The tSirRetStatus definitions are obsolete, so replace them with
QDF_STATUS definitions in the mac pe/rrm folder.
Change-Id: Iba8b15a3f17ee4bd827d384cf775ac0679590208
CRs-Fixed: 2269739
The tSirRetStatus definitions are obsolete, so replace them with
QDF_STATUS definitions in the mac pe/sch folder.
Change-Id: I7301c209adccdb63b1f1ac063d4590b5019f2e40
CRs-Fixed: 2269738
Currently mac_handle_t is defined as a void pointer. This is
convenient from an information hiding point of view since that means a
non-MAC component cannot dereference a MAC handle to access MAC
private data. However this is not convenient from a defect prevention
point of view since the C standard allows any other pointer type to be
freely and silently converted to and from a void pointer, and hence
the compiler is unable to detect when a MAC handle is used in a
context where a different pointer type is expected.
An example of multiple such defects was addressed by Change-Id
I01812b2390269805da4d1a5cb40a811d1e22ec56 (qcacld-3.0: Fix bad
pointers being passed from SME to WMA).
To help prevent these kinds of defects change the definition of
mac_handle_t to be a pointer to an opaque struct.
Change-Id: I72483bf0e693d6eca24355f31d3a1653b8f31302
CRs-Fixed: 2268814
In the function lim_process_set_default_scan_ie_request, memory
of MAX_DEFAULT_SCAN_IE_LEN (2048) is allocated for local_ie_buf.
This local_ie_buf accommodates the ie data and also the ext
capabilities. If the local_ie_len, that is used to copy the
ie_data to local_ie_buf is greater than
MAX_DEFAULT_SCAN_IE_LEN(2048) - (DOT11F_IE_EXTCAP_MAX_LEN(15) +
EXT_CAP_IE_HDR_LEN(2)), then heap overflow could occur.
Validate the MAX_DEFAULT_SCAN_IE_LEN against the difference
between MAX_DEFAULT_SCAN_IE_LEN and sum of EXT_CAP_IE_HDR_LEN
and DOT11F_IE_EXTCAP_MAX_LEN.
Change-Id: Id2f950440d69ddb09090643f8a426061c0d336c3
CRs-Fixed: 2231300
lim_tx_complete() is currently defined to take a tHalHandle as the
first param. However the generic signature of a TX callback function
specifies that the first param should be a void *context. This
currently compiles because tHalHandle is defined to be a void *, but
this will soon be changed, so update lim_tx_complete() to explicitly
use a void *context.
Change-Id: I421e8acb25beed23d2f3803380a46db33b6f0964
CRs-Fixed: 2267443
Current driver keeps cmd_id as 0 for all non-scan commands which
makes serialization module's logic more complex in order to identify
between duplicate commands.
Add unique cmd_id and attach it to each legacy sme command to make
serialization module's logic easy to distinguish between duplicate
commands.
CRs-Fixed: 2267418
Change-Id: Id2ccb435137061c963120822326fe5b90f857eb7
Map all module level log APIs to per-level log APIs
to compile out specific log level if required.
Change-Id: Icfcc28fb592ee99704d8fb23bc3cb45b6e4c9f53
CRs-Fixed: 2266718
If MCC to SCC switch is enabled, SAP is active and CSA
received for STA interface, then ignore the CSA if channel
is DFS/disabled.
CRs-Fixed: 2266838
Change-Id: I98b8d957766358ea86cc9f50339725cf4bf0038b
Currently the function lim_process_assoc_req_frame uses frame_len
without validation to parse the IE buffer which could lead to
out-of-bounds memory access if the frame_len is less than or
equal to LIM_ASSOC_REQ_IE_OFFSET(4).
Add check to validate the frame_len with LIM_ASSOC_REQ_IE_OFFSET
before sending (frame_len - LIM_ASSOC_REQ_IE_OFFSET) to
cfg_get_vendor_ie_ptr_from_oui to parse only the IE buffer.
Change-Id: Iaa9e8db4a2605169c9ad3904878a2e626eb6de8b
CRs-Fixed: 2259707
In peer assoc command, the phy mode of peer is updated based on
the nw_type of pe session. So this value should accordingly as per
the new channel.
Change-Id: Ib596cb343f239456aba688b2b5ea7b19b3034a66
CRs-Fixed: 2161043
