Currently wlan_hdd_cfg80211_register_frames falls through to error
handling at the end of the success path. Return success instead.
Change-Id: I28eda918d3d5858cc42ef3958abe918b9ed788e9
CRs-Fixed: 2240003
Apparently netbufs_ring is initialized only when reordering is not fully
offloaded. When a message of type HTT_T2H_MSG_TYPE_RX_OFFLOAD_DELIVER_IND
is sent, the driver does not check if reordering is offloaded.
Add a check, if reordering is offloaded, when a message of type
HTT_T2H_MSG_TYPE_RX_OFFLOAD_DELIVER_IND is sent.
Change-Id: I303b52182d97aa8185c23ccd99c37a97fb75a3d2
CRs-Fixed: 2213216
In the API lim_send_assoc_req_mgmt_frame, the host
allocates memory for the assoc request packet
taking all inputs of payload and the mac header
size etc, and in case the mem allocation fails
it clears away the memory allocated to the packet
with cds packet free, which was not even allocated
Fix is to remove the packet free in case of memory not
allocated
Change-Id: I3fb75b1947dfe039605c42aa19c2d0bacc7bf55d
CRs-Fixed: 2216741
If DBS opportunistic timer is still running while starting new SAP on
some DFS channel when STA is already present on some 2.4Ghz channel,
wrong hw mode will be set when timer expires as concurrency will only
be updated when VDEV_UP happens which will happen after at least 60
seconds in case of DFS channel. So, while starting SAP, hw mode was set
to DBS mode but on DBS opportunistic timer expiration, as VDEV_UP doesn't
happen yet, concurrency has not been updated till now causing hw mode to
reset to SINGLE_MAC resulting in DFS MCC which is not allowed.
Stop DBS opportunistic timer if running while starting new SAP to avoid
hw mode reset.
Change-Id: I9cef0ab5f6208e1822aff4a68c442d61a3f8a20e
CRs-Fixed: 2222386
Use get_wmi_unified_hdl_from_psoc instead of GET_WMI_HDL_FROM_PSOC due
to incompatible return types.
Solve renaming dependencies with common side changes.
Change-Id: Ie84641327d64876877c7d26b63d632c79770a88c
CRs-Fixed: 2203055
In the function convert_wsc_opaque, driver does copy of the
new parameters present in the additional IEs of the upstream
assoc request frame. While copy of the IE length pOld->length to
curAddIELen, possible integer truncation could occur, as the
curAddIELen is of the type uint8_t whereas pOld->length is of
type uint16_t.
Change the data type of curAddIELen to uint16_t. Make changes in
convert_p2p_opaque and convert_wfd_opaque as well.
Change-Id: Ic26660fca4a02a265bfc9553b066c7ee42f1d1f4
CRs-Fixed: 2231770
The skb buffer is freed after the ealier sanity and then pass along
to connectivity stats tracking. Rearragne the stats tracking into the
scope of the skb sanity to assure the skb poitner is valid before
accessing it and set to NULL after free to make sure it is cleared.
Change-Id: I08106bced48fa8f23955fd261c679a5362ddd7a6
CRs-fixed: 2232362
WLAN wake lock is created during module init but if probe
did not come from platform driver because of Q6 root/user
pd not coming up then during driver unload WLAN wake lock
is not destroyed which is leading to kernel panic because
WLAN driver is unloaded without cleaning up the wake up
source. Add fix to make sure to do hdd_deinit, pld_deinit
dispatcher_deinit and wlan wake up source deinit even if
hdd context is null because if probe did not happen from
platfrom driver then hdd_ctx will be null.
Change-Id: I213bded171b1c69da3332e84ebb0f7cbd940ef44
CRs-Fixed: 2240186
In the function drv_cmd_set_mc_rate, the variable targetRate, used to
store the value parsed from the command from user space, is not
initialized. The variable is assigned value inside a kernel API
kstrtouint that converts the string to an unsigned int. In a certain
case if the kernel API fails, it returns an error code without assigning
any value to the passed parameter. In this scenario, the variable
targetRate, still uninitialized is passed on to function
wlan_hdd_set_mc_rate where it is logged using hdd_debug. As the flow
goes on, it is then again logged using WMA_LOGE(). This might lead to
potential information leak.
