Number of profile data from firmware cannot be trusted. Check for
number of entries against the metadata in TLV header.
Change-Id: I0d8078f623a97e33ee1689398c291be75fe9a62a
CRs-Fixed: 2119391
Pending_event memory is dynamically allocated after driver loaded
but freed up only when driver unloading.
Fix to free pending_event memory when driver stop.
Change-Id: Ia748e311fc77fc99e193230910fccd7bc9b4f5a9
CRs-Fixed: 2126695
If SAP has no channel left to move then it will issue stop bss. In this
scenario, SAP is not cleaning up its entry from policy manager table
which causes stale entry left over in table.
Fix this situation by stopping the bss successfully and deleting entry
from policy manager table.
Change-Id: I7c7d305936fe16b0deebb9b7a67f7753cbf243e6
CRs-Fixed: 2112932
Release the NSS update request from the serialization active
command list in case the request fails.
Change-Id: Id6bfee6f510132bacdc69773c8aba90be43aa813
CRs-Fixed: 2112932
SoftAP start fails during station connection is in progress and the flag
update_beacon is not set. Also allow beacon/probe resp update in the middle
of p2p connection.
Change-Id: I13d89b6b8b51f999ff317d1f55dc3fcf48bdd422
CRs-Fixed: 2108186
This reverts Change-Id: I1887aab39d2fa13cc8a900164d2aa6d489464e42
Driver is no more acquiring qdf_conc_list_lock before calling
cds_get_pcl(). SME active queue will serialize connection request and
bss start commands.
Change-Id: I98066b8f1e756ae930ea97be6f8c6e6de244662d
CRs-Fixed: 2108186
For data stall continuous HDD tx timeout count of five
post HOST TX time out data stall event to handle it in
data detection module.
Change-Id: Ic6cf5e62f711cef5919a4a5e85e4232c622c04bb
CRs-Fixed: 2094393
Add sanity check for vdev id in wma_vdev_start_resp_handler() to prevent
out of bound memory access.
Change-Id: Ia4e18e8e322142928c41dfa88b874ff017727266
CRs-Fixed: 2120424
There is a possibility of double start of inactivity timer if iff_up
(hdd_open) happens while probe/remove/reinit is still going on.
To mitigate this issue, on iff_up, start inactivity after acquiring
hdd_init_deinit_lock, which make sure probe/remove/reinit are
completed, and thereby inactivity timer is stopped.
Change-Id: I2417215380e318a8410a2d25eabf82f353a26c4f
CRs-Fixed: 2125494
There can be deadlock on iff_up on anyone of mutex's like
init_deinit_lock, iface_change_lock. To catch what caused the
deadlock start the inactivity timer to root-cause the issue
CRs-Fixed: 2120569
Change-Id: I830cc4127a9c0691ee44a5e2c56c871471d638db
qcacld-2.0 to qcacld-3.0 Propagation.
Wifi OFF/ON is needed to update the gEnableModuleDTIM ini param.
Add private ioctl to configure modulated DTIM at runtime.
CRs-Fixed: 2002662
Change-Id: I28be432da775a9aa026cd702c63dee5666260d33
Fine tune the scan rest time configuration parameters,
gRoamRestTimeMin and gNeighborScanTimerPeriod to 50ms and
100ms respectively for better power efficiency.
Change-Id: Ia6edb87dbb0abf4771613a028d711f4f7a4e0f41
CRs-Fixed: 2120683
Some data path code change didn't consider SDIO code path, so
introducing some build error for SDIO driver. Fix them in one
submission to enable ACI
Change-Id: I3d1b81c57a8ae854f18db3eccb546b7b552899b7
CRs-Fixed: 2033757
Assert was added in the wma_rx_aggr_failure_event_handler via the change
Iea93e879196e9cd43856a7dcc9204d2304f76c78 and it exposes further security
issues.
Remove the assert in wma_rx_aggr_failure_event_handler.
Change-Id: Iaef00389fa19da0fe33e3bcd6f2123e553b84dff
CRs-Fixed: 2114789
SAP DUT allocates SA query timer for each STA-PEER which gets associated
to DUT. When STA-PEER walks out or gets disassociated, SAP DUT releases
this timer memory through PEER clean-up process but in few corner cases
it is observed that STA-PEER left uncleaned.
In such cases ideally when SAP session goes away, SAP state-machine
should check any left out memory and clean it up through
lim_cleanup_mlm() but this API check for own session validity and
own session has been marked as invalid before even calling this API.
Due to which timer memory leaks.
Fix the situation by deleting the timer before marking own session as
invalid.
In some cases, for some reasons PEER delete sta request couldn't send to
FW then memory associated with delete sta request needs to be freed.
If status is failure and del sta response is not required then silently
release the memory.
