDLS peer delete function is not validating the return
status from PE, and it causes unpredictable errors.
Verify the return status and take the corresponding
action for the error cases.
Change-Id: I55c77842560917ca766fbfcbf26762d745a1d5e5
CRs-Fixed: 2144268
In addition to any other resource leak checks being done at runtime,
check for any leaked MC Timers as well.
Change-Id: Ic576eed3cf9b19824db6864a6b7b0466a6f03ea9
CRs-Fixed: 2125799
Add debugs to dump all the Vendor IEs of tag type 221 to identify
the IEs sent in the AP's beacons/probe response without need to sniffer.
Change-Id: I1896adc12b49a54e4cf39794e802c04f7ad22080
CRs-Fixed: 2156913
During frequent suspend/resume there is a possibility of csr scan timer
and hdd scan timer are racing eaching other. Increase the hdd scan timer
value to double of the csr scan timer value to reduce the race allowing
hdd to abort the scan incase of timeout.
Change-Id: I03995498df692dc92dc87e8ef1fc8fd316965df0
CRs-Fixed: 2151994
In function wlan_hdd_cfg80211_set_ie, RSN IE is parsed and copied
into the buffer for length eLen + 2.
However, the buffer WPARSNIE is allocated only for
size. If eLen + 2 is greater than MAX_WPA_RSN_IE_LEN, a buffer overflow
would occur.
Add sanity check to make sure eLen does not exceed MAX_WPA_RSN_IE_LEN - 2.
Also increase the size of to 255 as per the spec
Change-Id: Ibf44e8dc1010e6e32b2262357d3aa180926d5c99
CRs-Fixed: 2154216
Change the existing cdp_peer_find_by_addr by calls to
cdp_peer_get_ref_by_addr and cdp_peer_release_ref. The new APIs
make sure that the peer is valid as long as the peer reference is not
released (call to cdp_peer_release_ref)
Change-Id: Ibde9944a9721e5dcf0f7838058c229539efae7e4
CRs-Fixed: 2139801
The existing peer API cdp_peer_find_by_add does not maintain any peer
references. So a peer which is returned by the API may get deleted in a
different context. This may lead to access to a already deleted memory.
Fix the issue by introducing new APIs "peer_get_ref" and
"peer_release_ref" which make sure the peer is valid until it is
"released" (peer_release_ref is called).
Change-Id: I60175ee1d67f01e3ee4b48cb655d1728d29d08f4
CRs-Fixed: 2139801
Memory leak is detected while processing the
measurement report request while another request
is under processing.
Pass an address of the pointer to the rrm beacon
request API to get the allocated memory address.
Change-Id: I83c44a6a7a4a8e1ce56e48b008e7d784cca1dc6d
CRs-Fixed: 2144031
In the monitor mode when the system is suspended
FW trying to send packet to host which is not allowed leading to this
system crash.
Acquire wakelock once the device enters monitor mode and block
the system from entering suspend.
Change-Id: I27ba2d43fd7b84bc1ae7e6046ab635065872b2d2
CRs-Fixed: 2130546
If mac_ctx->roam.configParam.qcn_ie_support is enabled driver adds
qcn ie in directed probe req, even if its already present in the
additional scan IEs. Thus in probe request two qcn ie are present.
To fix this add qcn ie only if roam.configParam.qcn_ie_support is set
and qcn ie is not present in the additional scan IE.
Change-Id: I4c7ea32dc06e5c62b4043dbd3794348f8185fd9b
CRs-Fixed: 2152795
Avoid using WMI HE Ops macro in lim and use dot11f struct for
HE Ops instead. Keep the tranlation to FW interpratation of
HE Ops in wma layer only.
Change-Id: Ie94795541aaddb7ae291ff451b938ebb96f74dbf
CRs-Fixed: 2145510
The host defines the iface ptr with :-
iface = &wma_handle->interfaces[key_params->vdev_id], at line 1588
and if the WLAN_FEATURE_11W, is not enabled , the host sets the
iface->is_waiting_for_key as false , without a NULL check of iface.
Fix is to add a NULL check for iface
Change-Id: I69ed8f881b678458d16f1f74e87e31959c04ec63
CRs-Fixed: 2156921
WLAN Latency module (WLM) is added by fw to gain latency
because of schedule out of service like power saving,
scanning, roaming etc. per the level set by framework.
