Check STAID value returned by hdd_get_transmit_sta_id against MAX_STA,
before accessing array based on STAID index.
Change-Id: I4ac88e3d95f425ddc3a8690ef5333e0a4e67d328
CRs-Fixed: 1050083
TDLS init/exit functions have some dead code and it causes
memory leak for each wlan on/off operation.
Remove the dead code from TDLS init/exit functions.
Change-Id: Ie43057d94a27c34e970293b5cbc75edb6c0f6ca8
CRs-Fixed: 1050841
TDLS peer idle timers will be created only for implicit and external
mode operations. But tdls exit operation try to stop these timers
without checking the state of the timers and causes assert in
timer module.
Add changes to validate timer state before calls timer stop
function.
Change-Id: I6d41bbd99b49326b5a6eb8350f67923626d42400
CRs-Fixed: 1050836
qcacld-2.0 to qcacld-3.0 propagation
While RTT ranging happens, userspace application initiates FTM
request via host to FW. After sending the FTM request, host
might go to sleep mode sometimes so FW will not be able to send
the OEM response event resulting in poor ranging results.
This change registers OEM response event as WOW wakeable so FW
wakes up host whenever it receives OEM response which helps OEM
response to reach userspace application on time for better
ranging results.
Git-commit: 4de9b661e45a0bde4dfefc760edf03d1b8f4dd68
Change-Id: I71b77cfa09c5039b487e9a93490837a084314fb3
CRs-Fixed: 1018887
Bus bandwidth request timer samples the traffic on STA and
P2P client adapters to trigger bandwidth request and also enable
tcp delayed ack trigger to cnss daemon.
CRs-Fixed: 1050190
Change-Id: Iecd8a3f3762aa4c7743fb6ea22a8216fdac2ac8c
Currently MCL driver loads/unloads when user tries to
Switch On/Off from GUI and load process is different
for the static and dynamic built driver.
With this feature, we shall have a uniform behavior for
static and dynamic driver, where the driver will be
loaded once and unload never.
Mode switch for different modes is supported via sysfs entries.
Change-Id: Ica49dd289d7f1f0ad0c56af76bd7bcfeca433a2e
CRs-Fixed: 1049218
As a part of the dynamic mode changes, the CDS modules shall be
closed/re-opened several times. Depending on the STATE of the driver,
the modules have to be initialized.
This function shall be invoked when driver state
is OPENED(DRIVER_MODULES_OPENED) and has to be enabled.
Change-Id: Ife4a4d8121bdc5ef9ed92aa9aea1d92ee4554732
CRs-Fixed: 1045626
Update default INI config value for rm_capability to indicate
support for LCI capability.
Change-Id: Id5303ffc4004e58f6302f8692a15b8040231c3a4
CRs-Fixed: 1049333
Remove the usage of typedef for oem data request and oem
data response data structure.
Change-Id: I94f05833baa9b6baaf2272f63a33236437a96bbf
CRs-Fixed: 1038872
Remove oem data rsp passing over multiple layers.
This change set sends the OEM data response directly to
SME from WMA instead of going through LIM/MLM.
Change-Id: I3cff10ff7bdbcee39b39bd9ba03b5eff8444b017
CRs-Fixed: 1038872
Remove oem data request passing over multiple layers.
This change set sends the OEM data request directly from
SME to WMA instead of going through LIM/MLM.
Change-Id: I151fa771544e9f74b1b69b18d689176752760621
CRs-Fixed: 1038872
Remove handling of deprecated OEM related events since FW and
userspace application will use only TLV based messaging.
Support to handle following events are removed,
WMI_OEM_CAPABILITY_EVENTID
WMI_OEM_MEASUREMENT_REPORT_EVENTID
WMI_OEM_ERROR_REPORT_EVENTID
Change-Id: Ia194f559acde6689a50c56b52078b7dc967c6159
CRs-Fixed: 1038872
qcacld-2.0 to qcacld-3.0 propagation
Fix uninitialized stack use in csrRoamReadTSF by initializing
variable of struct type tCsrNeighborRoamBSSInfo to zero.
Git-commit: d39cf92e69222e03f89238313f5b8c100ecd4ecc
Change-Id: I4211b41b5e30d414e45691a5bab4048587cc8499
CRs-Fixed: 1018486
qcacld-2.0 to qcacld-3.0 propagation
Due to pre-emption there could be probability that tdls context
is accessed in wlan_hdd_tdls_check_power_save_prohibited after it's
released. This will result in kernel panic.
Protect tdls context with mutex lock before accessing
Change-Id: I33369320de5b0aadae661d7d27fbc5ba18e9e409
CRs-Fixed: 990645
qcacld-2.0 to qcacld-3.0 propagation
When STA process Neighbor report from AP, session_id is declared
as one byte variable and its overwritten with four bytes value
in csrRoamGetSessionIdFromBSSID. This is observed on enabling stack
protection in kernel config(CONFIG_CC_STACKPROTECTOR).
Fix is to declare session_id as four bytes variable.