Initialize the variable to zero to prevent the mentioned scenario.
Change-Id: Ideec0b1930e994f19ae8a669cd2963db4016eae1
CRs-Fixed: 2226172
In __iw_set_packet_filter_params(), a user controlled length value,
priv_data.length, is used to allocated a buffer. This buffer is then
cast to a struct pointer of struct pkt_filter_cfg type without ensuring
the buffer is large enough to hold the struct. This can lead to a buffer
overread if the user supplied size is smaller than the actual size of the
struct.
Add a sanity check on priv_data.length to ensure that the size is large
enough to hold the struct.
Change-Id: I227856484d4bd7a9b0a16a42e26febbc799f80b5
CRs-Fixed: 2228725
Presently, fw_crash_timeout is disabled as a result of which if
timeout happens for any VDEV related WMI command and device goes
in bad state, no assert or recovery is getting triggered. Due to
this, device crashes at some later point of time at some random
location making debugging difficult.
Enable fw_crash_timeout and trigger recovery if recovery is enabled
otherwise assert.
Change-Id: I9e9e51cba8086bd181be28884c490f0bd77663a8
CRs-Fixed: 2229101
In function update_fils_data, fils_indication->num_variable_data
is the actual length of the data present in the array variable_data.
While accessing variable_data array to copy cache identifier, HESSID
and realm identifiers, the length of the array is not checked and
could lead to OOB access.
Add check to validate remaining data length in variable_data array
before accessing it to copy various fields.
Change-Id: Ifc1f5d55964bcd7fdcc2676ea9c2afede0fe6803
CRs-Fixed: 2231767
As a result of P2P componentization a variety of P2P-related macros
are no longer used, so remove them.
Change-Id: I693c4f11575968ce0aae9f3ecac9e008b0dbf5b9
CRs-Fixed: 2237726
Replace typos "sucess" and "sucessful" with correct spellings
"success" and "successful"
Change-Id: I30746cbab4533da9b052261fa9bb87214188138b
CRs-Fixed: 2237724
The Linux Coding Style frowns upon mixed-case names and so-called
Hungarian notation, so rename fConnected to align with the Coding
Style.
Change-Id: I5987e3c31aed44448a1f1843d8931daa7dfeb0fe
CRs-Fixed: 2237723
Rename typedef tsap_Config_t and the underlying struct sap_Config to
align with the Linux coding standard.
Change-Id: I6e8f8b5ab9555c7781f1acf12a0475902866300c
CRs-Fixed: 2237721
The following structs are obsolete so remove them:
- struct sQcSapreq_wpaie
- struct sQcSapreq_wscie
Change-Id: Ie9fdba59cf31e9a2c5e468183c1328aee439709a
CRs-Fixed: 2237720
qcacld-2.0 to qcacld-3.0 propagation
Beacon does not show RSN IE after disabling/enabling SAP, hence
stations does not connect back while trying to associate in WPA.
While re-enable SAP from the hostapd_cli, the start_bss is called
twice, first from wps_init which does not populate RSNIE and secondly,
through bss_setup which has RSNIE but getting ignored as the BSS is
already started.
Added the RSN IE in case of BSS already started
Change-Id: I2a67156e66e255e7c007a5925cd81b859009114e
CRs-Fixed: 2144429
Add /* fallthrough */ comment in __lim_process_sme_deauth_req
as per linux checkpatch script while processing deauth req for
limSmeState 'eLIM_SME_LINK_EST_STATE'.
Change-Id: I38e0520aaec96e2ba35c916b39e79724c453632f
CRs-Fixed: 2233183
wlan_objmgr_get_vdev_by_macaddr_from_psoc and wlan_objmgr_get_peer
API's definitions have been changed to include pdev_id as an
argument.
Modify the callers of these APIs to include pdev_id as argument.
Change-Id: I3d0de6a0bc1dfefbe1b3cad51ec23f703baaf3ad
CRs-Fixed: 2210728
In hdd_send_association_event() and hdd_send_re_assoc_event(), there is
no check of pBssDesc against NULL which can lead to NULL pointer exception.
Circumvent this issue by adding NULL check.
Change-Id: Ic3a0142b4ea3f058e8d3993fb491d418ddb8f70d
CRs-Fixed: 2232721
