When the driver command COUNTRY is issued from the userspace, the
command and the parameter is copied from the user in hdd_driver_command()
where it is then processed by hdd_drv_cmd_process() and then passed on
to the handler, in this case, drv_cmd_country(). The command parameter
passed is then parsed for the country code appended after the string
"COUNTRY". In the case the command is passed without any country code,
there may occur an out of bounds index access in the function
drv_cmd_country(). The parsed parameters in this function are accessed
without any validity check.
Add a validity check to verify that the command is passed with country
code parameters to prevent access of out of bound index.
Change-Id: I03c372796ed7cd62e54a0acdf237069be076ee2c
CRs-Fixed: 2242617
Currently the congestion_cb API specifies a void pointer for the
context parameter. It is fine for an API to use a void pointer for a
data structure that is opaque or a binary blob, but in this case an
HDD handle is always passed, so explicitly reference that type. This
will allow the compiler to verify that the correct type of parameter
is being passed.
Change-Id: I3bfa07300fad8cd75b7b98c9b7ccdad4936bf32f
CRs-Fixed: 2276476
Currently the chip_power_save_fail_cb API specifies a void pointer for
the context parameter. It is fine for an API to use a void pointer
for a data structure that is opaque or a binary blob, but in this case
an HDD handle is always passed, so explicitly reference that type.
This will allow the compiler to verify that the correct type of
parameter is being passed.
Change-Id: Ia9cbf1a229423d3dffd4d137c726d34b7a70fbb3
CRs-Fixed: 2276467
CSR contains the remnants of a Link Quality Indication support. Since
this is unused, remove it.
Change-Id: I5235e204e8ec15c2d927e8b3a95e1f65cab4cf70
CRs-Fixed: 2276296
In order to help facilitate the move to per-level logging, add new
logging macros to WMA.
Change-Id: Ie5fa0074f6ace527a84dcc82b332607473615d7c
CRs-Fixed: 2275464
In the error path of hdd_objmgr_create_and_store_vdev,
osif_priv->osif_tdls is not freed.
Call wlan_cfg80211_tdls_priv_deinit to free the buffer
in error path.
Change-Id: I4f1fdca1a6a4f2e8c061dc227632850d5baab320
CRs-Fixed: 2275008
For self STA object manager peer is not created.
To transmit some frames before association object manager
peer is required in wlan_mgmt_txrx_mgmt_frame_tx.
So, create self STA obj manager peer as part of vdev attach.
CRs-Fixed: 2276106
Change-Id: If34e039e1bbadcafabd1f86579c7d639256c9267
DPTRACE timing logic uses the bandwidth request timer (~100ms) to make
calculations. Fix the current code to invoke qdf_throttle_live_mode
every 100ms, instead of when the throughput changes.
Change-Id: Ic64c28ef30ac7d7f764216a615ff1d9903436105
CRs-Fixed: 2273874
Adds support in pld_usb.c for registering with CNSS driver.
pld_usb can now register directly with Linux USB stack or with
CNSS driver.
For QCN7605, registration is to be done with CNSS.
Change-Id: Ibf7e51679e1848bcd8e1acfa43c457f42ff40c0b
CRs-Fixed: 2269602
If radar detected while in SAP CAC wait state, and stop AP command
invoke at same time, SAP machine will go to eSAP_DISCONNECTING but
ignore eSAP_HDD_STOP_INFRA_BSS message in sap_fsm_state_disconnecting()
because is_chan_change_inprogress is not set for this case.
Set is_chan_change_inprogress as case radar detected after cac
wait time.
Change-Id: I156cf8375520eeb258d5cde53bd13e80881a36a3
CRs-Fixed: 2273169
On cnss2 platform, the cnss callbacks in wlan driver are called with
serialization, and in wlan driver stop module and start module has
mutex of iface_change_lock, it might hit deadlock if race condition
happen of rmmod and start module, because start module might call
pld_power_on for this case.
Fix by setting unload flag earlier in __hdd_module_exit which in
different context of cnss serialized work queue, it prevents new
interface open at this point and wait for external thread complete
after it, it close race window before call wlan_hdd_pld_remove.
Change-Id: I8eb3740701070428c59f1fe3e8d2f439d9173413
CRs-Fixed: 2265691
The skb used for HW-mode-change vendor event will be freed twice
in failure scenario.
To avoid this, just keep the free in same function as allocation.
