propagation from qcacld-2.0 to qcacld-3.0.
While processing setpno ioctl, there is an out of bound memory
issue when Host is copying ioctl arguments to a local buffer.
While copying ioctl arguments, make sure valid indices are used.
Change-Id: I03078df7135f5f1daf1d9bead7d4410e58fb848a
CRs-Fixed: 1112355
In module exit context, vdev handle could be destroyed but still we
need to free pending completion tx_desc. And accessing vdev handle
of tx_desc will lead to null pointer derefernce.
Fix is to check vdev handle against null pointer.
Change-Id: Ib4e3127803f7bb0035466ec639401d7f8163598e
CRs-Fixed: 2074184
Add support to install WLAN module to KERNEL_MODULES_OUT.
During full treble build, modules installed directly in the
vendor locations gets wiped out during the build process.
CRs-Fixed: 2076401
Change-Id: I8229708da7c4d1a1c366b5b305f481ccb52f3833
There can be a race condition happening where frames are being
enqueued in cached buf queue for a peer in one thread whereas
cached buf queue for that same peer is being flushed in another
thread at the same time. This could result in memory leak in buf
queue.
Check for peer validity before enqueueing frames in peer cached
buf queue.
Change-Id: Idfb190def2aabc4439cd551c50aa811bae818ea3
CRs-fixed: 2038457
lim_process_sme_del_all_tdls_peers is defined only when FEATURE_WLAN_TDLS
is enabled, but declared always. There is unknown symbol error when insmod
wlan.ko without this feature. Only declare/define when FEATURE_WLAN_TDLS
is defined to resolve this issue.
Change-Id: I817e5cc2bb22a4242f42c7398cbd00d01ff0a64b
CRs-Fixed: 2034861
Static analyze tool reports error, since NULL check for tHalhandle
is not present. Fix is to add NULL checks.
Change-Id: Ibe68b89809a36e0184523934e7b3aefbd732666a
CRs-fixed: 2083409
Currently, auto powersave timers are deferrable. This means any pending
auto powersave timers will not fire while the device is supended, which
can have a negative impact on wlan power usage. Instead, flush any
pending auto powersave timers during the suspend process, to ensure
powersave is enabled while the device is suspended.
Change-Id: I5911ee30eaf770909b728af73958ba1bbaa8457f
CRs-Fixed: 2080812
Currently when IPA RX WDI pipe connect fails during start modules
host does not clean up the TX pipe which is allocated before the
RX pipe. As part of proper clean up from host in this change
disconnect the TX pipe handle when RX pipe connect returns failure.
Change-Id: Ic037dd2415ab5be497a0617d8151d63219868fd1
CRs-Fixed: 2040146
Setting gForce1x1Exception=1 in ini forces DUT to associate to
buggy AP's which are identified via OUI. Enable this feature by
default on all platforms by setting CFG_FORCE_1X1_DEFAULT=1.
Change-Id: Ic459d821f4aedba966beab8ca8ca977b7b639e34
CRs-Fixed: 2084927
qcacld-2.0 to qcacld-3.0 Propagation.
Operation classes supported can be controlled by user, which can
be sent greater than the max supported operations. This results
in stack overflow in change station command.
Add check to validate operations supported param given by user
and if it exceeds max supported value, set it to max supported
value.
CRs-Fixed: 2002052
Change-Id: Idd3a35e38b091546a17d7ec6329f19429e5c289c
qcacld-2.0 to qcacld-3.0 propagation.
In hdd_set_rx_filter API multicastAddr array being accessed beyond
its size.
Add boundary check for multicastAddr.
CRs-Fixed: 1104565
Change-Id: I8e1543a8f42ac40c04d2c6a17e69718d13cbd706
qcacld-2.0 to qcacld-3.0 propagation.
In __wlan_hdd_cfg80211_testmode API no checks are in place that
ensure that buflen is smaller or equal the size of the stack
variable hb_params. Hence, the vos_mem_copy() call can overflow
stack memory.
Add buf len check to avoid stack overflow
CRs-Fixed: 1105085
Change-Id: I6af6a74cc38ebce3337120adcf7e9595f22d3d8c
Currently, parsing of beacon/probe response leads to flooding of
warning messages in kernel logs.
Remove warning logs in beacon/probe response parsing. Dump IE's
only for parse fail case as debug logs.
Change-Id: I1b6898377cc196a5c4fe3d3316618104fd8b281e
CRs-Fixed: 2079652
NS Offload is not supported in IBSS mode. Configuring it while
in IBSS mode causes crash in firmware.
Do not allow ns offload in IBSS mode.
Change-Id: I1f6cf7b6c65238a9335f828321487ea784a4512b
CRs-Fixed: 2035449
Link stats memory is not freed in case of driver
unload happens before more results is received
from firmware.
Fix is to free link stats memory on wma close.
