In WMA, data from firmware event buffer is used without
sanity checks for upper limit. This might lead to a potential
integer overflow further leading to buffer corruption.
Add sanity check to avoid integer overflow.
Change-Id: Id47e12015a4d46af24180b621b52ffcb17596c07
CRs-Fixed: 2112832
Structure roam_offload_synch_ind has element hlp_data which is of
size FILS_MAX_HLP_DATA_LEN is greater than WMI_SVC_MSG_MAX_SIZE.
Hence, remove check for size of roam_offload_synch_ind against
WMI_SVC_MSG_MAX_SIZE to avoid roam failure. Also, modify check
for validity of vdev id.
Change-Id: I1b9cef08e1d847f27b7057abf7189ef0f867b92f
CRs-Fixed: 2124786
Fw assert and unloading can occur at same moment, there is no need
to recover if wlan unloading is ongoing, so skip notifying SSR framework
in such case.
Change-Id: I2176d1505e8e358f4436277e4d0b706923596f27
CRs-Fixed: 2087634
In driver as part of __wlan_hdd_cfg80211_set_ap_channel_width() driver
modify the channelBondingMode24GHz and this modified value is not
changed to default value once hostapd restarts.
Due to this when the 20/40 BSS Coexistence Management frame is
received and hostapd tries to change the width to 20Mhz using
__wlan_hdd_cfg80211_set_ap_channel_width(), as
channelBondingMode24GHz is already set to 0, the request is
ignored and SAP doesn’t switch to 20Mhz.
To fix this use per session cb mode to validate bw switch.
Change-Id: Ia233c478794602aa6909cf637c5fc8c82fc3433a
CRs-Fixed: 2058315
Currently resp_event->vdev_id, recevied from the FW, is directly used
to refer to wma->interfaces without validating if the vdev_id is valid.
Add sanity check to make sure vdev_id is less than max_bssid before
using it.
Change-Id: I734ff795a3936719b08493f868384dbde72a80df
CRs-Fixed: 2119394
In function wma_ndp_end_indication_event_handler, num_ndp_end_indication_list
from the fw is used to calculate buf_size which is in turn used to malloc.
This could lead to potential integer overflow if num_ndp_end_indication_list
is a very high value.
Add check to validate num_ndp_end_indication_list does not exceed the max
message size from firmware.
Change-Id: Icbb763bfc14ec0ef8424cab50afa5c6826fd3c60
CRs-Fixed: 2114255
Set uapsd_delivery_mask if either static mask uapsd_per_ac_bit_mask is
set or dynamic mask uapsd_per_ac_delivery_enable_mask is set. Both static
and dynamic masks need not to be set to enable uapsd_delivery_mask.
Similar logic is applicable as well for uapsd_trigger_mask. Hence, revert
commit 2560111dd2.
Change-Id: I743d11617e33e7a358473eeab4455339fe1bbd98
CRs-Fixed: 2123812
Currently, when wifi is disabled from UI, and if the device goes
to suspend before the interface change timer expires, then until
the next APPS wakeup wifi remains enabled hence power numbers are
high.
As a part of fix, Host acquire wakelock when it start change
interface timer.
Change-Id: I41662596725315a6cfe185ee23ae889b69938e0b
CRs-Fixed: 2091154
Implement nbuf alloc fail replenish timer which starts when
there is an nbuf allocation failure and stops when there is
an nbuf allocation success with in the timer expiry duration.
Change-Id: Ie956ea144dec4323664632d00bb8f0f82ba22439
CRs-Fixed: 2033944
Currently fix_param->vdev_id, recevied from the FW, is directly used
to refer to wma->interfaces without validating if the vdev_id is valid.
Add sanity check to make sure vdev_id is less than max_bssid before
using it.
Change-Id: I92743589e0333449c39e148b37d200cac2cdb817
CRs-Fixed: 2119434
Add sanity check for num_hw_modes and num_phy in wma_populate_soc_caps()
for WMI_SERVICE_READY_EXT_EVENTID.
