The routine wma_roam_synch_event_handler sends roam indication to the
upper layers. It uses the vdev_id of the synch event to pass the roaming
indication for the vdev session. If the vdevid exceeds the max_bssid
supported, then OOB write occurs in wma_roam_synch_event_handler.
Add check to validate vdev doesnot exceed the maximum bssid configured.
Add check to ensure vdev doesnot exceed max_bssid and return error if
violated.
Change-Id: Ief8b5070fd6cbb375900e2816524dbd946c5238d
CRs-Fixed: 2206569
Video/audio wireless application needs to tune parameters
per AC based. Configure A-MPDU subframe parameter per
AC via driver ini configuration file.
Change-Id: Id63be7aacf6465edee08f7a2f4c8a119f9bd6346
CRs-Fixed: 2212932
In the function wma_vdev_start_resp_handler when we recieve a
vdev start response event, we copy the req_msg->user_data to the
object hidden_ssid_restart of the structure
tpHalHiddenSsidVdevRestart. If hidden_ssid_restart_in_progress
flag is set for the corresponding vdev_id, then we post that
message to the PE and free the hidden_ssid_restart. If this
req_msg->user_data is used again if req_msg->msg_type is
WMA_CHNL_SWITCH_REQ , then a possible Use-After-Free will occur
in wma_vdev_start_resp_handler.
When a channel switch request has occured, there will not be a
hidden ssid restart event in progress. So add check to validate
if the req_msg->msg_type == WMA_HIDDEN_SSID_VDEV_RESTART.
Change-Id: Ie3195b23ff136fbfd38fcd4d32e993d4cb016316
CRs-Fixed: 2216751
Function hdd_reg_set_band() is currently located in wlan_hdd_wext.c,
but this function is independent of wireless extensions, so relocate
it as part of the plan to omit wlan_hdd_wext.c from the build when
wireless extensions is not enabled.
Change-Id: Ia1a359a7781bef6017baf17c8be53c2f9bab2517
CRs-Fixed: 2229769
Function hdd_wlan_get_ibss_mac_addr_from_staid() is currently located
in wlan_hdd_wext.c, but this function is independent of wireless
extensions, so relocate it as part of the plan to omit wlan_hdd_wext.c
from the build when wireless extensions is not enabled.
Change-Id: If005f7c2295a519b891d3718799f6f826d59e97f
CRs-Fixed: 2229490
Function wlan_hdd_set_filter() is currently located in
wlan_hdd_wext.c, but this function is independent of wireless
extensions, so relocate it as part of the plan to omit wlan_hdd_wext.c
from the build when wireless extensions is not enabled.
Change-Id: I7377806ad27ec8d6fa361523d290156a7facacac
CRs-Fixed: 2228938
Avoid userspace overwrite in drv_cmd_p2p_dev_addr() by intersecting the
max output buffer size with the total length of the userspace buffer.
This avoids the overwrite in cases where the allocated userspace buffer
is smaller than the max output buffer size.
Change-Id: I55c6d4b277e5964a7978daceffbe4eb72014c06d
CRs-Fixed: 2222846
Post the LFR2 Candidate found indication to low priority scan queue
instead of SME queue to maintain order with beacon/probe frames
from Scan queue.
Change-Id: I5e8a6247a7d5200371d776bce3436104a5ba2df2
CRs-Fixed: 2226234
Allow beacon frames received from Ext Scan or EPNO scan through
the filter into PE queue.
Change-Id: I491875f0e48bd2f317402b416598fe6e940e02a1
CRs-Fixed: 2226231
Register a callback to scan module for beacon frames and handle
the beacon with the mac_ctx bcn/probe filter for SAP sessions.
This will allow beacon frames from the same channel as active SAP
sessions to be processed by the ap_beacon_process for SAP
protection mechanism implementation.
Change-Id: Idb0c1e22ba55fa683a7514d70ba5abe609263829
CRs-Fixed: 2226228
Add filter structures in global mac context and apply the filter for
beacon/probe frames received in pe_handle_mgmt_frames before posting
the frames to PE queue.
Change-Id: Ic0e574705764c1bb247977a4c86e394b47941f5b
CRs-Fixed: 2226223
Register the new low priority QDF_MODULE_ID_SCAN queue to the scheduler
thread to handler beacon/probe frames and scan events.
Change-Id: I80c9b6bbbce97942d188f8a7941a3937130d7c8e
CRs-Fixed: 2226222
Currently wlan_hdd_wext.h defines some IE-related macros, but these
macros are independent of wireless extensions, so relocate them as
part of the plan to properly featurize wireless extensions.
Change-Id: I34b2b220087e946f662741fe549a980884b97842
CRs-Fixed: 2227954
Function wlan_hdd_set_mon_chan() is currently located in
wlan_hdd_wext.c, but this function is independent of wireless
extensions, so relocate it as part of the plan to omit wlan_hdd_wext.c
from the build when wireless extensions is not enabled.
