If event posting to VDEV state machine fails, the memory allocated
in lim join and reassoc req is not freed, leading to mem leak.
Fix this by freeing the memory in failure cases.
Change-Id: I3769684e6ad64341b73dd6f6343adc8c0d26d04c
CRs-Fixed: 2342487
When SSR is in progress, when trying to remove self peer, if
wma_remove_peer() is failed then wma_vdev_detach() doesn't send del sta
response and wma_self_peer_remove() can still proceed to start vdev
hold request timer. This can lead to skip of vdev reference count
release by wma acquired during vdev attach.
To address this, release vdev reference count when self peer remove is
failed and when del self sta request is timed-out.
Change-Id: I2703261a848983b10798cb8ec74d1cec5a393ce5
CRs-Fixed: 2342453
Currently Napier FW WAPI TX/RX initial PN logic is fit for WIN
host, modify MCL host to align with WIN so that WAPI can work.
Change-Id: I0b49a25e75d1e9c4856daf8648d6561486005ba9
CRs-Fixed: 2323152
The snoc wlan platform driver supports snoc API with
the device pointer in all upstream kernel, So remove
the redundant snoc APIs from the pld layer.
CRs-Fixed: 2173110
Change-Id: Iee8bce586569e135da81f9a465a9e7df8b042af4
In error cases of set hw mode, set dual config etc are not handled
in all scenarios and thus the active cmd is not removed in this case
resulting in active cmd timeout.
Fix this by handling and sending failure resp for all the error
scenarios.
Change-Id: I21151798f58bf9816458430d96c7fd1d5f0ee07f
CRs-Fixed: 2341816
To help reduce the complexity of future refactorings in
hdd_stop_adapter_ext(), address some simple style issues.
Change-Id: Iae67f1d828c1ffcb102a78617c40db1babf5b009
CRs-Fixed: 2342133
Some target which support sending mgmt frame based on htt would DMA
write this PMF tx frame buffer, it may cause smmu check permission
fault, set a flag to do special DMA map.
Change-Id: I3686be211374d2c316726fa3248dedce87c3faed
CRs-Fixed: 2332329
1) Support SAP, GO standalone case
2) Support SAP + STA concurrency
3) Support GO + STA concurrency
Change-Id: I7da2102f0d8b893bc057bc8ecf0af4ab74f81db4
CR-Fixed:2320218
One of the HDD functions with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of WE_CLEAR_STATS has a complexity
greater than 1, so refactor that logic into a separate function to
help reduce the complexity of __iw_setint_getnone().
Change-Id: I51e72ccf83a6b63792c17d6c65daca6571ef21bb
CRs-Fixed: 2341122
Remove legacy cfg items definitions and related macros for the
converged CFG items.
Change-Id: I12944f50d68dafe989417dda777f29a6233c97a4
CRs-Fixed: 2340856
When the firmware crashes platform driver notifies the driver
through CNSS_FW_DOWN. Since firmware down support is not
present for the PCI bus, The driver flags for target ready
and recovery flags are not getting set resulting in the commands
sent to firmware.
Add the firmware down support for the pci bus.
Change-Id: I20db3698602ea273038a3f024b4e5f61639f6d74
CRs-Fixed: 2338570
When beacon report request action frame is received,
rrm_process_beacon_report_req() is called and num_channels value
is calculated from the action frame directly from user. This
value is assigned to pSmeBcnReportReq->channelList.numChannels
and this num channels value along with the channel list is
posted to sme for further processing. The sme function
sme_rrm_process_beacon_report_req_ind() processes this sme
message eWNI_SME_BEACON_REPORT_REQ_IND. In this function,
the channels in channel list are looped through the received
value pBeaconReq->channelList.numChannels and is copied to the
destination pSmeRrmContext->channelList array from the
pBeaconReq->channelList.channelNumber[] array.
The maximum possible number of channels in channel list
BeaconReq->channelList.channelNumber[] allocated statically
in the definition of tSirChannelList is
SIR_ESE_MAX_MEAS_IE_REQS (8).
So when the pBeaconReq->channelList.numChannels, possible OOB
read occurs.
Validate the value of pBeaconReq->channelList.numChannels
received from the action frame against the maximum supported
number of channels in channel list SIR_ESE_MAX_MEAS_IE_REQS (8).
Place this validation inside the function
sme_rrm_process_beacon_report_req_ind() instead of validating it
at rrm_process_beacon_report_req() so that it defends from other
caller sme_set_ese_beacon_request() which is from user space
command through IOCTL.
Change-Id: I2074b04081328ceab7eeb29c33631a635e9d93c3
CRs-Fixed: 2335974
One of the HDD functions with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of WE_SET_AMSDU has a complexity
greater than 1, so refactor that logic into a separate function to
help reduce the complexity of __iw_setint_getnone().
Change-Id: I74bbc055c1587fff548512f4c7f325f75345eb95
CRs-Fixed: 2340147
One of the HDD functions with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of WE_SET_VHT_RATE has a complexity
greater than 1, so refactor that logic into a separate function to
help reduce the complexity of __iw_setint_getnone().
Change-Id: I07299bcc7e1cba7b5ceced3ba1cf22c470cb448e
CRs-Fixed: 2340146
One of the HDD functions with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of WE_SET_11N_RATE has a complexity
greater than 1, so refactor that logic into a separate function to
help reduce the complexity of __iw_setint_getnone().