CRs-Fixed: 2124293
Change-Id: I082c771bbee6d083b15515dd2e40ed9a27e0a9a1
Currently during peer initialization (ol_txrx_peer_attach), we are
initializing peer refcount to 2. This is done to prevent peer
deletion, in case some logic tries to delete a peer when the host has
not received peer map events.
The above logic fails to address the condition when there is roaming
failure, followed by peer deletion from userpace. In this case, host
tries to create a peer and initializes refcount to 2. However, since
roaming fails, firmware does not send out peer map events. In the
meanwhile, the framework tries to delete the existing peer. This
deletion following the peer creation and absence of peer map leads to an
incorrect peer refcount even after deletion and hence this peer does not
get deleted.
Initialize peer with refcount of 2 but 1 instead. In case a map or
unmap arrives after peer deletion, the existing logic will
try to find a peer in the peer hash bins or peer_id_obj_map and will
not find the peer.
Change-Id: Ia3ba6842122dba49281d7bd00303cbe7685ef91c
CRs-Fixed: 2087373
To avoid circular dependency, cleanup is done
in common code, So use correct header file to
fix any compilation issue.
Change-Id: Id094107dda4f34ed479ead0b801da27c7aa240ff
CRs-Fixed: 2126011
Add sanity check for wow_buf_pkt_len in wma_wow_wakeup_host_event()
to avoid out of bound memory access.
Change-Id: Id3b0003aa366d9239739efe561f44eff1dceff5d
CRs-Fixed: 2119401
When force_sap_acs is enabled, hostapd acs will be discarded
and driver acs will happen with override values from ini. Finally
weight for a channel is calculated based on rssi, bsscount. etc.
from auto_channel_select_weight. This ini value is getting extracted
only in __wlan_hdd_cfg80211_do_acs() and so ini value won't be updated
in sap config when hostapd acs doesn't happen or force_sap_acs is enabled.
Update auto_channel_select_weight ini value in sap config in
wlan_hdd_cfg80211_start_bss() which is called irrespective of any
configuration.
Change-Id: I90f549fece117a72c19cf5fdc9f6485b1ab8afdc
CRs-Fixed: 2125597
Checkpatch reported instances of the following issue, so fix them:
- ERROR:SPACING: space prohibited before that ',' (ctx:WxE)
Change-Id: Ifc015a9e3976ebca03662438998433e976e6cf18
CRs-Fixed: 2125683
Checkpatch reported the following issues, so fix them:
- ERROR:SPACING: space prohibited before that ':' (ctx:WxE)
- ERROR:SPACING: space prohibited after that '*' (ctx:ExW)
Change-Id: I2ae63f6a0474a6d8384c2b6796a5239b99aa3ffb
CRs-Fixed: 2125682
Checkpatch flaged the following issues, so fix them:
- WARNING:LONG_LINE: line over 80 characters
- ERROR:SPACING: space prohibited before that ',' (ctx:WxE)
- WARNING:LINE_SPACING: Missing a blank line after declarations
Change-Id: Ifb14eaa7828da997c35265deed5e94a2a2db9054
CRs-Fixed: 2125681
Checkpatch reported the following issues, so fix them:
- WARNING: Missing a blank line after declarations
- WARNING: Block comments use a trailing */ on a separate line
- ERROR: that open brace { should be on the previous line
Change-Id: I7671e3a165cb7f372187c37ce31a92778422031a
CRs-Fixed: 2124909
Checkpatch reported the following issues, so fix them:
- ERROR: else should follow close brace '}'
- WARNING: braces {} are not necessary for single statement blocks
Change-Id: I9c8d329d70ee258834eaaea0183ba2e36643b572
CRs-Fixed: 2124908
It can help to trace what is happening during load/unload and
avoid just exiting silently.
Change-Id: I61a451058a7846d3627500db2c9d8d5998e8210e
CRs-fixed: 2123331
Commit fb9d5acfed and 645749571d introduce an API to deinit scan
runtime suspend lock and move runtime suspend context deinit in
order to fix a memory leak issue. However, it breaks SSR because
runtime suspend context init and deinit are not matching during
SSR which results double free happens in the rmmod after SSR.
Move runtime suspend context init to correct place.
Change-Id: I698385ab52e7e18636b143cd71c229afb676baff
CRs-fixed: 2123331
If probe failed because of no memory, we want to try to recovery by
issuing a re-probe for built-in driver. Hence, convert probe return
error from -ENOMEM to -EPROBE_DEFER for built-in driver so that
platform driver can issue re-probe based on the return value.
CRs-Fixed: 2124159
Change-Id: I6cca0ed186554c8065b77af8c178ca9e143abf98
Checkpatch reported the following problem:
ERROR: Prefixing 0x with decimal output is defective
Correctly use %x when logging hex data.
Change-Id: I8150cf6ae5770a18035f006df9e774932919d9b7
CRs-Fixed: 2124907