Change-Id: I187305c1f01c7a3cb72f55a0ee885c4f4f0277aa
CRs-Fixed: 2227097
Change the path to pick up the latest v2 version of the
HW headers for Napier 11AX SoD
Change-Id: I0f8a504e3562fc8fb1a5c2d5f4529ca2c7ab9761
CRs-Fixed: 2188755
If CHAN_HOP_ALL_BANDS_ENABLE enable, CSA will miss in 80211h case.
CSA should be sent no matter CHAN_HOP_ALL_BANDS_ENABLE enable or not.
Change-Id: I62312fd5717910d23fdd8ce77c29ad2d9ef11567
CRs-Fixed: 2218108
Add support to process MU EDCA param set in assoc response
frames and send the params to FW.
Change-Id: Ia492d1212b3c357647a89e4f98d3cfdc7ff7bbac
CRs-Fixed: 2220227
Avoid userspace overwrite in drv_cmd_get_ibss_peer_info_all by
intersecting the max output buffer size with the total length of the
userspace buffer. This avoids the overwrite in cases where the allocated
userspace buffer is smaller than the max output buffer size.
Change-Id: I77f25c50bbe9d0b966a5c319297e3e2dca4b6280
CRs-Fixed: 2222879
Move hdd_request_manager to qcacmn osif layer, which will be
used by CP_STATs component.
Change-Id: Iab64ebb837d7c2c7411905b84306fbb9990a4bac
CRs-Fixed: 2220069
Add change to allow randomizing mac address used in STA mode RTT
ranging using ini param control.
Change-Id: Ief3814ef758476d2617d8176daade2128c2b250a
CRs-Fixed: 2205953
Currently there is no provision to decide delay between two roam
scans in firmware. With these new ini's, driver wants to expose
control to decide delay between roam scans:
Add ini "min_delay_btw_scans" to set minimum duration allowed between
two consecutive roam scans. Fw should not allow roam scan if duration
between two consecutive roam scan is less than min_delay_btw_scan.
Add ini "roam_trigger_reason_bitmask" to set default value of
bit-mask containing roam_trigger_reasons for which
min_delay_btw_scans constraints should be apply.
Change-Id: I2af9d5dc8e6919eeb90251d3d744e3f07705e776
CRs-Fixed: 2221779
Fix condition checked before programming user's requested chainmask to
firwmare. Get current firmware advertised phy cap for non-dbs phymode
and check if it supports all chains for tx/rx 2g and 5g.
Change-Id: I3fcef315f478403955ce400b3ba6d138a8006a01
CRs-Fixed: 2202544
DUT sent directed probe requests as malformed
packets during heart beat failure scenario.
Join request structure holds the additional scan IE buffer
which contains IE's sent as part of the join request.
During the join request processing this buffer is updated
by deleting the extended capabilities IE but the buffer length
variable is not updated accordingly which caused malformed
probe request.
After deleting the extended capabilities IE, additional
scan ie buffer length also updated accordingly.
Change-Id: I1129123e76dffe03ac409109dbee02caabf60efa
CRs-Fixed: 2224287
Tx context is holding on to reference to msdu, meanwhile Tx completion
freed the msdu, remove redundent qdf_nbuf_reset_num_frags(msdu)
Change-Id: I4c51f6e61c19147d2d4dafbd19bdfc3029a872ab
CRs-Fixed: 2222024
In hdd_driver_rxfilter_comand_handler(), when kstrtou8() fails to parse
the input string, the value of an uninitialized @type local is logged.
To avoid leaking stack memory, avoid logging the value of @type if the
parsing fails.
Change-Id: I46b21cdb138927b3edc406014450447c58a0d977
CRs-Fixed: 2221085
Register CSR scan requester when csr_start(), but didn't unregister it
when csr_stop(). It might run out scan requester buffer.
Change-Id: I95472027c927ae0c0bc1869338cffad6bbacf0ff
CRs-Fixed: 2222492
During the system reboot when the firmware goes offline before the
driver unload there is no way to detect whether the it is because
of the reboot or a assert in the firmware. So, the driver waits
for the firmware to recover before continuing with unloading
the device.
Since this is a reboot case the firmware will not respawn the
execution and host driver is struck.
To mitigate the issue register a reboot notifier with the kernel
and if reboot is triggered proceed with a fake unload.
Change-Id: I33d14c393930e9ee737d38ffdb26e921fb057f29
CRs-Fixed: 2211776
RxLDPC is disabled in wiphy 5g capability due
to which hostapd is failed to start in 5G channel
with RXLDPC enabled.
Read the RxLDPC capability value of 5G from
single MAC mode and update wiphy 5g band capability
structure to enable the RxLDPC.
Change-Id: Iec2b3674207d5f9ec13a40e110342d6b67ca391c
CRs-Fixed: 2215101
Currently hdd_display_stats_help() is a public function exported by
wlan_hdd_wext.h. But this function is only used internally within
wlan_hdd_wext.c, so remove the public prototype and instead make the
function static.
Change-Id: Iaed10720f0f325794481bbb7ad9f743deb6b7b15
CRs-Fixed: 2227013
A new data structure, qdf_flex_mem, was added to the common code repo.
Add qdf_flex_mem.o to the Kbuild.
Change-Id: If3ee8ad486578574d476d5ce77ce1ae9bb513d4e
CRs-Fixed: 2224551
