In the function lim_chk_n_process_wpa_rsn_ie, if wpa IE is
present, then dot11f_unpack_ie_wpa is called to copy the wpa IE
to destination buffer. assoc_req->wpa.length is passed as the
length to copy the IE. As this length includes 4 bytes of the
OUI fields also, this could result in OOB read.
Change the length passed to the dot11f_unpack_ie_wpa as
(assoc_req->wpa.length - 4), so that the additional 4 bytes of
the OUI fields are excluded.
Change-Id: If972b3a19d239bb955c7b4d4c7d94e25aa878f21
CRs-Fixed: 2267557
Fix using uninitialized variable status inside the function
populate_dot11f_twt_extended_caps
Change-Id: Ic80df2f6c5310414da4179f00867c0fe029b09c7
CRs-Fixed: 2277833
Fix using uninitialized values for req_val, bcast_val and resp_val
in the function hdd_send_twt_enable_cmd.
Change-Id: Ie671660b62f0624fbf86707f15fe122b81552a53
CRs-Fixed: 2277826
The task formerly done by wma_get_buf_extscan_change_monitor_cmd() is
now done in the common WMI project and this function is no longer
used, so remove it.
Change-Id: I4a42bda3c3b790bcd0c21abcda94a4f4aa49d8ff
CRs-Fixed: 2281906
The task formerly done by wma_get_buf_extscan_start_cmd() is now done
in the common WMI project and this function is no longer used, so
remove it.
Change-Id: I840c6a5f83c6cdc479e6746f36a29c2a7970c964
CRs-Fixed: 2281900
Multicast address filtering only makes sense if the interface is
connected and capable of receiving traffic. Avoid enabling/disabling
the multicast address filter list on an interface that is disconnected.
Change-Id: Id8aff136e920bb726b8c7dd539d477ff44f080d4
CRs-Fixed: 2282003
1) Use correct typecast in function wma_process_fw_event_mc_thread_ctx
2) Change log level to debug and refine logs in
wma_process_fw_event_handler
CRs-Fixed: 2281191
Change-Id: I4e67143d028867b193e42ec51f6f7562287eba82
When beacon is updated the host pass the gSchBeaconFrameBegin
param to WMA to copy the beacon to WMI and pass the value to
firmware. gSchBeaconFrameBegin is global so if we receive new
beacon update in LIM before the WMA process the old beacon
update the values in the global gSchBeaconFrameBegin are
updated as per new beacon. So if there is change in beacon
length the first WMA msg copy the wrong beacon data and send
this corrupt date to firmware.
To fix this instead of passing the global gSchBeaconFrameBegin
fill the beacon date in the beacon update req itself.
Change-Id: I6d196784470d9a2aeeaba76e12577f9f65012bac
CRs-Fixed: 2272448
The API wma_is_service_enable is a wrapper on the converged
wmi_service_enabled API for services and extended services. The checks
used in the API are not updated for the converged service enum.
Replace wma_is_service_enable with wmi_service_enabled as there is no
need to have a wrapper
Change-Id: I4fe3601f7e1a031290e139f9ef55f845965b7b2e
CRs-Fixed: 2276471
The WMI ready event from firmware currently uses an event queue, but is
being moved to a simple event instead. Update WMA to account for this
change.
See: I08b4f088874b7c63e20b129f14dbac01851496e5
Change-Id: I5242cc0e839b59db990fb918e8029b8f68385de6
CRs-Fixed: 2275468
To align with the coding standard rename tCsrLinkStatusCallback to not
use camelCase. As part of the process also rename other link status
identifiers.
Change-Id: I5df83512259f0f48d84a2bef77e333bb0a78eea4
CRs-Fixed: 2281797
Currently csr_get_channel_status() and csr_clear_channel_status() both
use void * for their p_mac parameter. Since this is not an opaque data
structure update the APIs the use the correct underlying data type.
Change-Id: I900e97cbdeced3bacc1f2da30f892a4d55648059
CRs-Fixed: 2281794
Function csr_disconnect_all_active_sessions() is obsolete and no
longer used, so remove it.
Change-Id: Ia2c0faa2429b706a2b7829444cd21cae4431a6ea
CRs-Fixed: 2281077
The P2P LO Callback currently specifies a void pointer for the event
payload. In the case of this API the event payload is always a struct
sir_p2p_lo_event so update the API to explicitly use this type. In
addition, currently the callback is not using the registered
user-supplied context, so update the callback to correctly use the
user-supplied context.
