Function hdd_override_all_ps is only used for monitor mode. In
this function, unexpected PM objects will cause initialization
malfunction. Move these PM objects setting after vdev creation.
CRs-Fixed: 2338261
Change-Id: I0d0e7b1bc4ec0853a274bdea8db2bbe3a3dbe885
During SSR the sap context is reinitialized and it request for
scan request id again deleting the older request id from scan module
this can lead to situation where the scan requestor list is filled by
SAP request id's and thus next request for request id will return 0.
Now during de init when it try to delete the requestor id 0 it delete
the 0th entry which is for CFG. Now if again SAP register the request
id it will get the 0th index which was freed and thus when CFG
requests a scan the sap callback is called instead of CFG leading to
NULL pointer access.
Fix this by not registering for request id again after SSR for SAP.
Change-Id: Ibc8ad0700b602a9c3d2769d979303499df8d6605
CRs-Fixed: 2341133
Add the basic infra for legacy DP CFG items and the APIs
to be used from other components.
Change-Id: If7ad0e02c65e04ea13a308e680c9ba3b3d84ae25
CRs-Fixed: 2324099
In sap_deinit_ctx() the check to free sap_ctx->channelList is after
sap_ctx is memset to 0 and thus sap_ctx->channelList will always be
NULL and memory will never get freed.
Also there is no need to reset scan_vdev_del_in_progress after vdev
is deleted in firmware as there still can be the race when scan is
processed. scan_vdev_del_in_progress will be deleted with obj_mgr
vdev so no need to reset it.
Change-Id: Ie5f133d4db48485434436e67ce1643d8e1e04106
CRs-Fixed: 2342039
One of the HDD functions with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of all of the WE_PPS_* sub-ioctls
has a complexity greater than 1, so refactor that logic into separate
functions to help reduce the complexity of __iw_setint_getnone().
Change-Id: I2abde9c5e300302c7948049027d2db88c893211a
CRs-Fixed: 2341123
If event posting to VDEV state machine fails, the memory allocated
in lim join and reassoc req is not freed, leading to mem leak.
Fix this by freeing the memory in failure cases.
Change-Id: I3769684e6ad64341b73dd6f6343adc8c0d26d04c
CRs-Fixed: 2342487
When SSR is in progress, when trying to remove self peer, if
wma_remove_peer() is failed then wma_vdev_detach() doesn't send del sta
response and wma_self_peer_remove() can still proceed to start vdev
hold request timer. This can lead to skip of vdev reference count
release by wma acquired during vdev attach.
To address this, release vdev reference count when self peer remove is
failed and when del self sta request is timed-out.
Change-Id: I2703261a848983b10798cb8ec74d1cec5a393ce5
CRs-Fixed: 2342453
Currently Napier FW WAPI TX/RX initial PN logic is fit for WIN
host, modify MCL host to align with WIN so that WAPI can work.
Change-Id: I0b49a25e75d1e9c4856daf8648d6561486005ba9
CRs-Fixed: 2323152
The snoc wlan platform driver supports snoc API with
the device pointer in all upstream kernel, So remove
the redundant snoc APIs from the pld layer.
CRs-Fixed: 2173110
Change-Id: Iee8bce586569e135da81f9a465a9e7df8b042af4
In error cases of set hw mode, set dual config etc are not handled
in all scenarios and thus the active cmd is not removed in this case
resulting in active cmd timeout.
Fix this by handling and sending failure resp for all the error
scenarios.
Change-Id: I21151798f58bf9816458430d96c7fd1d5f0ee07f
CRs-Fixed: 2341816
To help reduce the complexity of future refactorings in
hdd_stop_adapter_ext(), address some simple style issues.
Change-Id: Iae67f1d828c1ffcb102a78617c40db1babf5b009
CRs-Fixed: 2342133
Some target which support sending mgmt frame based on htt would DMA
write this PMF tx frame buffer, it may cause smmu check permission
fault, set a flag to do special DMA map.
Change-Id: I3686be211374d2c316726fa3248dedce87c3faed
CRs-Fixed: 2332329
1) Support SAP, GO standalone case
2) Support SAP + STA concurrency
3) Support GO + STA concurrency
Change-Id: I7da2102f0d8b893bc057bc8ecf0af4ab74f81db4
CR-Fixed:2320218
One of the HDD functions with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of WE_CLEAR_STATS has a complexity
greater than 1, so refactor that logic into a separate function to
help reduce the complexity of __iw_setint_getnone().
Change-Id: I51e72ccf83a6b63792c17d6c65daca6571ef21bb
CRs-Fixed: 2341122
Remove legacy cfg items definitions and related macros for the
converged CFG items.
Change-Id: I12944f50d68dafe989417dda777f29a6233c97a4
CRs-Fixed: 2340856
When the firmware crashes platform driver notifies the driver
through CNSS_FW_DOWN. Since firmware down support is not
present for the PCI bus, The driver flags for target ready
and recovery flags are not getting set resulting in the commands
sent to firmware.
Add the firmware down support for the pci bus.