Git-commit: 96646d1eb48c4f3bf45555b8f636f90cf925b8b8
Change-Id: I6b2fd40a5466fe5dd72d394abb682229a550e0b1
CRs-Fixed: 1025272
Propagation from qcacld-2.0 to qcacld-3.0
- Current length of bpf is not set during the reset filter. set offload
is allocated through malloc, so invalid values for current_length
are recieved during reset. Memset set_bpfload to zero after
allocation.
- update the bpf service to hdd correctly depending on the
wmi service bitmap recieved from the firmware.
Change-Id: Iaf4774865cf0698a2deebac5cea62c873146e838
CRs-Fixed: 985562
WLAN suspend/resume feature has tight dependency on APPS platform
suspend/resume support. On new targets APPS suspend/resume is not
supported until target is feature complete. In absence of APPS
suspend/resume support testing WLAN offload features become
difficult. Add unit test framework to test WLAN suspend/resume
features using private IOCTL command by simulating APPS
suspend/resume behaviour.
Trigger WLAN suspend:
iwpriv wlan0 wlan_suspend 0 0
To resume WLAN run a ping test from access point side and very 1st
ping request unicast packet should trigger wake up.
If FW is not waking up APPS then use below command to do a manual
wake up:
Trigger WLAN resume:
iwpriv wlan0 wlan_resume 0 0
This unit test framework is only for SNOC.
Change-Id: I177a0047f460aa2a305a9e4e46fbfaa94a81dced
CRs-Fixed: 1042205
In function wma_roam_scan_filter, memory is allocated to local variable
params. And in default case of the switch, we are returning from the function
without freeing the params memory, this cause memory leak.
To fix this, free params memory before return in switch case.
Change-Id: I0a8825b44f4bcd9b05f0e1f0e6cdd0d114af0a01
CRs-Fixed: 1048116
In function csr_update_lost_link1_cmd, memory is allocated to
local variable struct scan_filter, further we passing this
variable to csr_roam_prepare_filter_from_profile function and
allocating memory to the members of the scan_filter. At some
point in the function we are returning without freeing memory
allocated to scan_filter, which causes memory leak.
Make sure to free scan_filter’s memory before returning.
Change-Id: I448cf0d4bb16d4769b50c96495038684909e0739
CRs-Fixed: 1048116
In function convert_qos_mapset_frame, restrict dscp_exceptions array
access index to size of array
Change-Id: I31ed8edaee1a9b3715f66686a8a45d5f2ffd4532
CRs-Fixed: 1042968
Change-Id I35d802f564e41ee0b30386ee7b74d2b44eb80ecf
Revert this change to allow re-association to same AP which is
required for HS certification.
Change-Id: I75114b5e36b4ce6def602b9054481845ac09c56a
CRs-Fixed: 936342
Reduce some of error log levels to info level in suspend path to avoid
logging them to console.
Change-Id: I61096bdbf757cd21f959fa716f35f65cd27cc9cc
CRs-Fixed: 1048395
In function hdd_hostapd_sap_event_cb frame size exceeds 1024 bytes
due to changes to some structures in msm-4.4 kernel, so compilation
for 32-bit systems might fail
Thus, reduce structure allocations on heap instead of stack in
hdd_hostapd_sap_event_cb.
Change-Id: Ie710afbd6c066a3d770c6c9aac0cfd675ea57f53
CRs-fixed: 1046882
connection status is not updated at HDD because
eCSR_ROAM_CANCELLED is not handled at hdd callback.
Added support for eCSR_ROAM_CANCELLED so that HDD updates
connection status to upper layers.
Change-Id: I4c185bb3a370a0562de6431fde8952c68789de53
CRs-Fixed: 1043090
Avoid converting invalid frequency i.e zero frequency to channel using
ieee80211_frequency_to_channel() function.
Change-Id: I4a32591e313183348180a1d30a950b4b174a27cc
CRs-Fixed: 1047642
In function wma_send_peer_assoc, logging error when wmi_unified_peer_assoc_send
failed. But error type used in this log is wrong, use "status" instead of "ret".
Change-Id: I8dbdd68e16d665e5a7749e10c7006da9f96a6fd7
CRs-Fixed: 1042968
In function wma_get_mcs_idx variable "match_rate" is not initialized.
Initialize "match_rate" to avoid dereferencing uninitialized variable.
Change-Id: Id4c7e1913628007087c58149e4b7033320d4cc79
CRs-Fixed: 1042968
In function wma_add_bss_sta_mode, variable "peer" is not initialized.
Possibly we may pass this variable to wma_remove_peer function as is
and that can be dereferenced inside wma_remove_peer function.
So initialize peer with NULL to avoid dereferencing uninitialized variable.
Change-Id: Ibc484759b5e92052a3500137464e47287ccad939
CRs-Fixed: 1042968
Remove extra variable "flag_bss_present" used to indicate if scan
result present based on pointer "bss_desc". Instead use "bss_desc"
itself.
Change-Id: I3fe5474d41219b44cbe38fa88c51013526c081c9
CRs-Fixed: 1042968