Change-Id: I3c54a0bc4951c70b2ca7116e37e0b62a5c6b7a2f
CRs-Fixed: 2083603
Currently if only one address is provided in wlan_mac.bin, it is updated
for interface wlan0. It will be copied to interface p2p0 if a specific
configuration is present. softap0 retains its mac address either generated
from serial number or given through Firmware ready event. This doesn't
guarentee a unique mac address to both these interfaces.
Regardless of configuration Both softap0 and p2p0 should have a unique
mac address with locally administered bit set.
Change-Id: I64299f5c2e2376c8dbdb26ea34ba0187d5d1f28d
CRs-Fixed: 2066086
MEMDUMP is disabled in Kbuild, Hence the driver memory dump
command is failing.
Enable WLAN_MEMDUMP in Kbuild
CRs-Fixed: 1117348
Change-Id: Ic468a78305a5df409cf95096dfea38cb27aa7c7c
During peer detach, driver starts a timer to track unmap events
when the sta peer gets deleted. During this duration SSR occurs
and BUG_ON or cds recovery is triggered. This should only happen
in non-recoverable situation, so this scenario should be avoided.
Allow driver to recover from the SSR by checking FW_DOWN bit.
Change-Id: Ieca407e5c9c30f3c4716b7d158a903add46b8bd6
CRs-Fixed: 2078395
Currently during IPA pipes connect host is passing size of each TX
completion ring size as 4 bytes instead of 8 bytes which is expected
by IPA driver. Reason is host passes size of each ring as size of
dma_addr_t which is 4 bytes for 32 bit host architecture where as
bus addresses are of 8 bytes on MAC and IPA. Fix this by passing the
size which is correct and expected by the IPA driver.
Change-Id: Ib081a3819d3a5e4f7ac61606d5ecb9aa5f3242c8
CRs-Fixed: 2037661
Propagation from qcacld-2.0 to qcacld-3.0.
There is a possibility to read uninitialized memory within api
__wlan_hdd_cfg80211_testmode.
To resolve this issue, initilaize buffer hb_params with zero.
Change-Id: Ia8061610a8c35aa7290177c0dcd2c5c36d9fcb35
CRs-Fixed: 2075796
The vendor command QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_GET_VALID_CHANNELS
coming in netdev down state resulting in crash.
Add WIPHY_VENDOR_CMD_NEED_RUNNING flag to reject the vendor command
QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_GET_VALID_CHANNELS if netdev is down.
CRs-Fixed: 1109145
Change-Id: I007341a51ccdd1b5cf5b6e2319c8b71d4f26f9ce
Currently sending qpower to FW in softap mode causes device to crash as
qpower config is not supported.
Enable QPOWER config in STA and P2P-CLI modes.
Change-Id: Idb8b3ac79e6c93533b752ac42d6ab57bb0c86579
CRs-Fixed: 2003839
In csr_validate_wep(), return value of csr_get_oui_index_from_cipher() is
used to fetch 'csr_wpa_oui' value. csr_get_oui_index_from_cipher() returns
0-14 but no.of rows of 'csr_wpa_oui' is 7.
Add changes to validate index value before accessing 'csr_wpa_oui' array.
Change-Id: I0cf16f4e8fb2c07a489991f20bc345e97b2450e0
CRs-Fixed: 2077599
Currently when driver send log flush command to firmware,
driver start timer of 10 sec.
Reducing this time to 3 sec as 10 is long timer.
Change-Id: I697fa6a4709fa0128595fb2b15493b1fa2b13b35
CRs-Fixed: 2037033
The Estimated Service Parameters element is
used by a AP to provide information to another STA which
can then use the information as input to an algorithm to
generate an estimate of throughput between the two STAs.
The ESP Information List field contains from 1 to 4 ESP
Information fields(each field 24 bits), each corresponding
to an access category for which estimated service parameters
information is provided.
Change-Id: I4d299ffbf0700574c0b207893dbbfc4fd3911849
CRs-Fixed: 2079816
Currently while registering wiphy, supported Beamformee STS Capability
and Number of Sounding Dimensions are not updated in the vhtcap field.
This results in hostapd failing to start if above two configurations
are enabled in the conf file.
Update missing vht capabilities in wiphy before registering.
Change-Id: I8db376fe1f14fd5b722e67a5889addf4c2fb7f28
CRs-Fixed: 2062520
In packet log header, element type_specific_data used uninitialised.
Initialise type_specific_data.
CRs-Fixed: 2015997
Change-Id: Ifa2bdc4c10528c8e9781249058e1767d64bec60e
qcacld-2.0 to qcacld-3.0 propagation
In sir_convert_assoc_resp_frame2_struct(), 'pAssocRsp->ricPresent' is set to
true when 'num_RICDataDesc' is 0, this causes qdf_mem_malloc() to be called
with invalid length 0.
Add change to validate 'num_RICDataDesc' to avoid above issue.
Change-Id: If5e59477efa4df01ca216904645babf769b55c47
CRs-Fixed: 2078891
