Send the WMI_TWT_ENABLE_CMDID command to the target if the target
supports any one mode out of requestor, responder or broadcast mode.
Change-Id: I7ab21fff89e7c88bf951b333d7a923857f2123d6
CRs-Fixed: 2238302
Introduce new WNI items for TWT as follows:
WNI_CFG_TWT_REQUESTOR
WNI_CFG_TWT_RESPONDER
WNI_CFG_BCAST_TWT
Based on the INI configuration and target support, enable
or disable the TWT services in the WNI CFG database.
Change-Id: Id1b239e53f30f00220e0cefb541fc641a898e712
CRs-Fixed: 2238302
Introduce the below configuration items for
Target Wake Time feature.
enable_twt: Enable/Disable the TWT feature using this configuration
item.
twt_congestion_timeout: This ini is used to configure the target wake
time congestion timeout value in the units of milliseconds.STA uses this
timer to continuously monitor channel congestion levels to decide
whether to start or stop TWT.
Change-Id: I225b63e4f21357d57d28a9aa7e9ae1cd8c4c694f
CRs-Fixed: 2238302
When Force SCC and STA+SAP SCC on LTE coex channel are enabled:
1. When STA on LTE coex channel, start SAP, select STA
channel.
2. When SAP on, connect STA on LTE coex channel, then switch
SAP channel to STA channel.
Change-Id: I3f3972df43318473342d42012be3a57b8baad965
CRs-Fixed: 2235704
If wma_remove_peer() fails to remove peer and send PEER_DELETE command
to fw, it will cause issues afterwards and asserts at random places
that would be misleading.
Assert in wma_remove_peer() if peer remove fails.
Change-Id: I97a4b72c359a4e2322c9c499d01f21a4d287e8fd
CRs-Fixed: 2252886
Add per-level logging wrappers to SME module,
which can be compiled in or out by the build
configuration.
Change-Id: I7ad6020ee496e211f4edf6ec552999af03ffe01f
CRs-Fixed: 2261929
cfg_get_vendor_ie_ptr_from_oui is invoked in
lim_process_assoc_req_frame function with ie
pointer pointing to frame buffer plus assoc
req ie offset and ie len equal to frame buffer
len. This could result in OOB access since
offset is not subtracted from frame len.
Fix is to subtract the offset from frame len
as argument to cfg_get_vendor_ie_ptr_from_oui.
Change-Id: Ic107867bcf4d7813c544309a2aff165f2dc7155d
CRs-Fixed: 2255369
The tSirRetStatus definitions are obsolete, so replace them with
QDF_STATUS definitions in the wma folder.
Change-Id: I3ba728e378697fb02f02322e7a467cd4f8a62c10
CRs-Fixed: 2262962
This is to fix a null pointer dereference in testmode handler.
In the case of driver is close state, userspace still sends testmode
command to the callback, where the hdd_ctx->pdev is already deallocated,
and reset to NULL that causes a null pointer reference.
The failure callstack as below.
012|QDF_DEBUG_PANIC()
013|wlan_objmgr_pdev_get_comp_private_obj(pdev=null)
014|wlan_cfg80211_ftm_testmode_cmd()
015|__wlan_hdd_cfg80211_testmode(inline)
Change-Id: I26cb132a3f5b2eb9cd83892a80bea25a8d511962
CRs-fixed: 2261847
In the API sme_get_link_speed, the driver allocates memory
to the req, needed to get link speed from firmware
but is not freed, thus a memory leak may happen.
Fix is to remove the req from this API as the driver already
has this info from caller API.
Change-Id: I091bd81b162cd7e6f548068866ecdd441302553a
CRs-Fixed: 2257373
Key id is extracted from data buffer without validating
len of data which could result in out of bound access.
Fix is to validate frame len before extracting key id
from data buffer.
Change-Id: I1f4d88b7ca6201f03a6bc8e6915f1479f571838f
CRs-Fixed: 2254141
Change "qcacld-3.0: Introduce mac_handle_t" introduced a modern
name for what was previously called the tHalHandle. Transition
wlan_hdd_ocb to use the new naming.
Change-Id: Iffbc2ff5419d7057e814f48750681ef24c1776ed
CRs-Fixed: 2262584
Change "qcacld-3.0: Introduce mac_handle_t" introduced a modern
name for what was previously called the tHalHandle. Transition
wlan_hdd_fips to use the new naming.
Change-Id: I2edf712ca9af24aefe4b34efa62de827703cd7f9
CRs-Fixed: 2262583
Change "qcacld-3.0: Introduce mac_handle_t" introduced a modern
name for what was previously called the tHalHandle. Transition
wlan_hdd_subnet_detect to use the new naming.
Change-Id: Idc648bd965dc29ed620bf8f85b04c7658e51253d
CRs-Fixed: 2262582
Change "qcacld-3.0: Introduce mac_handle_t" introduced a modern
name for what was previously called the tHalHandle. Transition
wlan_hdd_softap_tx_rx to use the new naming.