Change-Id: I20db3698602ea273038a3f024b4e5f61639f6d74
CRs-Fixed: 2338570
When beacon report request action frame is received,
rrm_process_beacon_report_req() is called and num_channels value
is calculated from the action frame directly from user. This
value is assigned to pSmeBcnReportReq->channelList.numChannels
and this num channels value along with the channel list is
posted to sme for further processing. The sme function
sme_rrm_process_beacon_report_req_ind() processes this sme
message eWNI_SME_BEACON_REPORT_REQ_IND. In this function,
the channels in channel list are looped through the received
value pBeaconReq->channelList.numChannels and is copied to the
destination pSmeRrmContext->channelList array from the
pBeaconReq->channelList.channelNumber[] array.
The maximum possible number of channels in channel list
BeaconReq->channelList.channelNumber[] allocated statically
in the definition of tSirChannelList is
SIR_ESE_MAX_MEAS_IE_REQS (8).
So when the pBeaconReq->channelList.numChannels, possible OOB
read occurs.
Validate the value of pBeaconReq->channelList.numChannels
received from the action frame against the maximum supported
number of channels in channel list SIR_ESE_MAX_MEAS_IE_REQS (8).
Place this validation inside the function
sme_rrm_process_beacon_report_req_ind() instead of validating it
at rrm_process_beacon_report_req() so that it defends from other
caller sme_set_ese_beacon_request() which is from user space
command through IOCTL.
Change-Id: I2074b04081328ceab7eeb29c33631a635e9d93c3
CRs-Fixed: 2335974
One of the HDD functions with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of WE_SET_AMSDU has a complexity
greater than 1, so refactor that logic into a separate function to
help reduce the complexity of __iw_setint_getnone().
Change-Id: I74bbc055c1587fff548512f4c7f325f75345eb95
CRs-Fixed: 2340147
One of the HDD functions with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of WE_SET_VHT_RATE has a complexity
greater than 1, so refactor that logic into a separate function to
help reduce the complexity of __iw_setint_getnone().
Change-Id: I07299bcc7e1cba7b5ceced3ba1cf22c470cb448e
CRs-Fixed: 2340146
One of the HDD functions with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of WE_SET_11N_RATE has a complexity
greater than 1, so refactor that logic into a separate function to
help reduce the complexity of __iw_setint_getnone().
Change-Id: Iea2ee6bc53a56bb92497d42ac057e6663bc07097
CRs-Fixed: 2340145
One of the HDD functions with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of WE_SET_RTSCTS has a complexity
greater than 1, so refactor that logic into a separate function to
help reduce the complexity of __iw_setint_getnone().
Change-Id: I9f17824abe6ac9e60cc908c46661fe991ecfd9aa
CRs-Fixed: 2340144
One of the HDD functions with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of WE_SET_SHORT_GI has a complexity
greater than 1, so refactor that logic into a separate function to
help reduce the complexity of __iw_setint_getnone().
Change-Id: Ica2a50216c413985f05a2771641be439c6c9d8cd
CRs-Fixed: 2339229
hdd_set_rx_stbc() is called from both the STA and SAP ioctl
handlers. In the STA case the caller checks the mac_handle, but in the
SAP case the mac_handle is not checked. This could result in a bad
mac_handle being used in the SAP case. In order to cover both cases
relocate the mac_handle test to hdd_set_rx_stbc().
Note that this has the added benefit of reducing the cyclomatic
complexity of __iw_setint_getnone(), one of the HDD functions with the
highest complexity.
Change-Id: I9442a8a46da4066c8b4dafe2cf9ce64f608bb3a9
CRs-Fixed: 2339228
hdd_set_tx_stbc() is called from both the STA and SAP ioctl
handlers. In the STA case the caller checks the mac_handle, but in the
SAP case the mac_handle is not checked. This could result in a bad
mac_handle being used in the SAP case. In order to cover both cases
relocate the mac_handle test to hdd_set_tx_stbc().
Note that this has the added benefit of reducing the cyclomatic
complexity of __iw_setint_getnone(), one of the HDD functions with the
highest complexity.
Change-Id: Ie7a01ddbfb958ab87b7baf11e93d8a86c32744b7
CRs-Fixed: 2339227
hdd_set_ldpc() is called from both the STA and SAP ioctl handlers. In
the STA case the caller checks the mac_handle, but in the SAP case the
mac_handle is not checked. This could result in a bad mac_handle being
used in the SAP case. In order to cover both cases relocate the
mac_handle test to hdd_set_ldpc().
Note that this has the added benefit of reducing the cyclomatic
complexity of __iw_setint_getnone(), one of the HDD functions with the
highest complexity.
Change-Id: I97827ee257c9e15e24468ed9800080375f082ff1
CRs-Fixed: 2339226
According to the current code flow of con_mode_handler, the
WLAN modules are stopped, adapter is opened in FTM mode and then
the modules are started. Due to the INI/CFG value accces done as
part of opening the adapter, and since the modules are stopped
at this point, it results in a use after free scenario.
Modify code sequence of con_mode_handler to WLAN start modules
before opening the adapter in FTM mode.
Change-Id: I94afb9b2a3751247b4ae95e27b1374b25890a9d7
CRs-Fixed: 2339777