Change-Id: I566facea3c92b377823c1b3e38f99c84bc65e9d4
CRs-Fixed: 2278587
Attempting to flush the powersave timer on an adapter with an invalid
session_id leads to an out-of-bounds access when checking the station
context's connection state. Only flush powersave timers for adapters
with valid session_ids. Additionally, add debug asserts for invalid
session_id's in the other connection state checking functions too.
Change-Id: Iacd2f97b01d7f6901d402908304a43c2c20d2380
CRs-Fixed: 2281219
The Thermal Level callback currently specifies a void pointer for the
context. In the case of this API the context is actually known to be
an HDD handle, so update the API to explicitly use this type. This
will allow the compiler to verify that the correct type of parameter
is being passed.
Change-Id: Ifa6f9fb5d3e27470b3f5292552b871d072150988
CRs-Fixed: 2278586
Add support to configure HE trigger frame MAC padding and disable
the MU EDCA param update when user configures the padding.
Change-Id: Ief928c5421366b03ee6e1d6253963b10fd3b87b6
CRs-Fixed: 2265331
Add support to configure the HE MU EDCA params with default
values and update the params to FW.
Change-Id: Ia7485949c040cb8f83ccfe1f8336267051dbfd13
CRs-Fixed: 2262874
Qca6574 doesn't use phy_err_mask0 to indicate a spectral
scan phyerr, so spectral_phyerr_event_handler will never
be called. So add some logical to extract the correct phyerr
code to obtain the spectral scan results.
Change-Id: Ib1ec1aa98f25827dfe6ab549ff96a5d4139ad106
CRs-Fixed: 2252379
Currently, sta_id is used without validation in hdd_inspect_dhcp_packet
which may lead to OOB access for sta_info.
Call hdd_inspect_dhcp_packet only if sta_id is valid.
Change-Id: I09ebdaeeb86f8abe95fe09d23974c4bf331e29fe
CRs-Fixed: 2276615
We are transitioning the usage of ready to extwow event
to request manager framework.
Change-Id: I648b6db4ab5367c8e04e77f4adc2fb9d42039054
CRs-Fixed: 2274944
We are transitioning the usage of set antenna mode event
to request manager framework.
Change-Id: I4df39c9b71ccd5680f85d1662bec06bc90f70977
CRs-Fixed: 2274929
Add setter and getter function of timestamp for management frames
for the peer based on peer's mac address.
Change-Id: Iab0862eda2392bd516c8ba0b913441b8e0d4c493
CRs-Fixed: 2264667
Currently the host sends the fixed gtk offload params
and the FILS TLV params, even when the FILS feature is disabled
in the host, which force firmware to pick the KEK from the
FILS TLV structure rather than from the fixed param structure,
which further leads to GTK re-keying feature fail.
Fix is to send only the fixed params in case when host doesnt
supports FILS.
Change-Id: I5b3b3fd503c7cb9c4d7933074fd483086b113204
CRs-Fixed: 2244725
qcacld-2.0 to qcacld-3.0 propagation
In softAP scenario, if any pending scan request is not serviced
before NETDEV_GOING_DOWN is called, it results in call trace
Handle this by using hdd netdev notifier call for softAP, where
scan_block_work is flushed.
Change-Id: I5de07103e0b0008f21c0a13add0eed36ea1b31d0
CRs-fixed: 2076542
As part of nss update request, operating mode is updated
in beacon template. OMN IE can also present in additional
IEs which will result in OMN IE included twice in beacon.
Fix is to strip OMN IE from additional IEs if beacon
template is updated as part of nss update request.
Change-Id: Ic0cd6b76738e16eb73de7a7ba406cd727c2f8dc4
CRs-Fixed: 2274027
The hostapd sends the add_key command followed by the change_station
command to set the peer to authorized state and open the data ports.
Since the add_key is serialized through LIM/WMA layers and might not
have been sent to the FW by the time the change_station is received,
the FW would assert due to peer moved to authorized state before keys
are set.
Send the Peer authorized command to FW and to the hostapd only after
the set_key is complete for the peer.
Change-Id: Ibd1737a41ea96770987da4070b72e756538e7508
CRs-Fixed: 2267291