Change-Id: Id4305e5e66dcce464447aff56296c7d027347ea2
CRs-Fixed: 2142391
For sns test in some scenarios when tx hits invalid peer state it will
print massive log so that it will lead to WD bark issue.
Move log level to lower info high from warn if tx hits invalid peer state.
Change-Id: I91d414e7203bf1e00094ca7b2fcebf80f4102082
CRs-Fixed: 2156472
Regpair for DM, DO, HN, JM, NA, PA, SN, XA are missing
which results in a crash.
Add regpair for country codes DM, DO, HN, JM, NA, PA, SN, XA.
Change-Id: I6d29f16a549121b9588d6fb68b78e14375e8eb8e
CRs-Fixed: 2154385
When a BSS is being started, the WLAN driver will abort all
scan requests, including the ACS scan initiated by the
secondary SAP, which will result in secondary SAP start
failure.
Use a different function to abort scans initiated by the
current session which is doing BSS starting so ACS scan
initiated by a second SAP will not be affected.
Change-Id: I442431e92e31cc8d3eb302ccca4249d0b4bedf82
CRs-Fixed: 2154230
csr_roaming_state_msg_processor() is declaring roam_info on stack
which is of size 736 bytes. Kernel stack has limited size and all
big data structures should be allocated from heap to avoid stack
overflow. Hence allocate roam_info struct from heap and free it
after callback has returned.
Change-Id: I282d9baa9f3e679bfd5b628f0baaadf4beec86af
CRs-Fixed: 2143439
The memdump feature allocates memory after the module has started,
leading to a false positive memory leak when the module is subsequently
stopped. Move memdump init to before the module is started in
hdd_wlan_startup, and memdump deinit to after the module is stopped in
hdd_wlan_exit.
Change-Id: I8df48e55e0f1e90fb4599469ce10f7741fb7a9a0
CRs-Fixed: 2157112
Currently, resource leak detection happens when the driver module is
unloaded. Instead move as much leak detection as possible to when the
driver transitions back into the closed state. This better supports
load-once-never-unload and built-in driver configurations.
Change-Id: I88be641948ffa4fff397a8eae40cf3b05c543673
CRs-Fixed: 2113606
If roaming is happening and then a set key response is
generated from WMA to PE, then there is a possibility
of not finding the PE session as the roaming happened
and new session is established. In such cases, return
failure from PE to SME so that the set key command is
released and the command queue is not stuck
Change-Id: Ieba8ea76a2a53322f2e392e6b0bf30360b1e8f8a
CRs-Fixed: 2150731
With current implementation, if sme_open_session sends down a command
to the Firmware and an SSR/PDR occurs, the thread is stuck on waiting
on an event. The thread also holds the rtnl lock and will keep
blocking any other thread from acquiring it till timeout occurs. This
can result in deadlock situation with IPA driver trying to execute
driver ops during the SSR/PDR notification callback.
Use the wait_for_event_completion API for waiting on event. With this
the event will be purged when driver receives FW_DOWN indication.
Change-Id: I2920fd36c0eb5bb5994e66e584d12a2a9d8f409a
CRs-Fixed: 2120226
Add a new CONFIG_QCA6290_11AX flag to track & enable all 11ax related
header changes.
Change-Id: I265364eafb05c34eea18235a15c5e317716f6ecf
CRs-Fixed: 2124274
Limit the max join attempts to two less than 1/3 of the total
command timeout value.
Change-Id: Ic52ec1cfa268a9e24e944f5d6e875e42d5a7b2be
CRs-Fixed: 2137346
qcacld-2.0 to qcacld-3.0 propagation
For HTT_T2H_MSG_TYPE_RX_OFFLOAD_DELIVER_IND, the msdu_cnt is a signed
integer coming from firmware. If set the msdu_cnt to a negative value,
or be greater than the number of current elements in the queue, the loop
will execute lots of times in ol_rx_offload_deliver_ind_handler, the
htt_rx_netbuf_pop will cause the BUG_ON issue sooner or later if it is
low latency solution.
Change the msdu_cnt type from signed to unsigned and add the validity
msdu_cnt checking will fix this issue.
Change-Id: I436557a124074f59ab11fd937dfdc975b9caebe8
CRs-Fixed: 2149461