Change-Id: I023d737449283f9ac092d278bde016b208b2c891
CRs-Fixed: 2119887
1) Currently all the parameter to decide best candidate are chosen
as by default.
Add INI support for those parameters to change values on basis
of performance.
2) At the time of calculating best candidate score, rssi consider
bucket size, good rssi, bad rssi, good rssi percentage from total
rssi percentage, bad rssi percentage from total percentage.
Configure these all params from ini.
Change-Id: I808a40486473fcbb161c12fbd369b3b846beb8c2
CRs-Fixed: 2121735
In function wma_unified_link_iface_stats_event_handler, num_ac is received
from the firmware and is used in the loop to populate values into results.
However the memory for results is allocated only for WIFI_AC_MAX and a
buffer overflow will occur of num_ac is greater than WIFI_AC_MAX.
Add checks to make sure num_ac is not greater than WIFI_AC_MAX and
num_offload_stats is not greater than WMI_OFFLOAD_STATS_TYPE_MAX.
Change-Id: Ife8b1d19aa853f85f4fad82d5791e49a8c892ca4
CRs-Fixed: 2114756
Assert added as part of I2689873c2c5e63c83e5059563662c0c69dc659fc
in wma_get_ll_stats_ext_buf is not required as it causes a stack
trace exposing further security issues.
Remove the assert in wma_get_ll_stats_ext_buf
Change-Id: I92a5eb1b287e61c7f2cc9d6dba92446719c3c6b2
CRs-Fixed: 2115112
Enable the TX orphan for TCP packets by gEnableTxOrphan if TX flow control
is not enabled, such as SCC mode.
Change-Id: I0f3bc41bb22f8db10614d4833558caa664e52517
CRs-Fixed: 2123892
In present code, by default csr_init11d_info() function return failure status.
Due to wrong return status, ioctl (set11Dstate) get failed.
correct return status in csr_init11d_info function.
Change-Id: I40f130454d259cbc8a22f16e27c2c1a9e7c10b07
CRs-Fixed: 1105989
Checkpatch has detected multiple instances of "line over 80
characters." Some of them are trivial, so fix them.
Note that there are some instances that can only be addressed by
refactoring the code, and those will be addressed later.
Change-Id: I5d23b8cc7643d83a349532e3f2d32cd27b5dca95
CRs-Fixed: 2122896
Change "qcacld-3.0: Provide SME API to send unit test command to FW"
introduced two whitespace-related issues flagged by checkpatch:
- WARNING: suspect code indent for conditional statements (16, 20)
- WARNING: Statements should start on a tabstop
Fix those issues, as well as update an error message to align with the
new design.
Change-Id: Ic58c3330f73c838ba100e7621ce23eadc3f0d7b0
CRs-Fixed: 2122894
Checkpatch has detected one instance of "else is not generally useful
after a break or return" in hdd_indicate_tsf_internal(), so fix it.
Change-Id: I6aa92cc7966795e719eb5824a3a9354928e79590
CRs-Fixed: 2122872
Checkpatch has detected multiple instances of "line over 80
characters" so fix them. Also remove an obsolete extern to
eliminate an instance of "externs should be avoided in .c files."
Change-Id: Ic6b2082c2df0ffb20ce10c3c3a51c2fbebe849c7
CRs-Fixed: 2122873
Checkpatch has detected multiple instances of "line over 80
characters" so fix them. Also fix one instance of "else is not
generally useful after a break or return."
Change-Id: Ifb03d4d1399a53fa69f03ce2f77ccfca3929d1cc
CRs-Fixed: 2122822
Functions exported by HDD should have an HDD prefix so rename
sap_restart_chan_switch_cb() since it is exported by HDD.
Change-Id: I7b871774bb537e60e2992d471ab57b342246dd50
CRs-Fixed: 2122575
The Linux Coding Style enumerates a few special cases where typedefs
are useful, but stresses "NEVER EVER use a typedef unless you can
clearly match one of those rules." The tSirBssDescription typedef does
not meet any of those criteria, so replace references to it within HDD
with a reference to the underlying struct.