CRs-Fixed: 2274784
Change-Id: Ibd37bc9787470da6de93c87a16c4c3bed7d1f78e
Clean up issues identified in wlan_hdd_power.h:
- Make sure all APIs have documentation
- Make sure all APIs adhere to the coding standard
Change-Id: I955b2eaec5f583d8d558df1dac7708b7b455e089
CRs-Fixed: 2275266
When txrx_vdev is NULL, zero address access happens if cdp_fc_vdev_flush
is called.
Before calling cdp_fc_vdev_flush, make sure txrx_vdev is not NULL.
Change-Id: I13b52bd3f2fb5e7db6150c8bf645c5bec703bc2b
CRs-Fixed: 2272005
There are two instances where peer ref counting leak has been observed
1) When DUT-STA is connected to AP1 and if it tries to roam to AP2 or
to same AP1 then as part of roam sync indication, it needs to delete
the old peer and create the new peer. Deletion of old peer is
happening through force delete operation which is No-OP for some of
the platforms. In such cases, do normal peer delete operation, so
that peer ref count can be deleted properly.
CRs-Fixed: 2270761
Change-Id: Ibcad72943258e531e29498961d3d7e692fd05b36
BSS Desc pointer will be NULL when starting SAP, in function
csr_roam_issue_start_bss(). And it is causing NULL pointer
dereference when get bss channel number from BSS Desc.
Get channel number from csr_roamstart_bssparams instead.
CRs-Fixed: 2272749
Change-Id: Idf4eeb21f1298db03a030af72bf9f0a530ba3e68
Clean up issues identified in wlan_hdd_softap_tx_rx.h:
- Make sure all APIs have documentation
- Make sure only public APIs are present
- Make sure API identifiers do not use camelCase
- Remove obsolete API hdd_softap_rx_mul_packet_cbk()
Change-Id: Icacd2c7b1358cd6f71d86dc5d8a966973ff7a110
CRs-Fixed: 2275265
Checkpatch flagged the following issue, so fix it:
ERROR:CODE_INDENT: code indent should use tabs where possible
+^I^I next_rx_level, avg_rx);$
Change-Id: Ib6133df181ec7517bf0b212bd8d677666d99ccb9
CRs-Fixed: 2275264
SME exposes an 802.11d scan callback mechansim that was used by a
prior generation of the driver. The current generation no longer uses
this callback, so remove it.
Change-Id: I11b7916fd8244f3ba03ec73779a8c7e61c2a06ab
CRs-Fixed: 2273914
QDF_DEBUG_PANIC has recently gained a reason parameter. Move instance of
logging followed immediately by QDF_DEBUG_PANIC to single calls.
Change-Id: I6633296fb1c82a3945cedc967de222410b9f5d9b
CRs-Fixed: 2274413
It get NULL pointer to txrx vdev when Rome platform tx mgmt frame in
cdp_mgmt_send_ext, and then DUT broken since access NULL pointer.
So, add protection before call cdp_mgmt_send_ext.
Change-Id: Ia51a8183bf89115a4f0f3520b80186daa379602d
CRs-Fixed: 2265687
Add Genoa specific default target configurations for
offload configs, max tx pattern config and max sta
vdev config
Change-Id: Id682b1103d87021e207de335721805515db6a932
CRs-Fixed: 2258999
Deregister tx flow control when reset all adapters to miss unregister
the tx_flow_control_timer.
Change-Id: Idfa29dfc319532b7203008c2ee83a4e10aa8a8bc
CRs-Fixed: 2273178
As part of DP CP interaction UMAC pdev objmgr handle is
passed at dp pdev attach. But in legacy DP config handle
is passed which leads to compilation issue. In this change
handle compilation issue by type casing handles.
Change-Id: I40986c8fd07d007aced91621f338f31332be6782
CRs-Fixed: 2260753
The driver may dereference pRoamInfo by calling APIs
in hdd_sme_roam_callback which have arguements of
structure tagCsrRoamInfo.
Fix is to have a check for pRoamInfo, and then only
pass its struct members as arguments to other API.
Change-Id: I28acee0ff42a50221f6dbef7af4b9c04dd6e8d1e
CRs-Fixed: 2259290
Currently direct typecasting is used to convert an HDD handle to HDD
context. Typecasting has the disadvantage that it does not allow the
compiler to validate that the input item being typecast really is an
hdd_handle_t. In order to allow the compiler to typecheck the input
item introduce a converter API, and update the current existing
typecasts to use the converter.
Change-Id: Ifc7c3e062af234b378f1fb806cae0814ac52e423
CRs-Fixed: 2273915