Change-Id: Ie8c515c96ebfd741b36a4b69d1e482093ead569d
CRs-Fixed: 2262581
Change "qcacld-3.0: Introduce mac_handle_t" introduced a modern
name for what was previously called the tHalHandle. Transition
wlan_hdd_object_manager to use the new naming.
Change-Id: If17411e6d5fa29b401f4fb90e8f52197f9f8386e
CRs-Fixed: 2262577
Change "qcacld-3.0: Introduce mac_handle_t" introduced a modern name
for what was previously called the tHalHandle. Incorporate the new
name in struct hdd_context, as well as introduce new MAC handle
accessor functions. Future changes will transform the existing
tHalHandle references to mac_handle_t references throughout HDD.
Change-Id: Ic33c5f9332ccda6a7825a2a8521ebb0e66d1ab98
CRs-Fixed: 2261200
SDIO transfer between host and target can have multiple methods.
Legacy methods use the mailbox dma transfer method. Newer IP shall
use the adma transfer method.
Add build option for the transfer method.
Change-Id: Ibf2e20869d93f631db25008a95bdebf03875fcc0
CRs-Fixed: 2252432
Presently, while sending scan offload request to fw, fw is only notified
whether the channel list is static or dynamic. Fw is not notified whether
it is dynamic init, dynamic flush or dynamic update. Also, in HOST
driver it is not being used anywhere.
Remove the code to mark the channel list as dynamic update, dynamic flush
or dynamic init. Instead, assign the channel list simply as dynamic.
Change-Id: Iad834f07bb61963f0fbb6227ffcedfd1679d1a9e
CRs-Fixed: 2260715
The protocol stack has some lingering uses of the legacy status
enumeration tSirRetStatus. There is a plan to transition all of these
to QDF_STATUS. As the next step of this plan replace the tSirRetStatus
definition with macros that map to QDF_STATUS identifiers. This will
ensure that the transition does not have any side effects, and will
provide the mappings to be used to allow a global replace of
tSirRetStatus identifiers with QDF_STATUS identifiers.
Change-Id: Ied64393500d78b5059b68536fc5511918188962b
CRs-Fixed: 2261128
Copy the country code value to local variable and use
it to set the country code to avoid the out of bound
access to caller buffer.
Change-Id: I48662d4034f5dab496b23af4c1840581061bd2e5
CRs-Fixed: 2247610
In case of WLAN_EID_WAPI, Host assuming that the incoming ie buffer
is at least of length (4 + 2 + akmsuiteCount * sizeof(uint32_t))
long and is not checked anywhere before accessing. Results possible
OOB read issue could occur.
Fix is to add a check for incoming buffer IEs.
Change-Id: Ia60cf8c56478b47e5f2f654f0cf77fe6bd5706e4
CRs-Fixed: 2252250
Channel info for ACS is not getting initialized if channel is unsafe.
So, channel number, rssi, ACS weight, etc. is not getting initialized
and is 0 for all the unsafe channels. As a result, wrong weights are
getting calculated in ACS algo and wrong channel number is getting
printed in logs for all these channels.
Initialize channel info for ACS even if channel is unsafe.
Change-Id: Iec315ea818b5b51aef6879831b8be29ba4515983
CRs-Fixed: 2260798
When CSA is received from the firmware, dot11_mode is copied
from received message . In response to the CSA message, the host
invokes wma_vdev_start with isRestart flag set to restart the
vdev with the new updated channel, and channel params.
The dot11_mode value is copied from the CSA which will not be a
problem unless the switching channel is on the same band or on
different band as long as its HT/VHT 2.4GHZ to HT/VHT 5GHZ bands
or vice-versa. When the channel switch occurs from a 11a to 11g
band or vice-versa, wrong dot11_mode is populated without being
updated for the new band. As the phy_mode is calculated from the
dot11_mode value, phy_mode check fails in wma_vdev_start in this
case. So the host doesn't send vdev_restart.
Populate the dot11_mode correctly and pass it to lower layers
upon updation. This will ensure correct phy_mode is calculated
and vdev_restart is sent.
Change-Id: Iaf8788d51b47190c04744b8981dd594236fbae57
CRs-Fixed: 2248980
Currently, in ol_txrx_is_peer_eligible_for_deletion(), invalid
dereferencing of peer_id_to_obj_map[0xFFFF] to get peer_ref while
processing VDEV stop response handler may occur.
Revert the changes introduced by
Change-Id: Icf252612081a41f94db6df4684348f2962b2da9d and
Change-Id: I743e2e2c83c3e07e5d5ec4fde7fc3b098766ca96
Change-Id: I7aa104f69a5665f0e08314fb0a273e077f562939
CRs-Fixed: 2261088
Before wow enable or pdev suspend host sets hardware filter bitmap
and enables the filter via a command. But after resuming it sends
bitmap as zero with filter disable. This is interpreted by Firmware
as disable the modes set in the bitmap, so none of the modes are
disabled. With this host will not receive bc/mc packets after
disabling the hw filter, which it is expecting.