Change-Id: I13938fc15841986e9957f4774fbcfd035f734ccd
CRs-Fixed: 2122558
Both HDD and SAP define GET_IE_LEN_IN_BSS_DESC() macros, but these
macros simply replicate the logic already present in the global macro
GET_IE_LEN_IN_BSS(). Therefore delete these macros, and use
GET_IE_LEN_IN_BSS() instead.
Change-Id: I431984673141715ad32ca6ea96e31722129ce929
CRs-Fixed: 2122547
The Linux Coding Style frowns upon mixed-case names and so-called
Hungarian notation, so rename struct sSirBssDescription to align with
the Coding Style.
Note that it will be a separate exercie to replace instances of the
tSirBssDescription and tpSirBssDescription typedefs.
Change-Id: Ia698c5290e719ac6eef22cdee56e8954e5f61146
CRs-Fixed: 2122503
Test team requires support for pdev_reset ioctl that is present
on other devices, so add support for it.
Change-Id: I8d9b30987dfbdbc94de0a1ab2a0c686c93c7da8a
CRs-Fixed: 2122060
Checkpatch identified multiple indentation issues in hdd including:
- Statements should start on a tabstop
- suspect code indent for conditional statements
- labels should not be indented
Fix these issues.
(Note that there is a false positive "labels should not be indented"
in wlan_hdd_memdump.c that should not being modified)
Change-Id: I781fb05bffe6c75183bdd45d797a248d2cd06e6b
CRs-Fixed: 2121931
Checkpatch reported multiple block comment issues in hdd including:
- Block comments use * on subsequent lines
- Block comments should align the * on each line
- Block comments use a trailing */ on a separate line
Fix those issues.
Change-Id: Ic2b74c520ffb4be1c82fad6f6bdd0a9474d4b506
CRs-Fixed: 2121930
Checkpatch reported multiple instances of "void function return
statements are not generally useful" in hdd, so remove them.
Change-Id: Ia6ac669bdb9eaa71f9a68f1ef20f230acd59bf76
CRs-Fixed: 2121928
Checkpatch reported multiple instances of "Missing a blank line after
declarations" in hdd, so fix them.
Change-Id: I0b86be9066425d0a92f88b96e08ff4a57f91765e
CRs-Fixed: 2121927
Assoc reject status sent over the air
is internal failure status not inline
with the specification.
Update the assoc reject status sent
over the air.
Change-Id: I01250c63a42302d7b386a33aaf3b18e272581868
CRs-Fixed: 2115126
Dfs public function are renamed to have utils_ prefix,
make sure to call new dfs public API's.
Change-Id: Ib36ebb6ca4d3838c5e7468e22f6dd5182a0a08e0
CRs-Fixed: 2124373
Excessive logging during scan causes the watchdog timeout
hence reduce the log messages in the scan path
Change-Id: I378e9667dfad15cfd5ba1c68484b97567af5d45f
CRs-Fixed: 2079149
Checkpatch reported multiple instances of block comments not aligning
on "*" so fix them.
Change-Id: I082f62f59fe16d84ba013adbbfcd2e9bf1985e3c
CRs-Fixed: 2122901
qcacld-2.0 to qcacld-3.0 propagation
In function wlanqcmbr_mc_process_msg, variable data_len
is from message, which should not be trusted. Buffer
overflow will happen if using it directory to copy data
to utf_buf.
Change-Id: I21479f510b95e6ced214f80d942db919837e8324
CRs-Fixed: 2116449
Propagation from qcacld-2.0 to qcacld-3.0
Add diag event for wow packet counters stats.
The event EVENT_WLAN_POWERSAVE_WOW_STATS will be used to
inform the wow stats packet counters.
Change-Id: I9d1760aa6b790544b9879e7ef18d4f5359e0e245
CRs-Fixed: 1087714