Change-Id: Iea2ee6bc53a56bb92497d42ac057e6663bc07097
CRs-Fixed: 2340145
One of the HDD functions with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of WE_SET_RTSCTS has a complexity
greater than 1, so refactor that logic into a separate function to
help reduce the complexity of __iw_setint_getnone().
Change-Id: I9f17824abe6ac9e60cc908c46661fe991ecfd9aa
CRs-Fixed: 2340144
One of the HDD functions with the highest cyclomatic complexity is
__iw_setint_getnone(). The handing of WE_SET_SHORT_GI has a complexity
greater than 1, so refactor that logic into a separate function to
help reduce the complexity of __iw_setint_getnone().
Change-Id: Ica2a50216c413985f05a2771641be439c6c9d8cd
CRs-Fixed: 2339229
hdd_set_rx_stbc() is called from both the STA and SAP ioctl
handlers. In the STA case the caller checks the mac_handle, but in the
SAP case the mac_handle is not checked. This could result in a bad
mac_handle being used in the SAP case. In order to cover both cases
relocate the mac_handle test to hdd_set_rx_stbc().
Note that this has the added benefit of reducing the cyclomatic
complexity of __iw_setint_getnone(), one of the HDD functions with the
highest complexity.
Change-Id: I9442a8a46da4066c8b4dafe2cf9ce64f608bb3a9
CRs-Fixed: 2339228
hdd_set_tx_stbc() is called from both the STA and SAP ioctl
handlers. In the STA case the caller checks the mac_handle, but in the
SAP case the mac_handle is not checked. This could result in a bad
mac_handle being used in the SAP case. In order to cover both cases
relocate the mac_handle test to hdd_set_tx_stbc().
Note that this has the added benefit of reducing the cyclomatic
complexity of __iw_setint_getnone(), one of the HDD functions with the
highest complexity.
Change-Id: Ie7a01ddbfb958ab87b7baf11e93d8a86c32744b7
CRs-Fixed: 2339227
hdd_set_ldpc() is called from both the STA and SAP ioctl handlers. In
the STA case the caller checks the mac_handle, but in the SAP case the
mac_handle is not checked. This could result in a bad mac_handle being
used in the SAP case. In order to cover both cases relocate the
mac_handle test to hdd_set_ldpc().
Note that this has the added benefit of reducing the cyclomatic
complexity of __iw_setint_getnone(), one of the HDD functions with the
highest complexity.
Change-Id: I97827ee257c9e15e24468ed9800080375f082ff1
CRs-Fixed: 2339226
According to the current code flow of con_mode_handler, the
WLAN modules are stopped, adapter is opened in FTM mode and then
the modules are started. Due to the INI/CFG value accces done as
part of opening the adapter, and since the modules are stopped
at this point, it results in a use after free scenario.
Modify code sequence of con_mode_handler to WLAN start modules
before opening the adapter in FTM mode.
Change-Id: I94afb9b2a3751247b4ae95e27b1374b25890a9d7
CRs-Fixed: 2339777
There is an incorret valid pointer checking after memory
allocation for monitor mode, which will cause net device up
failure. Fix this incorrect checking.
CRs-Fixed: 2338747
Change-Id: Ib1dd4d85ce7e7cace1167a082c103fb0300eb16a
Remove the definition of following INI & CFG Items
for VHT caps which is common for HT and HE caps.
CFG_VHT_LDPC_CODING_CAP
CFG_VHT_SHORT_GI_80MHZ
CFG_VHT_SHORT_GI_160_AND_80_PLUS_80MHZ
CFG_VHT_TXSTBC
CFG_VHT_RXSTBC
CFG_VHT_RX_MCS_MAP
CFG_VHT_TX_MCS_MAP
CFG_VHT_BASIC_MCS_SET
Change-Id: I55390c3391a0be272c609030dae232d767111fcf
CRs-Fixed: 2333183
FW expects the MU EDCA params after vdev up as it checks for
active vdev to save the MU EDCA params. Send the MU EDCA params
to FW after vdev up is sent to FW.
Change-Id: Ia7689f1bad884e73098020e5508f669d9b8881d7
CRs-Fixed: 2337827
Update Nss routine always returns failure status to user space.
Fix issue to send correct response to user space.
Change-Id: I12342ee531fc790b3042d8dcd8f5bb4b7a97e9fe
CRs-Fixed: 2340073
During csr stop, csr_roam_close_session try to purge all the pending
commands for the vdev. But as vdev is already logically deleted,
the cmds are not purged as the purge by vdev API fails to get the
vdev ref.
As in csr stop, driver clean up all the sme session so instead of
calling purge commands for vdev, call purge cmd for all the vdev.
Also the active command timeout for the delete vdev is 30 sec while
HDD waits for 15 sec. The active command timeout should be less
than the HDD timeout. Thus set active cmd timeout as 10 sec and
HDD timeout as 11 sec
Change-Id: I1d45de261c50f1835379a9cc1df4631f3e32f459
CRs-Fixed: 2339694
In wma_vdev_resp_timer(), while handling WMA_DELETE_BSS_REQ if
wma_crash_on_fw_timeout() is true, SSR is triggered, but timer
event_timeout isn't destroyed, wma_target_req, and user_data
isn't freed, result in timer and mem leak.
Change-Id: Ic47af43de671d195c6addd0360b96305af15d9bf
CRs-Fixed: 2337211