Send the same bitmap after resume that was used before suspend.
Change-Id: Ic7425274c9197e907404c3ca9ba0d5269ee51690
CRs-Fixed: 2194964
Some times HTT response for suspend IPA pipes from FW host arrives
after vdev has been cleaned up at FW. After receiving FW HTT IPA
pipe suspend response HOST processes pending events. For event AP
DISCONNECT HOST sends IPA offload disable command to FW with vdev
id that has been deleted at FW. As a result FW asserts.
In this change before processing IPA WLAN pending events validate the
session. If session exists then only process the events.
Change-Id: I464a91c3a85e6002297d9ade2fbd45b45a2a4d51
CRs-Fixed: 2261111
In implementation of Android Packet Filter, functions, variables,
definitions are named after BPF, which stands for Berkely Packet
Filter. The term was more appropriate for Link Layer packet
filters implemented in the Linux kernel, known as Linux Socket
Filters.
The term BPF is obsolete now, so rename it with the
appropriate acronym, APF.
Change-Id: I9e02edbc580ffb2c559c8e864f54d255fc2d51a3
CRs-Fixed: 2191530
File wlan_hdd_cfg80211.c is bloated and adding support for
upcoming Android Packet Filter v3 is going to increase its
size even more.
Create a new source file for APF related HDD modules and a
header file for declaring the API's.
Change-Id: I2fb3d7e017f4befbad7aacab3575ae2b48e88a45
CRs-Fixed: 2189825
Currently the NL MSG handlers for WLAN_NL_MSG_OEM and
WLAN_NL_MSG_SPECTRAL_SCAN are not deregistered during hdd_wlan_exit which
can causes a page fault if NL issues cld80211_doit for these NL messages
when the WLAN is not up.
Add Deregister APIs for all the NL MSGs to call as part of
hdd_exit_netlink_services during hdd_wlan_exit.
Change-Id: I5811dcfc79eff4ea7281de5f7591e078c572e69c
CRs-Fixed: 2232902
PMO should not know about vdev data path handle, but
pmo_unpause_all_vdev() need it, so register a wma callback to retrieve
the vdev dp handle instead of keep a copy in pmo vdev private context.
Refine current code to retrieve vdev dp handle using a wma callback
Change-Id: I1f668fff633a5e5cdfc478e7f619e9600930b333
CRs-Fixed: 2227384
In __iw_set_packet_filter_params(), a user controlled length value,
priv_data.length, is used to allocated a buffer. This buffer is then
cast to a struct pointer of struct pkt_filter_cfg type without ensuring
the buffer is of proper length.
Add a sanity check on priv_data.length to ensure that the command being
issued has proper parameters.
Change-Id: Ia871e35ef938ca889fb6b1609a0c881d76f29e4b
CRs-Fixed: 2250775
1) Add timer callback function for resuming OS netdev queues once
they have been paused.
2) Add HDD function to register resume timer callback for High Latency
Data Path Flow Control.
HL netdev flow control will re-use some of the
QCA_LL_LEGACY_TX_FLOW_CONTROL functionality, hence some parts of the
legacy flow control code have been conditionally enabled for
QCA_HL_NETDEV_FLOW_CONTROL as well.
Change-Id: I4d4a03ddd5be980ce27fd0771fa9d6dc26138357
CRs-fixed: 2236321
The following memory leak issues of blocked scan requests
need to be addressed:
1. Add list for blocked scan requests
There could be multiple scan requests are blocked before related
callback can be executed. Currently there is only one pointer
for such requests. A list is added accordingly.
2. Cleanup blocked scan request when ifdown
Scheduled work for blocked scan might not be able to be executed
before ifdown. When the work is cancelled, related scan request is
not freed and will caused memory leak.
Call the relate callback when blocked scan work is cancelled to
cleanup the pending scan request.
Change-Id: Ifb5fc1b14a043ad67e4ba1d305ce4133b471188c
CRs-Fixed: 2166111
Fix overrunning callee's array of size 19 by evaluating argument tid
not to pass the maximum number.
Change-Id: I993339f4b9aea51e9566d213c9828825c5f2bf66
CRs-Fixed: 2232744
For txrx_stats command, there are two parameters are designed as
mandatory: 1st is statistics category, 2nd is mac id.
Add default value 0 for those parameters.
CRs-Fixed: 2248034
Change-Id: Ifc667e22bd78a295c3323f2b2e063f2f6ba12e8e
In case the current selected txq group, does not have enough credits,
try to borrow credits from the other txq group.
Change-Id: I86fbe990853d90598f6e09b13f7061e4ba1a78ae
CRs-fixed: 2246206
